Playing with tools instead of getting stuff done and other useless pursuits

This website is running WordPress on an Amazon EC2 instance.

If I were looking to keep a blog, this is not how I would do things, I’d just use a service.  The micro EC2 instance is slow, I have ensure Linux is patched, WordPress is patched, etc…  But playing around with the server is as much fun as writing the blog.

Here are a few changes to the site recently:

  • I run the EFF Privacy Badger on my browser at home, and I couldn’t believe how many trackers were running on my self hosted site, because I don’t track, and I don’t have ads.  I dropped the Youtube videos, that got rid of many (I just link to Youtube now instead of embedding).  I can’t remember what else I did, but now I’m just down to Google Fonts, used by the template.
  • The site now defaults to HTTPS.  With default settings, Qualys rates the default Ubuntu 18.04 LTS Apache HTTPS setup on this site as an A.  Its funny how many important companies struggle to get this right on their sites, given how easy this is.
  • Recently update the site to Ubuntu 18.04 LTS – the latest version of WordPress didn’t like the version of PHP on the previous LTS version I had been running (not sure what that was).  This is the third VM on which this site has been hosted.
  • I hadn’t been resizing photos and the site got REALLY slow.  I’ve resized the largest ones – it’s not painfully slow anymore.  I may eventually move the image hosting to S3, but keep the server/DB on EC2 – I expect the site would run faster without increasing costs.

Update October 5th, 2019:

  • Google Lighthouse ranks the site load speed at 100
  • Finally got the fonts loading locally with the OMGF WordPress plugin. The site no longer has any external trackers!

Microsoft revokes digital media. Again.

In 2010, I joked “I don’t think any child born in 2010 will get the chance to hear the music of their parent’s youth”, as DRM encumbered media would be unplayable.

Even in 2010, we’d seen Microsoft’s “PlaysForSure” music (launched 2004, RIP 2008) not play on Microsoft Zune (launched 2006, RIP 2015).

Today, Microsoft announced that it is revoking the ability to read books purchased on its book store. It is refunding its customers.

I didn’t foresee the rise of streaming music services – I think this model is better, as there is no illusion of a purchase.

Fixing ink blobs on epson xp-830 prints

Black ink blobs dropped randomly on pages

My Epson XP-830 started dropping black ink globs on my prints, which would smudge and wreck photos. As I had recently installed $150 worth of ink, I didn’t want to just go out and get a new printer. I also liked the compact format of this printer, and wouldn’t just buy the same one, as this was starting to look like a doorstop after its 2nd set of cartridges. I wasn’t concerned about breaking the printer at this point, because I was ready to throw it out.

I managed to resolve the issue – I’ve decided to write about what I did, and perhaps some will find this article and I’ll save a few printers from an early trip to the landfill. I expect this will work for any Epson XP printer.

First, I ordered a print head cleaning kit from Amazon (kit, Amazon link). In hindsight, I don’t actually think this was an issue with my print heads, but I did a number of things all at once, so I don’t know exactly which step resolved my issue. I recommend watching their video before ordering the kit.

The first step was getting the print head out of its right-side dock. Go to the menu, click maintenance, and then click Ink Cartridge Replacement.

Click proceed.

At this point, the print head will have moved to its change cartridge position. Disconnect the power.

I used card stock and paper towels to clean all of the ink I saw in the areas identified by red arrows

At this point, I took out the cartridges, and I wrapped them in plastic wrap, following the guidance of the Print Head Hospital.

I did clean the heads, as instructed in the Print Head Hospital video, but I think what really made the difference for the black ink globs was the following: using cheap papertowels and cardstock, I cleaned up all the ink in the areas highlighted by arrows in the above image. I cleaned under the print head by cutting a ~1″ piece of cardstock, wrapping it with a paper towel, and running it underneath the assembly as shown at the 3:40 mark in the Print Head Hospital video, and repeated until the paper towel would come out clean.

I plugged the printer back in, re-installed the cartridges, ran the regular print head cleaning cycle 3 times (until the test page came out fine), and am now getting perfect prints.

Good luck – hope this helps.

The Pigeon Tunnel

My manager has been on secondment to another team for the past 8 months. He stepped into a recent team meeting, where we were re-visiting challenges with our release process, and re-starting an initiative that had been displaced by other priorities.

As he stepped out, he joked (I paraphrase): “Good to see nothing has changed while I’ve been away”

In the next couple months, my manager will return to this team, back to where he started, back to re-visit familiar challenges.

This reminded me of the following introduction to John le Carre’s The Pigeon Tunnel, a collection of stories the author’s time in MI6 and of his unreliable father:
“There is scarcely a book of mine that didn’t have The Pigeon Tunnel at some time or another as its working title. Its origin is easily explained. I was in my mid-teens when my father decided to take me on one of his gambling sprees to Monte Carlo. Close by the old casino stood the sporting club, and at its base lay a stretch of lawn and a shooting range looking out to sea. Under the lawn ran small, parallel tunnels that emerged in a row at the sea’s edge. Into them were inserted live pigeons that had been hatched and trapped on the casino roof. Their job was to flutter their way along the pitch-dark tunnel until they emerged in the Mediterranean sky as targets for well-lunched sporting gentlemen who were standing or lying in wait with their shotguns. Pigeons who were missed or merely winged then did what pigeons do. They returned to the place of their birth on the casino roof, where the same traps awaited them.

Quite why this image has haunted me for so long is something the reader is perhaps better able to judge than I am.”

There seem to be challenges that 8 months don’t progress. Is this exercise futile, like the Monte Carlo pigeons? Are these tough problems we avoid, or constraints we work in?

Or, perhaps its why we’re here – these things are tough, and that’s why we’ve got a very skilled team consistently delivering within this environment. In this environment, over the past 8 months, we’ve completely refreshed our application’s UI, moved to Angular framework, re-branded, and delivered it to > 100,000 customers. Our release process may not be as efficient as we like, there are problems we had a year ago that we haven’t resolved, we may defer initiatives, but it’s all about playing the best hand possible with the cards we have been dealt: we are not standing still.

Code like it’s 1981

In my primary school years, I’d read my Dad’s “Compute!” magazines. Recently, I discovered they’ve been published on Archive.org https://archive.org/details/compute-magazine , and I browsed through a few issues.

I came across this ad in a 1981 issue:

Ad for SORT, an EPROM with a sorting algorithm for Apple and Commodore PET owners.
SORT algorithm on EPROM for Apple and Commodore Pet

It’s a sorting algorithm, written in assembler, distributed on an EPROM chip, mounted on a circuit board, that you’d plug into your Commodore PET or Apple II computer and call from your BASIC program.

I few things I find interesting about this ad:

  • How big was the market in 1981, for people who were writing BASIC programs, couldn’t write a sorting algorithm, and would pay $55 per seat for one?
  • If someone were looking to sell their program that they built, they’d have to bundle in this SORT product
  • At some point, sorting libraries were built-in

I actually found documentation for this product online:
http://mikenaberezny.com/wp-content/uploads/2013/10/sort-installation.pdf
http://mikenaberezny.com/wp-content/uploads/2013/10/sort-user-instructions.pdf
http://mikenaberezny.com/wp-content/uploads/2013/10/sort-review-compute-dec-1981.pdf

Ask not if our product uses Apache Struts, but…

When it was revealed that the massive Equifax breach in 2017 was attributed to their failure to patch a component in their system known as ‘Apache Struts’, everyone was reaching out to their development teams and asking: “Do we use Apache Struts? Is it patched?”

And I found it interesting. In my opinion, the wrong question was being asked.

What they should be asking us (and what we should be doing) is:

  • Do we know what libraries our application is using?
  • Do we have a process for checking if security vulnerabilities have been disclosed in the libraries we use?
  • Are all the libraries we using currently supported?
  • Are we using current, patched versions?

There has been an interesting news story recently about how a specific company was a target of a cyber-attack through a library it used. A malicious actor planted a back door in a library it was known to use – some good assessments of the incident have been posted on Ars Technica and Linux Weekly News.
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/
https://lwn.net/Articles/773121/

Most development teams don’t have the capacity to audit the source code of all the libraries they use. Further, it would seem that in this instance, the malicious code would have passed a cursory review. At this point, our best defense is to be aware of this possibility when assessing a library, ensure that it has an active community and is well supported prior to incorporating it. Once a library has been incorporated, ensure we track its development for updates.

Paul Allen, the NBA’s Portland Trailblazers, and building a team

When Paul Allen, the co-founder of Microsoft, died in October, I decided to read his 2011 Memoir, Idea Man. I thoroughly enjoyed the book.

Seven years after co-founding Microsoft with childhood friend Bill Gates, Paul was diagnosed with Hodgkin’s lymphoma. He left Microsoft, already a very wealthy individual. A few years after successful treatment and recovery, he bought the Portland Trailblazers NBA basketball franchise.

In 1994, Paul Allen hired Bob Whitsitt as the Trailblazers general manager, to rebuild the team. Whitsitt focused solely on basketball skills in his hiring.

What follows is a cautionary tale for anyone building a team – skill is critical, but it’s important to consider team fit, character, balance, diversity, resiliency, empathy, etc… The following passage from the book describes one of those worst-case scenarios of a team built solely on skill:
Whitsitt proceeded to overhaul our aging roster as he’d done in Seattle, drafting young athletes with upside and adding big-name veterans.

He openly professed that he cared only about talent, to the exclusion of character and other intangibles. “I didn’t take chemistry in college,” he told the media. With enough physical ability on the floor, team cohesion would take care of itself. It was a risky assumption for a sport in which five men share one ball.

With hindsight, Whitsitt temporarily staved off decline by using my wallet to load up on pricey long-term contracts, players who were available because they were overpaid or had off-court issues or both.

When you come so close to winning a championship, as we had in the early nineties, it makes you that much hungrier because you know what the Finals taste like. It was the same for Whitsitt, who was desperate to validate his approach with a title. We were perpetually one big-salaried veteran away from contention, and our payroll ballooned. Deep down I knew that something was wrong. In the playoffs, when the pressure peaks and higher-caliber opponents target your weaknesses, a player’s makeup is revealed in performance. In the 2000 Western Conference Finals against the Lakers, we fell behind three games to one and then fought back to earn a deciding seventh game. Up fifteen points in the final quarter, it looked as though we were headed to the NBA Finals against Indiana, whom I thought we could beat. When I watch my team in the playoffs, I get superstitious; I try not to think about how much I want to win. Whatever happens, I’ll be fine with it. The players tried their best. But in that fourth quarter, I succumbed. I couldn’t deny it. I really wanted to beat the Lakers.

Within minutes, the Blazers unraveled. We missed thirteen consecutive shots. Our players suddenly looked as though they’d met for the first time that morning. The coup de grace came when Shaquille O’Neal dunked an alley-oop from Kobe Bryant with forty seconds left.

That seventh game exposed us as a team without leadership or discipline. I’ll never forget the feeling I had when we boarded our plane, still festooned with BEAT LA stickers, and headed home, our season done. It was a crushing defeat, and it took me a long, long time to get over it.

IN 2002, EIGHT years after Whitsitt’s arrival, we fell into the abyss. We led the league in payroll at $106 million, $44 million more than the championship Lakers. We were $65 million over the salary cap and $50 million over the league’s new luxury tax threshold, which had been designed to level the playing field for small-market teams like ours. Our player salaries cost us an outrageous $156 million, all for a medium-to-good fifty-win team that would lose yet again in the first round of the playoffs.

Off the court, it was worse, as the Trail Blazers became exhibit A for all that was wrong with professional sports. I found myself reeling from one lowlight to the next.

November 9, 2002: Bonzi Wells is suspended for spitting on the Spurs Danny Ferry.

November 22: Co-captains Damon Stoudamire and Rasheed Wallace, on their way home from a game in Seattle, are pulled over and cited for possession of marijuana. To settle the case, both agree to attend drug counseling sessions.

November 25: Ruben Patterson is arrested for felony domestic abuse. His wife later asks prosecutors not to pursue charges.

January 15, 2003: Rasheed is suspended for threatening a referee.

April 3: Zach Randolph is suspended after sucker punching Ruben in the face during practice and fracturing his eye socket.

The fans who felt so close to the Drexler-Kersey-Porter Blazers were disenchanted. Our attendance suffered, and our TV ratings fell by half. The wayward players showed little remorse. Bonzi Wells told Sports Illustrated: We’re not really going to worry about what the hell [the fans] think about us. You could see why parents weren’t rushing out to buy Bonzi or Rasheed jerseys for their kids.

One day I said to Whitsitt, “What’s it like in the locker room? How is the team reacting to the latest incident?”

And he said, “Well, Paul, half our guys are normal and half our guys are crazy. The good guys are all freaked out, but the crazy guys are crazy, so they’re fine.”

I’d heard enough. A team might be able to absorb one erratic personality, but who could win with a group that was half crazy? Three days after our season ended, I fired Whitsitt and gave his successor, Steve Patterson, a mandate to clean house. We traded established starters like Rasheed and Bonzi for forty cents on the dollar while letting bad contracts expire. The win-now regime had stunted younger talents like Jermaine O’Neal (who blossomed into a six-time all-star after being moved to Indiana), and our cupboard was bare. In 2004, the Blazers missed the playoffs for the first time in twenty-one years.

And then we sank even lower. An internal investigator came to me with a report on Qyntel Woods: “We think there may be dogfighting at Qyntel’s house.”

Dogfighting? I couldn’t believe what I was hearing.

A few days later: “We think there may be some dogs buried in his yard.”

Buried in his yard?

And a day or two after that: “There’s a room in his house where we hear the walls are covered with blood.”

Blood on the walls?

I was shocked and mortified. Qyntel eventually pleaded guilty to animal abuse and got eighty hours of community service. We suspended and then released him three months later.

The next year we touched bottom. With a record of 21-61, the Trail Blazers were indisputably the worst team in the league. Though things were quieter off the court, I had a new challenge: how to pay for my team’s home court.

As we discovered too late, the financial formula was fatally flawed. Add a local downturn and an unpopular losing team, and we had a perfect storm of red ink and disaffection. The Blazers were getting booed at home, once unthinkable in Portland. Our season ticket holders were canceling in waves amid calls for a boycott, despite our explicit efforts to rebuild and start over. All told, I’d invested more than half a billion dollars in the franchise, at a huge net loss. Something had to give.

Reflections on Workplace Hackathons

I recently participated in a workplace hackathon.

Here are some reflections on the experience:

  • It’s hard to completely step away from day-to-day work for 2 days. Release schedules set long ago don’t change, we choose to keep customer facing meetings, incidents still need to get addressed
  • Conversely, much can be deferred (many emails can wait!), and a lot can still be accomplished in two part days
  • Two days of development and a 7 minute presentation are great constraints which force many decisions

It’s amazing how much you can get done when:

  • We start “fresh”, no legacy code, no figuring out what a predecessor was trying to do or why something was built a given way
  • We pick our preferred tools and infrastructure

There is such a big gap between a Proof of Concept and working production code:

  • We didn’t worry about production readiness (performance, scalability, stability, security)
  • We focus on prototyping ideas, as opposed to working on functional integration of all systems
  • We only focussed on the main flow, we didn’t worry about handling less-used flows or exception handling

Even without regular constraints, some things are still hard:

  • Firewalls make it is challenging to building a project with uses internal systems (even pre-prod environments) and external APIs
  • Data projects work best with production data, which is rarely possible. It would be really cool to have a legal and security teams participate to make quick decisions on what we can and can’t do with production data for a demo.

And finally:

  • For someone who’s not a developer like myself – this is fun opportunity to write some code – it’s fun to build
  • It’s also fun to play with new tools – last year, we played around with the Amazon Alexa API – when else would we set aside time to do this?
  • It’s a great opportunity to present to an engaged audience
  • The event generates such a positive atmosphere
  • The competition and feedback is immediate, which is awesome
  • A working prototype that can be demonstrated in minutes is critical.

Fix a worn out Toronto Public Library card

I’m on a roll this week – a record number of posts (3 in 7 days…).

The bar code on my library card has been worn out for a while.  My last few trips, its probably taken about a minute for me to play around with the positioning of the card on the library’s scanner to get it to read correctly.

Years ago, I’d read how my friend Chris created a custom library card with all of his family’s card numbers on it.  Although I’m sure the instructions he provided would work (I suspect the library’s barcode readers handle many formats), the bar codes his method created didn’t match the one on the card.

Here’s how to get one that matches:

  • The format is Codabar
  • The Start and Stop character is ‘A’
  • The Toronto Public Library’s account number already has a check digit, you don’t have to add one
  • Many online generators exist.  I used abarcode.net

I printed mine and stuck it to my old card with packing tape.

Reverse engineering a recipe

The Hispanic Fiesta Latin-American festival descends on Mel Lastman square in North York every labour day weekend.  The festival has lots of live music, a beer tent, and food vendors.  And every year, I buy a coconut ice pops (“Paletas”/popsicles) from Polar Real Tropical Fruit.  They’re awesome, and I never see them sold anywhere else.  Perhaps its the ambience of the festival, but I prefer them to other coconut ice pops I’ve tried.

So, I decided to try to make my own.  I took a picture of the ingredients and the nutritional information.

Coconut Paleta Ingredients and Nutritional Information

Then, looking at the protein, carbohydrate, and fat content of each key ingredients against the nutritional facts of the ice pop, I estimated the proportions of a 150 g serving as follows:

  • 15 g of shredded, sweetened coconut
  • 70 g of 2% milk
  • 2 g of tapioca starch
  • 13 g of sugar
  • 50 g of water

Here’s how mine turned out:

Homemade Coconut Paleta

It looks very much like the ones from Polar Real Tropical, but the texture was a little more ice-crystal-y, and it was less sweet.  For my next batch, I’ll cook the mixture before freezing it.  This should help the sugar dissolve evenly, and allow the tapioca starch to thicken the mixture a bit and improve texture.

My personal brain dump, Opinions, Projects, Toronto