Ask HN: What source code is worth studying?

403 points by SatyajitSarangi ↗ HN
This is one my favourite questions, asked by idlewords: https://news.ycombinator.com/item?id=879101 But its been a long time since then, and with a new set of programming languages, I believe there are new code bases that's worth studying about and learning from. So, which code-base should I be reading about to improve myself?

175 comments

[ 0.33 ms ] story [ 262 ms ] thread

  C -> Varnish
  PHP -> Yii 
  Ruby -> Merb
  Scheme -> Arc
  Clojure -> Core
  JavaScript -> Multeor
Any languages in particular that you're interested in not covered above?
I have some experience with Yii and coming from Django I'm not impressed with the _functionality_. Maybe the code is really great but why not study something Symphony which, arguably, achieves more and is therefore better at solving the same problem?
Because we're not talking about the functionality but about the quality of the codebase? (Unless I'm misunderstanding).
Agreed but if function follows form then Yii is somewhat lacking. Maybe I'm just biased because when I was in a tight spot digging through the source and docs didn't get me where I wanted to be.

Looking at their GitHub now I must admit that the source code and comments look pretty good.

Thanks for this list.

I was mostly looking for Python, Javascript, Haskell and C#. Any help regarding that?

Also, as I believe this thread will also help others, you can go ahead and post about any other code-bases for other languages.

Modules within the Python standard library are very well written. The source code also provides very good examples of decent unit tests.
I would stay the heck away from the collections and itertools modules to be honest. Raymond H. is an amazing coder, but he' s a madman.
Agreed.

Here is a link to cpython 2.7 libraries: http://hg.python.org/cpython/file/70274d53c1dd/Lib

Those that are implemented in C are in the "Modules" folder from the top level.

I think you [OP] will get the most benefit from reading libraries that you use often because it will give you some direction.

If there are 3rd party libraries you use heavily those will be interesting too.

It is very very difficult to just pick up megabytes of code and start reading them and find it useful. You will be able to pick up style and conventions but not really high-level engineering decisions.

My suggestion is to take software that you use regularly and run it through a debugger. Since you use it you know the problem domain. And with the debugger the code you're reading gets real context. I've done this with Git for example.

And also look at the design documents for big OSS projects.

requests module is very well written
For C# i found the disruptor.net code to be very nice. It's mostly a direct port of disruptor from java - but it definitely was pretty nice to read through.
For Haskell, Hakyll's source is pretty well written.

    PHP -> Yii
Are you suggesting specifically Yii 1 or Yii 2, or either one?
I've heard lots of people sing praises for Redis source - https://github.com/antirez/redis. A cursory look into the source shows a very well documented code-base. It's one of the top items in my to-read-some-day list. Salvatore is an excellent C programmer and takes a lot of pain in writing good documentation, despite his not so great English skills. A shout out for him, thanks for setting an example.
Fabien Sanglard http://fabiensanglard.net has some excellent code reviews on his website, particularly games.

You could read some of the code-bases he reviews, and then read his review. You'll be able to compare and contrast your opinions with his, and if there's interesting variation you can blog about it ;)

Thank you. I remember his Quake and Doom reviews. Will catch up on the others.
Strange to see the Linux Kernel not being mentioned.

One of the best and clear-cut defined ways of managing source with documentations.

I think you get more benefit from reading code if you study something very close to what you are working on yourself, something in the same domain, in the same framework perhaps, or at least in the same programming language, at best something you are deeply involved in currently.

I never seem to get enough motivation to read deeply into random "grand" code bases like Lua or SQLLite, but some months ago I got into the habit of always studying a bunch of projects that use a given technology before I use this technology, and it greatly decreased the amount of time it takes me to get to a "idiomatic" coding style. So instead of diving in a random, I would recommend making researching existing code-bases related to what you are currently doing an integral part of your workflow.

I really enjoy doing this as well. Are you aware of any resources or metrics (number of contributors on github, etc.) to find which projects are "well crafted" in X framework/language?

Perhaps I overestimate how much risk there is in learning idiomatic practices from a project which is not actually all that idiomatic. I like the assurance that what I read is quality, especially with frameworks or languages I'm very new to where it can be tough to tell.

C -> nginx C++ -> Chrome
ruby -> rails, vagrant, puppet and chef.

C -> sqlite3 (well written, with a extensive test suite.

C++ -> Nmap and MongoDB.

python -> scons

When you read any C++ codebase remember that there are many dialects and so just because something is a good idea in one doesn't mean that it is in another and that you should prefer that way without understanding the reasoning behind it.
(comment deleted)
The Architecture of Open Source Applications book[0] gives a high level overview on many open source projects. It's a good starting point to dive into the code of these projects.

[0] http://aosabook.org/en/index.html

This book is a fascinating read. Highly recommended to anybody that does non-trivial application development.
Great series of books! There are three now, and a fourth is being worked on which is very relevant to this posts query. There isn't much too it yet, but its working title is 500 Lines or Less, and it aims to implement some manner of a working application in 500 lines or less. There is a GitHub repo [0] where the project is being coordinate.

[0] https://github.com/aosabook/500lines

== Vim or Emacs ==

Just pick one and force yourself to use it to the exclusion of other editors. Future you will thank you later, because you'll still be using it 20 years from now. "We are typists first, programmers second" comes to mind. You need to be able to move chunks of code around, substitute things with regexes, use marks, use editor macros, etc.

== 6.824: Distributed Systems ==

http://pdos.csail.mit.edu/6.824-2013/ Do each lab. Read the discussion and rtm's course notes.

== Tarsnap ==

https://www.tarsnap.com/download.html How to write C. Study the "meta," that is, the choice of how the codebase is structured and the ruthless attention to detail. Pay attention to how functions are commented, both in the body of the function and in the prototypes. Use doxygen to help you navigate the codebase. Bonus: that'll teach you how to use doxygen to navigate a codebase.

== xv6 ==

http://pdos.csail.mit.edu/6.828/2012/xv6.html

http://pdos.csail.mit.edu/6.828/2012/xv6/xv6-rev7.pdf

http://pdos.csail.mit.edu/6.828/2012/xv6/book-rev7.pdf

Read the book. Force yourself to read it in its entirety. Use the source code PDF to study how to turn theory into practice.

== Arc ==

http://ycombinator.com/arc/arc3.1.tar

You're not studying Arc to learn Arc. You're studying Arc to learn how to implement Arc. You'll learn the power of anaphoric macros. You'll learn the innards of Racket.

Questions to ask yourself: Why did Racket as a platform make it easier to implement Arc than, say, C/Golang/Ruby/Python? Now pick one of those and ask yourself: what would be required in order to implement Arc on that platform? For example, if you say "C," a partial answer would be "I'd have to write my own garbage collector," whereas for Golang or Lua that wouldn't be the case.

The enlightenment experience you want out of this self-study is realizing that it's very difficult to express the ideas embodied in the Arc codebase any more succinctly without sacrificing its power and flexibility.

Now implement the four 6.824 labs in Arc. No, I'm not kidding. I've done it. It won't take you very long at this point. You'll need to read the RPC section of Golang's standard library and understand how it works, then port those ideas to Arc. Don't worry about making it nice; just make it work. Port the lab's unit tests to Arc, then ensure your Arc version passes those tests. The performance is actually not too bad: the Arc version runs only a few times slower than the Golang version if I remember correctly.

== Matasano crypto challenges ==

http://www.matasano.com/articles/crypto-challenges/ Just trust me on this one. They're cool and fun and funny. If you've ever wanted to figure out how to steal encrypted song lyrics from the 70's, look no further.

== Misc ==

(This isn't programming, just useful or interesting.)

Statistics Done Wrong http://www.statisticsdonewrong.com/

A Mathematician's Apology http://www.math.ualberta.ca/mss/misc/A%20Mathematician's%20A...

How long does it usually take to get a reply from Matasano. I have sent a mail couple of days ago, but no reply yet.
It's a manual process, so can take a while.
Saw tptacek mention the workload yesterday: https://news.ycombinator.com/item?id=7598284

> There are at last count something like twelve thousand people who have reached out to us for our free crypto challenges [...] Every damn one of those people is an email exchange that me, Sean, or Marcin had to have directly, on our own time, with no compensation.

I imagine the response time can vary quite a bit.

Maybe the first one or two challenges could be available online, and requests should be accompanied by the answers to those. Maybe that would reduce the volume somewhat.
Response time for me on getting sets 1-3 has ranged up to months.

It got better when I remembered we're a Matasano client so I shouldn't feel so guilty about harassing them. But it's an awesome free thing they're doing, so I still do feel a little guilty.

>Do not identify yourself as "an X programmer," or as anything else.

Yet every single programming job post these days is basically looking for someone with X years of experience in a long enumeration of specific technologies. The usual reason being "They need to be productive. Now."

In my experience, best jobs you get aren't posted — as best candidates don't send out resumes.
But we can't all be the best.
Not at first. But work with people you like and respect, and learn from them. Then ask them when looking for your next job.

Any place worth working isn't looking for the absolute best candidate for X at any cost. A good fit with someone with a good work ethic who wants to learn always works out better than just raw expertise. And a reference from someone you both respect is the fastest most reliable place to find them.

> Any place worth working isn't looking for the absolute best candidate for X at any cost

That's so true. If they absolutely need the best candidate, they are about to run a very risky project.

Good management means, among others, to ensure that new people have the opportunity to learn and to "get into" the project. If management requires the "best" developers, it really means that the management is bad and the developers are supposed to make up for that.

(Having said that, there are also people who are simply a sunken cost. That is, managing them requires more resources than the value they produce. However, that's the other end of the scale, and a separate topic.)

Whenever I hear this, I find I don't recognize the world the poster lives in. Is it a thing to tell coworkers when you're looking for a new job? If not, how many jobs do you need to have and leave before you have a big enough network for this to be a viable strategy? How do you get those jobs?
It really depends on the co-worker and the culture of the company. Sometimes I would tell co-workers, sometimes I wouldn't say anything because I was concerned they would leak that to management and I would be asked to leave before I was ready.

I have found user groups meetings a great place to network though. Everyone is helpful when someone says they are looking, even if it is that persons first time at a meeting.

The rest of us just say that we are an 'X' programmer when applying for a job that requires the 'X' programming language, and then during the interview mention that we also know a bunch of other languages and know how to use the correct tool for a problem ;)
In my experience, networking plays a huge role in landing a good job. Replying to job posts should be a last resort.
I think that is also because hiring is generally busted, and recruiters who are not programmers don't know what else to ask.
I totally agree with you that hiring is busted. I have done a lot of phone screens over the past few years and I make a point to ask only technical questions in order to weed out the the 56% of programming noobs who just want to make a million dollars and cash out.

However, I've noticed over this same time period that these screeners stumble into the office for a follow-up interview like giant toddlers: disheveled, incoherent, and totally self-involved. I wish this stereotype of the socially-awkward-yet-brilliant hacker would die in flames because it is not reality (or at best 2% of the community). Instead, this cultural delusion is convincing the socially awkward masses to seek out a job that is mostly about working closely with others, communicating constantly, and continuous compromise.

I have children in their 20's and I've seen how hard it can be to find your calling in life, but just because 99% of douche-bags earn a spot on reality tv that doesn't mean all stereotypes are true. Don't choose a job that you think fits your personality but that actually requires you to behave differently because you'll be miserable.

>>> http://pdos.csail.mit.edu/6.824-2013/ Do each lab. Read the discussion and rtm's course notes.

How to read the discussions? I think it's not publicly available. Btw, thanks a lot for the great post.

I meant specifically the "discussions", as mentioned in the 'course information' page: >>> "Please use Piazza to discuss labs, lectures and papers. We will look at Piazza regularly and answer questions (unless one of you answers first); the entire class can see and benefit from these exchanges."
Oh, I haven't tried looking for that. If you find a way, let me know! I'd be interested to read it too.
I don't think you'll be able to access these. My university uses Piazza as well and you need a university .edu email address to get access to the Piazza boards.

Fortunately, if the way MIT uses Piazza is anything like the way my school does you aren't missing much. Usually people just use Piazza to clarify something that was glossed over in lecture or to get help on some aspect of the homework.

I wish video lectures of these were available...
> == Tarsnap ==

> How to write C. Study the "meta," that is, the choice of how the

> codebase is structured and the ruthless attention to detail. Pay

> attention to how functions are commented, both in the body of the

> function and in the prototypes.

I just had another look at the tarsnap source code, and while I know Percival is a great guy, and I can't imagine him suing over "mis-use", the bulk of the code is under a pretty restrictive lisence:

"Redistribution and use in source and binary forms, without modification, is permitted for the sole purpose of using the "tarsnap" backup service provided by Colin Percival."

That is, except the code under "libcperciva" which appears to be under a traditional 2-clause BSD license.

So, for example using the bsdtar.c file to teach yourself how to handle command line arguments might be a bit dicey, as it's entirely unclear which part of that file is under the BSD license, and which part you're not allowed to distribute.

It's one of the reasons why I'd which Percival made the entire thing available under a dual license (eg: BSD) and simply required people to use the official client for the tarsnap service.

Then again, I'm not used to audit closed source software, and therefore probably extra scared of what might happen if I accidentially learn something from reading said source... ;-)

On the other hand, Percival does publish quite a lot of stuff that's [ed: entirely free], such as spiped https://www.tarsnap.com/spiped.html .

Relax
Actually, it's an important point. One way to learn a given coding technique is to copy-paste it into your own project, modify it until it works, and then delete it and re-implement it yourself. (The "delete and then reimplement it yourself" is the important part. Don't just copy-paste code!) That way you can build up an understanding of the code as you go, without having to understand it in its entirety from scratch. Understanding it in its entirety from scratch is the better way, because it gives you a deeper understanding, but people learn in different ways.

Anyway, illegal is illegal, and copy-pasting from Tarsnap would be illegal. I didn't know Tarsnap was under a restrictive license. It's a shame that people will have to be so careful when learning from Tarsnap, as it's a paragon of modern C best practices, but maybe the license is shrewd.

Though I wish the mentality of "my competitors might steal the code!" will die its deserved death, since evidence thus far suggests it's just paranoia. For example, the codecombat guys open sourced everything and have been fine: https://news.ycombinator.com/item?id=7015126 (But of course that's easy for me to say when I have no competitors to worry about!)

I suspect that your suggested use of the code would fall under the fair use statute in 17 U.S.C. § 107 and the guidelines from Folsom v. Marsh since it seems explicitly for pedagogical or research purposes.

IANAL, but if this were me it seems safe enough that I'd be willing to do it and fight Colin in court if need be. :)

When I first started programming, a lot of the licensing rhetoric seemed like much ado about nothing. "Look at all these people squabbling about who's allowed to do what with text! It's text! Sheesh!"

But one quickly realizes that the concept of software license restrictions is a fundamental reason for the strength and momentum of open source software. Therefore, it must be true that a central tenant of being a good developer is to respect software licenses. Not merely respect them to the letter of how they're written, but to respect their spirit as well. If an author wishes you don't do something with their code, then you don't do it. There are plenty of reasons why this should be the case, but the most compelling for me is that it'd be lame to ignore the author's wishes while using their work, even if the author won't ever know about it.

If people are still feeling tempted to lift code, well... Remember that you only get to destroy your reputation once.

Though I wish the mentality of "my competitors might steal the code!" will die its deserved death, since evidence thus far suggests it's just paranoia.

Well, Tarsnap is online backup for the truly paranoid... ;-)

Seriously though: I never thought this was likely to be a problem, but given that I was spending a significant chunk of my life on this, I wanted to eliminate obvious risks to my livelihood. I like not starving.

But I've done my best to put the "reusable for a purpose other than building Tarsnap" code into the separate libcperciva tree. And I'm sure that merely reading code to learn from it is not a copyright violation -- there are no laws about copying information into your brain, thankfully. So please, read the code, and email me if you see any bugs; I wouldn't be offering bug bounties if I didn't want people to look at the code!

Wow, if you done all that, I want to see your code :) Particularly the distributed systems in Arc. Mind sharing a link to any code you have online (even if it's not that)?

I took SICP a long time ago... all the pure functional stuff was great and elegant. I never really got how you can program "real world" / stateful stuff like distributed systems in Lisp dialects. When I look at Lisp code with hash tables and so forth it just looks horrible to me.

Well, the point is to self-study, so I'm reluctant to share my code because people will wind up crippling themselves if they fall back on whatever solutions I came up with. If they read my code before attempting their own solution, then they risk overlooking a simpler solution or one better suited for their own purposes. But... I guess I'll share a side-by-side go/arc comparison of lab 1. Lab 1 itself is pretty simple; most of the work was to port some of go's primitives to arc, like channels.

(Note: These html pages are rendered incorrectly on mobile. In particular, the spacing is wrong due to vimscreenshot not inserting   instead of actual spaces. Sorry about that. Try viewing these links from a desktop computer instead.)

https://dl.dropboxusercontent.com/u/231528979/arc/html/index...

Lab 1 in Go:

client.go https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

server.go https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

tests https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

output https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

Lab 1 in Arc:

client.arc https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

server.arc https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

tests https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

output https://dl.dropboxusercontent.com/u/231528979/arc/html/locks...

Git commit log: https://dl.dropboxusercontent.com/u/231528979/arc/html/log.h...

All diffs between my local codebase and the stock arc 3.1: https://dl.dropboxusercontent.com/u/231528979/arc/html/all-d...

I was interested in seeing how much code can be eliminated by using Arc instead of Go. Turns out: quite a lot. The server is almost 200 lines of Go code, but about 65 of Arc. The client is almost 120 lines of Go, about 35 of Arc. The unit tests are pretty similar in length (~480 vs ~410) but the Arc version is easier for me to read since there's less visual noise.

Anyway it was fun.

Thanks for the long, detailed quality post.

OT question, what's up with programmers and "Zen and the Art of Motorcycle"? I usually finish all the books I start reading and this was one of the exceptions. After an idea saying something like "we can't define quality ergo everything is quality" or something of the sorts I had to put it down, nothing made any sense and it all seemed to be a grandiose philosophical scheme based on random half-baked ideas.

Brilliant collection of links, thank you!
Did you study everything you are suggesting? That's really impressive. How long did it take you?

Oh well, I should spend less time on HN...

> Golang

I see this a lot. Do people not realize that the language is called Go, and that 'golang' is just a domain name, like 'ruby-lang', 'scala-lang' etc?

People realize it but also admit it's a terrible name for a language and referring to it as golang is much better in the long run.
It's a habit I picked up because Google is my primary learning tool. "Golang how to X" is almost always a superior search phrase than "Go how to X".
Given that PuTTY has a wealth of features, would you recommend looking at the source code for studying?
I think you're interested in PuTTY and that's reason enough to study it. :) Copy what you like, discard what you don't. But do whatever is fun. I wish I'd emphasized fun more, since having fun is one of the best ways to maintain motivation and interest.
== Tarsnap ==

When you're reading this code, be aware that it's a bit of a mongrel -- the code in /libarchive/ and most of /tar/foo (but not /tar/foo/foo) is from the libarchive project and is not mine. So if you're looking to learn "how Colin codes", look at /libcperciva/, /lib/, and /tar/foo/.

s/foo/*/ in the above. Autoitalicization breaks path globs...

I'm fascinated by concurrent programming. I find that reading classes from Java's java.util.concurrent package gives me very good practical insights as to what goes into building a concurrent class. My all time favorite is ConcurrentHashMap :)
The most interesting things to read are those where a programmer has done something cleverly, but this only needs to happen when your language or libraries make it hard for you to begin with. Aside from low-level performance intensive functions, the best code is not interesting to read - it just reads like statements of fact.
(comment deleted)
(You say the 'naive' way; how can it be compressed better?)
Reference based compression! We create a set of reference sequences and simply record the start location of each identified subsequence - of course this relies on the assumption we can correctly recognise all genes and their variants... ahem.
You mean reference to another copy of the genome?

Or you mean trying to find long repeat sequences that are slightly mutated in a way that is low-entropy?

(comment deleted)
I learned a lot from the Cocotron source:

https://code.google.com/p/cocotron/source/browse

It's a free cross-platform implementation of Apple's Cocoa, so there's a lot of stuff there. But the project is well organized, and almost everything is written in a minimalist oldschool Objective-C style.

I've looked at some other cross-platform frameworks, and they are often hard to understand because they have been developed by a large group of developers and include lots of complex optimizations and platform-specific code paths. Cocotron is not as finely tuned as Apple's CoreFoundation (for example), but much more readable.

The sources to Lua are pretty darn great:

http://www.lua.org/source/5.2/

Agreed, and after you've worked through the source to the canonical implementation of Lua, you can level-up by looking into the source of LuaJIT: http://luajit.org/download.html
Both are immensely awesome codebases, but the level-up is perhaps a bit too steep. Going from delightful ANSI C (vanilla Lua) to a lot of assembly + C (LuaJIT's interpreter) and runtime assembly generation (the JIT) is no slight task.
I made this tool: http://codingstyleguide.com to improve the way I code for different languages and not get lost with too much programming information and it's helping me a lot.
Eric S. Raymond wrote a book The Art of Unix Programming [1] that has many "case studies" as well as recommendations of which software/RFCs are particularly worthy of study.

[1] http://www.faqs.org/docs/artu/

Except that Eric Raymond doesn't know what the hell he's talking about, and the main point of everything he writes is ideological warfare to tear down Richard Stallman's work and promote his own career as a pundit and batshit crazy racist right wing whack job.

If you really want to read something by Eric Raymond, you can start here, but you'll need to take a shower afterwards:

http://esr.ibiblio.org/?p=129

"In the U.S., blacks are 12% of the population but commit 50% of violent crimes; can anyone honestly think this is unconnected to the fact that they average 15 points of IQ lower than the general population? That stupid people are more violent is a fact independent of skin color." -Eric S. Raymond

I'll agree that's rather disturbing.

However, does it detract from his technical works? I didn't find TAOUP to be a work of someone that "doesn't know what the hell he's talking about."

Rather disturbing, yet perfectly typical.

One good example of the problem with his "technical" works and his lack of actual experience with the things he likes to talk about so much, is that he makes and promotes outrageously incorrect claims like:

https://en.wikipedia.org/wiki/Linus's_Law

"Given enough eyeballs, all bugs are shallow."

When in fact:

Given ANY number of eye, "all" bugs are NOT shallow.

Some bugs are NEVER "shallow".

And only a FEW eyes are qualified to see some bugs, while MANY eyes are totally unqualified, including his own:

His mouth is certainly not qualified to make sweeping generalizations about "all" bugs, given his lack of experience as a programmer, and his spectacular public failure at auditing code in his pathetic attempt to discredit the now-exonerated scientists whose code predicted global warming (described below).

Neither "enough eyeballs" nor "the right eyeballs" are a GIVEN, even for open source software.

"Not enough eyeballs" (or "ZERO eyeballs" as he loves to claim) are NOT a GIVEN for proprietary software, because you can license much proprietary source code, and some proprietary source code is available for you to read and audit for free, under licenses like Microsoft's "Shared Source" license.

https://en.wikipedia.org/wiki/Shared_source

And qualified eye balls are NOT FREE, and usually very busy being well paid to look at much more interesting things than poorly written buggy code like OpenSSL. I doubt that Eric Raymond has contributed any of the profits from his books or VA Linux stocks to Theo De Raadt or anyone else who actually takes the long time and tedious effort to actually audit code.

Wikipedia points out:

>In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate. While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".

And then there's the fact that Eric Raymond had the nerve to name and blame the "law" on Linus instead of taking "credit" for it himself.

And of course he also has the nerve to attempt to defend his "law", after we've just gone through three HUGE security holes in open source software that would have been discovered long ago, if only "Linus's Law" were true. On his blog, he constructs a straw man argument that "proprietary software is worse than open source software", which does not in any way support his claim about "all bugs being shallow".

http://esr.ibiblio.org/?p=5665

Nor does he address many of the valid points that people raise, in the wikipedia article itself I just quoted, or that people raised in response to his blog posting.

To quote Theo De Raadt: “My favorite part of the “many eyes” argument is how few bugs were found by the two eyes of Eric (the originator of the statement). All the many eyes are apparently attached to a lot of hands that type lots of words about many eyes, and never actually audit code.”

The little experience Raymond DOES have auditing code has been a total fiasco and embarrassing failure, since his understanding of the code was incompeten...

Well thank you for taking the time to give critique. I was hoping to return to the book at some point and work through the suggested readings in more detail. I will definitely approach it with more caution a second time round and even more so when recommending it to others.

As an aside, how do you know so much about Mr Raymond? :) That's an awful amount of very specific detail.

It's pretty well known stuff in the Free Open Source Software Dramatic Political Soap Opera Scene, since he always tries so hard to get attention by writing outrageous bullshit on his blog and throwing tantrums on mailing lists, like this: http://www.redhat.com/archives/fedora-devel-list/2007-Februa...

Rational Wiki has some pretty extensive stuff about him: http://rationalwiki.org/wiki/Eric_S._Raymond

And then of course there's "Everybody Loves Eric Raymond": http://geekz.co.uk/lovesraymond/archive/show-them-the-code http://geekz.co.uk/lovesraymond/archive/moral-compassed http://geekz.co.uk/lovesraymond/archive/microsoft-censorship http://geekz.co.uk/lovesraymond/archive/sell-out http://geekz.co.uk/lovesraymond/archive/two-one-joke-ponies http://geekz.co.uk/lovesraymond/archive/gun-linux http://geekz.co.uk/lovesraymond/archive/terrorismistic http://geekz.co.uk/lovesraymond/archive/mundane-name http://geekz.co.uk/lovesraymond/archive/the-redhat-package-m... (that last one is about the tantrum I linked to above)

I've known Eric Raymond and Richard Stallman since the 80's, and I can confirm that Raymond has always been that way, isn't anything like the "hacker" he claims to be, and instead of writing or auditing code, he has made his career by self aggrandizing himself and tearing down Richard Stallman, who is and will always be a much better and more successful person than he is.

But the he got even crazier, and went off the deep end after 9/11.

His "many eyes" law that he shamelessly promotes has given many people and organizations a false sense of security in open source software, and that's led to many huge commercial corporations taking the free stuff without contributing any money or time back, and building all kinds of critical internet infrastructure on top of software like OpenSSL. And you know what that led to.

When he claimed that the mean old gays were bullying poor Brendan Eich, and his friend Russell Nelson took up and defended his argument, it made me recognize a pattern that explains their motivation very well:

Eric Raymond and Russell Nelson and Brendan Eich all served as the head of major free open source software companies: Eric Raymond was the first president of the Open Source Initiative, Russell Nelson was the second taking over when he resigned, and then resigned himself shortly thereafter, and Brendan Eich was CEO of Mozilla.

All three of them made bigoted statements and performed bigoted actions, and as a consequence of their own speech and actions, and of their high visibility leadership positions of free open source companies, they each felt compelled to resign from their jobs, and now feel very sorry for themselves because of how other people reacted, not because of how they acted.

It's disgusting how Eric a...

(comment deleted)
http://www.amazon.com/Programming-Addison-Wesley-Professiona...

3.0 out of 5 stars Autohagiography with some programming tips, December 24, 2003 By A Customer

The writing style of this book tends to hurt the reading experience, as Raymond trumpets his own minor achievments in the free software community. The work feels like it needed one more rewrite before being released to the public: some related sources Raymond hadn't yet read at the time of writing, and some of his advice gets repetitive.

The exposition itself is not up to par with The Elements of Programming Style. Raymond tries to give a list of programming rules or principles to follow, but it reads more like a list of slogans that should be taken as axioms. While The Elements of Programming Style itself had a list of rules, the rules were well woven with each other, well defended, and they were used as a means of conveying a larger story. In Raymond's case, he relies upon the slogans in absence of such a story.

Thus, the book ends up more like a list of random unrelated tips. Some very profound, like his writings on threads (which he acknowleges Mark M. Miller for his help). Others are very shallow and pointless in a book that supposes to call itself about "Art." Some of the pieces appear only to function to attack Windows, and sometimes the information about Windows is embarassingly inaccurate.

One final criticism is that Raymond does not understand object-oriented programming very well and misses the point in several cases. You just need to see the popularity of Python, Java, C# (Mono), OO Perl and C++ in the Linux world to see that Raymond is off base calling OO a failed experiment. In fact, with almost any matter of opinion in the book you can feel Raymond's bias and be hit in the face with misinformation or dull false dilemmas.

However, given this book's many flaws, I rate this 3 stars instead of 2 stars because it also has valuable information from the many contributors, some of them Gods in the Unix world. These contributors often even disagree with Raymond, or point out other interesting tidbits. For these tips alone, it is worth checking out this book, though I would not recommend you buy it.

To get the true Unix programming philosophy, I recommend Software Tools, by Kernighan and Plauger. It's somewhat dated, and I recommend the Ratfor version of it, but that single book has became very influencial as I grow as a Unix programmer.

[...]

One of the problems with this book is the overly partisan tone it takes - one gets the impression that absolutely nothing Microsoft has ever done is of value, but the other major desktop PC OSes (Apple, Linux) represent different forms of perfection. (At home, I run Mac OSX, RedHat Linux and Windows, and have a reasonable sense of their relative strengths and weaknesses.)

So, be warned: Art of Unix Programming paints a one sided picture. The author is a well-known figure in the open source community, one of its fiercest advocates, and one of Microsoft's most vocal critics, so it might seem to strange to wish for less anti-Microsoft spin from this source. After all, the Raymond brand certainly carries with it an obligatory expectation of Windows-bashing, doesn't it?

One of the only Windows design decision which Raymond doesn't condemn is the (now discontinued) .ini file format. Even the thorough-going support for object-orientation in Windows is given short-shrift: after explaining the many horrors of object-oriented programming (according to Raymond), Unix-programmers are praised as "tend[ing] to share an instinctive sense of these problems." This section ([...]) is particularly illustrative of the one-sided approach that Raymond takes.

[...]

His comments about the Windows registry were a bit distressing, though -- not because they're negative, which I consider fine. Rather, it was obvious he&#x...

I've heard that reading the Git source code is very beneficial but haven't done it myself yet.
Slight tangent to your question, but one thing I have noticed recently is that having to deal with really crap code inspires me to do my own better.

I inherited a colleagues work after she left, and it was horrible. But I thought about why it was horrible, and how to make it better. What would it look like if it was done well?

Even with my own code, if I look at something I did 6 months ago, and it doesn't make sense straight away, the it can usually be improved.

It frightens me how my future replacement is probably going to think "gee, that guy was horrible" unless he knows all the historic context and reasons why the code was written the way it was written.
> unless he knows all the historic context and reasons

That's what comments are for :) It's not only about your future replacement, it's also about your future self.

That's the same reason I try to keep my code clean, and comment liberally.
To mix things up a bit, I'm going to give two very small examples of code that can be understood quickly, but studied diligently. Both are in JavaScript, which I notice you mention specifically in another comment:

[1] Douglas Crockford's JSON parser. Worth a look because it is excellently commented and is easily understandable https://github.com/douglascrockford/JSON-js/blob/master/json...

[2] Bouncing Beholder. A game written in 1K of highly obfuscated code, which the author expands upon here. Worth it because it teaches some crazy optimisation techniques that are applicable to all programming, but also includes plenty of javascript-specific trickery. http://marijnhaverbeke.nl/js1k/

Anything Javascript code from Crockford I highly recommend. Well structured and without "hacks" that could cause confusion.