Programming Throwdown - 173: Mocking and Unit Tests
Episode Date: April 29, 2024173: Mocking and Unit TestsIntro topic: HeadphonesNews/Links:Texas A&M University Physics Festivalhttps://physicsfestival.tamu.edu/Rust vs Cpp at GoogleLars Bergstrom (Google Director o...f Engineering): Rust teams at Google are as productive as the ones using Go and 2x those using Cpphttps://youtu.be/6mZRWFQRvmw?t=27012Is Cosine Similarity Really About Similarityhttps://arxiv.org/abs/2403.05440Xz utils supply chain attackAndres Freund at Microsofthttps://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/Book of the ShowPatrick:80/20 Running by Matt Fitzgeraldhttps://amzn.to/3xyEKLoJason: A Movie Making Nerdhttps://amzn.to/49ycDJjPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrick: Shapez Android: https://play.google.com/store/apps/details?id=com.playdigious.shapez&hl=en_US&gl=USShapez iOS: https://apps.apple.com/us/app/shapez-factory-game/id6450830779Jason: Dwarf Fortresshttps://store.steampowered.com/app/975370/Dwarf_Fortress/Topic: Mocking and Unit TestsWhat are Unit TestsBalance between utility, maintenance, and coverageUnit Test: testing small functionsRegression Test: Testing larger functionsSystem Test: End-to-end testing of programsWhat are mocks & fakesWhen to use mock vs. fakeMocking libraries in various languagesPython: https://docs.python.org/3/library/unittest.mock.htmlJava: https://github.com/mockito/mockitoC++: https://github.com/google/googletest ★ Support this podcast on Patreon ★
Transcript
Discussion (0)
programming throwdown episode 173 mocking and unit tests take it away patrick i had a realization
i have too many headphones i also have too many
okay all right all right so i was thinking about it and i don't know how i want to approach this
we can approach this like a lot of different ways but i was just thinking about how many
different kinds of headphones i have in addition to just like the one all right so i i was trying
to think about so so i do i've been talking about it we're gonna talk about a little later it's my
book of the show spoiler alert but i've been running so i have a pair have a pair of running headphones that don't cover your ears because one, it gets
really uncomfortable if you run for a long time and there's something in your ear, but
also then you can't hear traffic.
So I have these like bone conduction headphones for when I run.
Wait, what?
Wait, what?
What is that?
I've never heard of a bone conduction headphone.
So it's kind of silly.
They're just like they focus on like vibrating
a piece of plastic that goes just in front of your ear like your i guess that's your sinus bone
and then so like for podcasts or like the gist of music it's not a hi-fi experience but it presses
in front of your ear versus in your ear canal so it's not shooting music into your ear if you
didn't know this uh wow this is like snakes feel vibrations through their like bottom
of their jaw if you put your chin up to like something you can you can hear with your ears
yes but you can you can vibrate the inside of your ear without like sound waves injecting into
your ear canals okay okay that's amazing they use the same thing in um like places where you can't
talk loudly they'll like have walkie-talkies that use bone conduction as well i think that's where the technology actually developed
because the sound signature externally is a lot lower um to other people these ones aren't that
great like if you were standing next to me you could probably still hear it and i can still hear
it through my ear canals as well but i can also hear it through not my ear canals um it sounds
cooler than it actually is.
Are these really expensive?
No, I bought super cheap ones.
You can buy even cheaper no-name ones,
but I have the, I think Shox is the brand.
Not endorsing them.
I've not tried more than one.
I just have one pair.
I bought them on eBay because I'm cheap.
Anyway, so just Bluetooth.
So I go from around.
All right.
Then I have, like when I fly, I have iPhone.
So I have Apple AirPod Pros with the noise canceling and you put them in. bluetooth so i go from around all right then i have like when i fly i have i have iphone so i
have apple airpod pros with the noise canceling and you know you put them in and but i only really
use them for flying because i know the battery is not great and so if i use them all the time and
again i'm kind of cheap so like i don't want to like burn through the you know life cycles of the
battery so but when i fly they're amazing because you put them in you can put them in transparency
mode don't do that on the airplane but you can also you know do the noise canceling and that's just like my noise
canceling uh if i am listening to music like at my desk when when you know people are around or
whatever i do have desk speakers which are pretty nice i'm not doing speakers it's another episode
um but but i have you know like more hi-fi headphones so i have in ear they call them um
i don't know if i don't want to use that term because
i don't know if that term is is is a is a super appropriate but um headphones that come from china
that you can order on aliexpress or whatever and they're like good bang for your buck so there's
like brands like kz or um there's people like this guy clinical he does like in-ear monitor reviews
so i'll buy some you know 20 or 30 dollars have like three or four of them this like hexa bass this like other like in-ear you know ones but then i also have a
biodynamic like large dt 770 with the you know headphone amplifier that sits on my desk that i
soldered together from this you know plans online with pcb so anyways like oh this is amazing the
over ear with the thick quarter inch jack plug you know but they're high impedance like 770 ohms i think or something very high uh no no
that's too high uh it's like 200 350 something large amounts of impedance you gotta you know
have something strong to drive them um and then i realized i don't even have any of the like
the normal like old school you know growing up it was always like the cheap
headphones earbuds like yeah right i have either the like thicker in-ear monitor style or over or
the wireless but yeah too many i think i like in a month i probably use at least five or six
different pairs of headphones i feel like headphones are kind of our, you know, generations shoes.
You know, like I never was into like the Nike air pumps back in the 90s.
Like I kind of was I was too young for that.
Well, I mean, maybe.
Yeah, but that that was popular when we you and I were like seven or something.
We kind of missed the boat on that.
But for us, it's headphones.
Yeah, I also have I have USB-C earbuds.
One thing I noticed is like, yeah, I guess my my headphone snobbery is that I don't want
the 3.5 millimeter jack like the analog.
I only want digital.
So I have a USB- uh set of earbuds uh or or earbuds um i have these use like uh i
don't know what they are but they're these actually use a 3.5 millimeter but you know you're at your
desk and it's a very kind of like like uh there's not a lot of motion or anything right as opposed
to when you're running with your phone but i'll actually run with my phone in my pocket a usbc
connector in the phone and then the wires
going to the earbuds and yeah they are kind of like a sweaty mess so yeah i probably need to
do better there but then i also have for for the airplane or when i travel i have a pair of like
over ear headphones they're really nice because they don't you know they're not touching like
they're only touching your head your skull around your ear so it's very comfortable but apparently i need these bone induction ones
that's not induction conduction conduction conduction yeah i forgot also when i mow the
lawn i have ear protection bluetooth headphones so i think i have big oh man i have yeah i actually
use those for that too but i don don't have they're not ear protection.
That's interesting.
Yeah, I have ones that, yeah, they're like work like job site, like noise reduction, because I noticed lawn equipment is very loud.
And if we could do meta on top of meta here, I was going through all the Spotify comments.
Thank you in general, folks, for comment on the show on Spotify, on other places.
I do read them.
And basically, the number one comment is like a variety of ways of saying, thank you.
We like the show.
And so thank you.
We like doing the show.
The number two comment theme is, oh, my God, how does it take so long to get to the topic? And so I will just
tell everyone right now, it takes
about half the show to get to the topic.
That's what we do.
Maybe we
should split it in two. I don't know. We're not
going to. But yeah, it's like really two shows
in one. It's the casual
and some podcasts do that mix in the
stream. They'll have one kind of show and another
kind of show. We really do have two shows shows we just squish them together yeah you know i wonder
if it would be better if we put the show title in quotes because i listen to you i don't think
that makes a difference well i listen to like uh this guy sebastian meniscalco he's a comedian
he's hilarious he's italian he tells a bunch of italian jokes as a fellow italian i can kind of relate um
and uh you know he'll have the thing like trains will be the show title and they won't get to
trains until like two hours in but but it's in but it's in quotes i think the quotes are where
it's at so because they're quotes you know that like it's not going to be just hit you over the head with trains yeah i mean the other comment is uh i interrupt jason a lot i apologize i do it's a latency thing
is my my excuse wait really i don't feel like that at all oh i don't okay um also a correction
i miss i i mixed up the guy who 3d print speakers i think his thing is hexa based that the clinicals
headphones was the truthier hexa so
i'll have to self-correct so i'll have to feel bad about it later when i go to sleep
that's the third most comment most most frequent comment no i i always feel bad i often do realize
that i say things incorrectly it's just like what are you going to do about it yeah i mean i think
that's that's totally we definitely say a lot more correct things than incorrect.
We're batting for one.
Oh!
Go ahead.
I'll continue the trend of doing incorrect things.
I will show Patrick something that nobody else can see.
So you're just going to have to give an audio version.
But this is my Nintendo Snitch.
So for all the people at home, you can't see this.
What this is, is I took a Nintendo Switch controller, the Joy-Cons, which are just Bluetooth controllers that can plug in anything.
I got a Waveshare LCD panel, and then I have a Raspberry Pi that's like mounted into that.
Wait, until you tipped it up and showed me that it's like eight inches thick.
Like on the front, it looked exactly like,
I just thought he was holding up a switch.
I thought he was going to,
it's going to be a use,
you know,
news section,
but like we didn't add that anyways.
Uh,
no,
actually he is holding up a,
uh,
it is looking blue box.
That's like eight inches.
Yeah.
I three printed this box.
And so then the,
the,
the wave share LCD panel actually comes with speakers.
It plugs into the
raspberry pi and then on the raspberry pi is this obscenely large battery pack uh this thing probably
has a zillion hours of battery life but it weighs like a ton um and then the battery pack has a
like a two-prong connector that i connected to this button that I guess people use for like boats,
but it still works. It's a marine grade waterproof button. I have a marine grade
waterproof button on this 3d case, but if I hold the button down, it turns on,
I'm not going to do it because it's, it's a, and it boots into retro pie and I have all the NES,
SNES, all those games on there. Oh, what? Okay. But yeah, does it have a fan?
It does not have a fan.
It's all passive cooling.
Oh, okay.
So the thing that the joke for people who have the Steam Deck is when the fan starts running,
it produces like this very particular odor.
That's that gives you cancer.
No, I'm probably I assume it's just like thermal paste or whatever.
But yeah.
I smell the vent. Like you just like hold it up and you're just like, oh, it's just like thermal paste or whatever. But yeah. I smell the vent.
Like you just like hold it up and you're just like, oh, it's the smell.
I'm playing a good game because the guy's working hard.
You know, the little.
OK, sorry.
If you watch the index out there, they know what I'm talking about.
One time I opened a wrench set from Harbor Freight.
And it had this really nice smell of like, of the plastic or the rubber tpu that they
use on the handle of the of the wrenches and then i got a cold right afterwards i was pretty convinced
i had sars or something but i still lived um if you ever open surplus military stuff from like a
really long time ago it also has like this particular like varnish-y smell from like some of the oil
that they like preserved all the stuff in yeah yeah okay anyways now we're people are definitely
i was gonna say hanging up this is not a phone call so they're not hanging up by they're just
if this was real time you just see in real time the ratings plummet i'm just um yeah all right
we'll jump into news we We'll cut our losses.
My news article is Texas A&M University Physics Festival.
I went here with my kids, had an absolute blast.
If you don't live in Central Texas, it's probably not convenient.
But the real thing that I wanted to post about here, beyond just having a ton of fun,
is this is really a win for social media.
I'm not on Facebook or any of these things.
I am on YouTube.
I consider YouTube to be the closest thing to social media for me.
The only time I really go on Facebook or other social media is if people reply to our show.
So we post the show through an app called Buffer. If anyone makes a comment
on the show or replies to the show or anything, I definitely read it. And we have some several
interesting threads. But I personally just don't have it in my routine to go on any of these things.
But I do go on YouTube. And YouTube recommended me a video from this physics festival last year.
And it really dialed in and knew that I would like it, knew the kids would like it.
And we watched it. We did. We enjoyed it. Had a good time.
And it was local. So so I said, hey, let's look it up.
We found out when the next physics festival was, which was this past weekend.
And we've been eagerly waiting for the past few months um and then we went last last last weekend and you know when i came away thinking about it
i think about was you know there's so much of a stigma about about social media and and all the
damage it does and everything and and i'm not discounting any of that but here was an example
where you know i got recommended something
from youtube that i never would have even thought in a million years to look up um because we were
watching a bunch of science things and it happened to be kind of local and it turned into like a real
world day trip that we had a lot of fun and so it's kind of like a win for social media that
you know often these things go unnoticed wow yeah that's that's cool yeah yeah and if they're if if you if you uh um if you
have some time folks out there check out if there are any kind of like physics or math festivals
around you when we lived in the bay area um there was a university i think think it was San Jose state.
One of them had a physics festival and I'd go every year.
It was a lot of fun. And basically they just do cool experiments.
It's a lot like being in high school physics or chemistry. Again,
where your teacher blows stuff up, lights the ceiling on fire,
stuff like that. You over the the weekend they made a solid nitrogen which you can only find
naturally in like uh you know gaseous uh planets like jupiter and saturn and stuff but actually
they made it right there in front of us so um so yeah really really cool a lot of fun and uh
glad i found out about it it looks like there's actually a map at least for the united
states of universities on here that have physics festivals so i see one sort of near me so i have
something to do after the show nice very cool uh cool my topic which is a topic in itself and i'll
probably not talk about that topic too much, but talk about something slightly different. Anyways, is there was a YouTube video from a, um, a rust convention conference, um, from
Lars Bergstrom, who's a Google director of engineering.
And he said something which I don't, I don't know, viral.
Like, I don't know what the bar is for viral to Jason's point, I guess, like being on social
media.
I think I saw this one.
I'll remember on hacker news or Reddit.
Um, but you know, got a lot of people engaged about it.
And we're talking, which he had a slide in the slide deck, which was the thing that got
passed around saying that, I'm going to sort of summarize here, but basically that at Google,
they collect statistics and that the Rust teams, teams programming in Rust at Google
were about as productive or maybe even a little more
i don't remember i think we're saying about as productive as the ones using go which go is the
language google developed um and that they were 2x more productive than those using c++ so basically
i guess he uh i don't know whatever the equivalent of lighting a molotov cocktail and throwing it
into the internet was um this is not his words and these are not mine um and this
is interesting itself and i was we actually had a couple other c++ articles in here but i i turned
them i i took them back out so uh maybe some other time but there's this sort of feeling going around
and everyone kind of always has these battles like what language is better than another um and so from some of the commentary that was interesting is that just metrics around
like programmer efficiency are so subjective and difficult like you think it's relatively easy
but just the amount of like this relatively straightforward statement like is this meaningful
is this useful is this something that like you should incorporate into
your beliefs about like selecting a project a language for a project or a project to learn
or is this just noise or is you know for everybody on one side you can probably find somebody on
another side um and just even the metrics were you know these teams doing greenfield programming
you know just exactly starting a program from scratch are they doing maintenance i guess he was actually saying that you know that there some of this was for
people basically porting from c++ to rust and that they find which again is difficult is like c++
maintenance is very expensive and difficult that is like to fix or add features to existing code
bases takes you know some unit time rather relative to you know, some unit time, rather relative to, you know, adding features,
but then people bring up, well, maybe C++, the things implemented in them are themselves the
more difficult tasks. And so, you know, adding a click box on a website is a different task than,
you know, changing the compression scheme of, you know, Bigtable, or whatever, right. So
it was just an interesting discussion that even in a company
with as many very talented engineers as google to sort of like understand what should they do
what about by like what about what people know and don't know do you incorporate the cost to
cross-train people uh in these other languages like it is it if you go you know if you have c++
they also have a lot of java rust go now they've
got like how many python how many different languages do we want tools infrastructures and
expertise in this is like a very high dimensional design space to be in and it is very interesting
to watch as things play out over the years and years and And my preference is for sort of like learning,
it's great to dabble your toes, this podcast, others in lots and lots of languages,
and then be slow on your sort of like core, core expertise, like what you're actually picking up
and committing to and taking jobs in and that kind of stuff. Because you picking wrong is very
expensive. And you know, picking just something that doesn't get support or gets killed or dies
off, which is we can point to many things around that probably even we've covered on the
show. But just Yeah, it's very interesting to watch as this long game plays out. And people
try to take measurements and, and sort of prove or disprove the status quo and sunk cost fallacy.
And you know, all of those things about how to make decisions going forward. So anyways,
there it is this this person, Google Director of Engineering,
saying that for them and their measurements,
that he was finding great value in Rust.
Yeah, I mean, exactly.
You covered it.
I mean, I think there's so many confounding variables.
It's like the language that we just started using
is so much more productive than the one
where we have 20 years of technical debt.
You know, I mean, it's like a ton of compounding variables. I actually, there's an amazing
set of markdown files in a GitHub repo dedicated to teach people who are C++ engineers about Rust.
And it goes through assuming you're really good at C++.
I went through that and
it gave me a really good handle on
Rust. I've yet to
need Rust or C++
for a new project,
but when I do, I think I'll
give Rust a shot.
But yeah, I mean, I think
languages will evolve over time.
Um, it's good to know as many as possible so that when you go to part of, I think, learning
so many languages is that it frees you from making language part of the reason why you
pick a job um you know like uh you know my story after
you know i finished my college degree um and uh i went kind of like looking for my first
kind of post graduate job um you know i ended up like writing uh javascript and i never really
done it before i'd only ever done C++ and Python
but you know I think that if I had
made language a big reason for choosing
a job I think I wouldn't have necessarily got the best
job so it's good to know a bit about everything
and yeah take all
of these things the big
helping heap of
salt but
but
yeah I do think that you know eventually like rust go these
things will eventually take over c++ that's how it kind of how i'm reading it i mean what's your
take patrick oh i i don't know enough quite yet i I mean, to be clear, people still program,
like there are still assembly code needs to be written,
you know, not as much as it used to.
C is still written, probably not as much as it used to be.
I think some languages, once they reach, you know,
a certain level of critical mass,
they probably don't go away.
And what you see is, I don't want to say like it's a zero-sum
game because i think every year more software is written but i think what you see it is like
the relative portion of new code getting written i don't know again this is a hard metric yeah when
you're talking about percents it's always a zero-sum game yeah and so okay yeah fair fair
enough uh but i think c plus plus market share is probably not going to see new highs.
Right.
Um, I think, I think market share, it'll, it'll continue to be a core part of, you know,
some call it deep infrastructure or whatever, or a very long time.
There's a lot of really great, you know, high performance software that, that exists in
it, you know, and a lot of expertise in, in doing those kinds of things. You know, and so I think that will continue. But yeah,
I think you're right. I think for a lot of stuff, it doesn't need to last for 10 years. And so,
you know, it, you know, the expertise for how to maintain and use that, you know, doesn't there.
And, you know, I think Rust and Go, they're using Rust, you know, for parts and you know i think rust didn't go they're using rust you know for parts
of linux and trying to i think that's a great inroad to see it you know being used in software
and uh we almost talked about the white house memo on c++ i think that's another one is just like
by default you know just adding an extra layer of memory safety that that is difficult in c++
although it has gotten much better um yeah i i do i think c++ probably won't
ever see new highs but i think there's some places where nothing else is even in consideration right
now so if you go to a game studio and you're writing a game engine or i mean maybe i'm wrong
those people there's so much you know you said tech debt i guess but like the reverse like what
do you call like tech inertia like there's so many utilities and math libraries and optimized spatial indexes and all
of that stuff and it's all in c++ it would be a massive investment to port all of that to something
else or write good you know adapters for and all that stuff is continually getting improved
and so it's a it's a huge sunk cost to just switch um to another language yep That was a non-answer. Very long-winded non-answer.
Yeah, I think you're totally right.
I think, yeah,
I think you really can't go wrong
learning as many languages as possible.
So if you're really into C++,
you have nothing to worry about.
If you are learning Rust
and this is day one,
you have nothing to worry about.
I think all these languages are going to be popular for a long time.
All right, my next news story is,
is cosine similarity really about similarity?
So let me kind of paint this picture for everyone.
So in AI and machine learning, you have to,
or maybe just in computers,
you have to represent things with numbers, right?
So yeah, just taking a really big brush here,
like if you have an image, right?
That image at the end of the day is a bunch of pixels
and each pixel has an RGB value.
And so it comes down to numbers, right?
So that image is represented as numbers
ultimately as bits right um but you know you might want to do things like say are these two pictures
similar and you have to have some kind of like semantic understanding of similarity uh the joke
that always comes up is i think this was like some joint project with the military and mit like 80 years ago or something but they trained this classifier that took in
pictures of tanks and tried to predict whether it was a friendly or enemy or yeah friendly or
unfriendly tank and um they collected a bunch of friendly tank data um They moved all the friendly tanks out of the way.
They brought in all the enemy tanks.
They flew over them.
They collected a bunch of enemy tank data later in the day,
trained their model,
and their model ended up being a time of day predictor, right?
So because they had done one collection and then another
at different times of day, the model learned,
oh, and the sun is setting.
It's an enemy tank, right?
And so you can't use just raw pixels to, you know,
you can't draw some distance function between raw pixels
to say whether two images are semantically similar
because of all these other effects, right?
So what you end up doing is creating
what's called an embedding, which
is just like a semantic projection of a picture.
And the way you do this is you have a bunch of humans
tell you whether these two pictures are the same or not.
And so now you have this data set that says,
here's a picture A, here's picture B,
and yes, they're the same or no
they're not the same so in the case of the tank example you'd get two pictures hopefully at
different times of the day but of the same tank and and a human would say yes those are actually
the same semantically the same thing um once you have all these this data set of of triples of image one image two
and whether they're the same or not train a model get an embedding and so now you have a point so
you actually have a you know a function that takes an image and turns it into a single point
in some high dimensional space and so presumably you know two points are closer together
if they represent the same thing um now here's where it gets interesting is what if you have a
point that's like a dog and you have another point that is like maybe maybe one picture is
a dog but the dog is far away so there's there's you know like a empty road or maybe like a green
screen maybe it's literally just a white background and a tiny dog and then you have another picture
that's like a bunch of dogs filling up the whole screen
right the second thing is like very very dog you know the first one is less dog and so but but
they are aligned in that they both represent the same concept the second the first one is just much
more extreme or much more emphatic saturated version of that concept right um so people when
they're doing these recommender systems this paper came out of netflix when they're trying
to recommend movies and stuff if you see rambo they want to recommend some other kind of action
movie right and they don't want to not recommend something that is like maybe a little bit less actiony than Rambo, but is
directionally aligned, right? So that's where this cosine similarity came from. So the deal with
cosine similarity is you're just looking at the direction from the origin to that point. And so,
you know, if the direction from the origin to Rambo, if that direction is the same as the direction from the origin to Top Gun, then they'll recommend Top Gun to Rambo and vice versa, right?
What they're afraid of is if something is not too action-y, then it's just going to get recommended a whole bunch of other things that
are that don't easily fit into any other category, right? So something that's like a little bit
Rambo-y might get recommended to something that's like a little bit Barbie or something, right? And
it just wouldn't make any sense. So cosine similarity is supposed to like prevent that
when you're close to the origin. But TLDR, it doesn't work very well. They did a bunch of
studies. I've always been very skeptical. So I'm kind of glad to see this paper come out.
In general, it's good to read papers that affirm all of your pre-existing beliefs.
Confirmation bias.
Confirmation bias. But it's a fascinating deep dive into this. And there's other similarity
metrics that work better.
And in general, when you're dealing with all these complicated embeddings and stuff,
this idea of direction, it kind of falls apart at high dimensions.
And so it's one of these things like intuitively, you could kind of picture in your mind like a clock.
And yeah, I want like, you know, the two hands of the clock to be pointing in the same direction.
But all your intuition falls apart when it gets to like, you know, 100 dimensional spaces. And this is just another example of that.
Anyway, it's a really fascinating paper.
I feel like it's pretty accessible, too.
So it's pretty good.
There might even be YouTube videos that explain it
in better detail than reading the paper.
But I had a lot of fun reading it.
Yeah, I think the struggle for me,
or so interesting, I have to check this out
because I'm curious what other alternatives they provide.
But the thing you're mentioning where you have a vector
that represents high dimensional space,
and just even saying those words is something that
always feels like just out of grasp for intuition for me.
But when you read something that's like,
what is the volume of a unit sphere as you move up in dimension?
So in 2D, you have a circle.
In 3D, you have a sphere.
You have like 4D, and you keep going up and you start to get,
but I'll say is like very unintuitive.
I mean,
you can kind of just know it as a fact later,
but it's unintuitive that like the number that's attached to the unit.
So obviously like you get like meters and meters squared meters cube meters to
the fourth,
which we stopped losing,
but the number that goes in the
front the behavior of that number as you go up in dimensions like starts growing and like start
shrinking and then it gets like smaller and smaller and smaller like the geometric stuff
that you start thinking about like because someone drew you a picture early on doesn't
always work when you start getting like like you're saying like to very high dimensional
spaces you're not even talking like like more than finger and toes dimensions right like you're saying, like to very high dimensional spaces, you're not even talking like more than finger and toes dimensions, right?
Like you may have a vector, which is a thousand dimensions.
And it's like your ability to reason about distance
and that is probably like not super intuitive.
And so, yeah, being careful about this,
like you can't explain the concepts, but it's also, like you said,
some things that you think should be really obvious
could stop working for non-obvious reasons
if you're sort of trying to build from intuition, at least as a, I'll say a lay person in the field like myself.
Yeah, that sounds right.
I think it's very hard to have intuition about these spaces.
I mean, even researchers, you know, and so it's a lot of it is empirical and trial and error. My last news article is about the XZ utility supply chain attack.
Well, that's a lot of words.
So if you miss this, this news is pretty interesting because I think folks have warned about this
for a really long time.
And this one is notable because it actually was prevented.
And they're still not 1000% sure
about the intentions
and what was going on here.
But basically there is a library, XZ,
that does compression and it's used
by a ton of Linux utilities
and a researcher
or a researcher,
an engineer at Microsoft who does a lot of
work on databases. Oh, I'm not
sure I want to say their Andre and then it's F-R-E-e-u-n-d i'm not sure how to say the last name um do you want me neither
okay i thought you were leaning in like you were gonna say it uh okay uh so pretty like it's just
one of those things i've always seen it written i don't know i think frond broid i don't know
i'm gonna look it up while you... Pre-end? Okay.
Yeah.
Ask ChatGPT, I guess.
So they were doing some examination of some performance issues.
And they were actually using tools.
They were using Valgrind.
And they were having performance issues with SSH.
And they were trying to figure out what was going on.
Why is it taking it abnormally longer than it should? And they were trying to figure out what was going on. Why is it taking an abnormally, you know, like longer than it should, and they were trying to run it down,
which itself is very observant, because most people are like, I don't know, like, I'm on a
sort of pre release build, like, who knows, it could be flaky for many reasons, but they were
they were going to run it down. And so they ended up, you know, sort of running to ground and
figuring out that there was, you know, SSH depended on another another library which depended on xd for some of its you
know compression that it was doing and that a change in there had triggered it and people
basically like that thread started to get tugged on and like unwound and it turned out for for
basically several years that someone had started contributing to this this package and then they
had done a couple sort of like
weird, but not super problematic things like, oh, let's turn off some of the performance monitoring
for a certain configuration of the software, like fuzzing. And then through a sequence of
seemingly unrelated steps, we're able to get code that would allow basically a backdoor to be installed to where if you sort of knew the
special sort of key to send to ssh like you could basically start to include your own payload and
then run code and yeah basically it would be like anything that had ssh would just be you know a
huge problem um and be susceptible to this backdoor and it's one of these stories where it's not so it seems like ssh was being targeted
by something that was like two layers upstream right and this is why they sort of call this
this supply chain attack which is if you think about software you're writing and think about
the libraries that you depend on and then the transit of the libraries those libraries depend
on the libraries those libraries that those like and so you hear this, you know, people,
at least in sort of people I work with,
you know, oh, it's so funny, you know,
NPM broke because there was a left justify
or I forget what that, you know,
a white space, you know, library
that all these people depended on
and it got, you know, it got broken
and, you know, NPM went down.
Ha ha ha, like it's funny.
But this was very serious.
Someone had worked for years to basically open up
the possibility of installing backdoors in SSH.
And so it wasn't even something that was detected
in the action itself.
Someone just happened to be paying attention
that code was taking a little longer than it used to
and basically found this out before it got widespread.
If it had become widespread,
the amount of work to sort of roll it back or sort of like find all the places and enroll the upgrades for
like it would have been sort of months where this would have existed and he and if it had you know
gone a long time without being found out who knows how like many versions would have you know had this
in it and uh no no necessarily like call to action for all of us to go just it's just like food for
thought i guess that hey we actually depend on for software so many things that you just can't
possibly sort of be paying attention to and watching and even if you are if there's a
determined you know opponent on the other side like the the sneakiness that they could be working
with just like it almost becomes mind-boggling um yeah this is wild so the way they're pronounced the name is frying ah there
we go thank you um but yeah this is really fascinating i highly recommend folks go to
the show notes and read this article from ars technica because it has some really interesting
infographics um actually the whole article is extremely well done.
But yeah, I actually,
we actually interviewed someone a while back
just on this topic,
but I hadn't heard of such a high profile attack like this
until now.
Yeah, this is relatively recent.
And the curious thing would be,
there's no way this is isolated, right?
Like there's no way, like this one was found and I don't know, call it just like sneaky
suspicion.
If we found this one, you got to imagine that there's 10 more, a hundred more.
I don't going to, you know, there's the chance that this is the only one, especially, I mean,
again, I don't think there's concrete evidence of this, that, you know, it being a state
sponsored attack or whatever, but let's say it was the chance that this is the only place they were doing this and is is got to be approaching zero.
Which means there are probably other of these out in the wild today or already happened that we just haven't found out yet or have, you know, haven't discovered.
And so for cybersecurity, this is a, you know, talk about always about security and depth, right? Like thinking through multiple layers and making sure that, you know, you don't just rely on one system to protect you.
And just, you know, brings brings that to even more of a prominence.
Yeah, I mean, this is fascinating.
I'm just speechless because I'm going to have to read this in more detail afterwards.
But absolutely unbelievable.
Yeah, I mean, you know, I mean, this is kind of a side topic, but I do have folks come in with pull requests
for Eternal Terminal, and they add flags, and they update the readme and all of that.
I'm extremely grateful for that.
But it does show that you really have to be vigilant.
I mean, in a sense, I'm a bit fortunate in that I'm like benevolent dictator of Eternal Terminal,
so I see every pull request.
But at some point,
we'll have to find somebody to manage that
who will be vigilant and, you know,
this can't happen to that library.
It's just kind of a wild way to... Well, in i mean this would have affected eternal terminal because we're still using open
ssh yeah i think also the like the the thread of like i'm gonna you know sort of years in advance
putting some code in some place that isn't you know we're going to talk about unit tests today
and i put some code in some unit tests maybe people aren't paying as much
attention to but then later and and sort of everyone knows that that's probably fine right
it's just a test but then later someone you know then saying oh hey this code over here i'm going
to put into a common utils thing so we can use it you know it's it's useful in tests let's just use
it in our main library too and now because you're like oh that code's been there a while like it's sort of tested there's nothing wrong with it so you get this like it's credible by
like maturity which you know like we never run into a problem with this code before
so you forget that we've never really thoroughly reviewed it so maybe now it gets into a code that
normally would have had a more thorough review but because it's vetted code except that it wasn't
you sort of
slowly get this, you know, upgrading of privileges through the stack, where like, you code can kind
of move from place to place. If you're not careful about like, even in your own code base, your
provenance, like this code came from test, if it moves out of test, it has to undergo fully thorough
review no matter what, know i i that's not
a policy that i would imagine most teams probably run with yeah yeah this is totally wild um
wow fascinating all right um yeah my mind is just blown i'm just reeling from that so folks
definitely read that uh on to book of the show what's your book of the show patrick well i already
foreshadowed it but uh i read a book i've been running i'm more trying to you know be fit as
you know it's always a good goal for everyone um and this is by matt fitzgerald this book's a
little bit older now and it sort of shows his date a bit but it's called 80 2020 running. I think at the time, this was a very substantial change to the way sort of, I don't say like
anyone can go run, right?
Like you got a pair of shoes, whatever, and just go out and jog.
But like, if you want to sort of like get kind of serious about, we were talking headphones,
you don't want to just go on Amazon and buy headphones.
If you want to like, what is a good, you know, what's the knee in the curve of the value
to performance?
You know, how much, what's the best headphones vogans i get for 37 you can do research if you're going to be like that like me uh with
running then you're sort of thinking like hey i can go out and run but what's the best way what's
the best way to get better do i have to get better no i mean but i want to get better this is good
are you trying to train for a marathon or anything i mean i did run a half marathon i'm not currently
training for a marathon i might at some point i'm not doing it right now. But just trying to be able to run for, you know, at any distance, just run faster than I have before. So for longer distances, you're normally you can't run as fast, right? So you, right, you can start fast and then slow down. But you try to kind of pick the speed, you can you know 10 kilometers or 10 miles or you know as
you're sort of working through these just you know improving over time and i've mentioned before you
know tracking it through various websites and a running watch and this kind of stuff uh you can
you can see your improvement and you can also see you know resting heart rate going down your vo2
max going up so things which correlate with longevity and health you can also see
improving so part of it is if you just run the same thing all the time it becomes easier and
easier to you so the health benefit starts to go down as well because you need to be oh i see so
if your if your heart rate doesn't go up at all right like you know if you've never walked and
you start walking and it's going to be a lot of work but then you keep doing keep doing it unless
you're you know keep pushing a little bit now you have then you keep doing it, keep doing it unless you're, you know, keep pushing a little bit.
Now that you have to go all out or even race, but you know, you're, you just need to kind
of always be, uh, exerting your body a bit.
Um, and so this book though, 80, 20 running, talking about that, um, an observation from
elite people and an encouragement to even amateur runners that, you know, to spend 80%
of your running at what they call the so-called easy pace.
If you get into, you know, heart rate monitoring, running at what they call the so-called easy pace if you
get into you know heart rate monitoring they'll call it like zone two but basically go at a pace
that you could talk at and then 20 to do at you know what i would have done when i was younger
just like run as fast as you can until you're you know got a stitch in your side and you're
killed over puking on the sidewalk you know reserve, reserve that for, you know, you know, 20%. Um, and the thing
isn't to sort of run the same, but run it slower. The idea too, is like, if you want to get more and
more at the high speed training, it comes with a commiserate increase in how much time you spend
at lower speeds. So interesting book, um, it is much more accessible now that it's the entry price
for getting something to monitor your heart rate is really cheap.
So you can either just get a strap or a watch if you already have a phone, you know, that
will pair with your phone and tell you what your heart rate is.
So you can watch it.
Nearly everyone can do it.
You know, it's not a barrier to entry really, in my opinion anymore.
And this is something that elite folks, you know, struggle with being able to do.
You couldn't target a specific heart rate because they didn't know what it was and like running with your finger held against your you know neck is
it's probably not a great way to count while you're you're running but yeah it was a very
interesting book if you if you're trying to get you know into running or serious about running
and running 5ks 10ks half marathons marathons and how to do it in a way where you are effective at
getting better uh and not getting injured and this is a good book not
very techie i kind of come up with a good tech angle for it but uh this is what i was reading
about so oh that's awesome yeah i guess like i mean you know goes without saying take care of
yourself you know i think uh um i think patrick and i i mean we're definitely not pro athletes
by any remote stretch of the imagination i have zero hand-eye coordination um but but like you know we do like uh take care of our body i think it's
really truly important and i think yeah i think a lot about my dad who is you know in his 70s
and he's still just completely active um you know uh like like uh you know and he talks about it i think slowing down his body
and stuff you know at that age but but he's still walking around he's still doing all the same
hobbies and everything if you want to you know have that kind of a life for that kind of a duration
you have to put in put in some effort to stay healthy um all right my book is a movie making nerd so i um i used to love watching uh
this guy's name is angry video game nerd is the name of the youtube channel um the the gentleman
who plays angry video game nerds james rolf um you know i've watched these these shows uh for
many many years had a ton of fun.
I saw the book come up in Amazon.
I thought, let me buy it and really just support this person who I thought has made a lot of
great content.
I went into it pretty skeptical.
So I thought, oh, I'll read the first couple of chapters and then I'll just delete the
book.
But I felt like my job was done by buying the book.
But it was amazing. Actually. Uh, the first part of the book was phenomenal. Um,
you know, he has a very interesting background. He struggled a lot with, um, anxiety and mental
health and these things as a young child. And so, um, he went to like a special school um um like a special
education school for most of his uh grade school he he didn't go to a traditional school until high
school um even that was like a really big decision where people didn't know what happened um you know i just i don't know it could really uh it
really related to you know i think when when i was like really into computers and programming
all these things at a really young age and at a time when you know like 1980 nobody's really into
into any of that stuff um but i think that you know it kind of connected the book really connected with
me on that level of like being really young having like so in this case you know despite the fact
that the the videos are all about um video games and everything that the james rolf is actually not
like a really hardcore gamer or anything he's really a movie producer who found it interesting topic. And, and 90% of his movies up until he got popular with this one were horror
movies and things totally unrelated to video games.
So,
so his,
his passion is movie making video making.
Um,
but,
but just seeing someone kind of have like a really strong passion very early
in life and like
all the,
all the challenges there and the anxiety that he went through and everything.
I thought it was amazing read.
I will say it kind of falls apart at the end in the sense that,
you know,
if someone says,
Hey,
you know,
I've reflected on myself for 30 years and here's my conclusion.
That's very different than like
a month ago you know like it's like it's like when the book ends it's like yeah you know last month
you know i made a movie or something and it's just that part of it it kind of fell a little flat
you know i think it's it's a kind of book that ideally someone would write like when they're very
at the you know kind of at the end of their story and this person
is probably the same age we are patrick's he's probably in their 40s kind of in the middle of
their story and so because of that the book could really end in a good way uh a really conclusive
way but um it is worth buying just for the first first half of the book um and and another thing i
actually i never it's actually my first time ever doing this, I think, ever in my life.
I emailed James Rolfe.
I said, hey, you know, the book like really spoke to me.
You know, I thought it was awesome.
You know, and I didn't hear anything back.
I thought, well, you know, this person doesn't really read their email.
I mean, we barely keep up with our email and his videos like a hundred times as popular.
Um,
but then he wrote me back like a few months later.
It's like a week ago.
He wrote me back just like,
you know,
thanks for the kind words.
So,
um,
so I thought that was super cool.
Um,
and,
uh,
yeah,
I thought the book was,
was a great read.
Awesome.
I have to check.
I didn't,
I don't think I know anything about them.
So this is a new,
uh, new, have you ever seen the, angry video game nerd? awesome i have to check i didn't i don't think i know anything about them so this is a new uh
new have you ever seen the uh angry video game nerd he like breaks nintendo cartridges and
this this is one of those crazy things like you run across and i don't i haven't looked them up
but i uh if i open youtube it's going to start playing audio so i'm trying not to do it try to
resist the urge um but you'll run across someone it's like i have like you know three million followers like how do i not have i never bumped into this before the
recommendation algorithm or whatever i guess i'm just too cosine dissimilar from whatever topic
that this person is in so maybe they need the netflix algorithm at youtube and i'll uh i i
would start getting recommended these videos yeah i'm trying to think how i got recommended it i
really can't remember it's been so long but uh um i don't think that it randomly showed up because
i'm kind of with you like if you were to look at my youtube now it's all like physics stuff science
stuff geeky stuff right um i feel like probably this came from a friend, but either way, it's a lot of fun.
Time for tools of the show.
All right.
I'll kick us off.
I have been one.
So we talked about before Satisfactory,
Dyson Sphere program, right?
Dyson Sphere program.
Yeah.
The Factorio.
I guess you call them factory games uh
you were recommending Cuba Factorium I have it on my Steam wish list although my backlog is way too
long um but uh so I have been wanting something to play on the go I mentioned you know being on
an airplane um and you know just having downtime I do have a Steam deck but it's kind of a thing
to take out you know you can't just play it for a few minutes um and i had bumped into before you know in searching factorio for iphone of course there's no factor on the
iphone and i don't blame them uh it would be it would be kind of not the right fit um people
always were recommending this web app shapes uh s-h-a-p-e-z um and i tried it on the web you know
kind of like okay recently i i don't think it's been around that
long they made a port to ios and android and so i picked it up and it yeah it is it as a game i i
much prefer dyson sphere program or factorio um but again they wouldn't play well on an iphone or
even i do play factor on my steam deck but
because it's that good um shapes isn't that good in my opinion um but it is fun it is it does
scratch that same itch and it is mobile so if you've never played chase before i don't know
how it's on android on ios i think it's free to download and they give you a pretty generous demo
that you can sort of play through i think factory is the same way um anyways a pretty generous you
you definitely get the gist.
If you're not liking it, don't buy it.
But if you're like, yeah, yeah, this is good.
You know, I don't remember a few dollars
to sort of do the in-app purchase to unlock it.
And yeah, play.
So Shapes, not really a tool, but definitely fun.
Yeah, I'd be really curious how it works on the phone.
Like how do you get conveyor belts to go
the direction you want and everything i mean in general you click and it kind of puts it randomly
but when you click the second time to sort of like connect them it it sort of figures out the
orientation so it can be really fidgety like if you have oh this is if you have like two an output
and two inputs separated by only a single square so like
you know you have an output and then you have an input to oh this is very hard from video
anyways if things are very very close to each other it's very difficult for it to determine
what you're trying to do but it knows like oh if you're clicking you're probably connecting an
output if there's an output in a adjacent square and then if there's an input in an adjacent square that's probably where you want to go so in general that gets you through
the vast majority of cases but there are times where like there's two outputs that it could go
to and it won't always choose the right one and i have hit some glitches with the tunnels like
not like they look connected but they're not connected and so you have to like delete them
and put them back in again um but yeah overall still i i i don't know of any other game that is that cosine similar to
uh factoria i'm gonna just keep using that one anyways that it's in that same direction than
this and so it has helped me with this uh desire of mine and it was one of those ones where sometimes
you want something and you get it and you're like that's not really what i wanted uh this one was not that so i've been enjoying oh
very cool i'll have to check it out it is better on a tablet than a phone i will say but again i
have my phone with me all the time and not so much the tablets yeah that makes sense i have not tried
it on my watch like zoom in you have to use a little crown to zoom while you're running yes that'd be great
um my tool this show is i can't believe we haven't covered this dwarf fortress no way
speaking of uh things that cause anxiety or fortress um you know a game that has
absolutely no saving but you will like frequently destroy yourself
i didn't know you couldn't save wait i've never played it before i know i've read a
match about it but i've never played it's like minecraft where you know the world persists and
so you can't really go back so like in minecraft you know if you accidentally burn your house down
it's gone i mean you can like you know obviously go in the file system and do stuff.
But generally speaking, it's gone once you make a mistake.
But yeah, so Door Fortress is on Steam.
It's been on Steam for a while.
Door Fortress was free for many, many, many years.
I think 11 years it's been in development.
They went on Steam.
They've sold enough copies to make them,
I think something like eight or $9 million
between the two of them, which is great.
They, yeah, they asked Tarn Adams,
how do you feel being like a millionaire?
And his answer was like,
well, you know, I would have made twice as much if I had just gone to Google
or something like that it was pretty funny
he's like but you know
I'm pretty happy to be making half of a
Bay Engineer salary or something over
11 years
his answer is hilarious
he also
panned all the game
studios who are doing layoffs
really harsh actually surprisingly harsh i've
talked to tarn um about um ai stuff in the past um and uh extremely like nice charismatic uh uh
just really mild-mannered person um i don't know very much about the games industry so i don't have a lot of context
but but uh in his interview he was extremely fiery about the games industry layoffs and
how they are you know not treating their employees really well which is endemic i mean i remember
that being a problem when we were looking for our first job 20 years ago.
But regardless, so Dwarf Fortress is out.
I tried the Steam version.
It's very well done.
It fixes a lot of the user experience issues of the keyboard-only version.
It's not a radical departure.
I wouldn't say if you're just... if you're looking at it completely materialistically, you're not really getting your money's worth out of the Steam version.
If you go and play the console version for free, it's it's it's not that different.
I went and bought it, of course, because I've had so much fun playing Dwarf Fortress off and on for like a decade.
The least I could do is throw Tarn like, don't know seven bucks or whatever it costs but uh i
would definitely recommend folks picking it up it's a ton of fun it has a high learning curve
from a user experience standpoint it got kind of eclipsed by rim world in my opinion i feel like the the ux on room world is just so much better um and i do play room
world a lot more um but dwarf fortress is still a ton of fun um there's still really esoteric
interactions between fluids and waters and dwarves and and all of it um the funniest thing that ever happened to me was my dwarf crossbowman was blinded in both eyes, but still wanted to be a crossbowman.
And when he trained, the shots went anywhere.
And like about one out of 100 times while he was training his crossbow, he would kill like a horse or another dwarf or something and even when he's not injuring
the other dwarves you could see the arrows uh just go randomly when he's training which is hilarious
um so very fun game highly recommend i yeah this is a genre that you know you just mentioned rim
world people also say oxygen not included yeah um and in dwarf fortress i haven't dipped my toe
into this yet i don't know whether it's i think the learning curve is too high or i'm too scared
to waste all the time but they're on my perpetual like one day i will waste time i mean spend invest
invest my time and also generating epic stories dwarf fortress and eve online are the only like games i've ever seen
people like i'm sure there are others but that i just routinely get surfaced to me like just epic
stories about um and yeah both very complex games yeah one thing about rim world i'll say for folks
out there if you want to get started in this genre get rim world and get the there's a mod that lets you
so by default there's like slow medium and fast time you know most games have this like you could
play in real time or 2x real time forks there's a mod that'll let you do up to like a thousand
x real time and you wouldn't do that much but basically lets you elapse time as fast as you want
um i'm the type of person i don't know
if you're this way patrick but if i'm playing these like real-time strategy games um i'll want
to basically like pause do a bunch of strategic work and then unpause and i i kind of turn it
into a turn-based game like when i used to play like balder's gate one for example it was a real-time strategy but i was just pausing all the
time it was basically turned and so i was doing the same with rim world but then when you unpause
it you're going kind of at real time so you're just sitting there waiting to pause it again
kind of waiting for something interesting and so instead of doing that just make it like
really turn-based by letting yourself go like 20 X real time.
Hmm.
I, I, I appreciate what you're saying.
I don't, I don't know.
I don't think I've ever done this before.
I, I'm a pretty impatient gamer, so I think I would probably just suffer with it sucking at real time and then uh then complain about it but yeah
all right well for those of you who are wondering when the topic would show up
it is time unit tests mocking let's jump into it so patrick what is a unit test
a unit test is code that you run to test a unit of functionality in your code base
i didn't look that up that's patrick's definition off the cuff um but uh i think unit tests are
one of those i i have never run into someone i'm sure they are out there who has said they they do
enough writing of unit tests um unit tests are supposed to break down your code into a single manageable
chunk of functionality and no more. And then you put that thing under test. And you can go
hog wild with that statement. And you can end up in a sort of bad place in the design space in my
experience. But I think you can go the opposite way and say, I'm never testing anything,
make some excuse for it. And then you can have code that is just completely unmaintainable and it's very
difficult to make changes confidently because you don't know what is going to break because you
don't test anything before you ship it and we've talked about continuous delivery continuous
integration you you can't really do that unless unless you have some kind of testing and unit testing is an
important part of that in my opinion um and there are certain things that really cry out to be unit
tested um and that doesn't make it easy though especially as you start layering up functionality
it can be without foresight and some of the stuff we're going to talk about it can be very difficult
to um test something that
depends on something that depends on something else. Because getting the inputs just so that
and you know, it really exercises the thing you want to write your test for. And finding the
corner cases you want to test can just become very difficult. I'll also say that, you know,
I have run into code bases where it's a requirement to have full branch coverage even, right?
So every statement you get to,
both the true and false,
for every for loop,
you have to test every single bit of the code
in every path.
And that is important in some contexts.
I will say it is very hard
from a maintainability standpoint,
because if you want to make
relatively simple changes,
especially refactorings,
you can end up with just an enormous mountain of like unit tests that have to
also be changed.
And so I will say,
I do think you can take unit testing too far.
Maybe that's a controversial statement,
but just in practice,
I've seen that to be true.
And you can also get the,
I need to hit a quota of unit tests.
And so I'm going to write useless unit tests rather than the harder but more useful unit
tests I should be writing.
And so you can get people who, I don't want to say game the system.
They're like, this code is not going to get accepted unless there's a unit test.
So I'm going to write a unit test that isn't really actually testing much or is testing
stuff that's not, frankly, very useful rather than the extremes or the areas where it might break or oh this code if i tested this way
is going to throw an error and i don't want to do with error handling so i'm not going to test that
part so i will say that being real with yourself and your team about what purpose unit tests are
serving and you know in your code base is really important yeah Yeah, totally. I think if you're just getting started
and you're doing maybe a personal project
and you don't feel like you want to write unit tests,
a good sort of, I won't call it a compromise
because compromise makes it sound like
you should keep doing this,
but a good stepping stone to writing unit tests
even in your personal projects
is just to be really aggressive aggressive about failing so for example
maybe there's a place where you take a list of ip addresses and you do something with it
well like if the list is empty you know um what should happen well maybe you say yourself well
this should never be empty well fine so put like you know if list empty then throw an exception crash the
program right exactly and if you put this all over the place guess what your program is going to be
constantly crashing it's going to be really frustrating and so then you're going to say well
you know i need to uh you know i can't deal with it like this i need to before i ship it you know
get it to crash and that's what a unit test really is all about.
That's a great tip, actually. Yeah, there's a separate thread there, which we should just
not go into about what happens when you encounter unexpected input. Should you report it? Should you
throw exceptions? Should you just crash? And it's a separate topic. That's also a very controversial
and thoughtful thing about what do you do when you encounter an input that do you check it do you expect it do you anyways
yeah i mean maybe you write a unit test um so you know what i've heard and this is again we're
speaking for experience here so this is not an academic exercise but i've heard basically of
three kinds of tests you You have unit tests,
which is what we're talking about today.
There's regression tests
where you're testing kind of a broader piece of software
like that has many branches and many if statements.
And so it's testing like a bigger piece
where you don't expect to really get high coverage,
but you're expecting to see kind of interactions
between different modules.
Then you have system tests where you're really like you're expecting to see kind of interactions between different modules then you have system tests where you're you're really like you're calling you know into main with like a
certain input and expecting a certain output that's more like a black box thing um how do you
break down tests is it similar is it different yeah i think that sounds about right i in a similar
vein i guess it's and this will lead into to sort of the other
part we want to talk about. I think when it's small enough, you are able to create truly synthetic
data. And, you know, at each module, you you you purposely construct something when you get to some
level of complexity, I don't know, make something like FFmpeg. So FFmpeg has all these math functions,
right? You can feed it synthetic data to those math functions pretty easy whereas synthetic like what is what would it mean to synthetically generate
like an you know mp4 video that goes into ffm peg and check that the you know avi with mp5 i don't
know is that a thing uh codec coming out the other side like how would you if you think about that
the syntheticness of the data is best when you kind of keep it small and when you get to so-called
like golden data sets or just making sure it doesn't crash right make sure you give it some
input and your program does something but doesn't crash or throw an error um that's when you start
to move off of unit tests onto some other kind of test and being careful about which goes in which bucket.
But I think it's similar to what you're saying.
It gets to be a regression test or just a full end to end test.
Yeah.
Yeah, that makes sense.
All right.
So when you're writing unit tests, you will eventually run into this problem where you want to unit test something and that thing makes an RPC to a database
or checks the system clock
or does one of these things
and you will say to yourself,
like, how can I unit test this, right?
And so the wrong thing to do
is to like only run your unit test
at like 7.58 p.m.
And it only passes at that time.
That is not robust.
You're going to have all sorts of problems.
You might also have your unit test actually query the database.
This is also a problem because if your database goes down, your unit test starts failing.
Your unit test might query data that might not exist tomorrow, and your unit test
will fail for that reason, right? And so, as Patrick said, the unit test, we're not testing
MySQL. Like, MySQL is good. You know, they have a bunch of people testing it already.
You want to just test your code that calls MySQL. And so, what you need to do is is you know test your code but um you know not test the
my sequel part which is right in the middle of your code and there's really two ways to go about
this you have faking and you have mocking um now faking is pretty clear.
So for example, let's say you have a function that gets the time of the day and does some stuff to it.
So instead of calling the time function,
the low-level kernel time function, to get the time inside of your code, inside of time function, the low level kernel time function to get the time inside of your code,
inside of your function, ideally you pass in the thing that gets you the time. So you pass in,
could be a function pointer or you could wrap it in a class, but imagine you pass in like a
clock handler class. And the real clock handler just calls the time function and returns but you could
pass in anything any class that you know inherits from this clock handler task so so you could make
a a fake clock handler class that extends the clock handler class except when the when when it asks for a time it always gives you you know 1980 or something
um and so now you have uh this ability to have a repeatable you know time every time i call the
time function i get exactly the same thing and so my unit test now is totally repeatable that's
that's faking and that uh is one way to do it.
I think also, I think, I believe this is called dependency injection.
So dependency injection is like, like you're mentioning, is that you're injecting the thing you want to depend on rather than it sort of like being inherent.
So rather than a class owning an instance of MySQL, you pass in a pointer to a MySQL
like object. owning an instance of MySQL, you pass in a pointer to a MySQL-like object, and you're
injecting the dependency normally at construction time or at execution time.
It also has benefits for other reasons, but it's definitely useful for testing.
Yeah, totally.
Totally makes sense.
Yeah, I mean, if this function is already taking the MySQL client, then you don't have
to do a whole lot but you're
right if if um if you're using for example a mysql singleton then you're going to have problems
right because you have to somehow fake out that singleton and um and that's actually a good segue to mocks. So imagine you have a singleton and you want that singleton call to be faked out.
You can't really create a fake singleton.
I mean, maybe you could with some really clever pointer stuff, but generally you can't just
replace that singleton with something else.
But you can use kind of a mocking system to handle that.
So Patrick, how would you describe the difference between fakes and mocks?
So the way I've seen it before is the mock, and this is probably wrong,
so you're going to have to step here,
is the mock is generally a way of trying to use
reflection or automated uh method sort of mirroring mocking right so you have an object and rather
than sort of like you're saying a fake whereas i custom build another class and then i have some
you know interface that i'm inheriting from or some you know abstract class instead you're saying
hey i have an existing class i am going
to script the way that that class is called and i'm just going to create a sort of automatically
generated version of that that looks the same and so you can uh sort of via various mechanisms
depending on languages you can lie to the runtime and say hey this is that class except you've said
expected this function to be called and then that function to be called and now you're you're sort of like
testing two things you're testing that the output is correct but you're also testing that the
interaction with that object is correct at the same time because you've scripted this mock which
is is you could do in a fake but you would have to do it sort of from scratch yourself rather than using a framework for doing yeah i think you did a great job yeah basically uh a mock is just taking fake
to the next level so um yeah so just continuing the the time analogy yeah i think you had a great
way of explaining it if you know if i create the fake clock and i just return 1980 every time
you know that's great
my unit test will pass or whatever but what if there's a bug later where somebody maybe uh this
gentleman ja tan who's trying to like illegally break into ssh maybe he goes through and takes
your function and tries to like literally make it return 1980 all the time and not even call
your clock handler um your unit test will just continue to pass it's not going to catch that
so ideally you know a fake clock handler you could in the unit test say hey here's my fake
clock handler and i expect the getTime function to be called exactly once.
And the way you would implement that under the hood if you're using fakes is the fake
clock handler keeps a count of how many times the getTime function was called.
When you call getTime, it increments that count, returns 1980.
And then at the end, you could check the count, right?
So again, you could do all of this with fakes.
What mock does is do all of that for you.
So mock keeps track of all the times,
all the functions were called that you're interested in.
It just has all of that scaffolding done for you.
I guess like to try it, which is difficult.
I'll try another way to motivate it
if you have a logger which do tend to often be singletons or whatever your code may have a
contract that says you need to take the square root of this value but if you can't okay it's
negative because you know you're not supporting complex numbers you should return an empty sort
of optional nullable thing but also log an error to the logger.
That unit test is going to be difficult to write unless you mock the logger, because now you want to test two things. You want to test the return, which is normally what you think about with the
unit test is controlling the inputs and checking the return. But here, one of the inputs actually
needs an additional action performed on it, right? The could be an input but it needs to have a function called on it and so this is where you know you're not
just checking how often it's called you're also checking like it may be part of the contract that
in an error the error needs to be cleared from the mysql connection and so if you if you cause
an error to happen you need to you need to make sure that it gets cleared and if your code maybe has
returns an exception too early and doesn't clear it then the next piece of code can't continue and
so then you the mock is going to help you there be prepared to check those things right yeah that
totally makes sense um another thing that mocks will do is and this is kind of language dependent but sometimes it'll save you
from some of the like inheritance problems that you can run into so you know like python for
example has magic mock and um you know python is not strongly typed which makes this a lot easier
um but um but yeah you can run into some you know kind of challenges when you're trying to fake certain things.
And MagicMock will just kind of take care of a lot of that for you, magically, as the name suggests.
So it'll do some weird Python voodoo, which I've definitely never dove into.
But it will basically allow you to stub out things that might be really difficult, like global function calls,
you know, crazy things with polymorphism. So, you know, I would say as far as maybe jumping over to
we've kind of explained what they are, going over to sort of how to use them. I think as a beginner, we talked about failing often in your functions.
Before just using the first element of a list, check if it's empty, and if it's empty, just fail.
Fail really loudly. That's a nice stepping stone to unit tests and then unit tests will kind of naturally
lead you to mocks when you start um you know kind of testing things that that uh so i'll give you
another example um networking right so when you make a networking call you can get a whole bunch of different errors you could
get you know error the network wasn't initialized correctly you could get uh you know sig pipe you
could get e-pipe you know both of those meaning like different parts of the connection died like
the connection to the kernel could die if you're trying to create too many TCP connections. The connection from your machine to another
machine could die. That's E-pipe.
And it can get
really difficult
and cumbersome to kind of catch
all of these and handle them the right way.
And so your
magic class,
your magic network handler
class will just get more and more and more
complicated.
And you can actually see this in Eternal Terminal where I have a fake,
I think it's called fake network handler, or no, fake socket handler class.
And it's just obscenely complicated.
And so I think most of that complication could be burned down by using a mock.
And so being really aggressive on failing when you get things you don't expect will kind of naturally lead you to fakes, to unit tests and fakes.
And then fakes will lead you to mocks as long as you know about them.
I think this is actually a kind
of a meta point but you often see people and we're definitely guilty of this like just doing the hard
thing because they don't know about the easy thing you know are they this is one of these examples
where you can end up making really complicated fakes because you don't know about mocking
libraries that are doing a lot of that work yeah i maybe it's a language
thing i will say um java builds were pretty complicated so using mocking in java for me was
i don't know it's like a no-brainer but it wasn't any worse than you know oops we were already
jumping through i will say i have not used mocking in the c++ stuff like getting a unit test sort of thing
set up was i don't say bad enough and requires maintenance yeah but we tried to do the mocking
thing for a while and just the way that it requires you to sort of do it at the build time
and interrupt and do it just as the juice isn't worth the squeeze like it was very difficult for us so i
think i will say knowing about it is very important because there is a bridge and depending on the
kind of thing you're interfacing with that trade-off could be very different um if you you
know have one thing faking it could be option if you have you know 15 different services that all
have like different kinds of return codes that they could give you and this kind of stuff, then that grows
and the trade-off becomes different.
But I think dependency injection,
unit testing, and
mocking, whether you do roll
your own, or I guess mocking
versus faking, whether you roll your own or use
an existing framework or library,
different
ones of them have different balances,
but I think it is one of those things that with experience and with your build
setup and in your instance,
your answer may be different and sort of making a blanket statement can get you
into sort of complexity you didn't want to be in.
Yep.
Totally agree.
Yeah.
I think,
you know,
Java is so verbose and prescriptive that I think mocking makes more sense because every fake class is now adding hundreds of lines of code. I used Google Mock at Google. But yeah, I mean, I'm thinking about it critically now.
If I went back and used fakes, I think it would be pretty much a wash.
So I think for C++, mocking is, you can get away with a lot more using fakes.
And so that makes mocking less useful.
For something like Java, where you can't really get away with a lot um i think mocking you know becomes more useful there we didn't put it in the title
but i i will say dependency injection is one where i've never used a framework there are frameworks
for it the concept i think is important to understand and know but i will say the frameworks
come there's that there is an appeal but there is a hurdle to jump over uh before using them and
sort of like in the extreme you know whether you inject a postgres or my sql client you know at
runtime via config is kind of cool uh but you know the the trade-off the the cost of doing that is
they are in my experience they've been they're pretty cumbersome yeah i mean i i've always
despised dependency injection frameworks so we used uh the java one you probably use the same one
um i forgot what it was called but you but it's just such a pain.
In general, things that like generate code or like code paths,
not things that generate code, like protobuf is amazing and it generates code, right?
But this kind of thing where like you read a config file
and it like, you know, just autonomously spins up different classes
depending on the config file.
It's just always so much more
trouble than it's worth um you know and then you have like a you know this decorator dependency
injection but you still have to kind of say what you want to inject um yeah i'm not a big fan i
mean i think the concept extremely important right like know, calling the Unix time function in your function directly
is going to make that function now
almost impossible to test, right?
So the concept of trying to keep things stateless
and passing in different handlers,
that's great.
But the dependency injection of frameworks,
I personally haven't had a good experience with them.
Yes, I think juice is the one.
Juice, that's right.
Oh man, I'm starting to get PTSD now.
So yeah, not a big fan of juice.
I think we wove it in.
I will say, if you get to the point where you think you're going
to write one of these yourself versus using a framework because the framework is too big of a
hurdle i think you got to have a sit down like are you just suffering from not invented here
i'm not saying that i'm just you got to really be honest with yourself there
yeah that's slightly different so so writing something that's a series of macros
or code generators, whatever yourself, is
a large undertaking
and likely you end up in a
very similar destination unless
you know that there's some reason you're not going
to pattern match to one of the existing solutions.
You're likely to end up with the same
trade-offs that they do.
That isn't the same as
choosing that one of those frameworks is too
heavyweight for your situation and so you're going to sort of do it manually i think that is a valid
trade in this space not in all space but like in this space i think you know this is a valid trade
i've never seen someone well i shouldn't say never i do hear people all the time for serialization
say that they're just going to do it manually
and that go very wrong
rather than use Brutobuffer
or an existing sort of serialization library.
So I wouldn't say the trade is the same here,
but I have seen people do
sort of dependency injection and mocking
and testing and faking sort of on their own
and it can be the right tool for the job.
Yeah, yeah.
I mean, particularly if you're doing
faking you're almost certainly doing it doing it homebrew right because the end of the day is just
a class that extends your class um yeah it's a good point i think that's a really good dialectic
i think you know if you're doing serialization deserialization you really don't want to write
that yourself for a number of reasons you know one if you mess up
serialization and now you have this bad data that you can't fix it it's like if you went out like
imagine you're building like a automate an ai stethoscope or something and you're harvesting
a bunch of data to improve your product well it's like you collected the data, you know, you didn't serialize it correctly
and all that data is bad.
Well, like you're just out.
And if you already shipped the product,
you're just toast, right?
So on the flip side though,
you know, testing hopefully is one of these things
that is like very agile, very repeatable.
And so, you know, switching testing frameworks isn't a big deal. You're not
really out a bunch of time and energy. It's not something you can't recover from. And so yeah,
starting small, building yourself up to eventually using fakes and mocks and getting more and more
dependencies injected versus using
a bunch of singletons these are all things that you can improve over time and so you don't have
to jump into some like commodity solution i'll also just throw out the reddit uh cryptography
don't do your own cryptography oh my gosh yeah do not ever do your own crypto. I actually, um, there was a set of
cryptographers or security engineers or something who evaluated eternal terminal. And, um, they were
like kind of rude. I mean, I, just to be frank, I mean, I don't know if you're listening, but
they were, uh, they were like a little bit just kind of like harsh but then they saw that basically i was just calling lib sodium they're like okay they kind of went away but i i could
understand i think if you if you build your own cryptography you're just kind of asking for it
do you remember the uh um i was translating all the programming throughout on episodes to hindi
yes which is something folks should check out.
We,
we probably talked about it,
right?
Yeah.
We briefly.
Yeah.
Okay.
But so I went back and listened to the first episode as part of doing this.
Well,
the first thing we talk about is actually a Sony trying to implement their own
cryptography.
And there's always that when the PS3 keys got hacked?
Yeah, that's right.
There's a place they were supposed to return a random number.
They returned five or something.
Yeah, I think protobuf, libsodium,
don't try and compete with these.
There is something interesting about,
oh, no, that's a whole, never mind.
We don't have that.
Like current gen consoles and the keys,
and I will say they seem to get jailbroken whatever you want to call it like
it takes a lot longer than you know back in ps2 ps3 whatever dvd like these kind of things
that you know needed a key and the key was like i don't know i'm not it's not my space but it just
seems i i hear a lot less of the news about you know private
keys for what is it now the xbox x anyways yeah you don't you don't hear those those news articles
as much and so somebody somewhere must have upped their game or they've learned from their lessons
and i don't think the same situations apply yeah i think i think they've upped their game i mean i
think that they have hired a lot
of people who like used to work on bank software and these kind of things and they just they just
don't mess around anymore i guess i'd say like if you're one of those people reach out it'd be
cool to talk to you except that like you probably aren't allowed to talk about anything interesting
yeah exactly yeah like when you retire reach out to us i saw someone uh oh now we're getting pretty
meta but i saw someone on linkedin um they uh they they recently left a job and it was like
one of these things where you buy and sell stocks like uh what's it called quantitative trading
okay something but space hedge fund trade yeah and uh they basically had to not work for a year and they literally put in their
linkedin job history one year and it's like waiting for non-compete to expire was their
job title for that year and uh yeah i guess that's still a thing yeah i think there's like
they call that alpha or whatever which is the not explainable my market return advantage your trading strategies
have um so the verse that which would be beta just you know market goes up we go up um alpha
the alpha that you have has a has a half-life to it so if you work at one of these you know
big hedge funds or proud head fund or your head fund just wants to seem like they're as good as
everyone else you have this like knowledge at that moment. These are the trading strategies we're running. This is what
we're looking at. They want that, you know, they're basically willing to pay you to keep you from
taking that to another firm because again, like they'll just, then you would just take it to those
people. It'd be very hard to prevent you from doing it. And then the opportunities will close
because now you have someone who's in there bidding with the same knowledge as you.
And so the prices will go up.
And so I think in the finance industry, those things are especially those trading are very common. Whereas like you or I, like if we left, someone could sue us if we when that happens in the news from time to time.
Like, you know, you took a trade secret, but there's not this like at the moment.
These are things that are directly being exploited to
extract profit and other people knowing them is instantly detrimental to our bottom line
yeah i didn't realize they paid you for that year that's pretty awesome i i don't like golden
parachute i think i don't know how it's either like when it's worked in but it's something you
kind of know going in basically got it makes sense i've never had one of those offers if anybody wants to like pay me a year to
not work i reach out yes yeah that sounds awesome um sign us up um well any last thoughts about i'm
trying to think if there's uh things we didn't quite come oh and kind of an adjacent thing um
if you haven't already out there, check out GitHub Actions.
You know, it's amazing.
You know, I use that to run all the unit tests on terminal terminal.
Every time anybody submits a pull request, it runs, kicks off like 12 GitHub Actions that go and run a bunch of tests.
And in general, it's like it's free compute, free compute from GitHub.
I mean, don't use it to mine Bitcoin
or anything like that.
They'll ban you.
I've heard of people trying to do that
and getting permanently banned from GitHub.
Getting permanently banned from GitHub
would be absolutely destructive.
I mean, I guess you could always make
another email account.
I don't know really how they enforce that,
but it just sounds like one of the worst things that could happen to an engineer. So don't do that. But as long as you're being
honest about what you're doing, GitHub Actions are amazing. I have GitHub Actions to build
MAME and MAME Hub. It takes about two hours on a four core machine or two core machines.
And so,
so it's, it's a phenomenal product.
And so,
you know,
once step one,
right unit tests,
step two,
use GitHub actions to kick off all your unit tests.
Yeah,
I guess I do have one other thing before we,
we think our patrons,
I guess is we didn't talk about it,
but code coverage tools.
I spoke about not going for branch coverage.
I will say, not to
overstate it, if you write unit
tests and you never run or attempt to
run code coverage, it's sort of like
debugging by
print line versus using
an interactive debugger.
You think you're
testing one thing and you run code coverage, you think you're testing one thing
and you run code coverage
and you realize you're missing
whole swaths of functionality or,
but it's just running them hand in hand,
if possible,
is just like a completely different experience
than writing unit tests
with no feedback on what lines
are actually running in your units.
Yep. Yep. Yep. Totally agree.
Yeah. I mean, maybe that's a whole another show but there's
i was gonna say i got to drop that late but i totally blanked on uh yeah amazing code coverage
tools uh you know if folks google it you can find them there's they integrate really well
into github same kind of thing they run automatically you don't have to do anything
um and uh yeah that's uh yeah we should definitely do that as a separate topic
but that's a it's a really good point you you um you know and the other thing too is you want to
have some kind of validation you know when you run a when you write a unit test you want to see that
that actually made the code a little bit safer so code coverage is a good way to just give you a number.
Thank you to our patrons.
Yeah, thanks, folks out there. A lot of interesting email.
Someone asked us to cover Laravel, which I haven't heard of in years, but I guess it's still popular.
It's like a web framework type thing.
So we might have to go off and do some homework on that.
But yeah, tons of email, tons of great support thank you for
folks out there uh no we're not going to just talk about the show topic that's that's not going to
happen are we going to put up a countdown timer to when um chat gpt just generates all these
podcasts automatically oh how do you know they're not generating this one? Are you a robot?
All right, folks, it was really great covering another cool topic.
Shoot us more topics.
A lot of these topics come from you.
So when you email us, that turns into shows.
So thank you so much.
Keep doing it.
Thank you to everyone who lasted this long bye music by eric barn dollar programming throwdown is distributed under a creative commons
attribution share alike 2.0 license.
You're free to share, copy, distribute, transmit the work, to remix, adapt the work,
but you must provide attribution to Patrick and I and sharealike in kind.