https://cutebouncingbunnies.wordpress.com/feed

Handy dandy checklist of everything to take a site into production, since I’m doing this now and figure others could use it:

• Ensure you’re on latest version of your system, framework, and plugin stuff and have plan for keeping it that way
• Backups
• CDN
• Analytics
• Tag manager
• monitoring
• authentication
• debug/admin/etc turned off
• remove any ‘cruft’ – we thought FoobyCalc would be a cool thing but never used it – get rid of it, it’s an attack surface
• Security lens – look at every component from a security standpoint
• shift from test to production api keys, etc.
• DNS
• Actually GO to the site and do a sanity check that’s more than ‘yes, the homepage shows’
• Spam protection
• Bot protection
• Have your web designer look it over – They often catch ‘hey, my custom cursor’s disappeared’
• Do your contact forms send to an email address that gets read?
• Can your contact forms be spammed?
• SEO
• favicon
• email connection
• social media connections
• Mobile support
• Language Localization
• Cultural localization
• screen reader/disablity access
• GDPR
• slashdotting survival
• Contact forms that forward to an email store and retry – you don’t want the press inquiry or big order inquiry to go missing. Use Flamingo or some such that stores and forwards
• connections to external services behave well if the service is missing. You have good ‘circuit breaker’ pattern (see Nygard’s ‘Release it’)
• Code archived – not only your code, but it’s good practice to grab repos from everything you depend on.
• Support A/B testing
• Support inbound traffic – are you happy with what happens when someone visits your site from Facebook?
• Update empowerment – do you have a happy story about how marketing or legal changes something on the website?
• Succession plan in place for technical staff – if your lead programmer has a screaming argument in the hall tomorrow and leaves, can you survive?
• Keys to the kingdom – Do you know where every password, API key, etc is and can this survive the sudden transfer of your sysadmin to Allenwood Federal Minimum Security Prison?
• Are the nontechnical pieces in place? Has the lawyer approved the privacy notice, is the product inventory database populated?
• Is all test data, transactions, records, etc. removed? Or will the first month’s income report include ‘test test 1000$’?
• Privacy and TOS pages
• If you take donations or sell stuff, what happens if the transaction fails? Where does user go?
• What actions on site can fail and where does it leave the user?
• What happens if you type in a nonexistant URI path? Do you like your 404 behavior?
• What happens if you change the DB password or otherwise cause major internal damage? What shows to users and are you happy with that?
• Have you done user testing?

So, if you’re in an Agile shop, you will of course be forbidden by the rules of Agile from actually working on anything that takes more than a couple Poynts of time.

And that’s a problem, because anything worth actually doing in programming is done by finding a better architecture and implementing it, not by three point improve error handling in rando form. And that usually takes a couple solid weeks.

So what’s an enterprising girl to do when she wants or needs a space?

The secret’s in preparation. You want to build into the Agile work a series of ‘balloons’ you can use to grab time when you need it.

A ‘balloon’ is a thing you can actually do in 30 minutes or less but looks to the Agile Scum Master like a 5 Poynter.

The best balloons are creative – gotta fight off boredom – but here’s some examples to get you started:

Stash a bug – See a bug? Make a quick branch and fix it. Now leave that branch sitting there. Eventually either somebody else will file the bug (in which case you just PR and do hero) or you’ll need to cash in the balloon (get a tame user to complain about the bug, then hide in a corner (aww, open plan, no corner to hide in) and type furiously for a couple hours on something actually useful, then PR the bug fix.

Variant – the done bug – find an obscure low priority existing bug and fix it during a scrap of time. Don’t close the bug. Stick the change in a different PR.

Now get a tame user to complain about it, and then get yourself assigned to fix it.

The fake bug – introduce a bug by leaving out updating something. Then wait til it’s found and fix it – since you know exactly what happened, it’s an easy fix and you have some nice ‘me’ time.

Icon overhaul – If the problem’s not your individual PM, but upper level management, and your team needs a good chunk of time to fix the core engine, go ahead and take it, then spend a few hours rearranging the UI and have the graphic artist make you new icons. Change the css colors.

Variation – make new features like ‘Text controller’ by moving a bunch of controls into a nonmodal dialog.

When you are making a UI, don’t put in controls til you are ready to wire them up. Add the HTML as the last thing. Otherwise pointy haired management will get irritated at non working controls, and be frustrated cause it looked like it was ‘almost done’ months ago.

Variant – finish a feature but hide the UI control until it’s ‘scheduled’.

Write something in the ‘simplest way that could possibly work’. Then when it doesn’t, submit it as is. You now have a nice performance improvement bug you can finish off easily.

Write something in a deliberately inefficient way. Put yourself down for ‘performance improvement’ Poynts. Make some improvement. Leave some on the table. Later do more ‘performance improvement’ – repeat until you’ve finished the big change you needed.

More direct version of this – put a time waster loop in the code, hidden as something.

Poynt fiddling – takes a confederate. You inflate the Poynts on their tasks, and they inflate the Poynts on yours.

Research – if sent off to research something and it obviously won’t work, stop researching, use the time to build up a Poynt buffer as above.

My real poynt here is not to be dishonest or try to game the system. It’s that you CAN game the system. Which tells me that it’s an artificial game, one that won’t help any of us.

I have been in negotiations with the Center for Computational Law. They were considering me for a position as a senior research engineer.

Computational Law is the field that attempts to automate legal reasoning. Robust legal reasoners would have far reaching consequences in many areas of law and commerce, and logic programming is central to the field. The government of Singapore has established an 11 million dollar grant to advance this work.

As part of participating in the project, I was asked to move to Singapore. I reluctantly agreed, believing my presence might place some small reform pressure on the Singapore government, and that my relatively insulated status might be useful.

This week, however, when a small group of young people quietly assembled in front of the Singapore Ministry of Education to protest the Ministry’s mistreatment of non binary and trans students, in particular the ministry’s interference in medical care for a young trans woman, three were arrested.

I have responded by withdrawing my application. The email is reproduced below.

As information workers, we are responsible for our actions. We like to say we’re changing the world. That cliche doesn’t say if the change is for the better or the worse.

I could not in good conscience accept this position.

A fuller description of the protest can be found in this condemnation by a coalition of human rights group s in Asia.

The protestor’s press contact is Averyn (they/them) +65 9235 0532 (signal) or averynthng@gmail.com

Dear Meng;

With a great deal of sadness I am writing to withdraw my application for a position as a Sr. Research Engineer with CCLAW. 

As you are aware, a few days ago three young people were arrested for protesting the abusive treatment of trans students in Singapore schools, following interference from the ministry of education in the medical treatment of a trans student.

I cannot bring myself to dismiss the actions of Elijah Tay, Lune Loh, and Kokila Annamalai by accepting a position in Singapore. Their courage will not allow me to ignore their plight.

Should the Ministry of Education choose to treat this as a wake up call, should the government withdraw the charges against these students, and should the MoE establish affirmative, caring, and nonjudgemental support for trans students, I’d be happy to work with you in the future.

I wish all good luck to you and to the project. If I can assist the project in any way in my role as SWI-Prolog devrel I’d be happy to do so.

Sincerely,

Anne Ogborn

This is how to run SWI-Prolog as a unix filter

Here’s a Prolog program that reads a number from a line and prints ‘twice that is 8’.

double :-     
    read_line_to_codes(current_input, X),
    number_codes(N, X),
    Result is 2 * N,
    format('twice that is ~w~n', [Result]). 

Let’s turn it into a Unix filter style program that reads from input writes to output and exits. I’ll do it in stages.

So, I start prolog like this:

swipl -s doubler.pl 

Always things to learn – I tried

swipl doubler.pl 

which works fine in the interactive case, and what I usually use, but it makes problems for things below.

So, I start prolog like this:

swipl -s doubler.pl 

and get the usual banner

prologhelp:swipl -s doubler.pl 
Welcome to SWI-Prolog (threaded, 64 bits, version 8.3.1) 
SWI-Prolog comes with ABSOLUTELY NO WARRANTY. This is free software. 
Please run ?- license. for legal details.  
For online help and background, visit https://www.swi-prolog.org 
For built-in help, use ?- help(Topic). or ?- apropos(Word).  
?-  

Now I have to manually type

?- double. 

The program waits til I type 7 and enter and then prints it’s output and true

?- double. 
|: 7 
twice that is 14 true.  
?-  

Well, that’s a nuisance. Lots of things not my way.

• “banner” – all the verbiage printed when SWI-Prolog starts up.
• Manually start program – want automatic
• after it finishes it gives me the ?- prompt, I want to exit
• it prints the stupid |: prompt, I don’t want that

There’s a command line option, -q (quiet) to turn off the banner.

prologhelp:swipl -q -s doubler.pl ?-  

You can automatically query a goal with -g option. So

prologhelp:swipl -s doubler.pl -g "double" 
|: 7 
twice that is 14 
?-  

The system predicate halt/0 halts the system. We could add it to the end of our little program but that makes development hard. Better to add it to the -g argument.

prologhelp:swipl -s doubler.pl -g "double,halt" 
|: 7 
twice that is 14
prologhelp: 

that fixes everything but the |: .

Turns out that’s controlled by prompt/2.

double :-     
    prompt(_, ''),
    read_line_to_codes(current_input, X),
    number_codes(N, X),
    Result is 2 * N,
    format('twice that is ~w~n', [Result]). 

Make yourself a little shell script that adds the arguments.

If your program takes command line arguments, you can get them with current_prolog_flag(argv, Opts), parse them with library(optparse). In the shell script add two dashes and everything beyond on the line will be passed to the program as command line.

swipl -s doubler.pl -g "double,halt" --  $@ 

A novelist friend introduced me to a productivity technique I’ve found effective. I spread it to my friends, and now to my horror management types have discovered it. A friend just told me he told it to someone and she was going ‘to try it out with her team’.  So I thought I’d best write a how to before it became ‘micromanagement is good’.

The basics:

You do ‘hours’ with a partner. The partner can be anybody. I find it works best with friends – with people I have a no-responsibilities relationship with.  Folks I know on IRC or twitter. Personal friends. etc.  You need a stable of such people so you can always find a partner.

DO NOT do ‘hours’ with your boss, your coworkers, or anyone you have a direct responsibility towards. Somebody who is in same company but working on different project for another dept is a great choice. Your spouse is probably in a category by itself.

There’s a channel for ‘hours’ on #hours  on freenode.net IRC.

How to do it:

A: Hey, want to do ‘hours’?

B: Sure. This hour I’ll read over the Smith contract and try to get it sent off.

A: OK, In this hour I’ll fix the bug where there’s trash html in the email field sometimes.

B: OK, it’s 11:23 my time, see you at 12:23

…. at 12:23 …

A (or B): Hey, ding ding ding, time’s up, how’d you do?

B: There’s a clause in the Smith contract that needs to go to the patent attorney. Found that in 15 minutes, so spent the rest of the time cleaning up the mess in the server docs directory.

A: Great! Glad you spent the remaining time productively. I got a phone call, that burned some time. I discovered the bug’s more complex, it’s nothing to do with the email field directly, instead the RPC thing is overwriting the DOM randomly. Want to do another hour?

B: Sure. This hour I’ll finish cleaning up the mess in the server docs directory.

A: I’ll continue debugging the RPC issue. I doubt I’ll finish this hour.

…. and so it goes. Eventually somebody is ‘done with hours’.

You’ll soon find out tasks fall into two categories – the majority are more complex than you thought.  The minority are far simpler than you thought.

Guidelines for the interaction:

• Brief – a couple sentences max
• Be honest – if you got distracted reading something on the net, say so.
• Be supportive – if the other person got distracted and played a game, say you’re glad they recognized they needed the break, or if they played a game 15 minutes and realized they were doing ‘hours’, congratulate them on catching themselves.
• Treat ‘hours’ with some responsibility – don’t fall into starting an hour and wandering off, not checking in (obviously if something interrupts, production’s down, tell your partner you can’t check in at end of hour).
• You’re not a taskmaster
• this is a voluntary thing to do. Do it with people you’re comfy with
• generally decline when you’re ‘in the groove’. It’s most effective when you’re faced with tasks you want to avoid – boring, unpleasant, dull, stressful.
• by contrast, it’s OK to do ‘hours’ to support your partner. Hours need not be ‘work’. “In this hour I’ll walk the dog” is great. (Funny part is, since doing this I find I get more things of the ‘walk the dog’ variety done, and my down time on hours is of better quality).

You won’t click with everybody. Some people just don’t find it useful, or comfortable, or effective. I suggested hours to a friend, she complained that her partners often asked for emotional work when she did… wow, different world than me.

Now, it’s actually a powerful technique. Right along with dynamite, buzz saws, and large trucks. DO NOT do this 40 hours a week. That direction is burnout.

If you’re a hapless worker who’se being pressured to use this technique by management, point out this blog post as the originating document for the technique.

So, important rule:

You can always say NO to hours.

If somebody tries to nonconsensually  do hours, it’s a rule – you are allowed to say “fie upon thee, thou hast demanded I do hours. Your mother is a partridge and your father has a loan.”‘

If such person is your boss, and they don’t respect that, then they have, by the rules of hours, just agreed that the workplace is represented by the Communication Workers of America.

(if that happens, please let the CWA know they have a new shop. If you’re overseas, pick your own union).

===================

Hey, if you want to be REALLY productive, learn Prolog.  It’ll change you as a programmer.  I’m giving a 2 month (1 month if you just take basics) intensive Prolog course starting saturday, April 11, 2020 (few days from now).

We’ll learn the basics of Prolog, then move on to some amazing add-on systems (you can alter Prolog’s semantics).

You can sign up here

Programs need human written comments.

Neither literate programming, nor type systems suffice.

Conditions that demand comments:

Why? – Explanations of why something is how it is. “Requiring the caller to provide a buffer prevents multiple allocations when calling in a loop”.

Clever – Explanations of code that is not obvious on a casual read by a busy programmer. “This extracts the exponent from IEEE 754 format”

History – “This used to just call GetFoobValue, but this caused blah blah hairy complication”

Usage – I don’t want to read your 4000 line OSC library to figure out I need to call 3 predicates in a simple start- do – stop lifecycle. Nor am I likely to figure out that I have to have some other server running.

Behavior – The local code may influence code far removed from itself. Or the code may not provide a good intuition of ‘what it is’ by examining the code base.

Idiomatic usage – Good code is ‘egoless’, it’s boring and doesn’t draw attention. So a new user of a library should be coached in the ‘normal way’.  Additionally, there may be non-obvious patterns associated with the library. This is an excellent reason to include examples in your comments.

data structures – young person challenged me to solve those ‘find a word’ games fast. I made a bit vector for each letter, set 1 in any square that had that letter in it and did some bit operations to perform the convolution operation. Believe me, it’s easier to understand this data structure from comments than code.

Synopsis – have some long function that does some grinding complex thing? Might need “this next section then fixes up the ends we damaged in the last section” type notes.

Architecture – If you have 50,000 lines of code and no documents that explain what the big pieces are or how it all fits together, well….  In Java every class deserves a good class level comment and every Package deserves a package level comment. The Sun classes mostly are exemplary here (particularly Swing, for the most part).

Background – A library that does some esoteric computer vision operation may need an explanation of the underlying concepts.

SysAdmin – A library that depends on having imagemagick installed needs to explain that, and define what versions it was tested against.

Units – Despite the current foaming that types will do all and be all, it isn’t obvious that that float is the person’s height, measured in cm, in 1g, without shoes on, and to the top of the skull, not the top of the hair.

Context – “Reply using a 404 page” – wait, is this part of a web application framework, and what environment does it expect to be set up?

The SWI-Prolog install process is straightforward, but rather open-loop. So here’s my version of my own recommended install path.

Before starting, check Devel Download page and note the latest devel release. This is usally the version you want for beginning Prolog users. Substitue for 8.1.7 in the below instructions
1. On Windows, download the latest self installer from
http://www.swi-prolog.org/download/devel

You want the latest devel release. As of this writing it’s 8.1.7

2. On Linux or Mac, using the SWI version manager is simplest

https://github.com/fnogatz/swivm

Install the prerequisites

then install swivm per the instructions (you just curl it). This installs the version manager, now we get SWI-Prolog itself.

In a new terminal

swivm install 8.1.7

this should download and build SWI-Prolog from sources

swivm alias default 8.1.7

This sets things so the swipl command runs version 8.1.7

3. On Windows, make an empty text file, rename it test.pl and double click
This starts Prolog.

On Linux/Mac, make an empty file test.pl

and run

swipl test.pl

You should see the console, welcome to SWI-Prolog, and a ?-

At the ?- prompt type

check_installation.

At the ?- prompt type

check_installation. (note the period at the end)

and return

You will get a report of the ‘health’ of your installation.

SWI-Prolog is ‘batteries included’, so you have a lot of stuff we won’t need,
like the java interface. You will need pce library, and either readline or editline.

The odbc drivers, berkeley db drivers, and uuid generation sometimes are missing, those are OK for the average student.

At the ?- prompt type

emacs.

You should get a small GUI editor open. Mac users, if this doesn’t happen, you need XQuartz.

For queries, reach out in the comment section or for installation queries mail to annie@theelginworks.com.

In the early days of computing there was no discipline of user interface design.

Of course, when we started figuring out that it was ‘a thing’, nobody really knew the elements.

There was a camp that said that the way to teach users to do the right things was for it to be painful to do the wrong ones. Of course this wasn’t a very good idea, and didn’t last very long, but it did get a name, “Punitive UI Design”.

For years after, the term was used ironically, and eventually the whole concept faded from view.

But it’s significant that the unix command line tool syntax was being defined before and at the time this was going on.

It was 1999, and I was a game engineer for Pogo.com.

Pogo provided ‘family games’, monetizing with interstitial ads. They still do. Players won tokens, that could be turned in for prizes.

The games were java applets.

Marketing identified a need for a very simple interaction game. They settled on a slot machine, and I got the job of building it.

Since it was a token system, you wagered a token, pulled a lever, the reels spun, and displayed the outcome, and maybe you won some number of tokens, or the jackpot, a $500 cash prize. If you got to 0 tokens we gave you 50.

There was a big PR launch, with TV ads and such. The devops team turned it on, people started trickling in, and over the course of the first day things went well.

The next morning I arrived to the news that someone had reported they’d won the jackpot, and then their computer had locked up. They’d taken a polaroid photo of the screen, showing 3 genies (it was ‘ali baba slots’). Thinking it was better PR to pay, Pogo paid out.

Of course the outcome was determined on our server. The java applet was just a display – a control to pull the lever, and 3 reels that spun down on threads, stopping where the server said.  In fact, we had a complex ‘jackpot server’ I had to contact when I wanted to issue a jackpot. I never issued the requests.

Nothing appeared in the logs. The jackpot server was never hit, and logging on the game logic server was clean.

90 minutes or so later, another, similar report came in. Then another, an hour later, as the usage was rapidly rising – the internet was still a mostly US phenomenon.

I was terrified. We were leaking money at over $1000/hr, when we’d planned for about one $500 jackpot every 8 hours at that rate.

And I had an in-production bug happening in a system we couldn’t shut down that occurred once per billion pulls or so. And usage was ramping quickly.

I got every machine in the testing lab working on it, and called the in-world team, asking them to get phone numbers of players to whom this had happened.

Half an hour later, they called and put me on with a young woman who wasn’t sure if she had a Macintosh or Windows computer. I gathered every scrap of information about her computer I could (Windows, for the record).

Half an hour later, another call. This time the fellow took advantage of having me on the line to complain about the viruses and pop-up ads we placed on his computer (we didn’t use pop-up ads, all ours were interstitials, and we obviously didn’t insert malware).

A light bulb went on in my head, and I made a quick patch. There were no more reports of machines locking up in jackpot state.

SPOILER – Scroll down for my patch.

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

I realized that the actual bug wasn’t caused by the jackpot.

Our users were the sort of folks with time to sit home pulling a lever for under a penny’s worth of real value. We’d selected for the least ambitious folks, those most likely to have a crappy machine full of viruses.

Their machines crashed. Frequently.

If they were showing 2 swords and a camel they’d reboot and continue.

The probability of being on a 3 genies (1/36)^3 times the probability of a crash in one frame time times the mean number of frames in a game was 16 times the probability of a jackpot on that pull.

I wrote a patch that checked if the next frame to be shown was one of the high value payouts and not the last frame. If so, I omitted the frame.

fail – you walk into a hardware store and ask for a really big hammer.

The store owner shows you a hammer. No, you say, I need a bigger one. They show you a bigger hammer. It’s still not big enough. They say hang on, they have one in the back… then come back and say sorry, they don’t.

They’ve failed.

cut – you walk into a hardware store and ask for a really big hammer.

The store owner shows you a hammer. No, you say, I need a bigger one. They show you a bigger hammer. This one’s just what you’re looking for. You say so. the storekeeper quits bringing out hammers, cause you have the one you want.

That’s a cut.

fail = “I’ve run out of places to search on this branch”

cut = “stop searching”

You can cut and then fail – suppose you’re a detective and you’re supposed to find and arrest someone. Tracking them down, you find out that they died last year.

You cut (no point in looking for them, you know where they are) and fail (you didn’t arrest them, because we don’t arrest dead people).