Programming Language Gatekeeping

Great. Just, great.

Programming language gatekeeping, from the government. As if “the government” knows anything about anything, let alone technology created in the last 50 years, let alone programming languages specifically.

This guy gets it. As usual, it’s governmental interference to impede free markets for literally anything and everything, to protect campaign-contributing incumbents in a segment, and guarantee re-election funds.

Nevermind that VB.Net compiles to the same bytecode as C#. That’s officially off the list. Feels like Microsoft is getting the feds to pressure people away from a language that is still popular, but which they don’t want to support any more.

I can hear it from the decades-behind-the-curve gatekeepers in my Fortune 250 now: “Sorry, Dave, but Ruby isn’t on the government’s recommended languages list, so you can’t use it.”

Reddit Knows Programmers

I “use” Reddit to look at subs for ESO and Fallout 76. That’s it. When I’m bored, I sometimes click over to the “popular” tab, and just have a look. It’s more of an anthropological experiment than an interest in reading what’s there. Sometimes, I can’t get past the front page, because, most of the time, Reddit is just a living monument to people being awful to each other. Sometimes, I make it to the next page. Sometimes, I make it to a gem. Most of the time, I see Reddit’s twenty-something, white, middle-class, male, under-sexed, under-employed hive mind on full display, like this.

“He,” here, refers to Elon Musk.

Reddit. ‘Nuff said.

This guy thinks “backend and fullstack” programmers “know shit about OSes and PC in general.” And, as of 13 hours of being posted, deep in the thread, has 84 upvotes. (On a post with 2200+ votes.)

I’ve been programming since I was 12, on a Vic-20. I’ve been doing it professionally my entire career, for about 30 years now. Even the people who I would consider “casual” programmers know how operating systems and PC’s work. I’ve met some posers, but they wash out. To blithely say “most” programmers “don’t understand computers” is utter nonsense, and, frankly, weapons-grade cope.

Welcome to Reddit, I guess. “Enjoy” your stay.

Reddit just made a deal to sell their “content” to Google, to train AI. Good luck with that. With what we’ve seen over the past few days with their AI product, using Reddit seems like a really good fit.

I weep for the future.

We keep making the same mistakes with spreadsheets, despite bad consequences | Ars Technica

Spreadsheets represent unknown risks in the form of errors, privacy violations, trade secrets, and compliance violations. Yet they are also critical for the way many organizations make their decisions. For this reason, they have been described by experts as the “dark matter” of corporate IT.

Source: We keep making the same mistakes with spreadsheets, despite bad consequences | Ars Technica

As I often say, making real applications out of these Frankenstein monsters of data has been my bread and butter throughout my career. The function that the central IT departments in blue chip manufacturing companies could never quite wrap its arms around keeps getting bigger and bigger, and making larger and larger gaps to fill by people in the trenches. So… too right, mate, and keep it up.

Why do people use VBA?

Why do people use VBA? In order to answer this question, we must first look at another question – who actually uses VBA in the first place? In 2021 I ran a poll on /r/vba where I asked redditors why they code in VBA. From these data, we can clearly see that the majority of people who use VBA do so mainly because they have no other choice. Many organisations run their entire business processes with Excel, and when a little bit of automation is required VBA is usually #1 on the list.

Source: Why do people use VBA?

I was just ranting about this to my kids a couple days ago.

Even in large companies, with massive IT departments, and lots and lots of internal databases and information systems, US businesses are still run on Excel. That’s not subjective. I’ve worked for decades inside three Fortune 250’s (and a couple smaller shops), and bad Excel “applications” are in use at all of them. And after one person learns enough VBA to get a spreadsheet dealing with a particular issue to save a little time for themselves, they start sharing them with their colleagues, and the problem gets worse. Half of my career has been built on making “real” applications out of Excel spreadsheets that were wobbling under their own weight.

But why?

Back in the old days, IT grew out of the accounting department. They had the only computer in the building, and it was an IBM mainframe. Great stuff, right? Saved a lot of time and paperwork, right? Except that it didn’t. It quickly ossified the company’s work flow, and permanently hobbled its ability to adapt to change. It would take years to get any changes made in the mainframe group, and people were frustrated. Along came spreadsheets, and everything changed.

I saw it myself in my first engineering job in 1993. We got new computers with Windows 3.1 and Quattro Pro. (And AutoCAD. And, of course, on mine: DOOM!) After weeks of bugging the lady who ran the mainframe — who apparently had to write a whole program — I got her to dump the BOM for a couple of our products to compare for similarities. I downloaded the 2 files to my PC with a token ring mainframe interface card. I think they were only about 1MB each. With 8MB of RAM, I had twice as much memory as our System 36, and I could open both BOM’s in a spreadsheet, and analyze them to my heart’s content. Understanding that I had more processing power on my desk than the freezer-sized unit in the other room was eye-opening.

American manufacturing companies (at least) never got the message. The invention of the spreadsheet spared them from facing the fact that the mainframe had become the black hole of their IT world. As changes were becoming impossible to get from the mainframe group, PC’s with Windows and Excel allowed people at all levels and in all job functions to start working around the mainframe and its limitations.

Now, these kinds of companies are decades behind the curve. They thought “outsourcing” was going to fix all of their problems. When it didn’t, they thought “consultants” would be the trick. Surely “agile” will do it this time, right? No. It’s not the process; it’s the mainframe. Forcing every corporate workflow and piece of data to be kept canonically inside a 40-50-year-old legacy system’s limitations is quite literally killing the company. It’s certainly killing their competitive advantage.

My current company still breaks our primary software component into 8 pieces because that’s what would fit on floppies to send to the plant to program the hardware. Every IT system — and every spreadsheet — in the company has to deal with this 40-year-old legacy issue because that’s what we programmed the mainframe to expect, and now that’s the only way to bill a customer for it. So the logistics of dealing with multiple trees and branches of software (and multiple trees and branches of documentation about the software) is multiplied by a factor of 8 to this day. There is no escape from this black hole. You can’t re-engineer this situation. It’s too ingrained.

I worked for one group which, on every engineering release, had to get a giant table of software versions — each with their 8 part numbers — into the mainframe. The process was so onerous that they would spend days clicking through mainframe terminal emulator screens to get the information they needed, to make a spreadsheet in a particular format, which they would send to another group to actually enter back into the mainframe. Part of the problem was the spreadsheet had to be in 3 columns, but the mainframe screens were in 4 columns (or vice versa), so a lot of it was purely formatting. I wrote a little program to automate all of this, but I’ve left the group, and I’m sure no one uses it any more. The particularly stupid part of this story is that people fought me to write a little software that saved these people 10’s of hours a week in the name of their own job security.

And no one in the corporate hierarchy cares. In this day and age, the executives are all just playing the waiting game, letting things atrophy — saying all the right things publicly — while they wait until the financials are inverted enough to make the company a juicy prospect for a buyout in an industry-wide rollup by private equity.

Meanwhile, actual people have to get stuff done to stay employed and feed their families. Inside the company, the managers have to look at the three year lead times to get a simple application written by “corporate IT,” and can do nothing but just continue to throw bodies and VBA macros at it. Or, in my case, have me write something to do it. That is, until it gets successful enough that people notice, and it gets taken away from me, but that’s another story…

Get a Job Doing Software Development, They Said

It’ll be fun, they said.

Every day, it seems, I bang my head on the wall. Today? Tower — a normally-great git frontend on Mac — decided to throw up its hands and refuse to work on my work laptop, running Windows, of course. It’s trying to use AskPass.exe, which doesn’t exist. Did it get cleaned out by my company’s “security” scanning? I mean, there are only about 30 different scripts that run on login, to make sure I don’t do anything they don’t want me to do. Did one of them do something here? Why would that file go missing, all of a sudden?

So I go to Tower’s over-engineered, Apple-product-pages-inspired mess of a web site, and try to download an installer. No, instead, I get the same single run-in-place executable 3-times. Do they not have an installed version any more?

Is this a problem with git? Did git for Windows take a dump?

Is this even a problem with that file being gone, or is this a spurious error message? Lots of Stack Overflow questions seem to indicate that this happens with Visual Studio, but the file reference is clearly not in any Visual Studio installation location. It’s obviously trying to reference something in Tower’s files. And, of course, I can’t find a single reference in Google to this. Once again, I’m the only person in the entire world with a particular technical problem.

So I sent a request for support from Tower, then installed GitHub Desktop, got my new branch pulled, and moved on. But, dang.

Why does this stuff need to be like this? And why does it need to be like this so often?

The State of Javascript Development

Mocked in this article:

The pain is barely tolerable when you reach dependencies. So, so many of them. There’s left-pad, the legendary tiny package that broke all internet, collectively causing the amount of pain and drama comparable to the destruction of Alderaan.

Discussed here:

The Javascript Front End Developer Experience

I know just enough about the Javascript frontend world to understand that this is a good description of what it entails. When people try to gaslight me about how great Javascript is, pointing to Stack Overflow’s consistent top-tier ranking of the language, I know this is the part that isn’t being said out loud.

I’m just sitting over here enjoying the fact that my app isn’t big enough to warrant separating the front end from the back, and I can blissfully get away with server side rendering built into Rails, with bits of Javascript in the page, only for convenience.

The early days of Linux

My name is Lars Wirzenius, and I was there when Linux started. Linux is now a global success, but its beginnings were rather more humble. These are my memories of the earliest days of Linux, its creation, and the start of its path to where it is today.

Source: The early days of Linux

Great little reminisce. I just thought a couple of quotes were particularly funny.

While this was happening, I was taking a nap, and I recommend this method of installing Linux: napping, while Linus does the hard work.

And..

In the spring of 1994 we felt that Linux was done. Finished. Nothing more to add. One could use Linux to compile itself, to read Usenet, and run many copies of the xeyes program at once.

The first version of Linux I installed was Slackware 3. If memory serves, this was early 1995. I downloaded 54 1.5MB floppy images over a 28.8K modem, using a free PPP service called SlipNet. (I think it was located in California. They were around for a long time after this, but I can’t find any reference to them now.) What I didn’t know was that Slackware was a direct descendant of the first “distribution,” SLS.

Another Day, Another Boneheaded Move by #CorporateIT

I’ve been having mysterious problems with both of my corporate computers. Things that used to run only sort of run now. Today, I finally figured out that this is happening because #CorporateIT, in its ineffable wisdom, has decided to suddenly start automatically deleting any customizations to either the system or the account PATH variable by way of login (or logoff, or startup, or shutdown) scripts.

Years ago, Arvin was a lovely company with lovely people. Then it was sold out from under us, and eaten alive by Meritor (which has now been eaten by Cummins). They made a big show of bringing in some bonehead whose job was to setup “proper” IT policies. I watched in horror as he obviously just slapped together a bunch of white papers he rummaged through the internet to find, copy-and-pasted them into “controlled” Word docs with company logos in the header, and presented them as a legitimate security posture, despite obvious problems and glaring inconsistencies. Unintimidated, I took him to task about it. We went a couple of rounds, which ended with him literally screaming at me over the phone. I finally got the attention of one of the senior IT directors, and got a chance to vent about the situation.

One of the things I complained about was the removal of cron from all Unix machines, which I (as a Unix admin, at the time) was making liberal use of. First, cron doesn’t allow you to do anything you couldn’t normally, otherwise, do, so why remove the convenience? Second, if running things out of hours or on a schedule is a Bad Thing (TM), then why weren’t we also removing Task Scheduler from all Windows machines? Third, if this is about a security vulnerability in the binary, then just make sure you’re keeping up to date with patches from the vendor, just like everything else.

The director then told me that that particular policy provision was actually written by her, as though this was supposed to make me suddenly backtrack, and withdraw my objection. I asked her why, and all she could do was say that this was considered an “industry best practice.” Yeah, but why!? The bottom line is that this was an unintended consequence of SOX. It’s just a thing that’s easy to suggest by consultants, easy to do by IT staff, and easy to verify, and makes a nice bullet point on a validation study about IT policies. Job done! Give IBM $100K to rubber stamp our SOX compliance report! But it does literally nothing to “secure” anything. All it can do is inconvenience users.

If there’s an actual security flaw in the cron deamon itself, then get it patched! There’s no reason to eliminate it entirely. At least, it’s not worth the inconvenience of uninstalling it on the slight chance that a new vulnerability might be found in it, and get exploited by a bad actor, before it can be patched.

This is a hill I will die on.

I got my cron back.

Today’s issue with #CorporateIT is the same. Now I can’t run rails or rake or git at the command line unless I fully “path” them. This is what has been breaking my scripts. And I know they’re nuking both system and user PATH variables, because I tried the second after noticing that the first was being blown away. Why in the world are we deleting customizations to the PATH variable? On what planet does this make anything more secure? What malware wouldn’t try all known paths, regardless of the PATH setting, or fully path its own executables? How can this do anything but make people’s lives less convenient? It’s still possible to set, of course, so I guess I’ll write a .BAT script to run when I want to start working, which will update my user PATH variable so I can just get on with it.

Wow. We’ve really locked down the configuration, huh, guys? The bad guys have no chance now!

To me, the implementation of any security measure depends on the answers to some fundamental questions: What’s the vulnerability? How large is the risk? What’s at stake? What is the mitigation? Is the preventative fix worth the cost in terms of money, access, and productivity? What’s the data we are protecting worth, such that it makes sense to implement the policy? I understand there’s a lot of subjectivity here, but these questions will separate the wheat from the chaff really quickly.

For instance, the staggering mountain of PowerPoint presentations that no one having a meeting can seem to do without, sitting on the corporate file server, mean nothing to anyone outside of the people who are having meetings about it, and even then, only for the week they’re having the meeting. Does it make sense to install every security product on the market to protect this “information?” Not in a million years. Even Office documents you think are profoundly important are hard to dig up out of your collection after a little while, and hard to make sense of once you do. How would any of this “data” be strung together in any useful way by bad actors? For all of the hand wringing about it, the shared drives could be open to the public, for all the risk to the company it actually exposes.

I have another story about this, but I’ll save it for another time.

Every time we turn around, IT has implemented a new policy, a new layer, a new product that’s supposed make our “data” “more” “secure,” and each time it happens, we lose the ability to do something useful. #CorporateIT dictates that our Teams chat histories vanish after just 24 hours. In a company which requires a month for anything to get done, and often requires multiple tries, it would be nice to be able to refer to that log for a month, no? Does no one in the company see this? What sort of crack-addled meeting was held between legal and IT to come up with this? Deleted email disappears after 30 days. If you want to save it to refer to later, you need to remember to hit the “archive” button. Again, when things take months to happen… But sure, blame it on litigation

The really stupid part of this? These moves won’t save you legally. People involved what whatever is being discovered will be called to testify, under oath, what they said, regardless of records that attest to it. So this does nothing to prevent legal culpability. It’s just another hassle for end users in the name of a tick box on an auditor’s checklist.

Every week, there’s a new thing to justify a budget. Every week, it’s a new, unannounced loss of capability. I’m really getting tired of it.

Update

About a week after I wrote this, a coworker sent out an email to our entire group, saying that hundreds of thousands of documents we still rely on had been automatically deleted from our Sharepoint files and Teams channels. He said that they have restored these things, and he was working with IT to make the auto-delete policy kick in at 10 years, instead of the current 3. This is exactly what I’m talking about when I say that, if a company moves at a pace where even the simplest things take a month or three to do, then we need chat history to last at least this long. Our projects are sometimes decades long. We need our stuff for at least that long.

This is a perfect example of IT setting “security” policy without asking the basic questions above, and living in a fantasy world where they are free to believe that their consultant-and-whitepaper-suggested rules don’t have costs. At least my coworker didn’t throw up his hands, and say (basically), “You can’t fight city hall!” He took them to task, and now they’ve had to realize, in at least this one case — for, again, no actual legal benefit — the utter hassle they incur when their incentives are misaligned with the people who do the work that keeps them employed.

Update 2

Here we go again

Now people are educating each other about how to save important documents from being automatically trashed from OneDrive.

UNIX co-creator Ken Thompson is… a what user? • The Register

Elder statesman of system software makes a shocking revelation:

Thompson replies:

I have for most of my life – because I was sort of born into it – run Apple. Now recently, meaning within the last five years, I’ve become more and more and more depressed… And what Apple is doing to something that should allow you to work is just atrocious… But they are taking a lot of space and time to do it, so it’s okay. And I’ve come, within the last month or two, to say: even though I’ve invested a zillion years in Apple, I’m throwing it away, and I’m going to Linux. To Raspbian, in particular.

Source: UNIX co-creator Ken Thompson is… a what user? • The Register

This article is a fantastic summary of the public highlights of this living legend of computer science. I, too, fear that Apple is transforming their general purpose macOS computers into walled-garden computing appliances like iPhones and iPads. I have lamented the switch to locked-down bootloaders, but… dang if it doesn’t basically prevent theft of Apple devices (almost) outright, whatever the security and privacy considerations.

I, too, will switch to Linux, if that day ever arrives. I suspect a lot of people will do the same, particularly the cohort of developers that does not use macOS to write iOS software. When last I left Linux, I would still have given it the edge in web application development, and non-iOS/non-Widows development in general. The problem now, of course, is that my entire life is now contained within my Apple ID. That’s how they get you, and they know it.

This all makes me want to try some current version of Linux now, and see how much of my workflow I could do on it, and what I would lose. Unfortunately, the bottom line is how well a MacBook works with its own hardware, especially things like power saving and dealing with the lid and external monitors, and how it works with all of the other devices: phone, tablet, watch, video device, “pod,” tags, and especially iMessage. This alone “covers a multitude of sins,” but Apple should know that the integration benefits have limits, and chief among them is the ability to do our information technology jobs the way we want to, with the applications and environments we find best. Take those choices away from us, and it will be a line that we cannot cross.

Can GPT-4 *Actually* Write Code? – by Tyler Glaiel

I test GPT 4’s code-writing capabilities with some actual real world problems.

Source: Can GPT-4 *Actually* Write Code? – by Tyler Glaiel

Can these new large language models really replace software engineering? GPT is showing that it can write trivial code, with well-defined inputs and outputs, but I work on very complicated applications, and the trouble is specifying the problem we’re trying to solve. I’ve thought a bit about trying this exercise with my own software, that is, telling GPT the general issue we’re trying to address, and seeing what it comes up with. The difficulty is that it took months for me to understand the depth of what is going on, so it would be very hard for me to boil it down to a prompt.

I was at Purdue University, studying mechanical engineering, in the late 80’s. An electrical engineering friend had gotten an internship at a Fortune-100 company. I marveled, but he explained that, as a “new guy” at a monstrous company, you would spend you time… oh, I don’t know… designing a very specific screw until you work your way up the ladder for a decade or two.

From the start of my career, I fell into writing software for fellow engineers in manufacturing companies, and I’ve been a full-stack guy, inventing new things, for about 27 years now. It’s been very intellectually rewarding. Unfortunately, I make a lot less than I could make in a coastal city, working for a non-manufacturing, “internet”-type company. My total career compensation is likely staggeringly smaller than than it could have been.

But when I think about chucking this approach, and trying to leverage my experience to get a job at an “software” company, I go back to my buddy’s comment from 30 years ago. What is intellectual satisfaction worth to you? To me, it works out to being worth literally millions of dollars in career earnings, I guess.

As a picture-perfect example of being able to do big, novel ideas in software, I find myself in a unique position to try to make my own model to do, essentially, what a lot of the engineers at my company do. I have the data. I have the freedom to spin up whatever infra I need in the cloud. I have the ability and the time to learn machine learning, which I’ve already started. If it works, some managers will love me, and a lot of engineers will hate me. It’s basically the story of my career, just writ larger this time. Yay.