Tuesday, October 23, 2012

Logging best practice

Do not use the work ERROR unless there is an actual error.  "0 Errors" or "No Errors" will always give a false positive without doing more regex work and some search/filter tools don't do it right anyway.

PS: That includes not naming functions, variables or classes with "error" in the name.

Monday, October 22, 2012

What does it cost to charge your electric car?

[caption id="attachment_1550" align="aligncenter" width="300"] plug in your electric car[/caption]

If you are the owner of the car in the picture then you are not likely to be paying anything. This is a pseudo public space but I'm certain that the property owner was not expecting to have to burden the cost of charging every electric car out there. And I'm certain that homeowners are not interested in replacing all of their receptacles with secure alternatives.

Thursday, October 18, 2012

Rethinking software development

When I read that Apple was ejecting Java from it's browsers I believe my heart skipped a beat. On the one hand Java, when it was managed by Sun, was very good to me. And now that Oracle owns it I've been reluctant to use it and that has nothing to do with Apple's decision. It's just the way I see Oracle.

Coincidentally Google announces Dart 1.0, Firefox announces Rust 0.4, Google's GO is making headway ... but most telling is the article, I read today, criticizing FogBugz for implementing their cornerstone application using a proprietary and internal language and toolchain (Wasabi which looks like VB).

So my intuition tells me that if Oracle does not make some serious corrections "we" are about to experience a paradigm shift akin to the magnetic swap that the mad scientists have been talking about for the last 10 years; because:

  • business owners need to reduce their risk - general security and maintain control of the API

  • increase their intellectual property - proprietary toolchains would add some value if they work

  • reduce programmer turnover - in a way proprietary languages will not actually enhance individual marketability (of course you have to get them first)

But if you cannot afford to design and implement a first class programming language... then you're forced to develop a DSL. And if you cannot afford that... then you have to use someone else's or something that is open source and liberal (nothing with the GPL; stick to MIT, BSD, and a few others)

In conclusion, and I hope I have connected the dots, there will be a major fracture. A small portion of the developers and businesses are going to go for the 100% commercial toolchain like Objective-C, iOS, .CLR/.NET and then there is going to be another group that is going to go completely open source as in perl, python, ruby, GCC, GO, Dart, Rust, and internal DSLs.

  • javascript is interesting but will be killed along with the JDK

  • Java might fork with a reasonable replacement but the devs working on the commercial version, who are responsible for the current state of affairs might poison the same tree.

Sadly, Google's current price drop might have something to do with the Java security issues as it was recently reporting that Android had it's own security issues.

It's clearly a sad state of the industry. It feels like a huge grey cloud overhead. I hope it's just a little rain and not a flood.

Sunday, October 14, 2012

Back on privacy issues

In a conversation with my father in-law this morning...

(a) there was a time when your social security number was truly secret. Now everyone from the cable company, ISP, newspaper boy, lawn service, High School, University, hospital and doctor wants your SSN and we give it freely and without challenge. Who really knows why a doctor or newspaper delivery service needs my SSN. Are they going to sue me into and after I'm buried? In Sweden the SSN is sacred; I'm just not sure how they get around the problems we have. (could be functional and/or legal)

(b) There is no privacy on the internet. Whether your using any of the big name browsers, you never login, you always use other people's computers or cyber cafes. The challenge is that between the ISP, browser manufacturers, super/affiliate advertisers, search engines; they where where you have been and where you are going. Not even the like of TOR is going to save you. Same goes for the anonymous breadcrumbs you thing you are dropping. They will always lead "them" back to you.

In a side note. If you've ever seen or purchased from one of those "as seen on tv" infomercials. The deals are great. Essentially you pay for shipping which costs them much either, however, it does offset their costs somewhat. The "play" for these companies is to get you to buy something. Anything.  This way they capture you personal information which they will resell at a profit. This is how all of these marketing machines work. One interesting thing... I have never experienced an increase in the amount of spam I receive. Hmmm.

Another side note. Over the last 18 to 36 months there have been some data breaches amounting to tens or hundreds of millions of credit card numbers and personal information. So why haven't more people been complaining about credit card fraud? Why haven't news programs done additional reporting? I wonder if we're being marketed to because the credit card infrastructure is just not that sophisticated.

Thursday, October 11, 2012

The spotify business plan?

Does spotify really generate $120.00 in advertising per user per year or is the advertising merely the friction that is necessary to get the user to convert to a subscription?

The crazy thing... spotify offers two subscriptions at $60 and $120 per year. And Pandora offers a similar subscription at $38/year ... but pandora's player might be enough friction to get me to move. 

Is Gmail privacy gone?

There are a couple of things that the average user should know.

  1. There is no such thing as email privacy.

  2. Most email travels through the internet from point to point in the clear

  3. So called legalese on the email footer about intended recipient and communication has not been tested in court and it not binding.

That said, if you have a private email server that you think is secure and you use it exclusively because you want secure email that is not to be seen by the prying eyes of big brother or even Google, Yahoo, Hotmail, Facebook or other... then you are sadly mistaken and misinformed.

Just because you have an uber secure email server does not mean that the recipient has the same. So then the real question becomes... Why not use Gmail yourself?

Wednesday, October 10, 2012

Pay for Ubuntu Desktop?

You've got to be kidding me!!! I'm not even certain this is a real thing or if it's some hoax. But for the moment let's just say it's real. My first inclination is/was "where do I send my check?" But as I started to think about Canonical I started to reconsider. What is it that these guys actually do and where is there revenue stream currently? They hire loads of people and have several pay-for products... In fact the general public does most of the real heavy lifting anyway. Including the testing.

However, there is one thing that I have to remind myself of. "Trusted Source". With that recent Russian malware scare I can only imagine that the internet scale is going to slow and that sandboxing and trusted source are going to be required. For that matter I have already started to adjust to a Microsoft desktop at work and in my VMWare at home.

And of course if it's a hoax ... then I wish a thousand papercuts on the perpetrator.

PS: I'd rather be using OpenBSD!!!

Wednesday, October 3, 2012

One Pager - Death March -- Yourdon

Death March is is fairly easy to describe. I particularly like the wikipedia description. The part that always gets me is "...informed member can see is destined to fail...". How many times have you been a part of a project that felt that it was going to fail from the day you heard the idea or when the initial details arrived.

Some of the foreshadowing can be seen in the book Mythical Man-Month although it's never addressed as such. Being in the thick of things I see this time and time again yet even if the project really is going to fail; at the very least it should not be a self fulfilling prophecy. If the project is going to fail then let it fail on it's own merits and not from a lack of trying. (Just my two cents).


(1) defines the death march and the forces/actions that make it happen

(2) death march projects come in all sizes

(3) Why? Dilbert, Politics, Promises, Optimism, Startup Mentality, Marine Corps Mentality, Intense Competition, Intense Regulation, Unexpected Crises

(4) Why people participate



People in Death March Projects


Tools and Technology

Death March as a Way of Life

One Pager - Who Moved My Cheese -- Johnson

At various times in a person's life they may react to change in many different ways. Johnson provides a classification akin to mice and their cheese. The 4 rodent behavior types are:

Sniff - "sniff's out change early" - this rodent senses that change is coming and prepares early looking for new cheese.

Scurry - "scurries into action" - this rodent is never satisfied with the current stash of cheese and is always on the move looking for more cheese.

Hem - "denies and resists change as he sees it will lead to something worse" - this rodent will consume the current stash of cheese and once finished might still not be inclined to look more cheese thinking that the cheese might come to him.

Haw - "learns to adapt when he sees changing can lead to something better" - this rodent is waiting for for proof that there is something better out there.

And in summary Johnson directs us to the handwriting on the wall:

Change Happens - they keep moving the cheese

Anticipate Change - get ready for the cheese to move

Monitor Change - smell the cheese often so you know when it's getting old

Adapt to Change Quickly - the quicker you let go of old cheese the sooner you can enjoy the new cheese

Change - move with the cheese

Enjoy Change - savor the adventure and enjoy the tase of the new cheese

Be Ready to Change Quickly And Enjoy It Again and Again - they keep moving the cheese

In Summary: "Move with the Cheese and enjoy it"

Marketing hints for Intel Ultra Manufacturers

If you guys want to make a buck or two then you should really consider your pricing as well as your design.

Tuesday, October 2, 2012

Writing good log messages

Writing good log messages is part design, part good practice, part knowing what and when to say it.


(1) You need to decide what exactly you hope to get out of a logging session. Are you going to be debugging bugs, crashes, or other critical events like a forensic accountant or like a whack-a-mole?

(2) Are you going to use flat files, how big will they get, how many files will you keep around? All very important when thinking about backups, disk space, maintenance, recovery, and so on. You might also be thinking about the different versions of syslog-like tools where you can ship the events remotely.

(3) Are you going to store the logs in a DB on the local system and then use sharding to allow for more permanent maintenance? This is interesting because the searching can be easier than grep, awk, etc... Also, considering (4) grouping related messages is easier and you can use SQL-like reporting tools.

(4) Are there some pre-optimizations you want to perform like all logged entries are stored in temp storage until the transaction is complete. Then the data is shipped to the repository for storage.

Good Practice

Treat all of your code the same.  Whatever level of logging you are performing you should be consistant throughout your application. This way you will not be surprised by your results and you will not have to worry about "and then a miracle occurred)

What to Say, Where to Say it

If you are processing transactions then make sure that you create a transaction ID as soon as possible and start using that ID with every log message related to this transaction. This is necessary so that you have a thru-line and so the transaction can be traced.

Also make sure that you are clear as to the intent of the function and what the results were. That also means that the type of entry should make sense. INFO, WARN, ERROR, EXCEPTION and so on.

You might even time the execution of the function.


One thing to be wary of. Logging can consume your disk, disk I/O, CPU, memory, message queues, database. You can spend more time copying, moving, and filtering your messages that it might effect the ability to produce meaningful results.

For example, using a Redis pub/sub in order to log transactions might seem like a good idea, however, if you consume all of system memory you may end up swapping and then net result is going to be poor performance.

Monday, October 1, 2012

Review - Programming Interviews Exposed - Mongan, Suojanen

I was going to add this book to my list of one-pagers but then I decided against it. (a) because much of the planning stage of the book is outdated. (b) in the last 12 years Silicon Valley has played a much more influential role in defining the interview process. (c) as I previously wrote of resumes, github, and social scoring. (d) it fails to include modern languages or at least a discussion on the pros/cons of the different languages. It might actually be time for version 2. (e) there was focus on fermi-type problems. (f) some of the text seemed contemptuous in tone and diction.

What I did like was the inclusion of detailed questions and answers. In many ways I felt like a dungeon master preparing for battle with the players.

The book was intended for the job seeker, however, I wish there were a book for the hiring manager. While smart and get's things done is an interesting book it fails to be a true guide book. If you owned a business would you defer your hiring selection or veto process to the most junior contributors?

"programming pearls" is probably a better book for "problems".

another bad day for open source

One of the hallmarks of a good open source project is just how complicated it is to install, configure and maintain. Happily gitlab and the ...