Category: Programming

CoPilot Having a Normal One

Sigh.

I mean, even if you can’t recall the ASCII characters for a hex value (like me), you should be able to realize that that 0x51 is one less than 0x52, so that the “R” and the “3” should be right next to each other. Whether the “R” should be a “4”, or the “3” should be a “Q”, you can see that this is just plain wrong at first glance. LLM’s can’t. I get it, of course. CoPilot interpreted the 0x51 in the second position as decimal instead of hex (as opposed to all the others), which does accurately translate to a “3”.

That’s the thing I find about CoPilot and ChatGPT so far: They have quick answers and suggestions for every line as I’m typing, and half of everything that looks right at first glance turns out to be wrong. I actually started to argue with CoPilot after fruitlessly trying to use it to track down a bug for a half hour. What I am doing with my life?

But sure, tell me how we’re all going to lose our jobs this year because of this technology.

Microsoft Strikes Again

CoPilot started to answer this question in the Visual Studio Code “chat window” on my work laptop. It was spitting out an answer which I was digesting — and finally being enlightened about Ruby/Rails namespaces, the autoloader, the :: operator, and directory structure — and then it abruptly deleted its response, and printed this.

When you’re focused on a programming idea, you sometimes get blind to the other things in your code for the moment, but I finally figured out that I had a corporate URL in my code, which CoPilot was parroting back at me for context, despite being irrelevant to the question, and this was why it freaked out. So, ok, my company configured CoPilot requests on its computers to freak out about that.

Searching on this canned response shows a lot of people encounter this, and are similarly bewildered, and I’m suspecting that there are probably many other reasons for this to happen. Quite naturally, people are confused because there’s no indication as to why the “answer” provoked this response. I asked the exact same question on my personal computer and it worked just fine, so this is definitely a corporate filter that’s running… somewhere.

This is why Microsoft rules the corporate world: they give middle managers the power to do things like this. Anything they can dream up as a policy, Microsoft is only too happy to give them the tools to enforce it. However, it seems to me that any company that has the wherewithal to do this would also have the wherewithal to tell Microsoft not to use its code for their AI purposes. If CoPilot can be trained to barf on internal URL’s, it can be trained to not store or train on the response when it hits the configured input conditions, and not interrupt the programming loop with a useless and confusing error message.

This is precisely this kind of BS that I feared when Microsoft bought GitHub, even if I couldn’t put it into words at the time. But who had 2024 as the year of AI coding on their bingo cards when this happened 6 years ago? So no one could have put this into words back then.

Insights into Stack Overflow’s traffic – Stack Overflow

Source: Insights into Stack Overflow’s traffic – Stack Overflow

Over the last few weeks, we’ve seen inaccurate data and graphs circulating on social media channels regarding Stack Overflow’s traffic. We wanted to take the opportunity to provide additional context and information on the origin of that data, the traffic trends we are seeing, and the work we’re doing to ensure Stack Overflow remains a go-to destination for developers and technologists for years to come.

They are responding to this graph, which I saw this on some aggregate social media site.

First, ChatGPT couldn’t have started making a difference at this time. It, along with other LLM’s, hasn’t really become useful till this year.

Second, it couldn’t have made that much of a difference that fast. Nothing does.

Third, who would take this graph out of context and overlay this trend line and blame it on ChatGPT? What’s the thinking? Who benefits? Was it for the lulz? Was it to drive mindshare about what “AI” is supposedly doing “for us?” “To” programming? Why has it been pushed in front of so many people that StackOverflow feels the need to set the record straight?

Get Me Out Of Data Hell — Ludicity

The Pain Zone… is an enterprise data warehouse platform. At the small scale we operate at, with little loss of detail, a data warehouse platform simply means that we copy a bunch of text files from different systems into a single place every morning.

The word enterprise means that we do this in a way that makes people say “Dear God, why would anyone ever design it that way?”, “But that doesn’t even help with security” and “Everyone involved should be fired for the sake of all that is holy and pure.”

For example, the architecture diagram which describes how we copy text files to our storage location has one hundred and four separate operations on it. When I went to count this, I was expecting to write forty and that was meant to illustrate my point. Instead, I ended up counting them up three times because there was no way it could be over a hundred. This whole thing should have ten operations in it.

Almost every large business in Melbourne is rushing to purchase our tooling, tools like Snowflake and Databricks, because the industry is pretending that any of this is more important than hiring competent people and treating them well. I could build something superior to this with an ancient laptop, an internet connection, and spreadsheets. It would take me a month tops.

I’ve known for a long time that I can’t change things here. But in this moment, I realize that the organization values things that I don’t value, and it’s as simple as that. I could pretend to be neutral and say that my values aren’t better, but you know what, my values are better.

PS:

… I gave a webinar to US board members at the invitation of the Financial Times. Suffice it to say that while people are sincerely trying their best, our leaders are not even remotely equipped to handle the volume of people just outright lying to them about IT.

Source: Get Me Out Of Data Hell — Ludicity

(Emphasis mine.)

That last part is really the kicker. Every middle manager in all the various IT organizational structures inside of a Fortune-sized public company are lying about things, whether by omission or by fact. They’re lying about what it is they do. They’re lying about their problems. They’re lying about their capabilities. They’re lying about their timelines.

They’re lying to people who are either don’t care, or aren’t equipped to understand how the things they’re being told are lies, even if they do care. They’re lying to build “kingdoms” in the company by justifying more people, more machines, and more software than is required to solve a problem. And not just by a little; by orders of magnitude.

Recently, it took me seven weeks of emails eventually involving fifty-odd people to get something done that took literally 30 seconds to do. Part of it was because I didn’t understand what I was asking for. I was asking for the wrong thing. Part of that is because the system is stupid, and no right-thinking person would have implemented it that way. Someone, somewhere, a long time ago (who probably left the company now) decided that this is how it should work, because someone at a consultancy told them that this is what “everyone” does.

I was asking for the logical, straightforward thing that would have fixed my issue, now and in the future. After it became clear that this would never happen, the 50+ “subject matter experts” involved had dozens of chances to respond and explain how what I was asking for actually worked, and clarified that I was asking for the wrong thing. But that didn’t happen.

Why? Because explaining why it works the way it does in front of God and everyone would reveal how idiotic it is. This can’t even be admitted over voice, but after several Zoom calls, you eventually see the pattern. It’s like the old magic eye pics in the 90’s. Eventually, you get your focus depth correct, and see the real picture. The image that no one else sees. They’re not paid to, so they don’t care.

Not only is the process stupid, the “self-help” web site that’s supposed to allow people to address this problem themselves is opaque, and doesn’t explain what’s going on. It masks the issue that I was having, when it would be very easy to show. This is a recurring pattern. Various IT functions have implemented “self-help” web sites that simply do not work, for reasons they are completely blind to because they never use them. They could make two small changes to this page, and it really would (mostly) address this stupid, broken policy. After all this wasted effort, someone involved seemed to finally understand my confusion and understand how this could be fixed, but I’ll bet they never do it.

Unless senior management — and I mean the guys right under the officers, because the officers are never going to care, and the upper-middle guys don’t have the political clout to do it — unless they are curious, concerned, and knowledgeable enough to ask illuminating questions to pierce the veil, the lies will go unchallenged, and the technical debt will continue to grow with every new project, and every project that is introduced to fix one that just failed.

At some point, when your personal sensibilities and the demonstrated collective priorities of the organization repeatedly come into conflict, you have to make a decision if you’re in the right place. For instance, I currently have personal issues which make the “switching costs” prohibitive, but this is an extremely individualistic equation to balance.

Sidekiq. Feels Good, Man

After 15 years of doing Rails applications, I finally had a serious need of utilizing long-running background jobs to get things done, and setup Sidekiq. My jobs are database-bound, but my database was being underutilized, so I opened up the connection count, and let it “breathe.” In production, I can easily run 20 threads on a single, small VM, and wind up getting 20x the throughput.

I can’t say it was straightforward getting it all running on Ubuntu. The “new” systemd subsystem seems like a regression from the old ways of setting up services with plain init.d and update-rc.d. I also don’t like snap, and I’m starting to think that I should switch to Fedora, but that’s another discussion.

Anyway, Sidekiq: great success.

Welcome to the “Future” of App Deployments

I’m sitting here watching the braintrust in our IT organization tell everyone about a NEW! “PRO!” product that will do database migrations with Jenkins, and I’m just sitting over here thinking about the native migrations available by default in Ruby on Rails since version 1.0, which I’ve been enjoying for the past 15 years. I’ve deployed Rails apps with Jenkins, but I still like Capistrano better, because it’s “native.” I’ve yet to fool with their new Docker-based deployment tool because cap works so well.

They showed a script to call the Jenkins API to do deployment jobs. Again, I’m just sitting here wondering what in the world they’re talking about. Jenkins literally does all of this for you. They seem to think that Jenkins can’t handle deploying to separate environments, and therefore you need to script it so that you can parameterize the deployment with tags that live in git. I haven’t used Jenkins for 1o years, but — without even looking — I’d bet my eye teeth that Jenkins can do this without needing a script to call its API.

They’re signing off their dog and pony by looking for volunteers to demonstrate new things in this space. I think they’d barf if I demonstrated my workflow with Rails and Capistrano, and by so doing, illuminated how much time, effort, and money is wasted on a default stack using Java, React, and Oracle. It doesn’t use any sort of middleware, and therefore doesn’t have any steps to sit and wait for rubber stamp approvals by useless middle managers who aren’t going to actually review the changes, so I’m sure it would go over like a lead balloon.

The Six Dumbest Ideas in Computer Security

The opposite of “Default Permit” is “Default Deny” and it is a really good idea. It takes dedication, thought, and understanding to implement a “Default Deny” policy, which is why it is so seldom done. It’s not that much harder to do than “Default Permit” but you’ll sleep much better at night.

Source: The Six Dumbest Ideas in Computer Security

This was from 2005, and if your organization’s approach was always Default Deny, then it’s a great idea. The problem with Default Deny isn’t the idea, it’s switching away from Default Permit after decades of acclimation. One comment in the HackerNews discussion about this article says it adds “three more steps” to the conversation with IT to fix your app after the change. I would argue that it’s a whole lot more than that.

A friend of mine has trouble running a very important vendor application used in his department. It stopped working some time ago, so he opened a ticket with IT. It was so confusing to them that it got to a point that they allowed him to run Microsoft’s packet capture application on his machine. He followed their instructions, and captured what was going on. But, despite the capture, they were unable to get it working through the firewall.

Out of frustration, he sent the capture to me and asked me to take a look. Even though our laptops are really locked down, as a dev, I get admin on my machine, and I have MSDN, so I downloaded Microsoft’s tool, and looked over the capture. It was a complicated architecture, using a client/server implementation on the local machine. The front end was working over networking ports to talk to its back end, and the back end was using other ports to talk to the vendor’s servers.

I knew what to look for because I had just undergone a lot of pain with my own development workflow, because the company had started doing Default Deny, and it was messing with my development workflow in several ways. Not too long before, they dropped the bomb that EVERY network communication through the firewall required the Cisco Umbrella certificate (so that they can intercept and inspect all traffic, despite SSL). I had to figure this all out on my own, based on the behavior I was seeing, but I was able to figure out how to download that cert and include it in the chain to work with both bundle and HTTP calls in Rails, and psql for Postgres.

Then they locked out Postgres’ default port entirely. They reopened it for me at my request at first. Then six months later, they closed it again, and told me that I needed to formally request permissions for that, which was going to be a many-years-long process. I “just” rewrote the functions I needed in my Rails app to use HTTPS instead of using a direct database connection.

Anyway, I told my friend what ports IT needed to open, and how that he needed to explain to the vendor that they had to include the Umbrella cert in their chain on the back end, but he’s still having problems. Why am I being vague about the details here? It’s not because of confidentiality, though that would apply. No, it’s because my friend had been “working with IT” for over a year to get to this point, and this was two years ago, and I’ve simply forgotten a lot of the details.

“I said all of this to say” that saying it will take “3 extra rounds” is a bit of an understatement when IT starts doing “default deny,” at least in legacy manufacturing companies.