Saturday, October 21, 2017

Agile Development on Infrastructure

After a friend asked about using agile, I started thinking about the skateboard to car drawing.  The author of this, Henrik Kniberg, wrote a really good blog breaking this down, called Making sense of MVP (Minimum Viable Product).  This model is absolutely important, and makes a very good case for going about building something brand new.

Not wheel, drive train, part of car, to car; skateboard, scooter, cycle, motorcycle, car

I've spent most of my post-Agile time doing infrastructure projects.  I'm not building a product for end-users.  I spend most of my time replacing things that are already integral to a finished product.  I did Agile work for over two years convinced that the MVP model was meaningful but that it doesn't really reflect what I do.  I turns out, I was using this model, but thinking about it wrong.


Extending the metaphor above, the group I work for got to step 4 of the top line.  They did that in the 1990s.  As I learned about agile, and got my certification, the wheel, the original step 1, needed to be replaced and updated.  The wheel was doing more than it was designed for.  Imagine, if you will:

Don't Overload Your Car

This is much harder than developing for something new.  I work for a big company, so it's important to understand that millions of dollars of revenue, per month, is travelling in this metaphorical car.  I can't pull out the wheel work on it.  I can't build part of a wheel, and present it to the production product flow.

Rethinking the Customer

I didn't realize it at the time, but my customer was tests.  Fairly early in the project, a test suite was built to validate things.  The first time we, as a group, were able to validate what we were doing against a test suite, we had our first MVP.  That took 8 sprints (about four months).  I forgive this for anybody new to Agile and anybody working on anything truly large.  That four months wasn't aimless.

Think of this time as the wheel above.  Wheels, when they cannot simply be sourced from somewhere, are amazingly complex.  What was built during that time was very important, and I'm honestly not sure, even in hind-sight, how we could have brought that chunk down.

The project I worked on took 20 months (on an 18 month estimate), and there was no part of this project that could actually be used in production until the day it was done.  Yet, I couldn't have done that project without Agile methodologies, and I couldn't have done it without several minimum viable product points.  The tests were early enough so that we didn't waste time doing something that was broken, they were unforgiving, and they are still useful for further improvements to this day.

Why I think I can talk about this:

Saturday, June 3, 2017

Tired of Panic - Paris Climate Accord Edition

The President of the US, Donald Trump, has decided to push for the US to leave the Paris Climate Accord.  The world is imploding!  Well, looking at Twitter it seems the world is imploding.

There are certain hot-takes that basically suggest that the world will drown in 3, 2...

There are certain hot-takes that basically suggest that we are aligned with Syria by doing this.  (There are those that mention Nicaragua, but that country's non-participation is much more complicated).

For the things noted above, sigh, I don't care because they are bull excrement (yes, figuratively).

Saturday, October 15, 2016

Trump Boasts of Power Not Attraction

Locker room talk, no it isn't necessarily a locker room.  In any place where one is surrounded by only peers, language and boasts can be sometimes be observed.  The braggadocio is always trying to make themselves seem better.

In the context of sexual liaisons here are some samples of things I have heard:
  • She was all over me
  • She couldn’t keep her hands off me
  • I leaned in to ask her something and she just started kissing me
  • She couldn’t resist me

That last one is important, because it is the one that comes closest to being the kind of “locker room banter” that Trump said.  Here's the difference, the context of the "she couldn’t resist me,” brag has always been attraction.  There's the brag about being smooth, saying those right words.  There are even the boasts that are about attraction to power.  Honestly, some of what Trump said on that tape could absolutely be in that context.  Except:
"I just kiss.  I don't even wait.  When you're a star, they let you do it. ... Grab em by the pussy.  You can do anything."
Outside of dramatic entertainment, I’ve never heard this type of brag in the context of power without attraction.  In the context of power alone, this describes assault.  It makes one criminal, not smooth.

I bother saying this because when the sports folks say "that shit never comes up," or "that's not something that's commonly said," I think something gets lost.  It wasn’t the foul language or even the boasting about sexual liaisons, it was the part where raw power is used to ignore preference.  Sports stars are usually near a reporter in the locker room (one of the quotes above was an interview in a locker room), so - no - that wouldn't likely come up.

Friday, October 14, 2016

Misplaced Pride - and Getting Over It

"You wanted to be a manager so badly, that you'd probably be a good one.  Now you are."

Someone said this to me who had heard the same from someone else.  This comes from about three years ago, and was said in the context of my then current role (having moved from process and supervisory management to direct people management).  It bothered me.

I first got to be in management, some 20 years ago.  That was the first time I was given a supervisory role (one person!) and primary responsibility for a set of machines.  I had worked as a developer and IT systems administrator for a few years before I got that role.  I left that first professional job at the end of 1998.  I was super young, and I was family-in-law of the CTO, so I didn't really think the supervisory experience would count for much.

I got another job as a non-manager doing IT and customer support.  This was the first job where I didn't know anybody.  I was at that company for just over 6 years.  Within the first full year of working there, I was given an IT Manager title.  Why?  I advocated for myself, and pointed out that I was doing that job already.  I had learned to take responsibility of things, processes, the way a manager would.  The year I first got that "Manager" title was 2000.  By the time I left that company, I was the Director of IT (I think that happened in 2003 or 2004).  That company decided to outsource the IT department in preparation for selling out to another entity.  It was a pretty small company, and I never had any direct reports (I had people I could borrow for IT projects, but that was the extent of it).  So, as far as people go, it was also a supervisory role.  I didn't really think it would count for much.  But ... I wanted it to count.

This brings us to the company I work for now, March of 2006. I found myself a job doing computer programming, as a contractor.  I did that for six months, and then was hired full time by the same company as a development team lead in September of 2006 (which is another supervisory / management role).

Getting back to the point, someone - at some point during my early time at this company - took my early talk about past management as wanting to be one so badly.  As if I had zero experience.  Which may mean that someone might have thought they were taking a huge risk on putting me in a management role.  I was insulted by that three years ago.

I surely let that person know that my management role wasn't a fluke, and pointed out that I've started as a non-manager at three companies, and in all three reached some level of management.  It was almost like I was trying to get him to relay this to whomever he initially heard it from.  Ultimately, I was only bothered by it because they were right.  I had only been a people manager at that point for a little over a year.  I was only a few months past having to fire an entire development team (project cancelled).  My lack of experience bothered me, so it bothered me more that my lack of experience would also be something others would talk about with someone else.

I've been promoted several times in the 10 years since I've started working in my current company.  I'm not Director level again, but the manager title I have feels like it means more in the huge company I work for than it did in the relatively tiny company I worked for then.  People management has a lot to do with that.

When I started at the current company, I was partly ashamed that I used to be a Director, and now I'm only a programmer, then team lead, process manager, engagement manager.  I was even more ashamed that I had no experience with direct reports ... supervisory experience counts, but not as much as having to make hiring and firing decisions.

I've never stopped learning about being a manager.  Sometimes, I'm faking it until I figure it out.  That is, though, the part of management where owning the solution to a problem requires compromise, and no single answer is obvious.  These are the times I weigh the experiences and warnings of my team and stakeholders and make a decision.  Ultimately, the important part is that I am willing to be responsible for the decisions that I've made.  Now, I look back and realize that I've been doing that part for 20 years.  It's still the hardest part of the job.  It's no longer the most stressful part, but it is still the hardest part.

Well, maybe the hardest part is realizing that when others talk about me openly and honestly, I should probably listen instead of getting defensive.  Misplaced pride doesn't help anyone.

Saturday, November 14, 2015

BLOG: The Sad State of 3D on a PC

This month, I built myself a new gaming PC, and decided to spend just a little extra money for the nVidia 3D Vision 2 package with a pair of shutter glasses and a USB controlled IR timing transmitter.  What I'm talking about here is PC gaming in stereoscopic 3D.  This is gaming that not only depicts a 3D play environment, but also looks 3D to the player's eyes.

I remember that Descent came out in 1995, and it had support for a virtual reality headset called the Forte VFX-1.  That's 20 years ago.  There were a few 3D games before that, and several have come out since.  Immersive 3D worlds have become common-place in video games.  Recently, everyone has been talking about Oculus Rift, the new VR headset that's supposed to show up for retail next year.  With that in mind, I didn't research much, I assumed that 3D was already a thing on PC.

I am very much a fan of flight simulation and flying games in general.  I have a decent HOTAS (Hands-On Throttle and Stick) as well as a very nice set of rudder pedals.  As such, I'll talk about flight simulation first.  The most common and popular software for this is Microsoft's Flight Simulator series that has been around for a VERY long time.  It was the first of the programs to let us fly around the actual world that we know in real life.  I remember trying to land on the simplistic Brooklyn Bridge using Flight Simulator in the early 1990s.  I clearly remember there was some fanfare about Flight Simulator 2004 supporting stereoscopic 3D.  The latest (and last) version of Flight Simulator that was actually made by Microsoft was Flight Simulator X that came out in 2010.
So, I turn on Flight Simulator X with the nVidia 3D Vision enabled and everything seems to go quite well.  The spinning aircraft in the Free Flight setup window shows up in actual 3D.  So, I select a nice scenic area, and a fairly simple aircraft and launch the game.  After a quarter second of scary black screen, everything sync's up, and the world looks perfect.  Look around everything is where I expect it in space.  Until... I see any lighting of the airport itself.

I don't know how to describe this except to say that it seems like airport lighting is an afterthought.  Once they've rendered the 3D world using the Video Card hardware for what it does best, it seems that the lighting is added to the screen.  This means that the lighting is sitting at screen depth.  This also means that as your eyes line up the far away background, the screen-depth lighting appears to show up twice... or, if you focus on the lights, the background becomes double.  Sigh.  That means Flight Simulator looks great as long as you never go towards an Airport.  I really like to finish a session with a decent landing, and, well, this makes that pretty impossible.  Turn off the 3D, and I'm happy with my setup with this game.  The Microsoft folks never said they supported NVidia's 3D Vision with Flight SImulator X (which surprised me), but it was worth a try.

I look around at other options, and figure I'll start with the nVidia site.  They have a handy list of games that are certified as 3D Vision Ready.  I drop down the selector and see a Genre for Flight Sim.  Tom Clancy's H.A.W.X. 2 is the only game listed.  Okay, so, I go to the site for the game itself, and they don't even have a trailer.  It came out 5 years ago in 2010.  There are a couple of pictures, but it's not clear if it is a mock up of the world, or if it's something from a cut scene, or is it from game-play?  The smallest and crappiest image on the whole site seems to be from game-play, and I got to say, that's not encouraging.  Maybe I'll buy this, but not without at least finding a decent review.

So, what about non certified?  Pretty much anybody says that the best flight simulator software out there is X-Plane 10 (warning that link has an auto-play video).  X-Plane runs on all three popular Operating Systems.  I go check out the forums, and no.  It will not do stereoscopic 3D at all.  NVidia's 3D drivers only support games written in DirectX, not OpenGL.  That makes sense, I suppose, from a development stand-point (and their competition holds the same limitation), but there are a lot of games out there that use OpenGL.  I will be buying a copy of this anyway, since it's basically the only new non-combat Flight Sim out there at all.

I like racing games, too.  Same place, drop down the Genre box to Racing.  There are two titles, but neither are for sale anymore.  GT Legends and rFactor 2. Supposedly these were great games.  I note that most reviews I can find of 3D gaming, screenshots of GT Legends are usually prominent.  Fair, but both of these games came out 10 years ago.  I think I can still find a copy of one or both on Steam, but I didn't buy a new gaming rig to play stuff that my old rig could have played, but now in 3D.  The newest games officially supported are not that new.
Since, supposedly, MS Flight Simulator 2004 actually works, and I have a dusty copy, I might try the even older version of FS for 3D compatibility, but as I said, I didn't buy this rig to play games my old one could have played (and in this case, DID play).

I will note that almost any game that came out under the game engine Unreal 3 might work, since Unreal 3, itself, did support nVidia 3D vision (and several of the 2011 titles with official nVidia support were coded using Unreal 3).  This brings me to the title that I am most excited (after 20 years) to play.  Descent is being recoded and re-released as a prequel.  Descent: Underground is currently in Beta, and was coded using the Unreal 4 engine.  In the Microsoft-like tradition of Flight Simulator 2004 to X, Unreal dropped support for NVidia 3D Vision.  That means that the new generation of games coming have almost zero chance of 3D support.  Further, Descent: Underground is supposed to support the Oculus Rift, but there are problems with that, too.

So, that's where we are?  There are only a handful of titles that support stereoscopic 3D viewing that have come out in the last 3 years, and none of them excite me.

Meanwhile, I think I'll watch 3D Blu-Ray movies on my rig, because those actually do work quite flawlessly.  I'm glad I decided to build my rig with an actual Blu-Ray drive, so the 3D stuff doesn't feel like a complete waste of money.

Wednesday, September 16, 2015

[Geek] Authban : 4 Years Later

Four years ago, I wrote about a script that I had been working on called Authban (though I didn't name it at the time):

I first started running a custom script to block IP addresses that tried too many times to login to ssh back in 2010.  At the time, the script (and my home web host) was running on an Ubuntu virtual server.  The name, Authban, surfaced in early 2011, as I organized the script to do more than just block ssh.

The First Rewrite

Since writing the initial introduction, my home web site was ported to Mac OS X, and along with it, Authban.

The first thing that had to change is that I no longer had iptables available, so the way my script was blocking IP addresses was no longer available, the Apple world prefers the BSD program pf (packet filter).  With this came a very large number of little changes in many places.  At that point (2013), the Authban script became a full OO Perl application module set, in which, is one piece.  It also has a full test suite, and I did a very large number of upgrades to the threat vector detection.  Another upgrade I did at that time was to database the blocked IP addresses directly into mysql.

The Second Rewrite

I was contacted by the administrator of a honey-pot aggregator about two months ago, after I did some maintenance on the volIPBan Twitter account.  Despite my running a production system (and not a honey-pot), I was asked to contribute my threats.  Seems legit enough (and no harm, even if it isn't), but I realized that this would be the right opportunity to fix one of the problems that has long plagued my little project: Slow run time.

I'm currently on the ninth running version of the second re-write, and I have a LOT more to do.  However, as of today, I should be contributing my threats as promised.  The aggregator takes some pains to not reveal the IPs or locations of the contributors, but since I'm running a web site and would rather be black-listed as a honey-pot, I'm happy to mention it here.

Still to come

Some of the other upgrades I'm doing has to do with ramping up my use of MySql, not only to store threats already blocked, but to store tallies on all IP addresses that contact my site for any reason.  This will help me detect attacks that happen slowly, over weeks (and over log rotations) that I might now always pick up, currently.  Also, by keeping these sorts of statistics, I'll also be able to scan all the various log files from the place I last left off, instead of the current method of reading every log file from the beginning.  I try to run 3 times per minute, and if the log rotation wheels are against me, I can sometimes go a week where the run-time consistently lasts longer than 20 seconds.  By the time I'm done with the second rewrite, I want to see this additional database functionality working.

I still have multiple modules (like the one that does twitter) that includes embedded authentication information.  I also do not have all of the threat vectors that I have defined put into an external configuration file.  Both of these prevent me from publishing this little work somewhere.  Maybe this won't happen as part of the second rewrite, but I do plan to get this done at some point.

Thursday, May 14, 2015

NYCC : Horrible Shopping Experience

I already have tickets for two other conventions this year, but NYCC is the big one that happens in the city where I live and work. I know in the last few years tickets have been harder and harder to get, and I figured my chances were not going to be very good.

If this is too long one can safely scroll down to the Conclusion at the bottom.

I tried to buy tickets to NYCC the minute they went on sale. Tickets went on sale at noon, here's how it went.

Started with a friendly, Virtual Queue, page talking about how a cookie has been set to reserve my place in line, no need to refresh frantically - everything will be handled in the right order, followed by a warning: if you refresh too much, you will be banned for abuse. Six minutes later, I'm looking at a browser error screen:
408 Request Time-out
Your browser didn't send a complete request in time.
It takes 30 full seconds for each 408 error to appear, exactly the same - every time. I refresh, once every 30 seconds for about 20 minutes, and get back to the Virtual Queue page. This pattern repeats for almost 90 minutes.

I finally get to the order page, some types are already sold out, including the 3 day, so I select 4 day tickets (you have to take off Thursday AND Friday to use these fully). The max is set to 4, I need 2. Click next. Wait for the full 30 seconds...


Try again,


...try again,


...try again,

408 are in cart.  And there's a completion clock already ticking down.  Select delivery, Next.  Another 30 seconds which always precedes another.




Mandatory survey with 6 minutes to go.  Gender, Age Range, Three ranked, Why do you do put up with this? Something else, and click agree on a zero tolerance harassment policy.  Next.




Mandatory survey with 4 minutes to go.  Nothing stayed with the refresh.  Fill out again, Next.



Mandatory survey with 1 minute to go.  I christmas tree it as fast as I can.  Next.

The browser spins as the clock reaches zero.


I'm back at the order page.  There are even more things sold out, but there's still a drop down for what I want.  The drop down doesn't go to 4 anymore, it only goes to two, but that's all I wanted.
Select, Next.
No 408 this time.
There are not that many bundles available, select again.
I'm back at the order screen, the drop down only goes to 1.  Like a troll cartoon singing, "you are meant to be alone."


I get back to the cart with counting clock thinking, and 1 ticket.  I stare at my screen in disbelief for a minute with the clock counting down.  Finally, I close my browser, realizing that I wasn't going to spend that kind of money and risk the possibility of trying to go through it again and having only one ticket, while trying to go through the whole thing again.

So, I closed my browser and read the Twitter #NYCC and #NYCCTix tags about a whole lot of scalpers who were DDOSing (Distributed Denial of Service - overwhelming a resource by making requests from a large number of other computers) the system so that they could sell as many as possible of the $104 tickets for $500 or more.


So for over two hours of my time, in the end I didn't purchase anything, and I won't be going.

At first I railed against all the scalpers who were basically using farming operations (rows of users and computers, manually DDOSing the systems to get as many tickets as possible) to scoop their own illicit profit from something that has consistently sold out year on year.  And while this is what likely caused the 408 error itself, the Virtual Queue system still kept that from killing the experience.

With the clarity of sleep, it's the 408 errors, and the unfairness of putting a cart clock onto a system that is fraught with internal timeouts that was the real problem.  Each 408 repeating like Poe's The Raven, making me question my browser, my computer, my internet connection ... my own self worth?  The system taunts me to keep trying.
408 Request Time-out
Your browser didn't send a complete request in time.
This follows the exact same pattern as a bully playing keep away with a much smaller child.  At the end of this I was emotionally exhausted and feeling anger about the unfairness of things.

To the programmers and admins who look over the logs, if they find my session and follow it, I have no doubt that what they'll see is some idiot who got into a cart, selected two tickets and refused to fill out the survey.  Then selected one ticket, and then never came back.  They'll probably try to eliminate my behavior, as just some troll who just put tickets in reserve for a while.  And, to me, that is the real saddest part of this.  In the end, I look like the problem user they need to fix.

But just look at me, how pathetic, feeling inferior to my bully.