Category: Programming

LinkedIn? In My GitHub? It’s More Likely Than You Think

Outlook Integration with LinkedIn

I didn’t much care when Microsoft bought LinkedIn, because no one actually likes LinkedIn. What little usefulness it has exists only because there’s nothing else in the space. A Facebook for work. Really? That’s boring squared. Who cares? But when Microsoft bought GitHub, I was really disappointed. I felt it was “unwarranted.”

Linus Torvalds wrote Linux, and changed the world. Despite never being able to make a dent in desktop usage, it destroyed what little progress Windows was making on the server side compared to Unix and minis, and now runs basically everything that isn’t a desktop (or an Apple device).

Then Linus changed the world again, and wrote git. Except for the absolute biggest repositories (e.g., Microsoft Windows, or, say, Oracle), it quickly ate all other source code management software, paid or free. And then Microsoft patched git to handle their codebase, and uses it now as well.

GitHub was one of the first big Ruby on Rails apps to prove the framework’s viability at scale; a huge platform success that didn’t involve either Microsoft or Oracle.

So, from my perspective, GitHub — hosting git repos using Rails running on Linux and MySQL — represented everything in the software world that was NOT MICROSOFT.

And then Microsoft threw a couple billion at the founders, the government shrugged their shoulders at such a “small” acquisition, and GitHub, like so many before, became another head on the software world’s biggest hydra. I actually felt a little betrayed by the founders, if I’m being honest. I hate the M&A activity that’s destroying our economy, capturing our government, and producing a new feudal-like aristocracy, but I suppose, of all the companies that had the resources to give the founders their exit, a DOJ-chastened Microsoft wasn’t the worst possibility. Certainly better than Oracle or Salesforce.

Now I see this tomfoolery in the updated version of Outlook, which my corporate laptop just self-installed. Uh, no thanks? In fact, I can’t imagine something I want less than this, but Microsoft is always surpassing themselves, so I’ll just give it time. I would complain about jamming more “stuff” into an already over-stuffed application, but Outlook may be the software world’s poster child for bloat at this point, so what’s another useless “social” add-on?

I’m saying all of that to say this: I fully expect GitHub to get some sort of LinkedIn integration like this in the near future as well. “Link your professional software portfolio with a click of the button!” it will say, as if you can’t stick a link in there already. And then it will build a graph of user data behind the scenes for only-God-knows-what further marketing purposes.

I also expect that there will be some linkage between GitHub and Azure Devops. I had been thinking that Microsoft would simply phase out Devops for GitHub. Devops has never been particularly interesting as a product. However, a thoughtful person on Twitter — “There are dozens of us!” — disabused me of that notion. I’m sure he’s right: Microsoft certainly has too many paying customers for Devops to do anything drastic with it now, and it has become another lame-duck victim of Microsoft’s own success, destined to limp on forever because of backward compatibility. But I’m certain that they’re not just going to leave these two, so-closely-related silos sitting right beside each other with no connection, and I’m also certain I won’t like it when they finally do something.

“How do you define ‘unwarranted?'”

UPDATE: A comment on HN pointed out that Microsoft already has “boss ware” in the form of “Workplace Analytics,” and it’s bundled in Office365. Ticking this box, then, will allow them to associate a real person with a user in your company’s “analytics.” Will they rank people for recruiters based on this data? Will they provide a report for companies who are considering you for a job? Sounds like a perfectly valid, dystopian business opportunity to me. Right up their alley. I wouldn’t put it past them.

Reselling gig work is TikTok’s newest side hustle

Resellers buy gig work for as cheap as $5 to resell for profit

Source: Reselling gig work is TikTok’s newest side hustle

Yes, you can make money by looking for opportunities to match up supply and demand, and legitimately take a cut of the transaction. I didn’t read the whole thing, but I doubt that they talk about the flip side of this “work.”

I read a classic Hacker News comment by a person who claimed that they were employed by 3 or 4 companies at any given time, and sent all of their work to 3rd-world countries, to be done by contractors. They “did nothing,” and collected multiple salaries. Except that… they didn’t “do nothing” at all. Managing all of this work would be a lot of work in and of itself.

See, in either the case of using TikTok to work the arbitrage, or in misrepresenting yourself as an employee (and not a outsourcing firm), this takes real work. You have to constantly be hustling. Not only that, but in doing all of these things, you’re going to frequently be getting mixed up, caught in the middle, and have people (from both sides) getting mad at you. You have to the special kind of person — e.g., a psychopath — for this to not affect you, if you want to do this sort of thing for any length of time. So this is hardly some sort of quick and easy way to get rich doing nothing.

Unseen Effort – The Daily WTF

The only downside to working for him was his disdain toward open source solutions. Anita couldn’t use any NuGet packages whatsoever; everything had to be built from scratch. She learned a ton while making her own JSON parsing library and working out OAuth 2.0 authentication.

Source: Unseen Effort – The Daily WTF

At the bottom of the article, there’s an in-line advertisement for a product which wraps NuGet with permissions. What a perfect way to deliver an ad. Is the whole story fake, in order to deliver it? And what a perfectly “corporate” product, to further exacerbate developer frustrations in large company environments.

Please don’t tell my company (Initech) about the existence of this product. I think there are several mid-level managers who would experience actual arousal at the thought of implementing it.

From Node to Ruby on Rails | D U N K

Building the web app in Rails took me 2 days – the same thing in Node would have taken 2 weeks. I’ve also included things I wouldn’t have attempted to build on Node/Express until I proved the idea out (editing a profile? Psht please – I’ll wait till someone requests that). People in the HN comments always accuse the Node ecosystem of making you re-invent the wheel for every project. But I thought that was just the way things were. Now I realize the truth to their words.

Source: From Node to Ruby on Rails | D U N K

I’ve been saying this for years, but DHH endorsed this writeup.

SQL Is Obnoxious

I find SQL obnoxious, due to its brevity. Getting complicated desired behavior from it sometimes requires clever understanding and combinations of very simple primitives. Because it’s taken me about 2 weeks (off and on) to work it out, I present, with no explanation, this code:

WITH vars (var) AS (
  SELECT UNNEST(string_to_array(ancestry, '/')::integer[]) FROM calibrations AS a
)
SELECT c.id AS cal_id, p.id AS param_id, t.id AS tuning_id, o.* FROM tunings t
  LEFT JOIN LATERAL json_array_elements(t.data::json) WITH ORDINALITY AS o ON TRUE
  JOIN variables v ON v.tuning_id = t.id
  JOIN calibrations c ON v.calibration_id = c.id
  JOIN parameters p ON p.label = t.label
WHERE c.id NOT IN (SELECT var FROM vars)
  AND t.data_type = 'Z_Axis'
  AND p.label = 'C_PME_GainFactor_Table'

OKAY | Why the status quo is so hard to change in engineering teams

Before we talk about how to prevent it, let’s see how learned helplessness can happen in a development team. There are 2 main patterns:

Pattern #1: Process-related Learned Helplessness

In this case, the team needs to follow processes that have either been externally imposed, or internally imposed but no-one remembers exactly why.

Pattern #2: Complexity-related Learned Helplessness

In this other case, the source of powerlessness is sheer scale and/or complexity. There is truly no-one who understands the emergent behavior of the system.

Source: OKAY | Why the status quo is so hard to change in engineering teams

So I’m currently reading the book Learned Optimism, by Martin Seligman, which just so happens to be the seminal psychological work which teaches people how to combat learned helplessness. I’ll skip trying to give a primer on the process, but the one key that I need to talk about here is that you have to be objective in finding explanations for negative things in your life. Pessimists generally blame themselves for everything, and we all know that’s not fair. Even pessimists wouldn’t blame other people for their own problems when it’s obvious that they aren’t, but they will happily continue to blame themselves for problems that they know they are not responsible for.

People often think I’m a pessimist, but I’m not. I’m objective. I’m so objective that it’s almost a superpower. In that objectivity, I often realize that I am the source of the problem. That may appear to others that I’m a pessimist. However, I’m not afraid of calling a spade a spade, and pointing out that a problem is someone else’s fault, either. And I’m about to explain how this whole topic of discussion is, in fact, someone else’s fault, it’s systemic, and it’s not going to change.

The quoted article found its way to “Hacker” “News,” but you have to understand that this is a blog post from a company which sells software that purports to solve these problems for teams of programmers. I say, “hogwash.”

Every one of the problems listed in the article is the result of bad management.

Period. There’s no getting around it, and there’s no sugar coating it. In the vein of the article, “there are 2 main patterns” why.

First, in our modern feudalism of corporations, the low-level managers are like barons, the middle managers are like earls, upper managers are like dukes, and the C-levels are like princes. Everything flows from the top down. Everyone is playing political intrigue for more power, in the only terms that the corporate structure can understand and deal with: budget and headcount. No one will deal with fixing a problem if it doesn’t directly contribute to their standing with their peers or superiors, and problems with software build systems, infrastructure, or technical debt are simply invisible to anyone not dealing with it directly.

Second, the days of building a company to last 100+ years is gone. J. Irwin Miller built Cummins into a world-spanning empire, and then retired. Then the company started implementing all the trendy business-school ideas, and was getting run into the ground. Miller came out of retirement and righted the ship, and then retired again. Those days of people caring about a company like this are gone. Everyone is out to “get theirs,” and then hit the brcks. Everyone knows this, but we still like to pretend that anyone in the bridge cares if the company actually survives in its efforts to make the next $100M.

From HR systems to compensation to benefits, companies are deeply, deeply afflicted with myopic vision. It’s driven from the very top, where every decision of significance is made in view of the almighty stock price. Corporate boards encourage this behavior by tying executive pay to stock options. For decades now, we’ve watched big companies sacrifice long-term performance for short-term gains, because it will net the corporate officers tens of millions of dollars in stock grants. If there’s any hope in this situation, it’s that most of the excess capacity in corporate America has already been wrung out (q.v., the recent supply chain issues), and there’s nothing left to pillage, either internally, or by corporate raiding. (The play now is to merge to form effective monopolies and duopolies, and extract all the profit from your market, but that’s another topic.)

When you combine a lack of visibility with a lack of vision, you get an appalling lack of concern for issues that the rank-and-file serfs deal with.

The fact that issues that programming teams deal with are highly-technical doesn’t matter at all. In fact, it works against them, because fixes are more expensive than in other teams. Say, like buying yet another web service, on top of all the others you already subscribe to, in order to apply metrics to problems that management will never fix, because they neither understand nor care.

There are a lot of examples I could write about here, but one stands out. I know of a person who was briefly involved with an effort to quantify the development process for his Fortune 150-sized company, much like the linked article. When he talked with a knowledgable insider about the system, it was one shocking revelation after another. The system was down more often than it was up. There was no way to estimate how long a build would take. There was no way to check on the current load of the system. There was no way to check on jobs, other than to log into a remote machine and tail a log file. The system wouldn’t even send out an email at the end of the build to indicate success or failure, because it would show how badly the whole thing performed.

So a “baron” in another group got the bright idea that they would oversee the writing of a dashboard to overlay metrics on the process, so that the “earl” who was responsible for it could “see what parts to focus on.” Let that sink in… Do you see the problem here? This manager thought that he would be allowed access to the various running processes of the system, to quantify, graph, and display them — like, on the shared screens in common spaces — when the owner of the system wouldn’t even allow emails about the success or failures of builds to be sent out, which is the most basic of all metrics, and which would have required only a single checkbox to be ticked. The mere idea of this project was so hopeless as to border on insanity.

The people responsible for the system already knew about its problems. They didn’t need metrics. They didn’t care! Whether that was from a lack of budget or a lack of headcount or a lack of technical ability or a lack of communication with other teams… none of that mattered. The people responsible for the system weren’t willing to spend their political capital to fix the problems of the system. And whether that lack of will came from their own political ambitions or a lack of understanding or a lack of vision… none of that mattered either.

The article talks about why developers get frustrated, and proposes that metrics will fix it. Their system won’t help, because, in most companies, it’s not about a lack of metrics. It’s a lack of will, motivated by personal ambition, gamed by incentivizing short-term productivity. As a developer in a group like this, you can blame yourself, or you can look for opportunities internally, or you can take your show to a different stage. All of those responses are in the HN thread about the article. We all have to find our own balance points between our predilections and our companies’.

As a developer, you can alter your internal “explanatory style” to move the blame for the problems you have to deal with to systems or software or people, but all of that misses the real point.

In post-modern, Fortune-sized, American corporations, the problem is management, and all management starts from the top. The corporate officers set the leadership paradigm the rest of the company will adopt, and they are being strongly incentivized against long-term investment in tooling and process. This mindset trickles all the way down to the bottom. If there are problems with “getting stuff out the door,” they will almost always hire more people, because that’s almost always the easier and cheaper solution than retooling an entire department with new software and process. And then, every 5-10 years or so, they will bury their failure to address actual productivity problems with yet another “reorg” or sweeping IT platform change.

Ruby on rails : problem of verifiying the SSL certificate while installing bundle

I’m new with ruby on rails and while creating my first project with this command rails new n_project, i got this error

run bundle installFetching source index from https://rubygems.org/ Retrying fetcher due to error (2/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see .... To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying fetcher due to error (3/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see .... To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
Retrying fetcher due to error (4/4): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see .... To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most
likely your system doesn't have the CA certificates needed for verification. For
information about OpenSSL certificates, see ...

Source: Ruby on rails : problem of verifiying the SSL certificate while installing bundle

I develop software using a pretty varied mix of technologies, including C#, VB, Postgres, SQL Server, and Azure services of all kinds, but mostly Ruby on Rails. After 15 years of using it, I find that it remains one of the most force-multiplying tech stacks in the world. With it, by myself, I can develop software faster than entire teams of outsourced, waterfall-managed, Java/React projects. (And I proven that multiple times.) Not only that, but the future is looking even brighter with Rails 7.

Anyway, I develop software on my personal MacBook Pro, upload it to a git host, and deploy it to a Linux VM on Azure. But my work-supplied laptop is, of course, a bog-standard, boring Dell running Windows. I feel an obligation to be able to use it to do everything I would normally do on my Mac, just in case the hammer falls, and they outlaw the way I work. So, on Windows, I use RubyInstaller. But, thanks to my company’s bog-standard industry practices of using Cisco products to lock down the laptop within an inch of usability, I’ve been unable to do a bundle update for awhile now, getting the error listed above.

I had previously worked around this situation by using CNTLM to tunnel command-line-based HTTP/S requests through my company’s firewall. This was no longer working.

I tried changing my Gemfile to use HTTP, instead of HTTPS. I tried getting gem to ignore SSL errors (and use HTTP sources). None of this worked either.

Yesterday, I had finally had enough of the problem, and decided to work through it. Helpfully, the error message included the fact that I was missing the Cisco Umbrella CA certificate in the certificate chain. Also helpfully, Cisco has a page where you can download their certificates, ciscoumbrellaroot.pem and crca2048.pem. Also helpfully, I found the linked StackOverflow Q/A. That got me started, and I finally figured out the RubyInstaller people have anticipated this problem. There’s a proper way of adding a certificate to your chain. Just drop the certs in C:\Ruby-xx-x64\ssl\certs. This allowed me to get rid of all the hacky workarounds, and now bundler works like I expect it to work on my work laptop.

Arch Linux

I finally took a look at Arch Linux. I started the process of installing it with Parallels on my MBP. I got to the GRUB configuration step, and then thought, “What in the world am I doing!?” And then I quickly deleted the VM and the install ISO. In the immortal words of Sgt. Murtaugh, “I’m getting too old for this.”

Kinda a big announcement – Joel on Software

I took a few stupid years trying to be the CEO of a growing company during which I didn’t have time to code, and when I came back to web programming, after a break of about 10 years, I found Node, React, and other goodies, which are, don’t get me wrong, amazing? Really really great? But I also found that it took approximately the same amount of work to make a CRUD web app as it always has, and that there were some things (like handing a file upload, or centering) that were, shockingly, still just as randomly difficult as they were in VBScript twenty years ago.

Source: Kinda a big announcement – Joel on Software

It’s hard for me to express just how deeply wrong I find this to be, but I suppose that’s because I take it as an almost personal insult. Here’s a smart, driven guy who probably just became a (near) billionaire with the sale of a site devoted to programming Q&A, and yet, in my opinion, he’s completely out of touch with modern web development. I really resent this gaping hole in the collective knowledge of programmers on this planet.

I’ve been using Rails for 15 years now. I’ve used it to make dozens of applications. It is perfectly suited for making CRUD web apps. It was designed from the ground up to do so, and avoid the grunt work of other programming stacks, specifically Java. Unfortunately, Spolsky is not alone of his ignorance about it. I see lots of programmers singing the praises of Javascript, who dismiss Rails, usually because of its convention-over-configuration approach, but nothing can compare to the productivity of using Rails to write a CRUD web application. Nothing. It’s not even close. He’s absolutely right that Node and React offer no advantage over any other legacy option like Java or .NET. I went down the whole Java/Spring/Angular hole for one ill-fated project, and it’s a freakish, byzantine nightmare. The difference between the two stacks is so stark that I have to assume that people who make these kind of comments are completely oblivious to the fact that Rails exists at all.

Take file uploads for instance. Rails has had easily-configured and power capability from several hugely popular gems since (at least) the 3.x days. The stack has had its own implementation since 5.x. Either way, just configure a couple of lines in an initializer, pick a provider, enter your bucket name and API key, and then it’s literally just a few lines of code to add a file attachment to your model.

Spolsky continues to rant:

The biggest problem is that developers of programming tools love to add things and hate to take things away. So things get harder and harder and more and more complex because there are more and more ways to do the same thing, each has pros and cons, and you are likely to spend as much time just figuring out which “rich text editor” to use as you are to implement it.

This is the continuing, enduring beauty of Rails. They continue to add things to the stack, like file uploads, but they do so in a way that makes them optional. If you want them, it’s, like, 3 lines of configuration, and you’re rolling. A rich text editor, as it turns out, is another perfect example. There has been a popular gem to provide the WordPress editor for a long time now, but Rails started shipping a native rich text editor in 6.x, if you want it. I’m using it in a significant way in a production application right now. I added it well after the site was launched, but it was easy, and it’s terrific.

Today we’re pleased to announce that Stack Overflow is joining Prosus. Prosus is an investment and holding company, which means that the most important part of this announcement is that Stack Overflow will continue to operate independently, with the exact same team in place that has been operating it, according to the exact same plan and the exact same business practices. Don’t expect to see major changes or awkward “synergies”. The business of Stack Overflow will continue to focus on Reach and Relevance, and Stack Overflow for Teams. The entire company is staying in place: we just have different owners now.

This is where I get worried. An investment and holding company paying $1.8B to buy a site like Stack Overflow is going to want to recoup its investment, and make more money in the future. In the old days, they used to say that investments needed to start making money in 7 years. I’m not clear that this old rule of thumb still applies, and SO is a private company, so we can’t see a balance sheet, but does anyone think that “SO for Teams” is making $250M a year? Big M&A announcements like this always say the same things about keeping the product the same. Let’s revisit this in a year, and see where we really stand.

Nine things we learned from the Epic v. Apple trial – The Verge

It’s particularly notable since some people are worried that macOS is inching toward the iOS model, making it a little more difficult to install unauthorized software with each new version. If you were already anxious about the Mac ecosystem closing off entirely, Federighi’s testimony gave you plenty more to worry about.

Source: Nine things we learned from the Epic v. Apple trial – The Verge

Indeed. Federighi says he’s worried about malware on macOS. I think that’s scaremongering. (Now watch me get a virus.) But, for all-around safety, I’ve come to the tenuous conclusion that requiring everything to be signed is acceptable. However, if Apple finally closes the last door, and begins to require that everything you install on a Mac to come through the App Store, we’re going to have a problem. As a Rails developer, I’m very worried about the trend of making macOS more and more like iOS, but I don’t seriously think they can ever do this, completely, and I’ll step through why.

A large part of the reason that Apple sells Macs is for development. Obviously, developers must make up a very small percentage of Mac users, being dwarfed by media creators, but the inescapable reality is that Apple themselves require a Mac to write software for their most-profitable products: the iPhone and iPad. So, even by Apple’s own rules, a generally-open development environment needs to exist to continue to support their mobile ecosystem.

Very closely related to this is that a lot of developers (like me) prefer the platform for developing web apps, which, again, is a type of development that helps Apple’s efforts. I mean, they don’t want people going off and creating Windows-native applications, right? So keeping the operating system of Macs in such a state as to make it productive for web development is — at least tangentially — also in their own best interests. However, this sort of focus almost requires the use of either Homebrew or MacPorts, which I have a hard time believing could be delivered through the App Store.

So, following the logic, and while I understand that it might be really attractive to Apple leadership to lock down macOS as tightly as iOS, I don’t see a path for getting there. At least, not in a way that won’t alienate the entire demographic of developers. Obviously, if they get really serious about it, they could lock the system down for iOS app development, but I think this would leave web development blowing in the breeze. If that were to happen, my only consolation is that Linux is just as nice for doing Rails development as macOS. It’s not as great for just about everything else, but it is a first-class platform to develop web applications on. So, moving back to Linux on the desktop is a viable fallback position for me, and the really great thing about that is that no one can take that away from me.