tags:

views:

238

answers:

11
Q: 

How do you let people work on a project without exposing them to the whole code base?

Hi everyone! I'm Co-Founder and CTO of OnePage (http://myOnePage.com/joel).

I'd be interested to hear your views and answers to this particular problem:

I'm certain Yahoo! or Google don't expose their entire code to their developers! I was just wondering what method you use to restrict people from seeing the full code? In all projects there will obviously be parts of the code which contain important access credentials for database and API keys.

Thanks

+2  A: 

They're going to need to see all the code at some stage. For debugging/analysis etc. Depending on the technology you use, you may not be able to hide it. Can they decompile packages (e.g. Java lets you do this).

Besides, it sends the wrong message to say that certain people can't see bits of the codebase (unless you truly have something groundbreaking in the code?).

If you want to maintain some secrecy from the POV of security, then credentials etc. should be configurable. It's ok for the developers to have credentials info for development/testing environments etc. (e.g. the development database).

When deploying to production your 1st-line support (or whoever is trusted) should provide this info, and consequently your development team won't have access to it.

Brian Agnew  2009-09-12 14:01:02
This is the issue I face Brian. Each developer has a local setup, but in addition to this I am striving for maximum automation, towards the goal of continuous deployment (timothyfitz.wordpress.com/2009/02/10/continuous-deployment-at-imvu-doing-the-impossible-fifty-times-a-day/).I agree it's a bad message to send out, but I feel the best way is to gradually give people more access. I want maximum flexibility and an agile methodology to avoid wasted time doing checks, and therefore need to be able to get people coding quickly whilst maintaining control if something was to happen.
joelg  2009-09-12 14:23:39
I don't believe this should impact agility. I would expect the developers to be able to roll to testing then production easily, and it just requires production support (or whoever) to provide the properties file with the production credentials. In some environments I've worked in that simply remains in place between deployments and the code alone is re-deployed.
Brian Agnew  2009-09-12 14:48:51
+1  A: 

I think the best way to prevent access to the whole system is by creating a system where you have a very loose couppling. That means you can assign the task of creating serviceX to a developer, and this developer only hav to implement a "stabale" version of ServiceX...

Give him the exact requirements, the interface he has to implement and a set of codecontracts, and you are "done"...

Now you only need to implement his code into your system and hope it does not blow up.

The only part i dont understand is why should there be access credentials etc in the code? Those belong into a configuration ;)

Heiko Hatzfeld  2009-09-12 14:09:44
Thanks Heiko. Loose coupling is definitely the way to go I agree. We do have the credentials in a configuration file, but that's in the repository right now. Are you saying this should be out of the repository? I am striving for full automation.
joelg  2009-09-12 14:25:26
I agree with Jeff above ;)Get Developers you trust... Or give them tasks with clear bounds. I also would have different sets for credentials for development, staging and production
Heiko Hatzfeld  2009-09-12 14:30:10
I agree. Having different sets of credentials is great in theory, but does it then introduce some required manual work in deployment?
joelg  2009-09-12 14:37:08
+2  A: 

I think the real solution is to hire developers you trust, and give them access to what they need. If you feel you have to hide things from your employees, there's a big problem.

That being said, you can split things up into separate modules, then put each module in a different repository and only grant each developer access to the repositories you want.

Jeff Barger  2009-09-12 14:10:41
I agree completely with you Jeff. I already have developers I trust on board and I'm happy for them to have access to everything. The issue comes when I want to get someone on as an intern or for a period where they develop something and we assess them. Besides, do you think all Google employees have access to the PageRank algorithm? Not saying we have anything groundbreaking here, just the best example.
joelg  2009-09-12 14:21:02
+1  A: 

With subversion, you can setup ACL and Groups. Check:

Pascal Thivent  2009-09-12 14:15:59
This sounds promising Pascal. If it is possible, that's great, however the issue is that the developers need restricted access but still need to be able to test their code. What is the solution in this case?
joelg  2009-09-12 14:27:19
Well, I'm not saying I'd do it and I don't know what is possible in your context but maybe you can distribute binary versions of the code, or just obfuscate some parts, or provide a stub for testing purpose,... In any case, you'll have to trust someone somewhere :)
Pascal Thivent  2009-09-12 14:43:25
+7  A: 

Not allowing the developers to access the code will definately prove counter productive in the long-term. It would restrict them to be productive/effective in adding new functionality. So IMHO, rethink on this. Its better to hire people whom you trust and let them access the code than trying to restrict it. Secondly, What are you trying to restrict Lines of program code or details of database, login credentials etc ? The credntials to login to db generally resides in a properties file. You can encrypt the content of the properties file and obfuscate the code which reads the properties file and decrypts it. To ensure that programmers dont understand the code, you can obfuscate your code libraries. But obfuscation comes with its own baggage.

Bottom line : you are trying to solve the wrong problem in restrcting developers access to code base

Cshah  2009-09-12 14:21:35
I agree fully that trust is the key here. I'm rethinking a little, and this was my original opinion however it seems fair that if we get people on board as interns we would not want to give them full access. I strongly believe it's not the code or idea that determines, it's the execution. Still, to achieve maximum agility in the team, we want to avoid long hiring processes and if we identify someone good we'd like to get them on board quickly. Thanks for the response, I am certainly thinking the options through. It is just the credentials, so that may be an option, but I agree not ideal.
joelg  2009-09-12 14:31:40
A: 

Provide external developers with an assembly or an API of some sorts.

I once wrote a blog application which supported the use of 3rd-party modules. I provided an abstract class and an interface for programmers to implement. If I needed to expose core objects like a user object, I would narrow it--basically providing a read-only object, which I'd then widen for use on "the other side".

roosteronacid  2009-09-12 14:31:45
This is definitely a good option. I guess if an API is developed then we can let people work on apps built upon the API without exposing them to the core code. Thanks
joelg  2009-09-12 14:34:51
+2  A: 

It makes sense to limit access to certain production credentials to only those people who administer the production environment (assuming you do have specialized people to do this).

However, in a startup company like yours it doesn't make sense to hide/obfuscate parts of the actual source code from your developers. It seems bureaucratic and unnecessary, and it just sending a message to developers that they can't be trusted or are not important enough to see the whole thing. It also can lead to a culture of secrecy instead of transparency - are these values you want to cultivate in your company?

From what I understand of Google, they are pretty open with the source code within the company. Their algorithms are not a big secret, either; Google regularly publishes academic papers discussing their technology.

Ken Liu  2009-09-12 14:36:23
Hi Ken. Don't get me wrong, I am a huge supporter of openness and this is how we've got to the stage we're currently at. It is not necessarily for hiring developers, the concern was for letting interns help out and not necessarily stay with us. The kind of people at university or school who have some free time in their Summer holidays but won't come on board fully necessarily, and we wouldn't even want them to since we want to encourage further education. Very happy with the responses here and I'm starting to think being open is certainly the better option. Thanks!
joelg  2009-09-12 14:42:36
In my experience it is good to think of interns as prospective employees and treat them like other developers. If they like working with you and are good then they will want to work for you after they graduate. You could (and should) have them sign NDAs to discourage divulging any proprietary information after they leave.
Ken Liu  2009-09-12 14:51:00
+2  A: 

Hiding the source code is not the hardest problem to solve. For example you can split it in separate repositories and put a different password on them. Then distribute the compiled code (eg jar files), to the teams that need it. Or expose the functionality of the code as a web-api to avoid de-compilation threats (like google-graphs)

The real challenge though, IMO, is how to allow developers to be productive when using code that exists in your organisation and to whose source code they do not have access.

So, if you have written some code, you want your developers to re-use that code without having access to the source. The important thing in this case is that the code must have a very clean API, and it should be very well documented. Very often in corporate environments access to source code acts as a substitute of documentation.

Finally the way you expose the functionality of the hidden code depends on your deployment environment. For example, a web-app deployed on a server cluster, could be broken to web services.

idrosid  2009-09-12 14:38:56
This is exactly what I was getting at, and I seem to have had everyone thinking I don't trust anyone instead! We're not using Java but I'm sure a similar method could be used. I agree a clean API is the answer, and that is what we're already working towards. I think restriction of the code may have to wait until we can build on top of the API, rather than restricting access to portions of the core API code. Thanks very much!
joelg  2009-09-12 14:46:20
A: 

I'd say it is a poorly modularized system that requires developers to see everything in order to do anything.

A very similar aspect of this problem is the learning curve issue. If you have a large system, you would like new hires to be able to be productive in some area of the system without necessarily understanding the details of every bit.

I worked on a project where my partner and I partitioned the code into UI and communication internals. (This project was an equipment integration simulator, and our code modeled both client and equipment.) He provided me a mock DLL for his internals, and I wrote the UI nearly 95% before we integrated the two. I never saw any of his code.

Paul McGuire  2009-09-12 17:02:06
A: 

Hey, let's not be too hard on poor Joel! I don't like being blocked out of things any more than the next guy, and have had my share of frustrations when I was expected to fix something in a hurry but didn't have the proper authorizations to do it. On the other hand, "Hire people you can trust and then you don't have to worry about internal security" is a lot easier said than done. How are you going to insure that all new employees are trustworthy? What are you going to do, in the interview ask them if they are thieves? Do you really expect the thieves to just admit it? It only takes one dishonest person who steals a few million dollars and disappears to destroy a company. Or even one well-meaning but incompetent person who has the keys to the room where the backups are stored to decide that all those disks stuffed in the closet unused should be recycled. I certainly wouldn't want my bank or the people who hold my 401k to hand out authorization to every new person they hire to be able to get into my account and manipulate data without restriction.

Jay  2009-09-17 16:54:47
Thanks Jay! I think some people missed the point a little, maybe it's the way I phrased it. It certainly is easier said than done, but I definitely do agree with people that being open will be much more rewarding. My solution will be to develop an API which exposes just the functionality I would like developers to work with.
joelg  2009-09-18 11:06:17
A: 

While I haven't worked on a public version of this, I have been in a couple of work environments where there were structures around how to divide up the code into various components. Let me describe the examples that may help:

ASP/COM setup: In one company there was VBScript for ASP code on web pages with a object model written in C++ that talked to an Oracle back-end. There were only some developers that could change the object model which limited what some of us could do but also provided a way to separate who did what and different skills for each. The front-end developers had a handful of scripts to pull in the binaries and aside from the APIs didn't often care how things were done.

Back-end/front-end setup: In another company there was the back-end platform that had its own name and a few developers worked on that. A couple of other developers worked on the front-end that connected through an API using .Net remoting of objects to perform various functions. This had its good and bad moments as there would be times where the front-end required new calls to the back-end and we had to wait for those calls to be implemented.

Hopefully that is useful somehow.

JB King  2009-09-17 17:37:09
Thanks, that's useful! I think my solution will be more towards the second example - developing an API and allowing developers to work with that.
joelg  2009-09-18 11:07:52

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?