Friday, October 31, 2008

Java Tip: java.util.Date.after(Date date) != java.util.Calendar.after(Object obj)

I'm working on some date logic where I am using instances of java.util.Calendar objects and instances of java.util.Date objects.

The Calendars are calculated dates, and the Date fields are retrieved from the database.

In almost every case I've performed a comparison by invoking either the before or after method on the Date objects. In most cases it would be something like:
if(date.before(calendar.getTime())) {
doSomething();
}

I just realized that I fell into a nasty hole confusing my calendar with my date: i.e.

if(calendar.after(date)) {
doSomething();
}

these two expressions are not equal. The Calendar before and after methods will return false if the argument is not an instance of Calendar. The Date before and after methods will only allow an instance of date as an argument.

That was not fun to find. Fortunately I found it while I was trying to get my test code coverage above 90%. This defect could have cost us time in User Acceptance testing and could have possibly made it as far as production.

I will definitely mind my P's and Q's when dealing with Dates and Calendars.

From the New York Times: Warren Buffet Pays 17.7% Income Tax? Wants to pay more.

Let's talk wealth redistribution. There are people who feel that is a bad thing. Do they believe that wealth is being equitably redistributed now? I think that that is the element to the argument that isn't being discussed.

According to this article in The New York Times, Warren Buffett is only taxed at a rate of 17.7%. More surprising than his incredibly low tax rate is his desire to pay more, and his encouraging his fellow billionaires to do the same. I salute you Warren.

The other surprising thing I learned from this article is the results of a poll that Buffett conducted among his employees. He found that they were all paying higher tax rates than he. The author, Justin Wolfers, conducted a similar poll among his fellow employees at the Wharton School of Business. Surprisingly, the pattern is similar. The administrative staff at the bottom of the pay scale were paying higher tax rates than the people at the top.

If the richest people in America are paying roughly half the tax rate that the rest of us are paying, wouldn't it be only equitable for them to pay at least the same rate that the rest of us are?

I think the time has passed for discussing whether wealth redistribution is good or bad. Both candidates support wealth redistribution, it is impossible not to. Only one candidate is looking to move the Warren Buffett bracket towards the tax rates of the rest of the country. That is only fair.

Honestly, I don't understand how anyone can support lowering the taxes for people who make billions when they don't even pay the same taxes as the rest of us. The wealth has been redistributed. A vote for John McCain is a vote to keep the current inequitable system of wealth redistribution. If you aren't in that top tenth of the top percent of the nation's earners, you really should favor Obama's plan.

Thursday, October 30, 2008

More fun with videos on MTV Music, Digable Planets

I forgot all about Digable Planets. On MTVMusic I was able to find the video for Rebirth Of Slick. Very cool. This video and song got me interested in Jazz.

Jazz lead me to go to the Sanctuary Bar, and to later work there as a cook.

The Sanctuary was where I learned to enjoy good beers.





Circle of life.

Wednesday, October 29, 2008

Google becoming less Google-like in New York Office

Valleywag is reporting that the perks at Google's Manhattan office are getting paired back. Most of the cuts have to do with shortening the times when their, as of yet still, free cafeterias are open and sending friendly reminders that the food is there for people who are working.

This is kind of a big deal. Food perks are really part of Googlers' compensation package. When they take away the food, it's a de facto pay cut for many people. I think that this will be a continuing trend at Google. With the economy as volatile as it is, the Wall Street darling Google may be expected to start producing better numbers than they are.

I don't know enough about finances to speak authoritatively about how to appease investors, but the two ways that seem to be popular are to either cut costs or increase revenue. Increasing revenue can be hard. Cutting costs, well any chump can say that a cost is unnecessary and cut it.

That's what I think is happening at Google right now. They are facing pressure from investors to improve their performance, and cutting costs is a seemingly reliable way to do that.

The real cost of cutting perks isn't measurable on a 10Q. Perks, especially food perks, provide an ROI with the employees that is difficult to measure, but it is real. Good free food gives people the opportunity to meet informally and discuss issues that provide value to the company and would never be discussed outside of an informal setting.

Food perks provide a cultural identity for the company. People who worked at Google used to be able to say, we eat good food, all of us. They believed that they were valued enough by Google to be provided not only with enough food to keep them going at work, but Google would also set them up with a little something for the evening or the weekend.

Unrestricted food perks for all employees and contractors send a message that the company believes in human equality. That's a very powerful message to a lot of people. I feel good when I work for a company that treats everyone well and values everyone's contributions. Dividing workers into groups and adjusting their rewards base on their group will end any good feelings about equality.

How valuable are good feelings by employees? I would argue extremely valuable. People who feel good about where they work are far less likely to work harder and stay with the company. From my own personal experience when I worked for a company that provided what I considered to be an excellent set of food perks: free beverages, free snacks, and free beer on Friday afternoons; I was not interested in the least about leaving the company at all.

It didn't bother me enough that I was embarrassingly underpaid. I happily worked well over 40 hours and took almost no time off for vacation. I enjoyed what I did, and I felt that my work was valued by my company. When the company's budget tightened and the perks went away, something important changed. The company lost the social and emotional attachments I had to the company. When my manager and mentor left the company, I lost all intangible ties to the company. It became a numbers game there. Seeing that I could pick up an extra 20-30% bump in salary by going somewhere else, I did.

Consider this for a minute. When the company announced that they were discontinuing their food perks, they said that the move would save the company $1 million. At that time, the company was roughly 4,000 people. The food perks came at a cost of $250 per employee per year, or about $5 a week. These weren't Google food perks, but they may have been just as effective.

What is the value of having employees who are happy with their position and who are not interested in looking for work outside of the company? In my own case, the company would need to keep my merit increases up with the market. They would have needed to pay me a good 25% to 30% more to keep me from leaving when I did, they would have needed to be diligent to keep me from continuing to look. If the job becomes a commodity, then the only significant differentiating factor becomes compensation.

I do not believe that I am alone when I say that the cultural compensation that grew from providing us with food and beverages was compensation that is more valuable than money.

I believe that if Google continues their trend of cutting down the perks that the culture will atrophy. People will leave Google for greener pastures and another company will become the new Google.

Tuesday, October 28, 2008

MTVMusic.com Showing Videos...Does Not Compute

This is really a good, and sadly ironic, idea. Let's hope that MTVMusic.com doesn't start replacing their online music videos for low budget, low content, and short lived original productions.

All kidding aside, they have a ton of music. I was thinking that I'd like to hear What's The Frequency Kenneth, and guess what? I did.



Looks like this is another app that is best when used in Internet Explorer, Chrome doesn't have any sound. Looks like the sound fails in Firefox too. Adobe, WTF?

Time for a serious question

Enough goofing around about politics.
It's time for a serious question. 

I saw Invasion of the Body Snatchers on tv a while back and I couldn't tell what kind of glove Leonard Nimoy was wearing on his left hand. I've never seen anything like it. You can see it around 1:25 in this clip.



OK, that was fleeting, how about  0:22 in this clip. 




I also attached a picture that has it, but it's tough to see.

The glove is awesome. Even against the combined awsomemeness that is Leonard Nimoy and Donald Sutherland this glove had us talking. What is it? What do you use it for?

I can't tell what the function is for a glove like this. It offers no protection to the grip. Could it be a glove for punching people? It does seem to offer some protection to the knuckles.

It might be for smoking a pipe, that way the bowl of the pipe might rest on the glove without burning the hand, but I don't recall seeing Nimoy smoking a pipe in the movie. I've never really smoked a pipe, is that how you hold one when you're done with it?

Is this glove meant to be some strange alien technology as envisioned by 1978 brightest visionaries? I don't know! 

This is really bothering me though. 

Anyone know where can I get one?

Monday, October 27, 2008

From Consumerist: Surprise offshoring security isn't a good idea

There's an interesting post at Consumerist about some of the challenges Chase is having with their offshored security people.

It turns out that Chase is offshoring their overnight security representatives to call centers in the Philippines. The security representatives use a restricted set of fraud and identity theft detection tools and just aren't very good at stopping theft. Consider the following excerpt.
The few of us who knew this account was being raped could do nothing to protect it. Some newbie wouldn't know about the situation and would let the thief have his way with the account. The US security department became aware of the issue and put blocks on the account as well as incredibly long notes that explicitly said to not remove the block for any reason at any time. But sure enough, over and over, the guy would call in overnight, talk to the out-sourced security, and the block would be removed. Again, they were only able to verify with him with information that he was already known to have, yet that never seemed to deter them from clearing him.
What a mess. That is very typical of my experience working with offshored people. There is just too big of a communication gap to establish any sort of trust with the offshored teams.

This is really a three punch combo of incompetence. Put unqualified and incapable people in charge of security, take away a bunch of their tools, and have them follow a flawed process. I really hope that the people who are responsible for this vulnerability are made to pay for it.

Who am I kidding? If Chase gets exposed to too much liability they will just fail like so many other banks. What a wonderful mess we've made ourselves.

Almost have all of my voice back so I'm going to gripe about things

Being voiceless is not fun when you're the only one in the house with the dog. All of the voice commands that I use for him were useless.

Here's a pro tip for replacing the "Come" command take whatever container that has your dog's treats with you and shake it a little. That is more effective than the "Command". A half empty box of milk bones shaking will get your dog to the door in no time flat, so will a few kibbles in the dog's bowl.

I sound a lot worse than I feel.

Am I the only person who wants to use Google's Chrome anymore? It's the browser of choice at home, and it used to be my favorite browser at work. Chrome isn't playing nice with the corporate firewall though. Looks like I'm back to Firefox.

Having used Chrome for a few months now I can say that it has some great features over the other browsers. I love the layout of the browser, compared to the others it is a lot cleaner, and it doesn't seem prone to getting a bunch of unnecessary toolbars magically installed onto it.

I love being able to drag a tab out of the main window. This is especially good for my browsing habits. I read most of my news through Reddit now. On a reddit page are about 25 news stories. Some of those stories are youtube videos. When I'm consuming my news I like having the option to open a new tab that is a video and drag it into the other window. I can casually listen to and periferally watch the video while reading other stories in my main browser window. That option isn't available in other browsers. It can be done, but it has to be done much earlier.

I've found a few rough points for chrome. One really isn't their fault. The flash player for Chrome is the same as the one they use for Firefox. It can reliably fail if the browser is rendering a page with more than only a few embedded videos--Internet Explorer's player works fine though. The symptoms for Youtube videos is they will play for 2 seconds without sound and then freeze. The only way to reliably fix this is to close all of the instances of the browsers and then restart them. Adobe, please fix this immediately.

My other big gripe is that it somehow isn't working with my client's firewall. That may be a firewall configuration issue.

I don't have a snappy conclusion to this griping, so I will wish everyone a good day.

Saturday, October 25, 2008

Pro Tip: Tiki Drinks are not good for a sore throat

I thought the bitters and the lemon juice would help me get my voice back. I was a little hoarse yesterday and I planned to meet some friends of mine at Psycho Suzi's Motor lodge. Somehow my clever plan to convalesce my voice back into shape didn't work out as well as I'd like.
I speak now and hardly any sound comes out at all. So in the future, if you're thinking that a couple of South Seas Grogs and a Fu Manchu will help your voice, they're really tasty and who needs to speak?

Thursday, October 23, 2008

This ought to wrap up the election

I have to admit that my hometown rag's, The Chicago Tribune, endorsement of Obama had me thinking that Obama had won a lot of hearts and minds. He's the first democratic candidate they've ever endorsed! That's huge.

Well, that's nothing. Actors from Hollywood are now endorsing Barack Obama. This changes everything. The last actor I remember speaking out about politics ended up as our 40th president Ronald Reagan.

Here's a clip that won't get taken down from Youtube. Ron Howard, Andy Griffith, and Henry Winkler give their endorsements for president. You may know them as Clint Howard's brother, Television's Matlock, and the funny attorney on Arrested Development.

Without further ado, here are their endorsements.



Pugs on Drugs

Yoda, our pug had an operation this week. He's had a lump removed and his teeth cleaned.

He's on some pain killers now and he's pretty drugged up. He's a little off, but he's mostly himself.

Recruiter Deal Breaker Questions

I think that in any industry there are things that can be learned from being asked a question. I certainly pay attention to the questions that interviewers and recruiters ask me before I look at a gig. There are some questions that will kill those gigs for me. 

All of these questions have been asked in the context of an interview BTW.

Here is a short list of deal breaker questions for me:

  • How familiar are you with WebSphere and the Rational Application Development tools?
  • Do you know EJB 1?
  • How well do you work with people with strong personalities?
  • Ever work with MUMPS?
  • Do you have any experience using: ?
  • Have you used waterfall?
  • Have you accepted Jesus Christ as your personal lord and savior?
  • How do you feel about administering our servers?
  • Do you mind working around children?
It's amazing how much can be stated about a job with a question.

Anyone care to contribute their own deal breaker questions?

Tax Cut Calculator

I found a handy tax cut calculator at Barackobama.com.

Surprisingly enough, Obama's plan would save my family more money than McCain's. 

I would like to propose that pugs be recognized as dependents. 

Wednesday, October 22, 2008

Fall Cold

I've got my fall cold on. Every year I get the same sore throat and runny nose. It is not fun. If past history is any indication, I'm in for a low key weekend and then I can resume my rest of the year in perfect health. Through concentration, and or fried cheese, I will lower, or more likely raise my cholesterol.

Tuesday, October 21, 2008

Stupid Question: Why do People Care About Other Groups' Tax Rates

In my workgroup we have been discussing the tax plans of the different candidates. I ran across these excellent infographics from Democratic Underground

From a data visualization standpoint I think these charts do a good job showing how the plans affect different income levels. They do a better job than reading a textual description or hearing, as McCain puts it "[Obama] wants to raise your taxes!"

With the graphics, we can now see who McCain is speaking to, it's the top 1% of the nation's income levels. As of yet, I do not plan to be in that tier this fiscal year. I'm also not in the bottom tiers this year, the plans aren't that different for my household. 

If I were to vote purely on how the candidates' economic plans were to affect my family, it's a toss up. The difference between the two plans are very small at our level. To over half of Americans though, Obama's plan would be considerably better. 

If you're making less than $18,000 a year, $567 is half a month's pay. That money is very helpful. Under McCain's plan, they'd get a $19 cut while the top half of the population would enjoy a considerable tax cut. That's messed up. People with money will be fine. They may need to sacrifice a latte, but people who make very little are making much bigger sacrifices. Shouldn't they get a little help?

Here's the thing that really makes me WTF, I work with a guy who is in a similar income bracket as me, neither plan is dramatically different for him. His reaction to Obama's raising the taxes of people who earn more than $2.87 million was so strong that it sounded like he favored McCain's plan. Who cares about these people earning $3 million? I'm sure they're doing all they can to reduce their tax liabilities. They should be fine.

My question is why do people care about how much the top percentile is being taxed? Are there that many people who are delusional enough to think that we're going to break into that bracket this year? In the next 4 years?

Even if we do make that much is it really ethical to take a big tax cut while people who are struggling to pay for health care, food, and a place to live are getting between $19 and $113 in tax cuts? I would much rather see the people at the bottom get a tax break and see the few at the top pay more than to see huge breaks for the very few at the top and next to nothing for the many at the bottom.

How can anyone with a shred of decency or humility condone rewarding those who already have done a great job of rewarding themselves while there are people who are less fortunate that could use the help? Furthermore, how can someone who has absolutely no personal stake in rewarding the very rich favor that plan? I just don't get it.

Monday, October 20, 2008

There Are Bad Ideas For Bonuses; And Then There Are Bad Ideas For Bonuses

A project manager friend is really frustrated with the quality assurance testers that are getting resourced to her projects. It isn't that the testers are all that weak, the point that is frustrating to her is that they are being discouraged from finding and filing defects.

The geniuses who set the goals for QA decided that a good metric for a Quality Assurance department is one that reports as few defects as possible. I'm not sure how they came to this conclusion, but WTF?

Is there an osterich running QA?

My understanding is that the company has redefined the role of a QA tester to be a validator. Their responsibilities are to sign off on an application before it is promoted and that's it. Why not just get a monkey with a rubber stamp? It would add a lot more value to the company, and people could have fun dressing it up in fun little outfits.

Friday, October 17, 2008

Theater Review: 10/16/2008 A View From The Bridge, Guthrie Theater

The Guthrie Theater outdid themselves with their production of Arthur Miller's A View From The Bridge

The elements that struck me as outstanding in the Guthrie production are the acting, the set design, and the story. All three of these elements meshed well together. 

A description of the play with story synopsis can be found at wikipedia. It's one of the great American plays.

The set beautifully captures the atmosphere of a Brooklyn in a time when ships were unloaded on the backs of men and not by machines. It is on these docks where the men distinguish themselves as men through their work and by their backs. The set shows a gritty and rough brick and concrete Italian neighborhood. The type of place where disagreements are settled with fists.

In the backdrop of the set is a likeness of the Brooklyn Bridge. It looks like a rough artist's charcoal sketch. I thought it kept the focus of my attention to the main set and the play. Had a more detailed backdrop of the Brooklyn Bridge been used, I could easily see myself losing focus of the play admiring the details of the bridge. 

The acting was probably the best I've seen at the Guthrie. Guthrie regular Nathanial Fuller, as the narrator Alfieri was outstanding, I'm surprised that he is an understudy for the role. John Carroll Lynch as Eddie Carbone gave the strongest performance in my opinion though. His performance was as good as I can remember seeing any artist's that I can remember. 

I was dismayed to see sparse attendance at the show. I strongly recommend the Guthrie's A View From The Bridge. It is scheduled to run through November 8, 2008.

Thursday, October 16, 2008

PSA: Upcoming Shows At In The Heart Of The Beast Puppet and Mask Theater

In the Heart of the Beast Puppet and Mask Theater has a number of upcoming shows. They are located on 1500 East Lake Street in Minneapolis, Minnesota.

If you're unfamiliar with their shows, In the Heart of the Beast produces a few main stage productions each year. They also provide a theater for visiting artists.

They also put on a weekly Saturday morning puppet show for children. If you live nearby and have children who like puppets this is a constructive alternative to having the kids watch cartoons on Saturday mornings.

On October 22-25, Paul Zaloom, AKA Beakman, will be in town to put on 3 shows.

On November 14 and 15, Heather Hensen, daughter of Jim Henson, will be in town to put on a few shows.

On December 13-21, In the Heart of the Beast will show La Natividad. La Natividad is a uniquely mobile experience.

I strongly encourage anyone who is interested in seeing one of their shows to go check them out. 

Finally, if you would like to support In the Heart of the Beast with a financial gift, they could certainly use it. You can see more details about giving here.

Full Disclosure: My wife is an employee of In the Heart of the Beast.

Tuesday, October 14, 2008

Liquid Generation's Top 10 Reasons For the Recession

These made me laugh.

They all seem so legit. If you ever seriously consider doing business with any of these businesses, um, you really shouldn't handle money.

EDIT: I can't tell if this link is broken or blocked at work...I'll try to repair tonight.

EDIT2: Just blocked at work, every add was approved by some station's Standards & Practices dept, not sure why it's blocked.

My favorite cooking show

At No Fluff Just Stuff Ted Neward opined that he hates cooking shows. Ted hates cooking shows because the format of just about ever American cooking show is to show the host throwing ingredients into a pot, mixing them around and then they go to put them into the oven and then BA...might get myself in trouble using that word, KABOO...nope that one's for toilets, ALACAZAM!!! magically a delicious finished meal emerges from the magic oven.

Through the magic of BBC programming on American Public Television I grew up watching Keith Floyd on his show, Floyd on Food. Floyd's format is different. His show follows him as he prepares  and enjoys the dishes. Floyd also cooks with wine, some for the food and some for himself. You just don't see television chefs putting themselves three sheets to the wind during the show anymore. I think that's a bit of a shame.

Floyd on Food, as I watched it was all about delicious food and enjoying a meal and a bottle of wine. His guests were some of the most untelegenic people I'd seen, but they were knowledgeable and genuine. They also had a lot of fun presenting the show.
I went ahead and embedded all of the online clips of Keith Floyd cooking that I could find. I really wish that more resources ware available.  The first and last clips are the only clips from the Floyd on Food that I grew up watching.

The more recent episodes have more polish and better production values, but they also ditch the magic oven format that annoys Neward, Perhaps watching Keith Floyd will change his opinion of food porn. I think we, as a people should really do more to make the world more enjoyable for people like Ted Neward. Just kidding, I'm glad there are people like him who have opinions and are not afraid to share them.


As you may have noticed in the earlier episodes, the people aren't exactly the types of people that you'd see on television today. They're, kind of ugly and plain looking. It's almost as if they chose their guests based on the content of what they have to offer and not because they look good for the camera. I miss that, aside from the Sunday morning political news shows, you really don't see that on TV. 

Even though the people don't look all that good that food looks great, even on a horrible picture.

Excellent Question: If we can nationalize our banks, why can't we nationalize our health care system?

The California Nurses Association issued a press release that asks: We're nationalizing our banks, why aren't we nationalizing our health care system

I think that we should take steps towards nationalizing our health care. Health is a not a privilege.

To Err is Human, to Accept That to Err is Human is Agile

Agility is approaching, if not already in buzzword land. A buzzword is a word that is overused or used without regard to its meaning. The result of the abuse of the term is that the word ceases to have meaning.

The value of the term agile is waning, but the ideas behind agility are still relevant. Even if the word agile is losing its meaning, it doesn't hurt to give defining it a shot. 

I was challenged to think what it means to be agile this weekend at No Fluff Just Stuff. David Hussman made a statement that agility isn't prescriptive. David said there isn't a simple list of steps that a group can take to transform themselves into an agile group. He even went on to suggest, and I'm paraphrasing here, that if you are an organization that is looking to find a simple list of bullet points that will make you agile, that you probably will be very challenged to be agile.

I agree with Hussman that agility isn't a template that a group can follow to magically become Toyota. A development organization can look at a set of 'agile' practices and be no better off than if one of those practices were to follow a waterfall model. It isn't about what you do or how you do it.

Agility, and this is my definition, is accepting that mistakes will be made. The mistakes are then drivers that present an opportunity to change the way that a team works to accomplish their goals. 

To me that's it. Take what you're doing and regularly question and evaluate how it's working and be willing to try alternatives. If something isn't working, make a change and see if it works better.

Iterations are conducive to agility because they embed a mechanism for reevaluation into the process. Having an iteration though doesn't make the process agile if the process isn't adaptable.

The biggest problem I see in the agile space is there are many organizations out there that are clearly not agile, but they want to be. They want to be agile and they look at organizations that they see as agile. They look at the delta between their practices and the agile company's practices and create a roadmap to get to the agility. It's a plan for failure--and that could be a good thing, but it probably won't.

The process of roadmapping agility into a set of static actions is ironically the opposite of being agile. Agility is adaptability, it's recognizing change and it's also recognizing necessary change. A big driver of change is failure, but failure is an element of agility that people shy away from.

As humans, I think we shun failure. We hate it. We hate to lose and we hate to fail. Fear of failure drives many of us to go through extraordinary efforts to perceive ourselves and to be perceived as successful. 

Instead of fearing failure I believe that we should embrace it. Failure can be a wonderful learning experience. The key to embracing failure is to make the failures uncostly and educational. Small failures can drive changes that add big value. 

Being agile is recognizing, embracing, and accepting small failures and using them as a waypoint for improvement. Celebrate your failures and use them to your advantage and you will be agile.

Take Your Eyes Off The Ball

Many people, by my observation, approach their work by doing what is asked of them. It makes sense, isn't that what a good worker does? I think it's a wasted opportunity.
Never tell a man how to do something. Tell him what to do and let him surprise you with his ingenuity. --George Patton
I think we focus on the tasks and forget about the goal. I've done my best work when I've forgotten about the task and focused on the goal. I think that more organizations would benefit from focusing on goals and seeing tasks, not as inflexible plans, but as available paths to achieve the goals.

Monday, October 13, 2008

Could you please speak up?

Argh! I've found the one weakness of shared workspaces. When I'd like to focus on something, the guy behind me is on the phone with the customer trying to figure out the requirements and then he's explaining them to the QA guy. His voice is naturally loud. He could use so much less volume and still communicate. 

He isn't doing anything wrong, I'm just having a bad day. I really hate it when I don't like what other people do for no reason other than I'd like to have silence.

Sunday, October 12, 2008

Security and Usability are at odds with each other?

At No Fluff Just Stuff in the Security Birds of a Feather session, Ken Sipe and Ted Neward both made interesting statements. 

Ken said that a secured logging system is the most important element to a security system. His reason for saying that is, even if damage is done, you'll want to know what happened. 

Ted made a good point that the vulnerabilities are likely to be through social engineering rather than trying to crack any difficult systems. That only makes sense that someone who is interested in defeating a systems is going to attack its weakest points. People have lots of weaknesses.

Ken mentioned an anecdote of a group of penetration testers who left a few USB flash memory sticks that were loaded with root kits and other goodies in the parking lot of their customer. Employees of the customer found the flash memory and couldn't resist the urge to stick them in the computers. It was game over after that.

Probably the most interesting, to me, statement made was one to the effect that for a system to be usable some degree of security must be compromised and vice versa.

The statement was in response to the single sign on trend.

That is to say that at the extremes a very usable system is insecure and a very secure system is unusable.

I agree that some measures that are performed in the name of security completely shred usability and that some things that are performed in the name of usability hurt security.

I don't see a single axis security/usability continuum. I truly believe that secure systems can be built that are secure. I also feel that I am not qualified to design these systems, but these are the recommendations that my unqualified self would suggest:

Stop relying on passwords so much. Passwords provide a single point of failure should one password become compromised. In one environment I worked, that was supposedly very secure, the security people required everyone to change each of their numerous passwords every sixty days. Say if one were to have ten accounts, each with its own password, keeping track of those passwords is a bit of a chore. Memory fails people and they will rely on other means. Some will use something like password safe. But there are some who will rely on the old paper backup. Good thing that nobody thinks to look under the keyboard.

Ted Neward touched on one good solution for usability challenges with authentication and that's multi factor authentication. I like multi factor, because it dramatically increases the difficulty of breaking a system without necessarily sacrificing usability, instead of one challenge, there are multiple. The factors usually fall into three categories, what you know(passwords, questions), who you are(biometrics), and what you have(objects).

This is how an ATM works, you have a card and you rely on a fairly weak password There are 10,000 available combinations for a 4 digit PIN. We don't worry about the relatively weak PIN because we're pretty good at keeping track of our ATM cards. Falling prey to social engineering schemes with our cards are far more likely than someone taking an ATM card and guessing the PIN.

I'd really like to see more multi factor security systems in place. If one of the factors in the system is an object, like an RSA token, then adding a relatively easily guessable second factor, for example why not provide a factor of selecting a picture of familiar objects out of a lineup of ten, twenty, one hundred other pictures? Pictures are easy for people to remember. The pass picture lineup may only provide a namespace of 100, but it only adds(multiplies) to the strength of the other factors.

People have mixed opinions about biometrics. I'd hate to think that by amputating a part of my body, someone could defeat a security system. Some of these systems can be defeated in some clever ways.

Multi factor is more about the combined strength of systems instead of requiring a single system and cranking its strength up to 11 and cranking the usability down to zilch.

I think we really do need to question why security systems are typically so unuseable and whether they really need to sacrifice usability for security.

Saturday, October 11, 2008

No Java Unit Test Tool For Thread Safety Testing--I'm taking notes from Ted Neward's Concurrency NFJS online

Ted Neward mentioned that he is not aware of a unit testing tool for thread safety. I think that there should be one.

Ted recommends reading Release It by Michael Nygard.

Ted says never ever ever catch throwable. It can really hose up a threaded app.

JVM guarantees 32 bit atomicity. Longs and doubles are 64 bit, they need to be synchronized.

Threads don't switch on code lines. Threads switch on operation lines.

Threads are permitted to keep a local copy of field values if field not declared volatile.

Ted recommends Java Concurrency In Practice by Brian Goetz.

Field visibility is irrelevant to thread safety.

Two myths of the Java language: it is expensive to create objects and it is expensive to synchronize code.

Friday, October 10, 2008

Have you ever been convicted of a felony?

A: convicted? No, never convicted.

Thursday, October 9, 2008

Out of Training Budget? WTF?!!!?!

Good training, or investing in the skills of one's employees is one of the best investments a software development organization can make. Next to getting excellent people, training those people should be a no brainer. If you are reading this and you have the ability to allocate a budget for training your people, allocate a generous budget. Make it easy for people to use that money to receive training. Your people will thank you. 

By providing training, you're adding a benefit to the position that will attract the types of people you want. People who are interested in what they do and interested in investing the time to learing how to do it better. 

I will confess that my professional opinion of people is affected adversely by those who refuse training. I understand that people have obligations outside of work that doesn't allow them to easily receive training. Nothing is free in the world though. Everyone must sacrifice something to train. If you only get to spend so much time with your kids, I really don't fault someone for choosing their kids over their careers. 

There are opportunity costs with the time it takes to get training. I'm more apt to think less of people who choose rewatching a Battlestar Galactica marathon over training. It's not that they are bad people, their choices of priorities are just telling to me about where their profession stands.

In short, training is important to me.

It's confession time. One of the driving factors behind my decision to leave my last job was the way the company handled, or failed to handle, training. I don't want to dwell on the past, but I recently learned that they are continuing their ways.

The company in question is financially very sound. They are seated comfortably north of 150 on the Fortune 500. The company is flush with resources, but they are disciplined in managing expenses, no they're stingy. One would be hard pressed to accuse the company of wasting money on snap decisions. I would say that they are guilty of wasting money through their reluctance to spend money. Below is an example of my experience.

The department that I used to work in emphasized training as an initiative for the year. They kind of had to because many of their software developers didn't keep up with what's going on outside of the company. Skill set stagnation could easily be attributed to shaky engineering and ultimately system downtime and other defects. 

As part of the initiative, all software engineers in my department were required to spend at least 20 hours in training for the year. Here's the catch, they don't count attending user group meetings, which are free, as training. They also don't have enough room in their training budget to accommodate 20 hours of training. 

My own experience was around No Fluff Just Stuff. In my opinion, NFJS is an outstanding value. For around $700-$1000 they offer 11 90-minute presentations over the course of a 3 day weekend. 

The speakers are excellent. Every time I've gone to a NFJS I've learned things that have made me better at my job. It's also a great networking experience. They arrange the conference so people have the opportunity to network. I personally payed for the conference that I will attend this weekend.

Back to the company. They royally messed up in the Spring conference with me. The managers in  my department, and our director, and our VP were all on board with sending as many engineers as possible to NFJS. 

I knew that attendance is limited and that they offer early bird discounts. About eight weeks before the conference I was tasked with getting a list of people in two different cities who are interested in attending. I did and submitted it. 

The training was quickly approved through our department, though we heard nothing about it. The deadline for the early bird discount approached. People came to me asking about the conference. I, in turn, asked the managers. They believed that the arrangements had been made. Since I hadn't heard anything I emailed Jay Zimmerman, the conference organizer to see if everything was cool. Jay, promptly replied to let me know that only the people from the first conference had been registered.

I explained the situation to the managers around me, they tried to escalate the situation, but our contact in finance refused to reply to any of our emails or answer the phone when we called. She also refused the emails and calls of our director. She finally did reply to all of the people who wanted to attend the conference telling them that, as punishment, they would need to write a report on everything that they learned and have it ready the following Monday for the CIO. She ended her communication by offering them an out, do you still want to go?

The communication seemed petty and intended to discourage people from getting training. More accurately, it was intended to discourage people from costing the company about $18,000 to get over twenty people training.

For less than the price of sending a few people to Java One, we were going to be able to send more than twenty people to quality training.

They did register us for the second conference. They also mistakenly registered one of the people in both events. They wasted about $5000 by not just registering people in one group early.

I believe that had I not persisted and insisted that the registration be done that it never would have. It got worse, the company stiffed No Fluff with the bill for a while. Or they never disclosed that they were going to pay net 30 from the time of the last event. So I got a really alarming, yet polite, email from the organizers.

I made two replies, one reply was to all explaining who the proper contact is. The second reply was directly to the person in finance who failed to acknowledge our emails or phone calls and a few people within my department. This is the same person in finance who told us that we'd need to write a book report. I asked her to deal with this issue. I also stated that I was uncomfortable having my name associated with financial delinquency.

Her reply, which copied a few additional directors and VPs, was that if I didn't like having financial delinquency associated with my name that I should deal with these people myself. That was the straw that broke the camel's back for me.

There was no apology for her unacceptable behavior. Nobody thanked any of the attendees for spending their weekends getting training. No, it was a big up yours, where's your book report!

Fast forward to my exit interviews I made certain to candidly explain that the events I just explained heavily contributed to my decision to leave the company. There were other things, but to me, the way they handled training for me personally was utterly unacceptable.

My hope in explaining those experiences was that they would accommodate training requests more seriously and give their software engineers training needs more consideration.

I recently learned that they dropped the ball on the fall conference and didn't register a few people who wanted to attend. They were told that they'd be able to go, however they learned that the company didn't have enough room in the training budget to send them. This was communicated after the last discount price had expired. 

What the hell is wrong with them as a company? On one hand they tell their people that they want them to get training and that the company wants to invest in their skill sets. On the other hand, when the employees try to take them up on the offer, they're met with resistance, hostility, and incompetence. What are people to think?

The message that I received is that they are disingenuous about valuing their employees and their careers. How frustrating is it to have a manager tell you that you need to do something, but they won't support it? They have no problem giving the employees more work than can be done, but they aren't willing to give them training or tools. They lie. 

There are only so many times when you can lie to people before your words cease to have any meaning and the credibility of management ceases to exist.

I'm very happy with my own decision to leave after those events, I wouldn't be surprised if others chose to leave after they experience similar events.

Lots of waiting on one end of the appointment, not so much on the other

As a postscript to my physical I was pleasantly surprised to see that my clinic offers my medical records online.

I was able to see my lab results within hours of taking the tests. Previously, it would take a good week to get a letter with results.  Bonus points to Allina for their online information.

Please show up 15 minutes early

It's annual doctor appointment time for me. 

Yesterday I had a little fun going to my physician's office. I booked the appointment for three o'clock.

A day before the appointment I received a letter in the mail asking me to show up 15 minutes early to my appointment. Why do they ask us to come early? Why not include the 15 minutes into the appointment time? It wasn't a huge deal, but I plan my days around these sorts of things.

I should have considered my observation that doctors' appointments in the afternoon never start close to being on time. There's always something that delays them. I was in the waiting room much longer than 15 minutes after my appointment time.

iPhones are very handy for that sort of thing.

Wednesday, October 8, 2008

10/7/08 Presidential Debate: Can I get my 90 Minutes Back

"That One" that's about the most interesting thing that happened and that one was just a WTF moment.



What's up with having the undecided voters write the questions? Are they really undecided? In a room of about 100 people, couldn't they come up with better questions. The worst question had to be the last one. I'll paraphrase it as "What is it that you don't know?". Was she looking for a Rumsfeldian reply? 



Aside from weak questions and the WTF did he just call his opponent I thought that McCain never showed much energy in the debates. Obama had a much better performance. I'm an Obama homer though.

The town hall format is supposed to be McCain's strongest debate format. I heard one of the newscasters say that McCain's campaign wanted as many as 12 of these types of debates. I can't imagine that boding well for him. 

I was glad to hear that Obama did bring up McCain's record of voting against alternative energy. A while back, Thomas Friedman called McCain out for not casting the deciding vote for a bill that would fund a solar power facility in Arizona. I'm glad that this is being brought to the attention of the American voters. 

Potentially the most damaging thing that McCain did, or didn't do, is shake Barack Obama's hand after the debate. What the hell is wrong with John McCain? Between that and "This One" and the subtle racist attacks that the McCain/Palin camp have been making I can't help but think that people will call to question whether McCain is a bigot

My prediction is that we will be seeing John McCain shaking hands with lots and lots of people who are not white.



EDIT: I almost forgot about a puzzling comment McCain made to a younger black gentleman that I thought was ill advised. I don't recall the question, but McCain rhetorically said in his response that the gentleman had probably never heard of Fannie Mae or Freddie Mac. It seemed like a poor choice of words, even if John McCain were trying to express that Fannie Mae and Freddie Mac were not institutions that many Americans were intimately aware of before the crisis. 

More on this at the Huffington Post.

Tuesday, October 7, 2008

One of these things is not like the others



It occurred to me today that there is something a little off on the city that I work in. Actually I felt a sense of vertigo as my sense of direction got skewed. Check that, I still kind of feel it.



I noticed that the satellite dishes on the rooftops in St. Paul appear to be pointing to the South East.


Satellite dishes actually point to the southwest. 


Unlike cities that have the good sense to direct their north roads north, like Chicago or its twin city. St. Paul points their north roads to the northwest. It's completely messing with my sense of direction. I had thought that my window faces the west, now I can't help but notice that I'm about 45 degrees off. It's remarkably unsettling to me.



Google saves us from our drunk selves

Leave it to Google to find a way to stop emailing under the influence with Mail Goggles on gmail.

I wonder if this works on the iPhone? That's where I could really get in some trouble, entering the numbers could also be challenging.

The only downside of this is going to be the lack of the first thing Monday morning flame wars in my inbox. 

The Cost Of Doing Nothing

Recently, a friend told me about a little problem at her company. A number of years ago I worked with her at a startup that didn't do a very good job at failing.

I've written about this company in the past, it's a dysfunctional mess.

I saw a lack of leadership there and left at the first good opportunity. The lack of competent leadership, once I recognized it, scared the crap out of me. It also motivated every competent colleague I knew there to leave as well.

What do you get when you fail to establish boundaries and fail to enforce any boundaries with a youthful and rambunctious IT staff? They continue to be rambunctious and push the boundaries. They get older too.

What happens when nothing happens to stop the boundary pushing? What happens when nobody steps in and says that the BS is going to stop? William Golding wrote a nice book about what happens when you let a bunch of unruly youths run amok. Imagine the mess and the carnage that would happen if there were no deus ex machina officer to stop the insanity?

Ok, they are well short of cannibalism and murder, but compared to the other engineering gigs I've had, these guys might as well be donning face paint and shouting "Kill the Pig!".

I think my first tip off that something wasn't right was the first time I left my workstation unattended. I learned that an unlocked work station was an invitation for pranks. My first lesson, an email to the entire company informing everyone that I left my workstation unlocked. In retrospect, that was a nice way of saying 'welcome to the jungle'. The same introduction to others were messages like one that simply said 'I am stupid I left my computer unlocked'.

There isn't another place that I know of where openly insulting a person like that is tolerated. The person who is responsible for sending the message is one of the most abrasive, arrogant, and abusive people I've ever had the displeasure to work with. Nothing was said to him about the stunt. There wasn't a reprimand. Nobody said anything, yet everyone in a leadership position knew it happened. And by not doing anything about it, they allowed it to continue to happen. 

If you ask the VP of IT what his leadership philosophy is, he'll probably tell you that he leads by exception. He may say that he gives his people freedom and doesn't interfere with them unless there's a problem. It's probably more accurate to say that he will avoid any confrontation unless a situation gets completely out of hand, he then will overreact with a department wide edict.

This happened when our friend decided that he'd work from home on Fridays. Not only would he work from home, but he'd only be reachable by cell phone. There was something weird with his land line that made it hard for him to receive calls. 

Here's a pro tip for everyone who thinks about defrauding their employer: be nice to the people who have administrative rights on your workstation. The Linux system administrators in operations keep a record of all the commands that are entered on their systems. If it were one's job, as a software developer to develop software on a linux system, one would expect that that person would enter commands on said linux system during the course of a workday. Imagine how interested the people were in the history file of their work at home friend when week after week it showed inactivity on his account?

They had this guy dead to rights. He was caught red handed not working when he said that he was. The evidence of this was brought to the offender's manager, the VP. Any manager worth their salt would have stopped this long before, but all but the most ineffective would have done one of two things, fire the guy on the spot or let him know that the BS is going to stop. Then again, there's always option 3, nobody works from home now.

As if the jerk's peers didn't have enough reason to not like him now they have their privileges taken away because one person abused the system.

That was years ago. That jerk finally bailed on the company. But that didn't solve the problem. The VP hasn't changed and the inmates are continuing to run the asylum. 

The latest boundaries to be pushed are personal hygiene and cleanliness. One person in particular is doing his best to discover new grounds on what will be tolerated by the company. His workspace is a mess. There's the typical mess of scattered office supplies and papers. Nothing big there. The leftover plates, the rotting food, the mold that is allowed to grow on it. It's having an effect on everyone else. Similar complaints are also arising around how Mr. Messy takes care of his body. It's, well, I don't want to disgust people. I also have a lot of pity for the people who, for whatever reason, are forced to work around this guy.

As much pity as I have for those who cannot escape this abomination of a work place, I reserve the that much anger for the 'leadership' of this company. Something needed to be said long ago, and nothing was said at all. More importantly, nothing was done. Instead of dealing with a problem as a leader, everyone else has to endure the effects of the problem and suffer. 

The 'leaders' of the company have located themselves in a different area of the building and don't need to deal with the stenches on a regular basis.  They are ostrich-ing themselves.

When a bunch of twentysomethings work together there's a certain level of boundary discovery. When young people work together, there's a certain amount of goofing around. It's only natural. It's typical that someone will rein in the young developers and add some structure, either that or the company collapses. Imagine what happens when the company is successful enough to keep going despite their total lack of leadership or discipline. Combine the fact that the twentysomethings are approaching their forties and still pulling the same stunts. It gets kind of sad.

The net effect on the people who work there is anyone who can leave does when they smell the coffee, or the stench. It's way past the point where simple actions by leaders can right the ship. Unless radical and competent action is taken, the company will be doomed to exist as a success struggling to fail.

Monday, October 6, 2008

Fun with Neodymuim Magnets and A Poor TV

This is what happens when a Cathode Ray Tube television is influenced by a strong magnetic field.



Kids, if you're going to try this, make sure it's not a television that your dad is going to care about. If you don't like your friends, well you know what to do...

Sunday, October 5, 2008

5 Get Rich Quick Scams People Still Fall For

Cracked, which is my daily crack like addiction, has a good article on 5 get rich scams that people fall for. If you are offended by words that you can't say on television, you are probably the type of person who will fall for this type of scam, so you might want to tough it out.

I consider myself fortunate to grow up with an attorney for a father. I used to ask my dad about these scams and he set me straight about what a scam they are. I assumed that all fathers did this for their children, but when I got to college I learned that an alarmingly high number of people believe this crap.

I remember one roommate in particular who bought the Don Lapre making money toolkit for a few hundred dollars and another friend got into a cult like pyramid scheme.

As a rule, I consider any product that is only sold on television to be suspect. For every George Foreman grill there are about 1000 overpriced garbage products out there.

I've got Nothing

Been pretty busy at work lately. Fear not, there are a few essays in the pipeline.

Wednesday, October 1, 2008

David Laibson Gets It

Here's a nice quick read from Wired Magazine at Wired.com.

Laibson believes that markets can be influenced, or corrected, by nudging human behavior. The reason for this is because people do not always act rationally, even if they do have sufficient information. In the example, Laibson shows that in companies that offer a 401k plan where participants must opt in, the participation is significantly lower than with companies that have a plan where participants must opt out.

Laibson is a Behavioral Economist at Harvard. Sounds like a very ripe field of work. I would love to learn more about how Behavioral Economics can be used to influence people and systems.

My least favorite type of bug

I think I found the type of bug that is my least favorite. 

The bug has the following characteristics:

The bug causes the whole application to fail.
The bug causes all of the unit tests to fail.
The bug leaves no explicit trace of what is failing.
The bug causes the unit tests to run (fail) slowly.

We did find the cause of the bug, it was a mismatch between a property declaration on a configuration file and a missing method on one of the class files. The corruption in the configuration file caused the application to fail slowly, quietly, and completely. It was also caused by a typo in my code.

It can always be worse though. This bug was only in my personal development environment. The bug did not cause anyone else's work to be affected.

My ideal type of failure is quick, contained, loud, and easy to find. Also, with all things being equal, I'd prefer that the failures be cause by someone other than me.