Big Bottle: The Baby Formula Nightmare

FDA officials see themselves as an elite priesthood, pursuing excellence merely by dint of being at the FDA. From this perspective, there is zero incentive to let new players into the baby formula market when, in their view, there are already excellent quality companies serving the market, such as Abbott Labs, Mead Johnson, and Nestle. It’s true that baby formula is overpriced in the U.S., costing about twice as much as it does throughout much of Europe. But to an FDA official, price is incidental.

Source: Big Bottle: The Baby Formula Nightmare

I mean, of course. How could it have been otherwise?

In my opinion, stock buybacks should simply be illegal at this point. They always seem to be a key part of every story about large corporations crippling our economy, and hurting the average person in favor of the executives running them.

This country was supposed to have been built on Capitalism with a capital “C,” meaning “free markets” should be providing “competition” and settling on appropriate prices. And yet every market of significance in this country is now being run by 2 or 3 large companies, who collude and “stay in their lane,” with governmental regulatory cover to preclude new entrants coming in at a lower price. And if there is a successful startup in some space, as soon as they start making enough difference to be noticed in the public filings of one of the “2 or 3” established companies in the space, they will be “aquihired,” and the FTC and SEC will stroke their chins and say, “ok.” And then whatever made the startup interesting will wither and die, ala Heroku and Salesforce.

Finally, the FDA needs wholesale reform, since this kind of crisis seems to happen a lot. I mean, the relationship between the FDA and Abbott Labs was also behind the rapid Covid testing scandal, where FDA official Tim Stenzel – who had worked at Abbott – then approved Abbott as one of two firms to make those tests, and blocked all other entrants. That’s why rapid Covid tests were both in shortage and much more expensive in the U.S. than they are in Europe. The FDA needs to be broken up so that its drugs and food divisions are separate, and it needs to take its mandate seriously for a resilient supply chain.

When Rockefeller encompassed the core of all of American business, and 25% of the government was funded by the taxes he paid alone, we got serious about not letting large companies run our country. We called it “trustbusting,” and there was a long history of it. I’m doubting that this era of American history is still being taught. We’re certainly not doing it any more.

The Case for C# and .NET. It has been interesting as I’ve shifted… | by Charles Chen | ITNEXT

It has been interesting as I’ve shifted out of .NET ecosystem which I’ve worked with on the server side (and some stints of desktop…

Source: The Case for C# and .NET. It has been interesting as I’ve shifted… | by Charles Chen | ITNEXT

There are a couple of takeaways from this article. He talks about it from the perspective of a fan of .NET. I see strong points in favor of Rails as well.

First and foremost, I want to talk about speed. As a fan of Rails, I hate it when critics bring up the speed of Ruby, because I have to acknowledge that there is a definite, unavoidable penalty there. And why shouldn’t there be? It’s the interpreted nature of Ruby that makes ActiveRecord in Rails so dang flexible and easy to use. But I came to using Rails after about 10 years of using PHP, and it was painful to compare page load speeds in apps I rewrote from PHP to Rails. However, the relative productivity of the Rails stack made it a no-brainer over PHP for me.

In this article, the author compares some particular benchmark amongst various languages typically used for web application development. Here, he’s pointing out how slow Javascript is compared to .NET. But what I want to point out is that Ruby’s performance is often discussed in the context of using Java, and there’s basically no difference.

Further speed point here: https://benhoyt.com/writings/count-words/

Another thing to point out is the package mess. From the top graph, above, you can see the explosion of dependencies in the Javascript stack. Comparatively, it dwarfs everything else. Combine that with this graph, below, and the situation gets even worse. Sure, by this, you can see that .NET stack wins this race, but it’s also interesting to me that Rails clearly comes in second, especially when you also consider that it has zero critical vulnerabilities.

Over and over, Ruby and Rails gets dissed, these days, as somehow being unuseful, for a variety of reasons. I find those reasons specious. Over and over, when you dig into the rationale behind those reasons, you find out the situation is better than people give it credit for being. Rails continues to be a strong contender in the web application development world. Lots of big players continue to use it, despite how critical the HN crowd is about it. Even if it weren’t suited for those big, commercial web platforms, it would still continue to dominate in writing small, focused, line-of-business CRUD apps, and I continue to find it amazingly powerful to work with.

If I were to criticize the Rails stack, my first point of contention would be the Turbolinks thing. I’ve been sort of forced into using Ag-Grid as a drop-in Javascript data table widget, and, despite a lot of effort, I can’t find a way to make it play nice with Turbolinks.

The Problematic Black Box Nature of Neural Networks and Deep Learning – Brightwork Research & Analysis

Neural networks and deep learning are normally black box systems. This black box nature of neural networks leads to problems that tend to be underemphasized in the rush to promote these systems.

Source: The Problematic Black Box Nature of Neural Networks and Deep Learning – Brightwork Research & Analysis

I find this article absurd. If I were to create a neural network, the very second thing I would program into it would be the capability for it to log WHY it did the thing I programmed it to do. Are you really telling me that the tools available to us right now are incapable of this?

The U.S. made a breakthrough battery discovery — then gave the technology to China

Taxpayers spent $15 million on research to build a breakthrough battery. Then the U.S. government gave it to China.

Source: The U.S. made a breakthrough battery discovery — then gave the technology to China

There’s a lot of give and take about the technology here, but it doesn’t seem right that we handed the Chinese government the sole rights to it, and can’t adjust course now that an American company is wanting to get involved again.

Battlefield 1 Shenanigans

K/D 3

This is why I can’t get away from Battlefield. No matter how frustrating it can get, when it’s good, I think it’s the best thing in the history of video gaming. I’m usually in the top quarter of scores. I can even get in the top 5 several times a week. But I rarely actually win. The weird thing with this win is that I wasn’t trying any gimmicks. I wasn’t, say, sitting in a fortress gun for an entire round which my team dominated (and kept me safe). I was just running and gunning as support.

Why THIS Guy?

Yet Again

You can read the facts of this case through a simple search. Surprise, surprise: They may not be as clear and straightforward as you might think, from this copy. You can see what the prosecution wanted versus what he got. You can make whatever judgement you like about him, his victim, and the legal system.

I don’t particularly care about any of that. At least, not any more.

It’s been six years since this happened. Yet every other month, this guy’s face gets reposted to 9gag, Imgur, and Facebook, et. al, and dragged through the mud again. You may think he deserves this treatment. You may think it’s a picture-perfect case of white privilege, or rich privilege, or rich, white privilege. You may think he never deserves to be forgotten. You might be right, but don’t forget that the legal ramifications of being on the sexual offender registry will follow him the rest of his days, and they are no joke.

According to one site’s statistics, there are presently 463,634 cases of sexual assault per year in the US. In the six years since this case, that’s roughly 2.5 million cases. So my question is: why this guy? Why is this case reposted every few months on every social media site I visit? If you were to trawl through the 2.5M sexual assault cases since this happened, I absolutely, 100%, money-back guarantee that you will find at least one other case that demonstrates presumed privilege better than this.

This particular post was lifted from 9gag. Several of the comments demonstrate the same frustration I have. I once saw it reposted by a friend on Facebook, and asked: why? He came back with, “If it happened to your daughter, wouldn’t you do the same?” And I said, “Maybe, but this wasn’t your daughter either. Why do you feel the need to repost it?” He didn’t have a good answer.

So what’s going on here? It’s weird. Is this being done by the victim? Friends and family of the victim? Is someone getting paid to do it? In this particular case, the account that posted this to 9gag tags all of his posts with “decolonize.” Is it a sockpuppet for foreign agitators? I honestly don’t know, but I’m starting to think there’s a story here. Normal, rational people would have let this go by now.

Corporate IT, NodeJS, “Tech” Companies, and Freaking Microsoft Windows

The Scene

A few years back, as part of a long, slogging series of unfortunate events, I had been tasked with developing a new web application, which circumstances dictated should be written in Java. Books could be written about this one-year period of my career. (And not, like, inspirational ones.) Anyway, part of the process included trying to get people to realize that no one, these days, wrote web apps in Java without using one of the many, popular Javascript libraries for the front end (like React or Angular), and get my management and corporate IT to understand that I needed to install NodeJS on my machine to facilitate this. Up until this point — and despite the fact that it was obviously used by other development teams in the company — it was not on the “approved” list of software to be installed on local machines. Through several strained meetings and rounds of email, someone, somewhere, deep in the bowels of IT, corrected the obvious oversight, and put it on the list.

The production version of NodeJS was 8, at the time of approval.

This kerfuffle was but one small facet in the gem that was this job posting. In the middle development process, I jumped at another job opportunity, and left my Fortune-250 for a different Fortune 250. The IT environment was eerily similar, and led to this post about making Windows tolerable. It was this experience that got me to see the real root of what I’m complaining about here.

And then, through a short series of more unfortunate events — and one amazing event — I came back to the original Fortune 250, in a different department.

Some months later, just after getting settled back in, I got an email asking me if I would approve a new version of NodeJS to be officially blessed and uploaded to the internal repository.

A Symptom, not the Disease

Strangely, I was being asked to approve NodeJS version 9. If you’re not familiar, NodeJS uses a version numbering system like the Linux kernel used to, where even-numbered releases are for production use, and odd-numbered releases are development versions, intended only for development of the software itself. In no way should 9.x be considered for use in projects inside a blue-chip Fortune 250.

I explained this situation to a laundry-list of TO: and CC: recipients in a long email thread that had already been making rounds inside the company before someone finally saw my name attached to the original request, and added me to the chain. Of course, my explanation was ignored, but I only discovered this 6 months later, when I was being asked, again, to approve version 9. Apparently, I was preventing some developer in India from doing his work on a “high priority project” by not having approved it already, and I needed to get on the stick.

I become more blunt, at that point. First, I didn’t do whatever was done to get it certified the first time, so I didn’t know why I was being called on to do it again. Second, I tried to make a case for exempting development libraries, like NodeJS, from the slow process of getting them approved for internal use, and uploaded to our internal software delivery site. This led to another important person added to the chain, who, surprisingly, supported my argument, but, again, nothing changed.

A month later — seven months into this “discussion,” and presumably still holding up a “high priority” project with a “requirement” for 9.x — I got another email, which included a screenshot of an error from Angular, saying that it no longer supported NodeJS 8.x, and that it needed at least version 10.x or 12.x. Again, I pled with the list of people involved in the email chain that we needed to treat development libraries and applications differently than we treated, say, Office applications. I pointed out that, in the time that we had been fussing over version 9, version 14 was now shipping.

Six months after this exchange, I got an email from a desktop support technician. He was asking for clarification about details when installing… wait for it… version 8 on a developer’s computer. That’s right: After over a year of this exercise, we were still fighting to get a version that’s now a year and a half out of support installed on a developer’s machine.

And then, the situation actually got even worse. The developer’s “computer” was really a shared environment (like Citrix, et. al.), and the shared NodeJS install was being constantly re-configured between multiple developers using the same computer between projects. The support person was actually savvy enough to have suspected this, and was asking me about how it worked. I confirmed that this would, indeed, be a problem, and we figured out the flags to install it into each person’s personal directory, and keep the node_modules directory separate, per user. So, at least we figured out how to successfully install a version of Node that was dangerously out of date to a shared computer.

Actually trying to use NodeJS for the job it was created for, and downloading a stack of Javascript libraries to support Angular or React, led to another discussion of how to get it to play nicely with our corporate, Active Directory-authenticated firewall, which — naturally — blocks all access to the internet from anything that doesn’t run through the Windows TCP/IP stack. Say, like npm or yarn trying to access the NPM repository. I had figured out a workaround for that in the first few months of working at the company, and just pointed them at Corkscrew, which transparently handles the NTLM authentication for command-line utilities like npm (or Ruby’s Bundler).

The Root of the Problem: Microsoft, and Windows

If the shared computer had been Linux or Mac, none of these problems would have existed. Each account on Linux and Mac has a proper personal directory, and things like Node and Ruby assume this, and take advantage of it. Each user could install whatever he wanted to in his home directory, and not need administrative permissions on their machine, or have to rely on some internal application-distribution site. Also, if developers could use anything other than Windows, corporate IT would probably not assume that everything which gets forced through the corporate firewall can do NTLM authentication, and force people running tools like NodeJS to rely on a squirrely tool like Corkscrew. Windows has gotten a lot better over the past several years about installing things into a user’s AppData directory, and Microsoft has spent a lot effort in recent years to develop and astroturf WSL(2), Visual Studio Code, and the new Terminal, but Windows is still a second-class citizen for modern web programming.

I try to temper my frustration with this situation with the knowledge that IT departments of large companies have been forced into many, cascadingly-obtuse compromises by their use of Windows. So many frustrations in a company’s user community can be traced back to the relatively quirky, and single-user-oriented way Windows has always worked, and the monoculture that using Windows requires, thanks to Microsoft’s legacy of embrace-and-extend, especially in directory services. The size of the company exacerbates the problem. At my current company, I know of at least 5 different IT org trees. After 6 years of working with various people in these groups, I still have very little understanding who actually owns what. To be fair, most of this is felt by only a small portion of the “power user” community at a company, but that’s most of the people I deal with.

The Distortion of Scale

The biggest problem here is the scale of the operation. When you have 50,ooo nails, you make sure they’re all the same size and finish, and you use the exact same kind of hammer and technique on all of them. You’d think it would be possible to use a bit of manpower in these various IT departments to treat some of these nails differently, but the vast ecosystem required to take care of Windows just eats up all available resources. Anti-virus. VPN. Standard desktops. Scripts to prevent people from doing things they shouldn’t. Scripts to report all activity on the things they should. Office 365. One Drive. Teams. Zoom. Forced password rotations. Worldwide hardware and software upgrades. Locking out how long the screensaver takes to kick in. Preventing changing of custom login screen backgrounds. It’s a lot. I get it. Using Windows as a corporate desktop environment automatically assumes so much work, it leaves little room for treating a computer like a tool that needs to be customized for the job it needs to do, and the work it needs to support, even when those goals are, ostensibly, incidentally, also primary goals of the larger IT organization. It’s a counter-intuitive situation.

I started this post by pointing out that this stack of regrettably-predictable compromises, which result in suboptimal policies and outcomes, is primarily a problem with traditionally non-“tech” companies, but the real, underlying problem is much deeper.

The truth is that all companies are now “tech” companies, whether they realize it or not. And those that can’t change their approach to IT to adapt to this new reality — or change it fast enough to matter — will wither on the vine, and their remaining assets, eventually, will be picked up in a corporate yard sale to companies that have “tech” embedded in their DNA from birth.

I worry that a company which, 30 years later, still breaks up it’s most-important digital asset into 8 pieces because that’s what would fit on a floppy disk will not make the turn in time.

The reason I started writing all of this down was because — after all of this time and discussion — I was asked to approve NodeJS version 10 for the internal software repository. At the time I was asked, version 10 didn’t even show up on the NodeJS release page any more. They were shipping version 16. I guess 10 is better than 8, but let’s be honest: The only reason they gave up on version 8 or 9 is because the version of Angular that they’re using is refusing to work with anything pre-v10. That happened back in Angular version 8, which is now also out of support.

As part of the great email chain, I pleaded with the various people involved with the internal software approval process that keeping up with the shifting versions of your tools and supporting libraries is just part of the job of being a web app developer, yet no one even batted an eye. You would have thought that this concept would have fallen directly under the multi-headed hydra of “security,” and the company’s philosophy seemed to be you can never have too many software layers or policies about it. You would have thought they would have pounced on the concept in order to at least seem serious. I even invoked the specter of the recent, infamous log4j bug, as an example of the risks of letting things get out of date. This issue caused an audit of every Java-based application in the company, so it should have been a touchstone issue which everyone in the chain could relate to. But if anyone could understand what I was trying to say, they apparently didn’t care.

IT Best Practice vs IT Policy

I didn’t much care for The Big Bang Theory, but one scene has stuck with me for a long time. In S1E16, Sheldon is shopping in a store like Best Buy, and some woman comes up to him and asks, “Do you know anything about ‘this stuff?'” He replies, “I know… everything about ‘this stuff.'” And that’s the heck of this situation. It’s almost like every single person concerned with this process has absolutely no idea how any of “this stuff” actually works, and won’t listen to someone who does. And I realize how conceited that may sound, but, in this case, I don’t know how else to put it.

The only other explanation is simply apathy in the face of bureaucracy, and I wish senior IT management would take it on themselves to root out this sort of intransigence, and fix it. It would seem to be their job, and would go a long way to justifying a C-level salary. Unfortunately, this isn’t the first time I’ve found myself trying to explain a direct contradiction of IT best practice versus IT corporate policy to the very people who are supposed to be in charge of both, and I’d like to think I’ve learned how to convey my thoughts in a less confrontational way, but I obviously still haven’t figured out how to motivate people to rise above the internal politics and align the two, and that makes me sad.

I’m finally posting this because I just got another request to approve version 8, now three and a half years on, and I needed to vent.

¯\_(ツ)_/¯

UPDATE: A couple weeks after posting this, I got CC’d on a long desktop support email chain from a developer in India who can’t get angular-cli version 7.x working with npm. <sigh> And there are 4 references to how urgent and how high a priority this is. A simple search shows a pretty detailed SO post about the particular error message, and the general answer seems to be to either play games with the particular versions of the dependencies, or just upgrade to a 8 or 9… three years ago. In any case, this isn’t a desktop support question. IMNSHO, this is squarely a developer’s issue. Sorry, but that’s the job, brother. Do I try, feebly, to make another point, or just let this go?

FedEx to close data centers, retire all mainframes by 2024, saving $400m – DCD

FedEx is to close its data centers and retire all of its remaining mainframes within the next two years.

Source: FedEx to close data centers, retire all mainframes by 2024, saving $400m – DCD

Has any company ever actually retired all of their mainframes?

I’ve worked for a company which spent millions to “retire” the mainframe in favor of a OneWorld ERP system, and, of course, we wound up with an ERP system designed by consultants, and, years later, still couldn’t get rid of the mainframe.

That company was “bought” by another company who was implementing Oracle financials to bypass their mainframe for one particular product line. I was the sysadmin for the $20M of Sun/EMC hardware that ran it. At last count, they had spent $110M in the effort, and then my company was raided and sold, and I lost track of what happened.

In my current place, we have numerous little groups all over the company because the mainframe 1) exists, and 2) is a mainframe. One group of people I work with have to spend hours working through mainframe screens to fill out a specifically-formatted Excel spreadsheet to send to another group to actually do the data entry into the mainframe. This type of “solution” to technical debt exists all over the company.

Our technical debt is such that for forty years, we still break our most-important internal software in 8 pieces BECAUSE THAT’S HOW MANY PIECES IT TOOK TO FIT IT ON FLOPPIES to send to the plants to upload it into the product’s computer. EVERY piece of software in the company has to deal with the fact that there are 8 individually-tracked, part-numbered sub-pieces, which are often shared between builds, in a feeble attempt to be slightly more efficient with 1.5 MB files. I worked with another group of people who spend literally DAYS on every release, going through a process of making sure all the pieces disassemble and reassemble correctly.

Does anyone in the world think that we could modernize our internal systems to stop doing this? Could anyone possibly imagine getting rid of the mainframe, which is the central source of authority of this complexity, and the single reason that things can never change? I hate it, but I don’t think there’s any way the company could muster the resources to change this… at least for EXISTING products…

Antiabortion lawmakers want to block patients from crossing state lines

Several national antiabortion groups and their allies in Republican-led state legislatures are advancing plans to stop people in states where abortion is banned from seeking the procedure elsewhere, according to people involved in the discussions.

Source: Antiabortion lawmakers want to block patients from crossing state lines

As I’ve said before, this issue seems perfectly and legally suited to invoking the Commerce Clause to regulate it nation-wide. Congress just needs to sack up and do it, despite the re-election impact, whatever it may be. Take a chance, guys. Lead. Legislate. Make policy. Give it a go. Try it on for size. Just see how it feels.