
Coding tricks I learnt at Apple - whiskers
http://blog.joemoreno.com/2011/06/tricks-i-learned-at-apple-steve-jobs.html
======
BrandonM
_> These tests were run against a copy of the live database in a production
environment._

This is pretty terrible from a security standpoint. A development environment
is typically much less secure than the live environment, and for good reason.
The development environment must be accessible to developers, typically both
on-site and remote. All developers have access to test databases for the
purpose of testing their changes. There are often many more software packages
in a development environment, and development servers have a higher
probability of running vulnerable services. Live environments typically have
much better logging and auditing.

Every company should have a program that can be run to sanitize the live
database for use in testing. I've seen too many situations where the
production environment was appropriately locked down and audited, but the
development environment was compromised. It's not unheard-of for a developer
to lose possession of his laptop, and if it contains a copy of the live
database it's no better than the site, itself, being compromised.

~~~
schrototo
You make some very good and interesting points, though I think it's wrong to
just presume Apple is lax on security based from that one sentence.

~~~
JoeMoreno
I have to second BrandomM's comments. Don't make a complete copy of your live
database to use in dev. Sensitive data needs to be scrubbed, ideally by a bona
fide DBA, before bringing it over. Best to avoid this if at all possible so
you don't have to worry about overlooking something that was sensitive.

Also, I don't recall ever seeing any security issues with our environment or
how we handled the code and data. There were some very smart engineers
"minding the store."

------
tptacek
Hash tables are worst-case O(n) time.

B-trees are an external storage technique; he means balanced binary trees.

The answer to the interview question is another question: "what operations
does the container need to support?". It's not "hash tables are O(1)".

~~~
endtime
I agree that the article was wrong, but...is there really never a case in
which a B-tree is a useful in-memory index, rather than a storage technique?

~~~
tptacek
I'm only commenting because of the "job interview" comment, but when someone
compares hash tables to B-trees, I usually assume (fairly or not) that they
don't really know what a B-tree is.

~~~
ckuehne
So what you are saying is that the whole database research community does not
really know what a B-Tree is [1]?

[1] Every database implementation techniques lecture compares the two. See,
e.g., <http://infolab.stanford.edu/~hyunjung/cs346/>.

~~~
tptacek
You know that's not what I'm saying. You're just trying to assert nerd
dominance.

------
unshift
no real tricks here, this guy just seems happy he worked on a team with
professional standards. thorough testing like that is, while not the norm,
pretty commonplace at most of the better places i've worked.

~~~
prpon
Yeah, I would have liked to see specific things he learnt at apple. Load
testing tools, algorithms for caching, how and which metrics they measured
etc.

I am trying to figure out who would find this article useful without any
details.

~~~
ctdonath
Those who would find this useful are those who have not figured out that
following these basic principles WORKS. Too many teams think bypassing mundane
correct process will somehow buy them time. There is no magic or secret to
great success, only doing things right all the time.

------
sc68cal
_We had one, highly specialized piece of software code which could only be
checked out, worked on, and checked in by a single engineer at a time. You
were only allowed to touch this piece of code if you possessed a physical
token._

Ahh, the all powerful Source Control Shingle:
[http://thedailywtf.com/Articles/The-Source-Control-
Shingle.a...](http://thedailywtf.com/Articles/The-Source-Control-Shingle.aspx)

~~~
brown9-2
This is really interesting and I would love to know what the code in question
was responsible for.

Requiring that work on it be done single-threaded like this suggests that some
other part of the overall process broke down somewhere - the
developers/automated tests/continuous integration server couldn't catch merge
conflicts? Code reviews weren't done and made visible to everyone else on
changes to this special code?

~~~
sc68cal
Good question - though I don't think it's a problem of broken process, but an
absence of processes like you listed above. That's when these types of
"solutions" are devised/used.

~~~
marshray
Two things I've learned in my years as a developer:

1\. Sometimes the best process is old fashioned communication between people
with common sense.

2\. Never underestimate the power of a rubber chicken.

~~~
sc68cal
>1\. Sometimes the best process is old fashioned communication between people
with common sense.

I most wholeheartedly agree. Git, or a Source Control Shingle cannot replace
effective communication. In fact, a solving a merge conflict is much more
painful than a quick discussion.

------
edw
Perhaps I'm too attuned to NDA issues after having listened to the most recent
episode of Gruber's Talk Show (<http://5by5.tv/talkshow/46>), but I am
guessing that this guy is coming dangerously close to — and is perhaps
crossing — the line with respect to disclosing details about Apple's
technology and software development practices.

When in doubt, STFU. Not just for legal reasons, but also because you don't
want future collaborators and employers thinking you're a Chatty Cathy who's
going to tell everyone about your secret sauce.

~~~
phillco
I agree. He should remove the picture of that Darth Vader token immediately,
it's clearly a very important Apple trade secret.

~~~
JshWright
s/Vader/Tater/

------
svdad
So this is all well and good if you work with a team like this. But I have two
questions:

(a) How do you find out, before going to work somewhere, whether they actually
work like this? Are there questions you can ask? Word of mouth? ... ?

(b) If you don't work somewhere like this, how do you start putting
professional processes in place? Assuming in particular that you have never
actually worked somewhere like this, so you can't speak from experience, only
from instinct about what seems to be a good way of working.

------
lamby
> We had one, highly specialized piece of software code which could only be
> checked out, worked on, and checked in by a single engineer at a time.

Why? Also, is this common these days?

------
synnik
Wait a sec - "it was always an interesting experience to turn the store back
on after Steve Jobs walked off stage following one of his keynote
presentations"

??

Does Apple seriously turn off their store while Jobs talks? Or is he talking
about pushing new content out based on announcements?

The former just sounds... Odd.

~~~
groby_b
Yep. During keynotes, the web store is usually "down for maintenance". For
simple reasons - they don't want to pre-announce before "The Steve(tm)", but
they want to have all the new products immediately available after the
keynote.

~~~
synnik
Ok, but that sure sounds like a design flaw. I would have expected that they
would still have an option to push the new products live at the time of their
choosing vs. disabling online purchases of their existing products.

I would think an appropriate separation of content from the site itself would
allow them to reach their same business goals without deliberately giving
themselves an outage.

~~~
schrototo
It's not so much a technical issue as it is a marketing decision. The store
being down creates a sizable amount of suspense. Of course they could leave it
up if they wanted to, but it's as much part of Apple folklore now as Steve's
turtleneck.

------
tszming
It seems to me that the author was very proud of the O(1) sophisticated
caching algorithms invented at Apple.

------
stretchwithme
I was thinking the physical token would have had a USB connector that you
actually had to plugin to use it.

------
steilpass
"Before writing any production code, we'd write our unit tests." With XCode?
Somehow I have my doubts.

~~~
warwick
He mentions they're using Eclipse. The store is written with Java/WebObjects.

------
kevinburke
How can I learn how to test like Apple does? I feel like I don't know where to
look for good resources on thorough website testing.

------
vilda
I'm afraid the methodology described has little to do with Steve Jobs.

------
benihana
_When you're asked, during a job interview, which is the fasted lookup
function, don't, as is very common, say, "a B-tree." Perfect hash tables
always win, hands down._

Wait, saying a B-tree is the common answer?

~~~
thurn
Furthermore, B-trees are designed for storing things that don't fit into
primary memory. They _are_ the right answer for things like file systems, I
think almost every file system uses some variant of them.

~~~
lallysingh
Surprisingly not:
[https://ext4.wiki.kernel.org/index.php/Frequently_Asked_Ques...](https://ext4.wiki.kernel.org/index.php/Frequently_Asked_Questions#History_of_ext2.2C_ext3.2C_and_ext4)

<http://www.geeksofpune.in/drupal/files/8058778-ext34talk.pdf>

ext2,3 used an indirect-block tree structure. Ext4 uses an extents system
which is nicer, but still not (AFAIK, I've only skimmed this part) a B tree.

------
seanp2k
>"Coding tricks I learnt at Apple"

I'd wager "learning how to properly use 'learned'" wasn't one of them.

[http://www.urch.com/forums/english/9214-learned-vs-
learnt.ht...](http://www.urch.com/forums/english/9214-learned-vs-learnt.html)
"The _descriptive_ answer in American English is: There is no such word as
"learnt". Use "learned" always."

~~~
maukdaddy
Hate to break it to you, but not everyone on the Internets speaks American
English.

~~~
michaelcampbell
You don't sound like you hate it one bit.

