Netherlands 2018 222

I like to take some awfully strange photos, but this one… is sort of a photo of a strange photo. What’s puzzling is the absolute prominence of the pineapple. Why should there be a pineapple there, in the bottom left, and were pineapples even grown in Brazil, etc.?

“As the Enlightenment period made the rich richer, the landed aristocracy began to engage in a frenzy of new hobbies, including gambling, boozing, and time-consuming, expensive pineapple cultivation. Pineries needed care around the clock, custom-built greenhouses, and mountains of coal to keep the temperatures high. The fruit took three to four years to bloom. The cost of rearing each one was equivalent to eight thousand dollars in today’s money.”

The Strange History of the “King-Pine” hints as to the answers to those questions… while bringing up innumerable more questions. Definitely worth reading the article for the strange history.

– D

Oh, WoW … or, Why We Pack Snacks

Netherlands 2018 1242

The return journey from The Netherlands was a truly epic trip, and not by design. The initial flight from Amsterdam to Keflavic was delayed arriving, so we spent an extra 2 hours sitting around Schiphol Airport (which … is not a great airport, frankly, and the cheap flight terminal is positively horrible). That flight was then delayed further because they’d mis-loaded a bag and had to remove it before we could take off. All of that meant that the flight was around 3 hours delayed arriving into Keflavic and most people weren’t staying there but were traveling onwards. So, the airline bumped the two flights most people were trying to catch (to LAX and SFO). That meant that the connecting flight had to find a new slot into SFO, which isn’t an easy thing to do. Netherlands 2018 1239 This meant we ended up sitting around Keflavic for 8 hours instead of 1.5. Then, as we were ready to leave Keflavic, 6 people had given up and booked alternate flights, but left their luggage, so THAT luggage had to be dug out from where it had been loaded. Then, finally, we had the 8.5 hour flight from Keflavic to SFO. By this time our booked shuttle had canceled on us, so we caught a 40 minute Lyft ride home. All told, we left our rented flat in Amsterdam something like 27 hours before we arrived home, having planned for something like half that.

Netherlands 2018 1235

We did end up purchasing food in Keflavic (which … is horribly expensive, and we’ll be putting in a claim for reimbursement, because spending nearly $100 on a couple sandwiches, some yogurt, and some drinks … is rather obscene). But, mostly, we ate our own sandwiches, hard-boiled eggs, and choices from an assortment of weird Dutch candy (mostly minty, some fruity, and included the random salty licorice). We also packed sliced apples (packed with sliced oranges, so the juice would keep them from going brown) and fresh cherries, knowing that wet and crunchy things are really what’s needed while in the air. Of course, we also packed our 1.5 liter water bottles & filled them at every opportunity.

Traveling like this (with our own food) may have begun as an effort to save money, traveling on budget airlines. Now, though, it’s just how we do things, and something we’ll keep on doing when we switch back to more mainstream air carriers. Which … we’ll be doing.

This is likely the last time we’ll fly with WoW, simply because it was so clumsily handled, and there were so many small problems along the way. WoW scores the worst in service, as well, which … yeah, we can see it. At times, sitting in Keflavic, we asked ourselves whether we were seeing the collapse of an airline, and whether we’d end up trapped in Iceland, having to book last minute tickets out on another carrier. That isn’t a feeling we’d like to repeat any time soon, and the extra $1,000 to fly with a reputable carrier would probably have saved us 15 hours of stressful sitting around.

We will leave you with this, from the Delft organ guy: yes, that is Despacito, played organ-grinder style.

Delft 24

-D & T

Blocking Website Stupidity

If you’re someone who cleans up after your mess (i.e., you clear your browser cookies) then you’ll run into these irritating messages every time you visit a site and they’ve forgotten that they nagged you (because they don’t actually remember anything – they make your browser remember things for them, in cookies, and you can remove those memories any time you choose … like, when you shut down your browser). These messages would look like the huge waste of space banner, shown here taking up most of the page:

I hate these. They do not add anything, and they make you decide something you’d rather not decide. When I visit a page, I’m trying to read something, and I do not expect to be challenged to evaluate their privacy policy. Sites bank on this – they’re betting that you’ll just say OK and move on, without really considering what you’re agreeing to. Well, there’s a way around it (and it’s good to do anyway, honestly): install uBlock Origin and learn to use the wee eyedropper tool to select the garbage you never want to see again. I click the little shield in the top right of the window, then click the eyedropper, then click on the offensive piece of the page. I then work my way down the list of elements until I get the container that’s holding the garbage (in this case it’s a site-message container) and then simply tell it to go away.

It’s easy to do, takes fewer mental resources than looking at whatever idiotic policy they’re trying to get you to agree to, and it will persist even after you clear your cookies.

You do clear your cookies, right?


Another day, een nieuw plezier


Guest one has decamped, guest two is incoming. It is 29C/84F, and right now it is still, but periodically there is a cool breeze, which grows into a wind toward the evening. The forecast has threatened thunderstorms nightly, but other than the odd grumble, and the occasional quick shower, nothing happens to make people do more than take brief shelter with their ice cream. It is truly hilarious how unfussed Europeans, at least, are about getting wet. (The people screeching with umbrellas nearly putting out people’s eyes are …um, some of y’all. We take no responsibility for them.)

Netherlands 2018 703

We’ve come to that point where we’re losing track of days. Time is kind of a warm blur, punctuated by finding a particularly good coffee (if you’re D) or something close to iced mint tea (cold water, mint leaves, a slice of lemon. Close enough). The joy of being with friends is a lot of random conversations, and books, and occasionally doing things.

Netherlands 2018 663

We met the most delightful group of 50-60something Nederlanders on our boat tour the other day. They had grown up in Delft, and all nine siblings (minus the two who were meeting them later) were returning with spouses in tow to honor their parents, both of whom had passed away years ago – on the same day, a year apart. They translated the guide’s words to us, before the guide had a chance to swap languages. They raised a rousing cheer as they passed their old house. They ooh’d and ahh’d that they had a nephew in Cali who was coming to visit next month. They showed us where they’d fallen into the canal, and warned us not to drink the water, ever, despite the fact that it technically is drinkable (Ugh, no thank you; anything accommodating both swans and lily pads seems a bit too natural pour moi). We felt like a long missing part of the family.

Delft 14

It’s been lovely to people-watch here (the image to the left is a link to a video – do click through to experience the square, here in Delft); we spend at least a couple of hours every afternoon or evening just sitting at an outdoor restaurant bar or coffee shop, slowly sipping something cool – or, rather, coolish, as people here don’t really do ice cubes much and iced tea or coffee is just something in a rapidly warming bottle – and just watching the world go by. Netherlands 2018 268 Occasionally one must needs move upwind of a smoker, but people strive to be courteous, because the third space here – the social space that is neither work nor home – is part of what makes The Netherlands work. It is apparently THE most densely populated country in Europe, but it doesn’t feel like it (outside of horrifyingly busy Amsterdam). Even the locals are content to simply BE.

Netherlands 2018 123

One of the other things we noticed is that there are all kinds of bodies here, and people aren’t trying to hide them. Americans, by virtue of their Puritan fore-bearers, have such a vastly different relationship with their bodies that is kind of calming to see people just… using their bodies and getting on with basic indifference instead of …shame emotions or even much interest. Everyone is out – old, young, middle aged. Beautiful and wrinkled, sagging, slack arms and legs, heron-thin and angular, solidly fat, with rolls and bellies, children pudgy and leggy, clumsy and graceful, people walking, talking, cycling, chasing babies, attempting bad cartwheels and handstands in the square and enjoying. People seem to be simply inhabiting the moment and their bodies and DOING things, and it is …not our American experience, in many ways.

Netherlands 2018 141

We met a sixteen-year old Dutch girl two years ago in California as an exchange student. She was a sweet kid, but we lost touch. T made an attempt to track her down, and let her know we were here, visiting her country. We offered to meet her somewhere, but she has instead arranged for us to meet her parents, attend church with her, and go out in her father’s boat. It’s a three-hour train ride, so we’re going to spend the night, and that’s our plans for the weekend. Netherlands 2018 286 Until then, we have Thing 1 visiting until Thursday, and plans are afoot for a bike ride (if it’s not some ghastly temperature), paddle boats, record shopping, and visiting the best vegetarian restaurant we’ve found, Hummus. (Yes. It has hummus. ALL KINDS. It’s so good.) Until then, we’ve got laundry and shopping to do (but not as much cleaning, as the apartment comes with a cleaner! Vacation perks). Until next time…



So, Delft has a Fringe Festival

This weekend’s vacation achievement unlocked: we learned hot to use the shower-sauna! Electric showers, with all the fancy buttons and symbols are interesting but the ones in this flat didn’t seem very useful at first. However, after a bit of study yesterday, we are happy to report that we figured out how to make the water hot, something one might expect to be somewhat self-explanatory (sadly, no) and how to make the jets of steam rising from the floor act like more than intermittent volcanic exhalations. We are rather proud of ourselves. Of course, we’re mainly showering with cold simply because it’s so incredibly warm here.

It’s been unbelievably balmy, and today it was nearly 80 degrees. It’s a little different to experience that kind of warmth in humidity, but the sea breezes kept coming, and there’s plenty of trees in this green and pleasant land, so we were mostly fine. After the slightly terrifying day we had in Amsterdam – with several trains and miles of walking and seeing so much artwork and architecture and riding in a cyclecab through insane traffic, littered with bikes and cars and buses at rush hour on a Friday – today we kept it simple and tooled around Delft. We visited Nieuwe Kerk, Oude Kerk, and people-watched, enjoying the vibrant outdoor weekend life of this busy little town.

Netherlands 2018 275

Delft’s “Marktplaats” is in the center of its medieval downtown, loosely bracketed by the oldest church in the town, on one end the “new” church, and opposite that their city hall. The market square hosts two weekly markets, the first on Thursday, with a huge flower market, the second on Saturday, with a vast antique/flea market. At both, fruit, veg, candy, clothes, household goods and sundries can be purchased. After a leisurely breakfast we began our day with Nieuwe Kerk.

Nieuwe Kerk has two viewing galleries open to the public (there are a few other doors which are locked, on the long climb up to the top). So, of course, despite the rather warm day and the D. had to climb them. This resulted in some fabulous photos … but, as D. said when T. texted him to ask how it was going, “Terrifying. Coming down now.” The ledge is about 2 feet wide and the railing comes up to about 10 inches below D’s waist. Fiddling with multiple cameras (yes, multiple: a Canon 80D, a Canon M3, 4 lenses, plus the cell phone because it does panoramas so well), in the breeze, at the top of one of the tallest churches in The Netherlands is a bit fraught, particularly when there are other visitors who want to get past. Was it worth it, to get a picture of the flat we’re staying in? Perhaps. We’re staying in the pair of windows with the sheer curtains drawn, right in the middle of the photo below.

Netherlands 2018 343

There are apparently 377 stairs to get to the very top, with about half of those being as nice and spacious as those pictured below. The rest are narrower. Passing your fellow tourists going in either direction is also not anything to want to go through again.

Netherlands 2018 355

The view is, of course, wonderful. Here’s the town hall, just across the town square from Nieuwe Kerk.

Netherlands 2018 340

And, after visiting Nieuwe Kerk, we went to visit Oude Kerk. Thankfully, there doesn’t seem to be a publicly accessible gallery, so D. had to be content with photographing other things.

Netherlands 2018 339

Tomorrow may involve riding a canal boat, going to several museums, and hopefully a return to the fabulous Stadsbakkerij de Diamanten Ring for more tasty treats (and, perhaps, to contemplate the mural telling us that William of Orange’s assassin slept here the night before he shot William.). We shall see.

Netherlands 2018 360

Our friend L leaves the day after tomorrow and our friend Thing-1 shows up that evening. We shall endeavor to take plenty of photos, of course (we’re up to 449 photos and a half dozen or so videos, since arriving late Wednesday night … so, 3 days of being tourists). After Thing-1 leaves we’ll make a point to spend time away from Delft (Gemert, with friend S and Wannepeerven & Gierthoorn with D & fam) because the Delft Fringe Festival begins, and it’s already lively enough, being so close to the pedestrian center in the marktplaats!

-D & T

Market Day Is Wild, in Delft!

No lengthy post today, as we’ve been wandering and enjoying the (rainy) day, only making it back to the flat after 11 p.m. We must say, though: Delft market has ALL of the things! D. picked up 1kg of licorice – half of it salty, half sweet, all of it black. We picked up cheese. Oh, the cheese. We also had to visit the guy with the portable, gas-powered, player organ.

Delft 1

-D & T

The Joys of Arriving

In case you didn’t know, we’re off to The Netherlands for a vacation and to visit friends (some of whom live here, some of whom are visiting from Scotland). We are staying just off the main square in Delft, so we get to enjoy the tolling of the bell of Nieuw Kirk at all hours of the evening (it’s just after 2 a.m. here and we’ve just heard it toll a single bong… and we heard it toll 12 bongs at 1:00 a.m…. so we’re not sure what’s up with it).

Netherlands 2018 18

We shall see how much we get up to tomorrow. It could be that we visit a few local museums and stay pretty close to the flat, as we’re sure we’ll need naps. All in all, though, travel this time wasn’t as bad as it could have been. We actually managed to get a few hours of napping in, and schlepping our luggage from plane to train to cobblestone streets wasn’t as awful as it could have been. It’s sunny (we don’t have enough hot-weather clothes, but there are stores) and humid.

We will be painting pottery at the Delft factory store, though. It may not be in the morning, but it’ll happen in the next couple of days, for certain.

-D & T

Little Bobby Tables

Every now and again I explain to people what “SQL Injection” is. I generally do this by writing a bit of an SQL string for them, using a string which can be manipulated (one which is vulnerable to this particular exploit, down at the database level of the application). And I then show them this XKCD comic:

So, for example, I’d define the following as an example of a vulnerable stored procedure:

create procedure SaveStudent
	@StudentName	nvarchar(256)

declare @sql nvarchar(max)

set @sql = 'insert into Students ( StudentName ) select '
set @sql = @sql + '''' + @StudentName + ''''


I would then put in the example name from the XKCD comic above to demonstrate just what ends up happening. Let’s say you were to call that stored procedure, passing in Little Bobby Tables’ name as the variable:

exec SaveStudent 'Robert''); DROP TABLE Students;--'

The stored procedure would then execute the following commands:

insert into Students ( StudentName ) select 'Robert'); DROP TABLE Students;--'

So … why is this a problem? One salient point is that the apostrophe character is used to enclose strings in quotation marks. The way Bobby’s name is constructed allows for a malicious command to be sent to the database (the Students table is erased by the command DROP TABLE Students;), and no error being necessarily returned, because Bobby’s name fits in perfectly with how SQL works – he’s got a proper semicolon, terminating the command that comes before, so he was added to the table … but then the table was dropped, using a valid command, and everything after that is commented out (the double-dash is a comment marker), so there wouldn’t necessarily be any errors at all coming out of this – it’s perfectly valid, it’s running in a privileged context (it has been “blessed” by being turned into a stored procedure, so it’s trusted to run).

All of this is the lead up to the punchline, which is this company, apparently registered in the UK (or, something used for testing, I suspect, as this is the beta for UK Government’s Companies House): ; DROP TABLE “COMPANIES”;– LTD. This, passed into the above sample procedure, will yield the following SQL string:

insert into Students ( StudentName ) select '; DROP TABLE "COMPANIES";-- LTD'

Now, this one’s going to throw an error, because it’s actually improper syntax no matter which database you pass it to (well – any of those I have used, anyway, which is … way too many). However, if this is indeed used for debugging or as a demonstration, it will 1) throw an error if you feed it to anything that’s vulnerable to this exploit, 2) hopefully not throw an error anywhere, because the UI is supposed to be sanitizing these inputs, so it should be properly formatted (“escaped”) so as not to cause this problem. I can see this value being used both to test the UI (put it in & see if some database code which is intentionally vulnerable to this exploit throws an error) and also to test the database code, for scenarios which do not use a user interface such as loading in data from another application or a programmatic interface.

This technique is not just dangerous because it allows things to be broken; this technique is routinely used to exfiltrate data such as usernames and passwords, credit cards, or whatever other juicy details are in the database. If an adversary can figure out just which poor programming technique was used, and can figure out how errors are presented to the webpage, then they can intentionally cause errors which return data which should remain secret, or they can simply replace the query that’s supposed to do something legitimate (pull back a list of toasters, for example) with a query that returns that sensitive data right onto the webpage.

In any event, once you understand this humor as a programmer, your programming fundamentally changes, as there are only a handful of bad programming techniques which allow for this kind of vulnerability – so, you quickly eradicate those techniques from your practice (and hopefully go back and clean things up in older code). The fact that a huge number of websites are vulnerable to this tells you something (bad) about the competency of people who write and test code. I will not rant here about the many programmers who think about databases as being simply dumping grounds for data, rather than fully-functional programming environments.


Some Jobs are Better than Others

Every now and again I remember a horrible job I’m happy to have left. It’s far rarer that I reflect upon a job I’m happy to have turned down. Let’s do so now.

Hanford 1

The picture above was taken from a parking lot on the Hanford Nuclear Reservation. I was there to basically have a tour of the site, finish up the paperwork, and meet the programming team I was to lead. Some of the contract terms didn’t line up as promised, so I backed out. As news about Hanford has trickled out over the past year or so I’ve found myself very happy it fell through. This is particularly true reading this article about plutonium contamination drifting over the region.

“…site was ringed by 8-foot-tall piles of radioactive debris with little to prevent dust from blowing off.”


Knowing When NOT to Work Hard

Last night I dreamed that I was called upon to give a lecture and I was unprepared. Apparently, though, I have some lectures that I give often enough that I’m able to pull one up on the fly, and my dreaming mind knows that I can always give the standard one I give to junior developers at some point: Be Intelligently Lazy.

Twenty-three years ago, I was working a full-time job doing data entry for a payroll processing company. This involved opening mailed-in timecards, “coding” them (sorting them into piles, basically), and entering their data into a Peoplesoft payroll system, with data entry done on Windows 3.1. After a couple months of doing this, I realized that I was typing the same thing over and over (each district manager had a markup rate, a name, a zip code, a phone number … and the fields probably went right in that order, actually), and it was incredibly boring and stupid, particularly when there was Windows Macro Recorder.

I set about assigning the 12 function keys to my 12 area managers’ information, typing in the information and tabbing through the entry fields as quickly as I could. When I was done and I’d written down which manager was on which key, I could type in the person’s name and their hours worked and then press F5, say, to key in the rest and press “submit” to send the timecard into the database.

My manager noticed this (well, I was probably excited and told her about it) and asked me to do the same thing for the other entry clerks in the group. A few days after completing that, the database administrator came to visit us, to ask what on earth we were doing, because the data used to trickle in all day long and now only came in before lunch (yes: I had cut the data entry time from 8 hours down to 3, for the entire group). When my manager told him what I had done, that was the end of my days as a data entry clerk: I was assigned to work in IT, working on macros in Excel or something.

So, yes: I became a programmer because I was intelligently lazy. That is part of what makes a good programmer: knowing when something can be automated. To be a truly effective programmer, though, takes a whole lot more experience in figuring out automation and figuring out when to automate and – more importantly – when not to automate. This is actually the real point of the lecture.

Your average junior to mid-level programmer will spend a ton of time automating things which could be done via brute-force. This is the classic trap of spending more time building automation than it would have taken to do it by hand. Building the skills to be able to estimate this takes a whole career, honestly. Knowing that you need to do this, though, is something that you can give to one another: simply print out the comic below and show people how to read it.

For example, I read this chart and know that every time I visit someone with multiple monitors, I need to tell them how to use the Window+Shift+Arrow shortcut. Why? Because your average person with multiple monitors will generally spend about 5 seconds 1) restoring an application window, 2) dragging it over to the other monitor, 3) maximizing the window … and they’ll do that at least 5 times per day. When you read those values into the comic above (5/day on the top axis, 5 seconds on the left axis) you get 12 hours spent in that activity over 5 years. In other words: every person I teach this trick will save 12 hours of labor over 5 years. That starts to be some real savings for the whole company, it takes me nearly no time at all, and it makes people really happy to learn as well!

This can also be useful for deciding whether to do projects, and help in deciding the importance of those projects (for example, if one person in your organization spends a day a month doing something that could be automated, that’s 8 weeks of savings over 5 years if you can automate it). That’s a whole other discussion, though it’s the same skill: so, maybe learn that skill, because making those kinds of decisions are important in moving into decision-making roles.

The other thing I tell junior developers in this talk is usually to get over the idea that there’s a perfect tool for things; the perfect tool is the one that gets the job done, and it may be that it’s clunky and kludgy but that doesn’t matter. I give the example here of how I use Excel to load data (I use Excel formulas to build SQL strings), or how I use Excel formulas to write C# code (I wrote some VBA code behind Excel & wrote some SQL code to feed data into Excel, which I’ve used to generate literally hundreds of thousands of lines of repetitive C# code), or how I use Excel formulas to write repetitive HTML (like, oh, a bunch of emails with different names & hyperlinks to their downloads). Even more importantly is the example of figuring out when to brute-force something (“Only 200 photos to crop? We’ll just use a photo editor rather than programming it. 40,000 photos to crop? Let’s write some Python and use CV2 to find the faces for us, so we can crop automatically.”)

There are plenty of examples to give, and plenty of tools that I use on a regular basis… but it basically comes down to using the same old set of tools because I know how to use them and because I’m efficient in using them. Yes, it would likely be faster for me to learn how to use RegEx … that is, if I knew RegEx way better than I do, I could be even more efficient than I am in Excel … but we come back to that chart and decide that it wouldn’t save me more than it would cost me. Likewise, if it’s only a few things & they can be hammered out using something simple, just spend the 20 minutes doing that rather than wasting more than that on building a tool for it.

Applying this kind of thinking to your own coding practice and knowledge acquisition is when you reach mastery: when you can look at a tool or language, determine how long it would take to master, determine how much time it would save you in the tasks you regularly perform, and decide whether or not to invest in learning it. That calculation is something which truly proficient programmers make on an intuitive basis, and which contributes to them sticking to the same things that have worked previously. If you’re conscious and intentional about it, though, it will lead you to some better decisions than, “oh, this is showing up on Hacker News, I should learn it!” That’s not to say that you shouldn’t learn new things (I’m dabbling in Python and convolutional neural networks these days), but that you should be aware that there’s a trade-off and it’s perfectly logical to decide not to learn the cool new tool / language.

So. That’s my usual talk on how to be intelligently lazy.