You are viewing ohkabaka

Giving the Byzantine a bad name...

I used to work with a dev who named every query "q" in his mostly linear code.
I didn't think I'd ever see anything quite so insane, you CAN keep track... but its myopic and masterbatory.  If you know your own code you are fine, but as an outsider looking at the code it is immediately a giant confusing pile.

Today I'm dealing with the code of a guy who names every query "get" and who is also the LEAST linear coldfusion I've ever seen.  Currently I'm trying find a specific "get" query that may be one of about 80 spread across 20 or so includes.


More obvious code unseen for 25 years...

Lets do another one of those...

At least this time I realized it myself, and didn't stumble across it in someone else's product.

You have a fixed series of things, that loops when it reaches its end (like days of the week, or months in a year, spokes on a wheel... whatever )...

How many times have I written some variant of this?
if( day > 7 ) day=day-7; if( day < 1 ) day=day+7;

instead of:
day = (day+dayChange)%7;


OMFBG!* (thats "B" for boolean)

I've been coding for... 25 years (eeep... theres some math I could have avoided thinking about ), for about 9 of those I've been coding professionally.

How have I never seen "toggleVar = !toggleVar;"

how many times have I written "if( toggleVar ) toggleVar=false; else toggleVar = true;" ?

I feel like an infant sometimes.

I am a regular reader of Coding Horror by Jeff Atwood who is one of the founders of Stack Overflow, so I knew about, and was waiting for it to open long before it did.

While I use it for answers all the time, and occasionally try to answer myself (given the insanely awesome smarts floating around out there, coupled with my WICKED slow composition speed, I never have an answer anything in time for it to matter), I hadn't contributed until this morning.

I used to get an error every couple days at a shop I worked at, one of the users called it "Beak" because she thought it reminded her of one:

...which, in the source, looks like:


"Beak" can be readily reserved by bouncing JRun on the Coldfusion server, and that was enough for me when I had direct control over my server, and bouncing it took no time and impacted no one too severely.

Now I'm in a shop where I don't have admin access to the webserver, and moreover (from a business perspective), the servers are transacting big dollar signs at any given moment, and can't just be bounced.

My undying curiosity was perpetually thwarted by Google's inability to search for anything other than a random collection of B's and P's.
I was discussing productivity this morning with a friend, one time co-worker, (and one of the handfull of people I have exposed to their own ADD and the glory of pharmaceutical management of that condition). He said this:

If it's an Adderall day, the day usually flies and I get a bit done, of course, you know how that goes.. once you're in that "zone" you could be fixing a small HTML alignment issue for 6 hours, but when you're done.. you'll fix the HELL out of it!

Which is about the most accurately described good medication day I've ever heard...

joked with my brother that while it's great for someone like me who's all over.. it's like a big huge laser cannon that takes a whole day to charge: aim it right, you're good, but god help you... get distracted on a message board somewhere, or debating politics, or working on something that isn't exactly what needs to be done...

Hadn't thought of that analogy, but its pretty solid. You get one shot a day, what you hit is dependent on what you can stay focused on for the first hour of your "charging" time... if you get off target, you probably WON'T get back on target... if you can actually stay focused for that full hour, its actually difficult and upsetting (it actually gives me vertigo and a little nausea) to get off target.

A message board WILL be the death of you (take LiveJournal and this morning for instance, killing my productivity)

Its a lot like the Hyperfocus of the un-medicated ADD brain, only you have a LOT more control over it. You come out from the haze 5 to 8 hours later and see your work layed out before you, and you see that you are a god. (Its a statement like that, to a psychiatrist, who decided that I was Bipolar and not ADD ( she had no concept of Hyperfocus and thought all ADD had to be ADHD ), its true though... the difference I point out now is that I don't feel like I CAN do anything during the Hyperfocus... but afterward when you look back at your own wake and realized you COULD do anything when you were there.


Codefree Codeblog

...There has been a distinct lack of code here at the codeblog...

There has NOT been a lack of coding.

I just finished configuring a Joomla site...

I think I hate Joomla.

It is built in PHP, which I don't love, but respect in the way you respect cockroaches...

Its extrememly powerful... but it took probably 100 man hours to get the site up... that was tremendous for an "out of the box" solution... and 50% of that was spent working with actual code, rather than configuring (and 40% was probably css unbuggering)

About halfway through my brain said "You know... a CMS in ColdFusion could be pretty sweet."

Yeah... I'll have the time to develop THAT in the next year...

Currently I'm working on ANOTHER side project (a woefully unlove one).  Its the graphical / UI portion of a project an associate is building.  I enjoy it because it is heavy duty javascript... serious stuff... I'm using jQuery for the first time... thats a trip, completely different way of operating than prototype, which I've used for a couple years... I don't know if I like it more or less yet.

More respect for evil...

...I could not have covered this better than Jeff, so I'll let him:

Evil and Awesome aren't SUPPOSED to coexist.


Linux and Me - Round 9b : moblock

My feeling with moblock up until the other day.

I don't get linux devs sometimes... possibly ever.

I'm not keen on the linux "trust me, I'm doin shit" methodology, moblock is a nearly silent daemon that lives by that methodology.

I have to keep pulling up a terminal and doing a ps aux or tail -f of the log, blocking is ABOUT paranoia for crap's sake, I think a UI is reasonable.

I liked that PeerGuardian2 has a little icon that pops up and opens into a quick log of recent blocks...

A friend pointed out that mobloquer is exactly what I wanted... I doubted it, but decided ANYTHING was better than nothing.


Linux (Ubuntu "Irritating Ibex" 8.10) is up by 5 or six points against Cynicism.

I am somewhere beyond shocked.

I STILL haven't gotten my Snapstream Firefly (X10) remote to work in LIRC... but OTHERWISE it has been fantastic.


Linux and Me - Round 9

My media PC, an AMD K7 1.8Ghz machine running a questionably licensed copy of XP (I said QUESTIONABLE! I'm not sure I didn't own it, I just don't remember exactly), recently had a catastrophic meltdown.

I'm not saying that figuratively... it was partially melted.

I replaced it with a surplus IBM NetVista... a meager P4 1Ghz machine... HARDLY capable of driving 1080p to my Mitsubishi DLP... Yet I watch copious amounts of video from this system, its my backup Tivo, and frequently a saviour when Cox fails to deliver a quality datastream during Smallville.

Every once in a while I decide to let Linux attempt to live up to its claims of being usable for a non-linux zealot who is still a super-user (major stumbling block... I'm not a office and internet simpleton, I need dual screens and firebug... that level of user in Linux has historically been screwed).

The last time I tried this was about 2 years ago with Debian, after installing normally, it told me (from inside a loaded and functional GUI) that it needed to update XFree86 to XOrg. Which it did, and then promptly crashed, saying my video card could not support XWindows.  It spent the rest of its life as a Linux command line utility box.

Given my concern about my XP license, and my knowledge that this gutless IBM wasn't up to the task in Windows anyway, I decided now was time for another test.

I went with Ubuntu... "Linux for Humans" I appreciate their insult to Linuzites,
veiled in their earnest desire to make a globally accessible Linux platform.

True to form, I wasn't asked a SINGLE QUESTION about the technical specification of any component. 
I let it detect drivers and install stuff, then I used it.

That has always been the straw that breaks the camels back.  Its a relatively new, hugely popular video chipset! You need to just KNOW this. I'm a software guy, I have no idea what the frequency of my mouse's "substrata phase
counter-induction optical pulse regulator" is... and I'm not remotely interested in finding out.  I've been programming computers for well over 20 years now, I've never needed to know that.

*Caveat: Currently my Snapstream Firefly does not work right, the difference is that THAT is NOT a Dell 17 inch monitor, and I didn't expect it would "just work".

Then the unthinkable happened: I've installed a few things from Synaptic Package Manager that actually put Icons in the MENU.

At this point I was shocked beyond all comprehension.  Linux with the basics of user friendly UI integrated on a basic installation? Balderdash!

Ubuntu for the Win!

(incidentally, it isn't QUITE fast enough, but I think a stick of memory will fix it.  Command lines are not all evil, mplayer is the shiz.)


Praise for ultimate evil.

Recently my personal PC got hit by Vundo. Again.

Yes, I know.  My fault entirely, the most obnoxious part about the whole deal is how much crap I would give me if I had been someone else. Professionals don't get viruses.  I fall into the "high risk usage" category, and have still managed to avoid them altogether, barring a couple of unexpected incidents, for 20 years.

It took 24 hours almost to the minute to get the system back to full usability (I could play LotRO again in about 6 hours, so it probably would have taken less time if I could focus on anything for more than 6 hours).

Vundo is malware.  It doesn't quite fit into "virus" or "trojan" or "hijacker" or "rootkit" as an all encompassing category, but it easily fits in to all of them in part.

It is the worst corruption I have ever experienced on a PC.  I have recomended several people BUY A NEW PC, rather than putting the time into rescuing an old one.

Why give it any air time?  Because as a programer, as an engineer, even as an evil overlord, I find myself in a peculiar position of having a PROFOUND RESPECT for the design of this particular devil.

First Point Awarded -- Built on the Backs of Legends:
To my knowledge, none of these methods or functions originated with Vundo, the first point of valour is given simply on the grounds that this product uses available technology to the FULLEST.

Second Point Awarded -- Inspired Deployment :
The FIRST time, it hit my Media PC, off a Firefox pop-up... which was sneaky and fucking brilliant, because:
  1. No one who expects the Spanish Inquisition is using Internet Explorer.  It made me re-examine my use of Firefox in general (which I still use of course, but no longer with blind confidence).
  2. Getting past the IE virus barrier was impressive.  I didn't think FF had that suceptability at all, I have yet to identify HOW it happened, but I have refinded my JavaScript blocking.
  3. As an addendum to B, I didn't actually CLICK anything.  It was just there when I browsed an unsecured paged.  In theory it could have been on my system for some time waiting to be activated, but the speed and severity of this package makes that unlikely.
(The second infection was a DAMNED FOOLISH accidental double-click, there was no extra effort on the part of the designer there, so no points awarded.)

Third Point Awarded -- If you can't beat the LSA, use it:
The LSA ("Lisa") [Local Security Authority] or more colloquially and likely more accurately, [Logon Screen Application] is the... uhm... Login Screen Application.
Windows XP and Vista both (inexplicably) allow you to add suplementary login validation, via the registry, to the initialization script.  It doesn't, however, ask you to confirm such a thing, or even validate the alternate login validation against a known database of them.
Vundo runs itself as just such an application, as such NOTHING else on the system is loaded.  The window manager, and the login screen.  No virus checker can supercede that, so even if they can FIND it, they can't remove it because it already is in memory at that time.

Fourth Point Awarded -- I Didn't Hijack Anything, Honest:
Vundo manages DNS and IP addresses via the much maligned and publicized rootkit functionality inherent in Windows XP (and a little surprisingly, Vista).  Three cheers for Microsoft and Sony.
NOTHING you can see in your system says should resolve to anything other than one of's current approved IP addresses.
Host file is clean, there is nothing in IE or FF.  The latter was one of my first clues to the genius of this thing, it was screwing with DNS in Firefox with EVERYTHING in FF disabled... because it didn't TOUCH the browsers, it didn't need to.

Fifth Point Awarded -- Ok, I Did Hijack This:
Combining self preservation and it's business model seems odd at first, but it is inspired logic and leads to one point for each aspect.
Vundo manages the aforementioned global, invisible and untraceable DNS  issues as follows:
  1. Google links fail.  You can navigate TO google, but all google links die, you will find a bunch of results, but you can't read any of them,  UNLESS you look up "Fix Vundo Infection" or something similar, then all the links redirect to Rapeware providers who will happily install MORE infected malware if you pay them $29.95.
  2. Randomly any site will redirect to the classic "Windows has detected your system it has been infection by virus code.  Clicking on OK to guaranteed cleanse your computer from virus programs for free. No points awarded, but still, embedding it in the rootkit so that any HTTP link is susceptable is damned clever.
Sixth Point Awarded -- AND I Did Hijacked That:
The URLs for all Spybot, MS Defender, Adaware, Sophos, Trend Micro (and presumably other anti-virus, anti-malware) websites redirect to localhost.  Because of the global nature of this hack, that means you can't visit their websites... BUT... you also can't update their products.  There is no indication of WHY, their updaters all just pop up and say "Unable to contact update site" and continue on their merry way.

At the time I went through this, none of those applications had the necessary definitions to fix it ANYWAY, but given that most people don't update their definition files until they have to (or in the case of the free version of many of these, they CAN'T update them until automatically, so they don't), blocking their updates is my absolute FAVORITE part about this software.  Disable your opponents ability to fight back, not just passive avoidance, which is standard, but active malice toward the tools that can hurt you.
No Points Awarded -- You write badly in English, don't you:
  • Randomly Named DLLs:
Annoying, but hardly original or even all that useful anymore.  No one is looking for your filename anymore, and if you've done everything else right, it wouldn't matter if you put your file name in a pop-up that declared your superiority.
  • Renamed DLLs:
Critical DLLs moved and replaced.  Stupid for multiple reasons: Easy to spot. Easy to fuck up. Damaging the user's interface to your business model is counter-intuitive.  As with random naming, my knowing the name played NO PART in identifying or removing any virus I have combatted on my or any other systems in the past 5 years.
  • Greedy redirects:
This one constantly perplexes me.  You want to have the biggest impact in the sneakiest fashion possible.  Redirect every 10th... or 20th click, instead of every damned one.  The user INSTANTLY knows they are infected, and works to eradicate your product.  If you are just... there... you have a greater chance of getting what you want, without frightening the user into immediately shutting down their PC and calling their tech guy. You lose.
  • Reselling your service:
You don't link YOUR product to a site with a competitors producted embedded, or allow your access hooks to be used by a product you don't control.  That is basic business, stupid.  It universally leads to:
  • System overload:
Every link redirects to 2 locations, each location pops up 3 more locations, each instance of IE tries to load the installer for the anti-virus rapeware that you are trying to get a kickback from.  Your target audience is running IE6 on a 5 year Pentium with 512 megabytes of RAM.  Their system chokes so hard, that if they DO manage to click the install button, their PC will Blue Screen before the installer can extract all the packages.  They shut down and call their tech guy. You lose.