Posts Tagged ‘Rants’

I’ve finally finished the first public release of PoshWpf, and was getting ready to ship it as part of a new release of my PowerBoots module. The idea is that I need PoshWpf itself to be a stand-alone module so that it can be used in production with PowerShell 1.0, until such time as PowerShell 2.0 goes gold, and we can get that into production use, so we can use PowerBoots. PowerBoots is a script module, and it uses dynamic parameters, so most of it can’t really be done in v1, but you can use PoshWpf as a snapin, including the New-PowerBoots cmdlet, to do asynchronous multi-threaded UIs like my “ping monitor demo.”

So I need to update the .psd1 Module Metadata file for PowerBoots to include PoshWpf … I read up on Oisin Grehan’s blog about the possible properties in the module manifest, and decide that I could do this by packaging PoshWpf as a NestedModule in PowerBoots. There’s not a whole lot of point in distributing PoshWpf as it’s own module — Version 1 users will need to install it as a Snapin anyway, since PowerShell 1.0 doesn’t support modules, and I expect PowerShell 2.0 users to use it with PowerBoots.

Nested Modules

So I open up the PowerBoots.psd1 file, and add the line: NestedModules="PoshWpf" and fire up PowerShell and run Import-Module PowerBoots … and get this Error:
Import-Module : The module to process ‘PowerBoots’, listed in module manifest ‘C:\Users\Joel\Documents\WindowsPowerShell\Modules\PowerBoots\PowerBoots.psd1’ was not processed because no valid module was found in any module directory.

Now, I have no idea what that’s supposed to mean, except that I know the way that the PowerBoots.psm1 script gets parsed is that the PowerBoots.psd1 metadata includes a line: ModuleToProcess="PowerBoots.psm1" … I don’t know why the error doesn’t say “.psm1”, and I don’t know why that would be the error when what I added was the PoshWpf line, but I comment my line out and everything works, so I decide that maybe I need to say “PoshWpf.dll” (following the example that works of loading the PowerBoots script by specifying the full extension).

So I move PoshWpf.dll from it’s subdirectory right into the PowerBoots folder, and I change my line to: NestedModules="PoshWpf.dll" and fire up PowerShell and run Import-Module PowerBoots … and get this Error: Import-Module : An item with the same key has already been added.

Wow, I’m two for two: two attempts to load my module, two completely incomprehensible errors.

So we found a problem recently with a certain scripting language’s argument parsing:

Why can’t it properly parse -42 as an integer, when it can parse .5 as a double? Well, according to the development team of a certain Fortune 100 company, this behavior is by-design ... Apparently, “.” can be a number, but “-” can’t.

When you know you’ve got it all wrong, but you can’t be bothered to get it right, document it — make it look intentional, and most people won’t question you.

I’m sorry folks, but I’ve had it up to here with the “it’s by design” excuse. I don’t care who you are, and I don’t care who wrote the design spec — when something is as obviously wrong as this, you need to fix it, not just give us platitudes.

I had the same thing happen recently with a bug I filed about the way wildcard behavior impedes matching file-names with square brackets in them in PowerShell. They told me this was by design, and that I could use the -LiteralPath parameter. Well, if any of you have tried this, you already know what I’m going to say: it’s broken.

And yet, I was initially told it was supposed to be this way. Now, in this case, I happened to have the email address of the software architect, and they’ve reopened my bug after I sent him an email with lots of examples of how this bug defied the behavior that a user expects.

We software developers need to be very careful about saying “that’s by design” ... because it sometimes makes us sound stupid. When a user says “this is broken,” and your reply is “that’s by design,” what the user hears is “we broke it on purpose.” We should not be willing to excuse bad design.

Listen up: If you want to be a successful software developer, you need to learn this, and learn it well: the fact that it was DESIGNED WRONG is NOT AN EXCUSE for shipping broken software. Regardless of whether it’s your design, or someone else’s, even if it was designed this way by your manager’s boss. When you create software that doesn’t behave the way the user expects it to, you need to consider the possibility that you’re doing it wrong.

Imagine if architectural engineers were to behave in a similar manner … Suppose the original architect of the golden gate bridge had left a gap in the middle of the bridge, with a little ramp: you could drive up the bridge, but you couldn’t get across unless you were comfortable jumping your car across a four foot opening.

When you complained about it, the engineers would say: it’s by design — if you don’t like jumping your car (and yes, we know that jumping is bad for maintainability), there is a workaround: just wait for the ferry we put in last year. There are several boats, running continuously, so the wait is at maximum about 20 minutes, and it only takes a little longer to cross by boat than it would on the bridge.

That analogy is obviously not perfect, but the point is: just because someone decided it should be done a certain way doesn’t mean that’s the right thing to do — sometimes the design is just wrong. Perhaps the designer and architects overlooked something, or perhaps the circumstances have changed, but in any case, if the software doesn’t work the way people expect it to work, or requires different workarounds depending on the situation … you need to question the design.

All I’m asking is this: don’t turn your brain off: when someone complains about the way something works (or doesn’t work), think about what they’re asking, and if the complaint makes sense, don’t say “this misbehavior is by design” until you’ve reconsidered the design.

This is just a short note to explain why I turned off IntenseDebate: it just seems to use way too much memory on my server — I had to increased the memory available to my blog twice, and was still having issues.

Quite frankly, I don’t feel like I was getting anything out of using Intense Debate other than the ability for users to get notified automatically when I reply to their comments, and to get that minor feature I had to give them all my comments, and render the comments in javascript, and … yeah, well, I’m going to do without for now, and we’ll see what happens.

There has been a lot of buzz on Twitter (etc.) about the report issued by Bit9 (as reported without details by NeoWin). The list is topped by Firefox, and the top 10 are all non-Microsoft applications … shocker!

Well, if you download the PDF (and read it with Foxit Reader because Adobe Acrobat and Flash are tied for #2 on Bit9’s list), you’ll find these items, among others, in the criteria for apps making the list:

• Is well-known in the consumer space and frequently downloaded by individuals.
• Contains at least one critical vulnerability that was first reported in January 2008 or after … [and was] given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
• Relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.

• The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.

There are two big problems here:

1. It doesn’t matter how long it takes the vendor to issue the patch.

1. Any application which can be patched by the administrator (or which is patched in WSUS (aka Windows Update)) is automatically excluded from the list — regardless of anything else.

That’s just preposterous.

So preposterous that even The Register couldn’t stand for it.

An application could have a single level 7 vulnerability that was patched within hours, with the patch delivered automatically by the application checking and self-updating … and it would still qualify (this isn’t entirely Hypothetical, THREE of the apps on that list had only a single qualifying vulnerability). But if it uses a patching system that has to be run by a highly paid IT professional instead, it wouldn’t qualify even if it had a level 10 vulnerability that has remained open for years … In point of fact, vulnerabilities that have been open for years are disqualified anyway, but the point is that the only thing that saves an app from this list is not having any vulnerabilites, or being able to hypothetically apply patches remotely (regardless of whether the patches actually exist).

Stop spreading this list

I’m begging you: if you’re a reporter, a blogger, a tweeter — do your research before you help companies spread disinformation… and please note that Bit9’s sole reason for creating this list is to market their enterprise management, patching, and white-listing product.

Related articles by Zemanta

• Patch-blocking bug also stymies Microsoft’s WSUS
• SonicWall blocks WindowsUpdate
• Foxit PDF Reader 3.0 for Windows now works with Firefox
• Microsoft confesses to posting a flawed update

This is just a rant about crazy politicians and the over-legislation of protecting people against themselves.

http://www.motorcycle.com/news/passenger-age-cap-proposed-in-ontario-87568.html

This law would (if passed) prevent driving a motorcycle on a highway if another person under the age of 14 years is a passenger on the motorcycle. In support of the law, Helena Jaczek “cited statistics that show 199 motorcycle passengers under the age of 15 were injured from 1995-2005” ...

Seriously?

Let’s see, 200 injured people in 10 years? Wow, that does sound dangerous . What other sorts of things are that dangerous? I mean, if we’re going to outlaw exhilarating fun just because you might get hurt doing it … clearly we want to start with the most dangerous stuff, right?

How about skateboarding? According to the American Academy of Pediatrics, skateboard-related injuries account for an estimated 50,000 emergency department visits and 1500 hospitalizations among children and adolescents in the United States each year.

How about roller coasters? The International Association of Amusement Parks and Attractions states that 1,713 ride related injuries occurred in 2005, and they average four fatalities a year going back to 1987! Oh my goodness! And of those injuries, over seven percent resulted in at least overnight stays in a hospital. (Of course, that’s not counting the 300 million other guests who safely enjoyed 1.8 billion rides).

Ms. Jaczek, maybe you’d like to start with actual statistics, like: what percentage of motorcycle rides ended up in an accident? A common one is injuries per “participant day” — that is, how many people participated in an activity each day. So, in order of priority, here’s a few things you should outlaw just to make your young people safer:

• Roller skating (912 emergency room treated injuries per million participant days)
• Basketball (799 per million)
• Football (704 per million)
• Soccer (405 per million)
• Fishing (85 injuries per million participant days)
• Golf (53 per million)
• Use of exercise equipment (nine injuries per million participant days)
• Billiards (eight per million)

• Camping (five per million)

Incidentally, according to the IAAP, the number for amusement parks is something like 0.00133 per million … and according to the Insurance Information Institute there were 6.2 million motorcycles on U.S. roads in 2005 … accounting for 0.4 percent of vehicle miles traveled in 2006 … with over 104,000 accidents and 4,810 deaths (the highest number up to that time since 1981). If we guess that those motorcycles get ridden for about half the year, maybe 5 times a week … that would be around 620 million “participant days” and would add up to about 0.00016 accidents per participant day.

As someone who neither motorcycles nor golfs, I think you should clearly outlaw Golf, since it not only has a higher rate of injury, but also restricts all that land from use by the rest of us who just want a place to throw a flying disc

PS: This politician was from Ontario, but the same idiots exist in New York: if you want to know what you should be spending your time on, I’ll give you one hint: stop spending money we don’t have.

Fast on the heels of the Chinese government, the Orwellian Department of Homeland Security has officially announced that it is claiming new police powers this week: to seize travelers’ laptops, cell phones, cameras, PDAs, iPods, video tapes, books and even magazines … without any suspicion or probable cause and keep them as long as they like without any specified process for returning them whatsoever.

DHS claims that business data will be protected, and that all data will be destroyed when the review is completed if no probable cause exists to keep the information — but bear in mind that there was no probable cause to start with, so there’s actually no incentive for them to ever declare the review complete and destroy the data.

It’s important to note that these policies apply to anyone entering the country — including citizens and foreigners, tourists and visiting businessmen. If you leave the country, you suspend your rights to privacy and property at the border upon your return along with everyone else. I wonder how we would have reacted if France started seizing laptops, cameras, cell phones and books from every American who entered their country? What about if this had happened in 1984? or 1999, for that matter?

P.S. If you’re an American:

Remember: no matter how much the authoritarian “security” forces would like you to think you live in a different world now than we did 10 years ago — the Constitution and your Civil Rights have not been suspended yet — if you don’t think the government should have the right to take your things, and root through your photos, phone calls and emails whenever they like for no reason whatsoever… you should write your representatives in Washington and let them know that you hold them personally responsible for this ridiculous power-grab by our so-called homeland security department.

My Personal Response

Here’s the letter I sent to my representatives, maybe you’d like to do the same: Read the rest of this entry »

Someone earlier today was gushing about how neat Evernote is … it’s a OneNote-like application which features add-ins for browsers and email clients to let you clip text and images, or record voice, take notes in handwriting, etc … and it’s cross-platform and has a version for Windows Mobile and iPhone! I thought it sounded interesting, although the key feature of sharing all your notes automatically across all your clients made me a bit suspicious, so I went online to check it out.

By now, those of you who have previously read my rants about software licenses know to avoid Evernote. But let me tell my story anyway. I downloaded the installer and ran through it, noting that the click-through license displayed in the installer is for the software only, and references possible additional terms for a “service” ... So far, so good, the most annoying thing I noticed while scanning was:

9. Monitoring and Removal of information. ... Evernote Corporation and its designees shall have the right to refuse or remove any information that violates this Agreement or is otherwise objectionable, in Evernote Corporation sole judgment…

I didn’t particularly like that in a software license, but it wasn’t enough to get me to stop installing the software. However, I have to say, the license it is ridiculously huge:

• Roughly 3500 words
• On 330 lines of text
• (which you’re expected to read in a 10-line window)

• Making 33 pages of license (about 8 pages printed on letter size paper)

Nobody should be expected to put up with this. Let me say this for the record:

Put your license on the download page.

This will allow people like me to read the license before we download the software and possibly save us the trouble. Pretending you think people will read something like that in the tiny little window is a cruel joke.

The worst joke, however, was yet to come.

So I’ve been asked to add a feature to one of the apps that I nominally took over when my former manager left … they want a management pane where certain authorized super users (to be decided later) can add data to the main lookup tables, and must be able to do clean up by deleting data which has been entered erroneously … including cleaning up any references to the now missing data.

I’m currently trying to figure out what database tables I need to be concerned with, and I just have to vent, because this system is the worst mess I’ve ever seen.

• There’s one database supporting five or more applications…
• There are 87 tables (with names like tblAQ_DcSs, tblAQ_SwNw, tblSFM, and tblSW_PWSOS, tblTestCaseTestLayout )
• There are three duplicate user tables: tblPeopleLookup, tblUser, and tblUser3 — tblUser2 is a view onto an external user database which is what is supposedly being used … and apparently, tblPeopleLookup is some sort of mapping from tblUser2 to tblUser3 … and tblUser1 is the original user table. I don’t know why these are all still here — I can only hope none of these others are still being used.
• There are 144 stored procedures (with names like sp_Fix, sp_Fix2, sp_Fix3, spLeftToTestMulti, spLeftToTestMulti2, spLeftToTestMulti3, sp_Whatever, and the awesome spTestCaseTestLayoutTestsUpdate, spTestCaseTestLayoutTestsSelect, etc.)

• There are no Foreign Keys. Yeah. None.

Technically, there are lots of foreign keys — it’s just that none of them are declared as such, so there’s no referential integrity (did I mention that there’s an access database floating around out there with linked tables and a hard-coded login which the end-users pass around to each other so they can insert data into some of the tables by hand because the original developers didn’t get around to writing this management app that I’ve been asked to write now?)

You can tell that some of the columns should be Foreign Keys, because obviously a column in a “tblReq_Tag” table named “Feature_ID” must be an external lookup of some sort … but there’s 86 other tables … and at least two of them have Primary Keys called “Feature_ID” ...

So, I’m spending a lot of time searching the source code and the 144 stored procedures … An astonishing number of these stored procedures involve cursors and multiple nested case statements. I just picked one at random which I thought sounded simple: spEnterGroupResults ... it’s about 150 lines of SQL, and it uses a single cursor variable “crsUnit” which it redefines three separate times onto three different queries which it iterates over. Each of these queries involves joins onto nested subqueries, and I count myself lucky because the tricky part is actually enclosed in a transaction, and at least this one isn’t doing all of that just to dynamically generate a further SQL query to execute.

So yeah, I’m literally looking through source code to try to understand the database design. The problem is that there are more than five different applications, each using slightly different technologies.

• One of them which has never been migrated from classic ASP ... with the business logic written entirely in Javascript, and the data handling performed entirely by sending huge XML files back and forth to a “do all” webservice.
• One of them was written in VB.NET in VS 2003, and has never been upgraded.

• The rest are in C# — with most in VS 2005, and at least one in VS 2008 and C# 3.0 — some are Asp.Net, some are rich client …

The tables I’m most concerned with right now (for this app) have some ahem ... impressive design decisions of their own. Of the 8 tables that I’m looking at directly (I think these are the only ones I need to modify as part of this app), five of them have multi-column primary keys that involve more than half the columns in the table, including columns which are, in fact, unconstrained foreign keys. And there are so far 5 foreign key looking columns which I haven’t been able to find the primary key column for …

Edit: Oh yeah, and half of these tables have columns like [Enabled] [char](1) NULL … That’s a boolean value folks, stored in the database as a y or a n … and it’s nullable even though a null (or any value other than y or n, really) will most likely blow up some code somewhere. And no, there’s no script constraint or trigger to ensure that this doesn’t happen (I checked). For extra fun, the other half of the tables use ‘bit’ columns for things like this — because they were written after I started working with this team (on a different project) and happened across one of these char columns during our one and only code review ever and wondered aloud why we needed to pretend it was still 1992. Why they just switched, without changing the others, I’ll never know…

Here’s a snippet from the latest update to my resumé ... you’ll notice I struck out the “create” portion of the descriptions — as long as we just talk about maintenance and support tasks, everything you see here is what I did in just the last two weeks since one of my teammates transferred to a different division and our temp/contract was stolen away to a full-time position with a different company.

Software Engineer, Test Tools Development.

Lead developer for in-house software solutions for a 100-strong quality assurance team at a Fortune 500 company … responsible for creating and maintaining all custom software solutions and database systems.

1. Create and maintain a randomized software test-case generation tool capable of managing hundreds of test projects with dozens of variables and using pseudo-random weighted generation to create thousands of test cases for each of our hardware and software tests.
2. Maintain a custom HR tracking and reporting tool for billing internal customers based on hourly rates for work done testing hardware and software products for dozens of internal and external customers.
3. Create and maintain a custom requirement and test-case tracking system for internal tracking of spec-based testing and reporting.
4. Create and maintain a custom defect tracking system which interfaces with and provides metrics for over half a dozen different defect tracking systems (DDTS, ClearQuest, MS TFS, SourceForge, etc) used by the development teams we support.
5. Create and maintain internal test-results reporting system capable of capturing test-case pass/fail/waive information and tying it to internal requirements and test case tracking systems as well as external defect and work-request tracking systems.

1. Create and maintain various reporting systems providing charts and reports of counts and rates to support capacity planning, software quality metrics, test effectiveness and efficiency measures, software quality predictions etc, as well as tracking post-release defect discovery and analysis to improve the effectiveness of pre-release testing.

Work with a multitude of languages and technologies to provide the most effective solutions for each request in a timely manner on multiple platforms … from client apps and scripting solutions to cross-platform web apps.

• Using Asp.Net with HTML/CSS/Javascript and VB.Net and C#.net to provide “AJAX” web-based applications.
• Using PHP and Perl to provide web-based defect query and search services.
• Using C#, Windows Forms and WPF to provide rich-client tools for test planning and test-case generation.
• Using PowerShell, VBScript, TestBasic, and AutoHotkey to automate testing, as well as maintenance and data-entry tasks.
• Using and maintaining SQL Server, SQL Reporting Services, and SQL Analysis Services to provide reporting and business intelligence and to support tool development.

• Tracking work and changes in various source control and defect tracking systems such as VSS, ClearCase, ClearQuest, Bugzilla, SVN and TFS.

10 languages, 5 software platforms, 7 separate applications … and the apps I wrote myself (and am therefore most familiar with) seem to be the only ones that I’m not fielding support calls for multiple times a day. I need a vacation (or rather, a couple new coworkers).

Fingers don’t fail me now!

Of course, in my spare time, I’m working on my capstone project for my Masters degree in Computer Science …

Can’t someone put a stop to this stuff? Where are our representatives when you need them? I started to sign up to try digsby this evening, but when I read the terms of service, I had to quickly back away and abort. Let me just say this for the record: these are not acceptable terms of service.

We may change this contract at any time. You must review this contract on a regular basis. You can find the most recent version of the contract at http://www.digsby.com/tos.php. The changed contract is in effect right away.

I do not agree to “review this contract on a regular basis” — that’s preposterous. I have several hundred software applications installed — imagine if they all required me to review their contracts every day before I used them, just in case they had modified them. Imagine if I had to read 16 points spread out over 1200 lines of legalese for each application I use, just in case you decided that the terms of service should require me to mew like a cat every 15 minutes while using it or pay a $1500 monthly user fee…

I most certainly do not agree to any changes that go into effect right away before I’ve even been notified of them or had a chance to read them. What if you change them to involve a daily fee …. while I’m on vacation?

All upgrades, updates or enhancements of the Software shall be deemed to be part of the Software and will be subject to this Agreement…. By installing the Software, you hereby agree to automatically request and receive Updates from dotSyntax’s servers.

I most certainly do not agree that you should be allowed to change your software at any time automatically without my permission. And especially not when you also say …

DOTSYNTAX IS NOT RESPONSIBLE OR LIABLE FOR (1) ANY VIRUSES OR OTHER DISABLING FEATURES THAT AFFECT YOUR ACCESS TO OR USE OF THE SOFTWARE, (2) ANY INCOMPATIBILITY BETWEEN THE SOFTWARE AND OTHER WEB SITES, SERVICES, SOFTWARE AND HARDWARE...

Unbelievable!

Oh, yeah, and don’t forget … you would also have to check their privacy policy:

The Privacy Policy available at http://www.digsby.com/privacy.php explains dotSyntax’s information practices that apply to … information about you and your use of Digsby.