var pippo

Content

Photo by Diane Alkier on Unsplash

For those who do not know me, I am a software engineer with 20 years of client/server/security experience who has also worked in California for companies such as Twitter and Facebook.

What is a variable?

In programming, generic values are assigned to variables all the time, so that they can be reused whenever needed.

In any basic computer science course, the names of variables, such as the names of their properties, in this example name and surname, must always be easily recognizable and for a myriad of valid reasons, including possible errors, where reading “error blahBlahBlah” would not help anyone.

In the past …

Before 2007, the years in which I decided to escape from the beautiful country and without ever having, from a professional point of view, any remorse about the choice made, I also collaborated with the public administration.

One of the most chilling meetings I had before expatriating was with one of the maintenance managers of the CMS regional, a software for managing information, data, and messages within the company.

It literally took 5 minutes to understand that the software engineer I was supposed to collaborate with or, given his position as manager, learn something from, did not have the most basic skills in Web: not only had he chosen a pre-made CMS and all, explaining to me that he had never touched it on the server side, but he also had no idea what JavaScript was, explaining to me that my help, as a programmer, would be to add, in his exact words, "just a few Java scripts" to the page, pointing out code present between <script> and </script> in one of the portal's pages, tending to belittle my work, almost as if it were a favor to let me collaborate.

Confusing two completely different programming languages, such as Java and JavaScript, is common, if you are not in the field, but it is also something that is learned during "the first day of school" in web development.

"Nonsense", you will say, "a common mistake, what could it be?", others will think, but these details, these minutiae, are just the tip of a gigantic iceberg of incompetence that too often represents the software quality of the Public Administration.

A quanto pare, il sito dell’INPS è costato complessivamente around 200 million euros, e richiede, come tutto il software, aggiornamenti e manutenzione.

Now let's see how serious software companies develop their products:

  • there is a problem to solve, or a new feature to implement;
  • a developer writes the code to solve the problem, ensuring not to create new ones, through regression tests, but also ensuring that the bug is fixed, or the new feature works correctly;
  • at this point at least one colleague, of equal or higher skills, if not the project manager himself, analyzes the new code and usually requests changes to it, until there is an OK to apply the change to the final product;
  • to conclude, a team of Quality Assurance (QA) will give the final OK before making a new release of the software product, whether it is a Web portal, an App, or the Operating System itself;

There are no “seee, okay …” in this process: if you are responsible for the sensitive data of a country, and a fund of millions of euros, and aim to offer a serious, reliable, secure product, you absolutely cannot skip any of the 4 steps listed above.

Who reviewed the code of the INPS portal?

I imagine nobody. The whole badly organized hodgepodge of code served by the INPS portal contains glaring errors, different styles, variables written or chosen at random, even of dubious usefulness or logic, memory leaks, etc.

It looks like the copy and paste fair of the Wild West, where the current cowboy randomly shoots all the worst programming practices on the keyboard.

No team that takes work seriously would allow variables named pippo to go into production, just as no professional would write code like that found in most files served to each user.

original article

Who is doing QA in the INPS portal?

I imagine it's always him: nobody! The INPS site has not been reviewed by any Web expert, and these are just some obvious things that prove it:

  • no penetration or load site test performed, and I don't think it needs further comment;
  • all the code is served without being minified, a procedure that any industry professional knows, a trivial operation done in pre-production to ensure that the code downloaded by each user is compressed as much as possible (less bandwidth used, hence more manageable users);
  • every variable or function is global, with the risk of conflicts between variables. They do not use modules, there is no bundle, hence there is no software release, changes are made here and there when needed, like the file app.js, where the version is passed via a query string like ?v=201911281536, where query strings are heavier to manage for the server, while a static file from CDN called app.201911281536.js to point to would have already lightened the load;
  • there are countless Facebook scripts that are not needed to make the site work. Some scripts are even blocked by Ad blockers because they are considered unsafe for the user;

The Web in 2020

There are many free programs to optimize websites, but in Italy many still do not even know what it means.

This example shows how to halve the weight of app.js, the main file, using the most basic techniques, always used... but not in Italy:

Link
https://webreflection.medium.com/var-pippo-c99c5d798726
Summary
The article discusses the author's experiences as a software engineer, highlighting the importance of proper coding practices and quality assurance in software development, particularly in public administration. The author recounts a troubling encounter with a poorly skilled engineer in a regional content management system, emphasizing the common confusion between Java and JavaScript among non-experts. The author criticizes the INPS website, which reportedly cost around 200 million euros, for its lack of proper coding standards, absence of quality checks, and overall incompetence. Key issues include the use of poorly named variables, lack of minification, and absence of penetration testing. The author argues that serious software companies follow a rigorous process involving problem identification, coding, peer review, and quality assurance before releasing products. The INPS site, however, appears to lack any such oversight, leading to significant security and performance issues. The article concludes by urging the need for better education and practices in web development within Italy, despite the substantial funds allocated to such projects.