Gilfoyle Gotsta get Paid

That, my friends, is our little asshole dog, Gilfoyle. He’s got a strut, and chicks dig him.

And yes, we put shoes on our dogs sometimes. The pavement gets hot around here in the summer. Once we found the right shoes Gilfoyle didn’t care about them one way or the other, but Lady Byng loves to run when she’s wearing her shoes. I’ve tried a couple of times to get video, but I’m sprinting to keep up and holding a leash, so the results have not been good.

1

Drew Brees

On this Indigenous Peoples’ day, I’m in a noisy place watching the Saints play the Redskins.

I’ll give you a moment.

Irony aside, what just happened is that the Saints quarterback, Drew Brees, just broke the all-time record for passing yards. I don’t know how long that record will stand, because the league is constantly altering the rules to favor passers. But still, this is a big event, sports-wise.

I remember his first game. I was with Squirrely Joe, in a sterile sports bar in Las Vegas. The Chargers were getting their asses kicked. Down by 17, they pulled their venerable, highly-respected starting quarterback to put in the backup they thought would carry the team one day.

The first pass Brees attempted was terrible. With the cameras on him, the team went back to the huddle and he was almost laughing at himself, taking full responsibility for the failure.

Then he hit a pass, and another, and suddenly a defeated team was looking crisper, hungrier. Whatever he was doing in that huddle infected everyone; there was some magical energy Brees was putting out that changed the team. Of course the defense caught the bug too, and the game swung decidedly for the Chargers.

The Chargers lost that game; there simply wasn’t enough time for Brees to finish the comeback. But I knew, I KNEW, after that first terrible play, before he did anything else, when he was statistically the worst quarterback ever, that Drew Brees was the real deal. I knew by the way he handled that mistake, by the way he interacted with the other players on his team, that he was a leader, and that he expected more of himself, but allowed himself to make mistakes.

When the Katrina/Bush disaster hit New Orleans, Brees showed his true blue again. San Diego had given him up in favor of their new kid, and I understand that decision — Brees was having trouble with his shoulder. Down in New Orleans, when things were really bad, Brees was a good neighbor to many who needed one, and in the following months he worked hard to help rebuild the city. He’s going to retire a Saint, or blood will flow.

He knows that, but he’s playing year-to-year with them, rather than making things ugly by trying to extort a longer contract. He loves his job. He loves his team and the city that hosts him. He loves them enough to trust them to know when it’s time to say goodbye.

After all these years, when I watch him play I still see that rookie, after his very first terrible play. That’s the same football player who just set an all-time record, the player dark agents from Canton may eventually have to shoot so they can set up his shrine in the hall of fame. The same guy. Maybe he’s sharpened his skills a bit since, but his ability to inspire those around him was obvious from the beginning.

Football is a team sport like no other, a collection of specialists with a common goal, and leadership matters in football more than anywhere else. Linemen block just a little bit harder when they are protecting Brees; receivers run their routes a little more crisply. “84 jump into the stratosphere and push off passing 747 into the corner of the end zone” would sound almost plausible if Brees said it. There are better throwers in the league. There are much better scramblers and runners in the league. But there is no better leader.

Kaep is back!

A little bit less than a year ago, when the last NFL season was still young, the Official Sweetie of MR&HBI pointed out to me that a legit NFL quarterback was unemployed because of his political stand.

I demurred. Colin Kaepernick was the flash-point of activism and he was unemployed, but I gave my sweetie the cringie-face and said, “the problem is that he’s actually not very good.”

After that conversation, several NFL teams hired backup quarterbacks and even a starter who were worse than Kaep in every measure.

Kaepernick is a dick, make no mistake. He hit on a teammate’s girl, and he required ridiculous privileges when he could get them. He is not friendly to his fans. Having him in the locker room will be a challenge. But in a league that hires actual fuckin’ murderers, and glorifies a coach who banged his assistant’s wife, being an asshole is hardly a disqualifier.

And seriously, some of the chumps hired over a man who was one bad coach-decision away from being a Super Bowl champion are ridiculous. Kaep has a beef.

He is suing the league. I’m no lawyer, but I think he has a case.

Enter Nike. A major sponsor of the NFL. On opening night of the new season, Nike introduced an ad campaign that cut Kaep as a hero, among many other hometown heroes you have never met, just trying to do what is right. Word on the street is that Nike did not inform the NFL of the content of the ad until maximum buzz could be achieved.

Kaep, for his part, has put a chunk of his personal fortune into addressing the issues he knelt to protest. So asshole rating is reduced several points. Kaep believes in the cause. That simple fact is really, really important. Obviously this is not a cynical career move for him. He’s making a stand for justice.

Honestly, I don’t like Colin Kaepernick as a person, but I respect what he is doing. To my sweetie, I was wrong back then. Clearly there has been collusion, and it’s time to make the league pay.

1

A Guide to Commenting Your Code

I spend a lot of time working with code that someone else wrote. The code has lots of comments, but they actually do little to improve the understandability of the work. I’m here to provide a concise set of examples to demonstrate the proper way to comment your code so that those who follow will be able to understand it easily and get to work.

These examples are in php, but the principles transcend language.

WRONG:

// get the value of the thing
$val = gtv();

RIGHT:

$thingValue = getTheValueOfTheThing();

WRONG:

// get the value of the thing
$val = getTheValueOfTheThing();

RIGHT:

$thingValue = getTheValueOfTheThing();

Oh so very WRONG:

// Let's get the value of the thing
$val = getTheValueOfTheThing();

We’re not pals on an adventure here.

RIGHT:

$thingValue = getTheValueOfTheThing();

You might have noticed that so far all my examples of the proper way to comment your code don’t have comments at all. They have code that doesn’t need a comment in the first place.

Computer languages are not created to make things easier to understand for the machine, they are to make sets of instructions humans can read that (secondarily) tell the computer what to do. So, if the code syntax is for the benefit of humans, treat it that way.

If you have to write a comment to explain what is going on in your code, you probably wrote it wrong. Or at the very least, if you need to write a comment, it means you’re not finished. I write many comments that start TODO, which my tools recognize and give me as a to-do list.

Stopping to come up with the perfect name for a variable, class, or function is an important part of programming. It’s more than a simple label, it’s an understanding of what that symbol means, and how it works in the system. If you can’t name it, you’re not ready to code it.

There is a special category of comments in code called doc blocks. These are massive comments above every function that robots can harvest to generate documentation. It’s a beautiful idea.

Here’s my world (not a standard doc block format but that’s irrelevant):

/*
|--------------------------------------------------------------------------
| @name "doSomething"
|--------------------------------------------------------------------------
| @expects "id (int)"
|--------------------------------------------------------------------------
| @returns "widget"
|--------------------------------------------------------------------------
| @description "returns the widget of the frangipani."
|--------------------------------------------------------------------------
*/
public function doSomething($id, $otherId) {
    $frangipani = getFrangipani($id);
    multiplex($frangipani, $otherId);
 
    return $frangipani->widgets();
}

The difficulty with the above is that the laborious description of what the function does is harmfully wrong. The @expects line says it needs one parameter, when actually it needs two. It says it returns a widget but in fact the function returns an array of widgets. If you were to try to understand the function by the doc block, you would waste a ton of time.

It happens all the time – a programmer changes the code but neglects to update the doc block. And if you’re not using robots to generate documentation, the doc block is useless if you write your code well.

public function getFrangipaniWidgets($id, $multiplexorId) {
    $frangipani = getFrangipani($id);
    multiplex($frangipani, $multiplexorId);
 
    return $frangipani->widgets();
}

Doc blocks are a commitment, and if you don’t have a programmer or tech writer personally responsible for their accuracy, the harm they cause will far surpass any potential benefit.

I have only one exception to the “comments indicate where you have more work to do” rule: Don’t try this at home.

public function getFrangipaniWidgets($id, $multiplexorId) {
    $frangipani = getFrangipani($id);
 
    // monoplex causes data rehash, invalidating the frangipani
    multiplex($frangipani, $multiplexorId);
 
    return $frangipani->widgets();
}

This is useful only when the obvious, simple solution to a problem had a killing flaw that is not obvious. This is a warning sign to the programmer coming after you that you have tried the obvious. Often, when leaving notes like this, and explaining why I did something the hard way, I realize that the easy way would have worked after all. At which point I fix my code and delete the comment. But at least in that case the comment did something useful.

2

Sucker Bet

While reading an article about sports, I clicked a supporting link and found myself here, at the NBA futures page at a gambling Web site. I’m curious about numbers and things, so I looked at the odds for a bit.

At this moment, there is an anomaly. “Anomaly” in my newly-minted dictionary of gambling terms is a time when a safer bet pays better than a riskier one.

In the NBA more than any other sport, random luck plays a smaller role in the outcome of games, and of seasons. There are no Cinderellas in the NBA. So when the Golden State Warriors managed to abuse the byzantine salary cap rules to land yet another all-star in Boogie Cousins for a season while the closest competitors went downhill, the gambling world said, “Fuck it, the Warriors are going to win the championship again.”

To bet on the Warriors winning the title next year, Las Vegas is giving you 10/17 odds. That is, the payoff is based on a 0.588 probability that they will win. Well over a coin flip.

But then I noticed this: on that same page the odds Golden State has of winning the Western Conference are 4/9, or 0.444 percent. Hence, a better payoff. Here’s the thing: The Warriors will not win the championship without first winning the division final. Yet somehow the bookies are paying less for the championship?

Yep. If you want action on the Warriors, don’t be a chump. Don’t follow the blind money to “Warriors win it all!”; follow the slightly-better-informed money to “Warriors make me money!”

3

Time Not Well-Spent

Here it is, Whiskey-Exemption Thursday, and my weight is on-target so I can even have beer. The purpose of Thursday is to devote an evening to pushing the writing forward, and hang the consequences.

What have I been writing this fine evening? I’ve been trying to come up with the least-objectionable way to emulate Swift’s extensions to Protocols in php. The answer: there is no way.

Begin geek

Coding with php is coding with flint knives and bearskins; the power of php is in its wham-bam-thank-you-ma’am ability to do a quick task and then to go away.

Bless the movers behind php, they’re trying to evolve their language to catch up with the way people are using it these days. If they had known Drupal was coming along, they might not have been so quick-and-dirty before. Drupal might be slightly less awful as a result.

There are design patterns enabled by Swift that I get a little misty contemplating. Being able to add extensions (with executable code!) to protocols is enormously powerful. Having experienced that, I wanted to do the same thing in php, creating a trait “taggable” and having classes that used it automatically injected with the implementation. Injected, not inherited. Ain’t gonna happen.

End geek

At least now I’m writing prose about writing the code rather than writing the code itself. Progress, I guess.

1

The Thursday Whiskey Exemption

In my days, I’ve only had success with one diet plan: set a target weight each week, lower than the week before. If, when I weigh myself in the morning, I am above the target weight, then I may not consume alcohol that day. Pretty simple, and embarrassingly motivating for me.

I lost more than 30 pounds on this plan, then events intervened, weakness ensued, work pressure ratcheted up, and I have now gained most of the weight back. In January I resolved to get back on the plan, but here’s the thing: While I don’t think my writing is any better after a couple of beers, it’s certainly more prolific. So now I do a dance between health and writing, and lately writing has been winning. But now blood pressure is a factor.

So I have launched my pound-a-week program again, with one modifier. On Thursdays, even if I’m over my weight target, I may have whiskey. I used to call Thursday “Beer-blogging day” — it was an evening where I set aside time to ramble for a bit, and to work on other, more serious projects. Whiskey is a little bit less fattening than beer, so I’ve decided this time around to try to relieve the tension between obesity and creativity by allowing a Thursday whiskey exemption.

For the record, on this particular Thursday I was below the weight threshold for the week anyway. The first few weeks of a new diet are actually pretty easy.

Happy Thursday, everyone!

2

The Journey Home: The Fading Glory of the Southwest Chief

I wasn’t paying close attention at the time, but in the late 1970’s the US government decided to buy out all the failing passenger rail services, with the goal of preserving some semblance of intercity passenger rail in this country. Out west, cities are far apart, and the new czars of rail travel realized that comfort and convenience would be paramount for success.

They took a design from the Santa Fe line, adapted it, made it too tall to work east of Chicago, and the Superliner was born. Superliner I was the last passenger coach built by the renowned Pullman company, while the Superliner II, a smoother-rolling variant that was a little more… judicious with the output from the toilets came along a short time after that.

None have been built since. Sure, there have been upgrades (self-contained toilets retrofitted, electricity available everywhere), but the rolling stock is aging.

On electricity — long ago I took a ride and there was exactly one electrical outlet available to coach-class passengers. A little community grew around that outlet, and while the cafe attendant tried to regulate us, we worked out a better system on our own.

But while the cars have been superficially modified to evolve with the needs of the passengers, there’s really no denying that they are getting older. Train 4 from Chicago to Los Angeles brought that home to me. Some cars had trouble with toilets. The public address system was spotty — at one point the attendant for my car got on the PA to say that the rest of the announcements were’t coming over our PA. Apparently there were a couple of dicey almost-missed-stop moments in my car.

The dining car’s air conditioning failed; my waiter said that on the last leg of the journey one of the crew knew what switch to throw, but now he was gone. Sounds to me like a circuit breaker.

The cars themselves still felt solid, we moved along smoothly. But it’s the little things, the door latch that required coaxing, the outlet that just won’t let go, that give you the feeling that maintenance is falling behind. And as the cars get older, the maintenance requirements are just going to increase. It’s going to require commitment to keep these cars comfortable and safe, and when the little things start to slide, it’s an indicator that the commitment is not there.

Twice on my journey east I heard a rumor that Amtrak would be canceling the long-haul western routes. If that’s true, I’m glad I took this ride. The subject of California’s high-speed rail also came up often. To which I said, “I’ll believe it when I see it.” I would honestly prefer it if the state spent maybe one percent of that cost to upgrade the low-speed rail already in place along that line (California has already pitched in to pay for other Amtrak upgrades in the state.) It’s beautiful country. Slightly-less-slow service would attract a lot of new customers, at a price the high-speed option could never touch.

I look forward to rolling along the coast in a brand-new Superliner III, then turning inland on the Southwest Chief, its rolling stock gleaming in the desert sun — the iconic journey that everyone must do at least once. The Route 66 where someone else drives.

Those will be the days.

2

Not a very Remember-y Day

Went to sleep early last night, after a day of restraint and sobriety. Woke up this morning, had a bit of an epiphany, then set about my day feeling perky and downright sharp.

So far today, I have locked myself out of my room not once but twice. Then I walked from the residence hall down to Massachusetts Street, only to realize I didn’t have my wallet.

To make things worse, during my walk down a woman on a park bench had complimented my shirt and then as an afterthought had complimented my beard. Then I passed a nice lady who was raising money for a church-based project to house the homeless, who remembered my “beautiful beard” from the previous day, when I had made a donation.

I couldn’t go back the direct route, or I would pass these people twice more. I had to go around. Putting some serious mileage on my new shoes today.

1

GDPR Announcement

I’ve got no idea who you are. Even if I did know, honestly, I wouldn’t care.

1

Voted. It was a little weird.

I vote by mail these days; it costs the state more money but is more convenient for me and it is less Russian-style shenanigable. Mail-in votes are more vulnerable to local-asshole shenanigans — just ask my Arizona-based nephew, who has been directly shenaniganized — but I’m pretty confident my vote will be counted.

Secure in that thought, I did my best to study the issues and make good choices. The propositions were the most important votes, at least in my mind — I’ll touch on the major political seats shortly. Two of the propositions came down to car vs. not-car. Easy peasy.

Locally, B and C asked us, collectively, whether we were willing to give up open space and embrace sprawl if a fraction of the housing created was dedicated to affordable housing for seniors. Affordable housing is a critical issue here; rent is fucking ridiculous. But a few token units in a luxury expansion that stretches city services is not the answer.

I voted to increase the state’s debt to help people move around without cars. Overall the state’s debt burden is down lately, due to prosperity — even as the federal government siphons money out of the state so Kansas can boast a balanced budget. State balanced budgets are a sham, propped up by the federal deficit and states like Texas and California.

On another prop there was one argument in the pro vs con section that said (more or less), “They might not use the money to make roads better! They might use it instead for public transport and bike lanes!” Yeah, bunky, whatever you’re opposing, I’m in favor of.

After the props there came a judge — you’ve heard of him — and I couldn’t kick him in the balls so I only did what I could to make sure his career was over. His defense said we shouldn’t let a single decision in a career that was not flagrantly biased be cause to eject a dedicated public servant, that it was a slippery slope to make the judiciary subject to the mob. (The actual argument was far less articulate.) But I’m with the mob on this one. Democracy is mob, and it’s at its best when things are ugly. The mob says rapists should not get off lightly. Let other judges take note.

Then there were the candidates. For only the second time in my life, I paid attention to party affiliation while voting. This is not a normal state for me. But until the Republicans purge themselves of Trump, and of the forces that allowed Trump to happen, none of their candidates at any level will get a vote from me. None. That’s just how it has to be.

3

An Exchange with HackerOne

In a recent episode I rambled about a system that pays good guys for finding and reporting security holes in the software we rely on every day. Fired up with enthusiasm for the cause, I sent this message to HackerOne:

I appreciate what you are doing here, and would love if there were a tip jar where I could contribute to the rewards you give out for making the world a better place. Like Zaphod, I’m just a guy, you know? But I’d happily pitch a little bit each month to promote what you do here, and to support the people who actually make the Internet less unsecure.

I debated “insecure” versus “unsecure”, and went with “un” for reasons I don’t exactly recall. Beer may have been a factor.

I got a very nice letter back.

Thank you so much for reaching out to us with this feedback on what we are doing. We appreciate you taking the time to reach out to speak with us about what you think of the program and how you would like to participate it make HackerOne a success.

You are correct about us not having a tip jar, however, our community can support us by word of mouth let others know what we do and what our goal is and if you are a hacker or know any white hat hackers we encourage you all to use our platform and help us with making the internet safer.

We really do appreciate you reaching out and I am going to share your message with the rest of the company.

Best,
Shay | HackerOne Support

The missing word and tough-to-parse sentence make me think that this was a hand-typed response. I am happy to contribute to their word-of-mouth buzz. I do not fit the profile of the geek HackerOne is looking for, and I suspect no one who will ever read these words is pondering the question “How can I break things and still be a good guy?” But if that’s you, head to HackerOne.

On the other hand, If you own a commercial Web site and want to get a major security audit, consider posting a bounty at HackerOne. You’ll get some really skilled people trying to break in, only in this case they won’t rob you blind if they get in.

1

A Set of Facts That Might be an Opportunity for the Right Person

A simple, unordered (perhaps obfuscated-ordered) list:

  • I tried to read Feeding the Eels on this site from start to finish but I could not.
  • I am growing seriously tired of spending my weekends fiddling with code
  • At this time, I have only indirect influence on hiring php programmers at my company—I can recommend, but there are no openings in my group.
  • At this time
  • I know php upside-down and sideways
  • I have decided that this is a year for finishing things.
  • I like to teach
  • I seriously don’t want to dig into the guts of my WordPress theme to figure out why I can’t read all of Feeding the Eels
  • I write software for a living
  • There are a lot of punk kids out there who can dance with WordPress and php even though only grandads seriously think php is cool
  • Feeding the Eels has been dangling, almost-finished, for years.
  • I would never ask a kid to work for free
1

Maybe this is Why Americans Celebrate Cinco de Mayo

The Battle of Puebla occurred on May 5, 1862. It was an unexpected victory for about 4,000 Mexican soldiers facing about 8,000 well-equipped French troops. Although it was a stirring victory, the outclassed Mexicans were eventually overwhelmed, and the French installed a new government in Mexico a few months later.

So… let’s climb on the alternate history bus and wonder what would have happened if the French had won at Puebla. Without that crucial lift to morale and Mexican national pride, would the French have won more easily? Would Emperor Maximillian have been able to hold his seat more comfortably for a couple of years?

A couple of years is all it would have taken. The Americans were slaughtering each other in their own civil war. Given a little breathing room, an enterprising European colonial power might have found it worthwhile to aid the southern states, and in return have a friendlier partner on Mexico’s northern border.

But, in part emboldened by their success at Puebla, the Mexicans never let Maximillian get too comfortable in Mexico City. As the US Civil war drew to a close, with France dealing with Prussia back in Old Europe and the Mexican Guerrilla warfare gaining intensity, Napoleon III bid adieu to Maximillian, and not long after that the emperor was executed.

Honestly, I don’t think for a minute that the French would ever have held Mexico with or without the Battle of Puebla. The colonization was a doomed endeavor from the start, and turned out to be a costly mistake for France.

So the Battle of Puebla may not have turned Mexican history that much. Maybe the Emperor would have lasted a couple more years, but that’s about it. That couple of years, though, may have been HUGELY significant to the United States.

So if you’re hoisting one tonight to celebrate Drinko-de-Mayo, stop for a minute and consider: about 4,000 hungry, ill-equipped Mexicans may have saved our nation. Now that’s something to celebrate.

3

The Best Friend You Didn’t Know You Had

I was reading the other day about how some hackers found a serious security flaw in php. php is a language used on Web servers to deliver content to your browsers; WordPress is written in php and thus every time you load a page here at MR&HI, code written in php is being run.

A LOT of the Web is written in php, so finding a security issue in that language is significant, but this episode is not so much about one particular flaw as it is about the constant battle between good and evil. This article gets technical fast, but there are a couple of important takeaways that you don’t need to be a geek to understand.

Pornhub offered $20,000 to anyone who could hack them, via the site HackerOne. This was a big enough incentive for a group of hackers to really go after them. They discovered one questionable practice by the programmers of that site, but it took a lot of long, hard work for them to turn that into an actual hack, digging through the source code of php itself until they managed to create an attack that could load and run code on the server.

Immediately they disclosed the vulnerability through responsible channels, earned their reward, and both Pornhub and the wardens of php moved to close the bug. Pornhub paid up the $20K, and HackerOne threw in a bonus.

And even shorter version: Pornhub paid some real dollars and made the Web safer for all of us.

You and I are fantastically lucky that there are people out there who will use their skills for a low-five-figure payoff, rather than exploiting that weakness for potentially millions. These are the white-hat hackers, incredibly skilled people who can write php-unserialize fuzzers to discover “unexpected” responses, but use their skills to make the world a better place.

Eventually these guys will have the hacking weapons that our own government lost control of, and when that happens, the Internet will become far more secure. In fact, if I were king of this country I’d give the good guys those tools right now. It can’t be only the Russians using that stuff. Worth noting: our government has discovered many security holes in the software that makes the world run, and they didn’t report those discoveries, leaving the holes wide open for them (and everyone else) to exploit. Our own government is not White Hat.

When you hear about a new terrible hole in security, remember: that’s when honest people found the hole. It’s geeks like Evonide that found it, and reported it. Often they chased that hole because some site like Pornhub gave them a reason to. So let’s stop and appreciate what the unsung good guys have done for us.

2