Moving this blog

Hey all, quick metablogging note.

Thanks to everyone who pointed out to me that the blog was down for the last 36+ hours. This blog was previously hosted by; I chose because of their alleged high uptime, alleged competence, and alleged fast customer service. As a result of my experience over the last 36 hours I’ll be moving the blog over to a different hosting service which I hope to be both more reliable and responsive. Apologies for the inconvenience.

If you’re seeing this, you’re looking at the new site; yay, it works!  Expect things to be a bit wonky for a while as not all of the formatting and whatnot transferred over.

While I was at it, I moved the content from my blog about building a backyard aluminum foundry to I haven’t done much casting over the last year or so but hope to get back into it this summer.

In related news, as a consequence of changing hosting services: the purple is back, infinite scrolling is on, social media buttons are enabled, AdWords have been replaced with WordAds (!), footnotes are broken, comments are too narrow. I’ll take the good with the bad.

Lowering in language design, part one

Programming language designers and users talk a lot about the “height” of language features; some languages are considered to be very “high level” and some are considered to be very “low level”. A “high level” language is generally speaking one which emphasizes the business concerns of the program, and a low-level language is one that emphasizes the mechanisms of the underlying hardware. As two extreme examples, here’s a program fragment in my favourite high-level language, Inform7:
Continue reading

Heartbleed and static analysis

In the wake of the security disaster that is the Heartbleed vulnerability, a number of people have asked me if Coverity’s static analyzer detects defects like this. It does not yet, but you’d better believe our security team is hard at work figuring out ways to detect and thereby prevent similar defects. (UPDATE: We have shipped a hotfix release that has a checker that will find defects like the HeartBleed defect. The security team works fast!)

I’ll post some links to some articles below, but they’re a big jargonful, so I thought that a brief explanation of this jargon might be appropriate. The basic idea is as follows: Continue reading

Standard and Daylight are different

A couple weeks ago I had an online meeting with some European colleagues; I showed up in the chat room at what I thought was the agreed-upon time and they did not, which was odd, but whatever, I waited ten minutes and then rescheduled the meeting. It turns out they did the same an hour later. I’m sure you can guess why.

If you have been sent a link to this page, it is to remind you that “Eastern Standard Time” is not defined as “whatever time it is in New York City right now”, it is defined as “Eastern Time not adjusted for Daylight Saving Time“. Parts of the world in the eastern time zone that do not observe Daylight Saving Time — Panama, for instance — stay in Eastern Standard Time all year, so it is an error to assume that Eastern Standard Time and Eastern Time are the same time.
Continue reading

ATBG: Why UTF-16?

I had a great time speaking at the Los Angeles .NET meetup Monday evening; thanks for the warm welcome from everyone who came out.

Today on the Coverity Development Testing Blog’s continuing series Ask The Bug Guys I dive into the history of string representations in C# and Visual Basic to answer the question “why does C# use UTF-16 as the default encoding for strings?” Continue reading

C# and VB are open sourced

For literally years now the Roslyn team has been considering whether or not to release the C# and VB analyzers as open source projects, and so I was very happy but not particularly surprised to watch on Channel 9 a few minutes ago Anders announce that Roslyn is now available on CodePlex.

What astonished me was that its not just a “reference” license, but a full on liberal Apache 2.0 license. And then to have Miguel announce that Xamarin had already got Roslyn working on linux was gobsmacking.

Believe me, we cloned that repo immediately.

I’m still mulling over the consequences of this awesome announcement; I’m watching Soma discuss Roslyn on Channel 9 right now, and Anders is coming up again soon for a Q&A session. (At 12:10 Pacific Daylight Time, here.)

I am also on a personal level very excited and a little nervous to finally have a product that I spent years of my life working on widely available in source code form. Since I always knew that open sourcing was a possibility I tried to write my portions of it as cleanly and clearly as possible; hopefully I succeeded.

Congratulations to the whole Roslyn team, and thanks for taking this big bold step into the open source world.