Opinion: Get used to reading traces and logs before you need them

I used to do a lot of work at the operating system and network level. I was always fascinated watching people use network trace tools when they were trying to debug a problem. The challenge was that they had no idea what was normal activity on the network, and what wasn't.

The end result of this is that they'd then spend huge amounts of time chasing down what were really just red herrings.

When you don't know what normal activity looks like, everything looks odd.

Today, I see the same thing with traces of SQL Server activity, either using SQL Profiler (and/or SQL Trace), and Extended Events Profiler. I also see the same thing with insights data sent to Log Analytics, and the outcomes of many expensive SQL Server monitoring tools.

For example, if you are looking at a SQL Server trace, and you see a large number of sp_reset_connection commands. Is that an issue? When would it be an issue, and when is it just normal?

If I see an sp_reset_connection executed on a connection followed by a number of other commands, I know that the application is using connection pooling. If however, I see a bunch of those on the same connection, without any commands executed in between, I know that the application code is opening connections when it doesn't need to. Perhaps it should be opening the connection closer to where it decides if it needs it.

The key point is that it's really important that you learn to use these tools before you have a problem. You need to be able to recognize what's normal, and what isn't.

 

Using the classic editor in WordPress 5.0

Well today WordPress on my blog site went up to version 5.0. I knew a new editor (Gutenberg) had been coming to replace the classic editor but I hadn't had time to try it. So when it did the upgrade, I happily let it go and install the new editor.

Then I tried to write a post.

Oh my goodness, that was just a horrid, horrid experience. I can see what they've tried to do but it literally took me about five times longer than normal to write a single post.

I actually like change. In fact I tend to thrive on it. I can even imagine how this might help build certain types of pages better. But for someone writing blog posts with a heading, a bunch of text and images, etc. I can't imagine what they were thinking.

Each paragraph has become a "block" and I kept finding the pop-up block headers getting in the way the whole time I'm editing. Perhaps the people who love this don't touch type, or they always write pages in order and don't jump around but I can't tell you how annoying it was.

Worse, it kept deciding that I needed new lines when I didn't ask for them. I'd put the cursor beside an open bracket on a line, click Control-V, and then find it had inserted a newline before the pasted data. I was endlessly editing out things that it pushed in.

And so on and so on.

I kept looking for the "how to get rid of the new editor" posts but the best option now seems to be to use the Classic Editor plugin. Let's just say that's been a godsend. And given the number of installs it already has, I don't think I'm alone on this one.

Recommended !

Opinion: Case sensitivity is a pox on computing

I've been in the IT industry a long, long time. One thing that I've never liked is case sensitivity in application development tools or in database languages.  And it's creeping into more and more places.

I know that will offend some people but hear me out.

I think we're stuck with case sensitivity in languages like C, C#, C++, Java, etc. because that was the easiest way to implement those languages in the first place. As soon as you decide that a language is case insensitive, you also have to decide the internal collation rules. For example, is the letter A the same as the letter a ? But then what about the letter á ?

I get that it's a hassle but humans just don't think in a case sensitive way, and that shouldn't be the basis of designing a language for humans to use. It might be computers that execute it but it's humans that write it, and more importantly, read it.

Now before I have people jump all over me, I'm not talking about case preservation.

It is important to me that if I write CustomerName or customerName, that when the system sends that value back to me, that it shows it the same way that I defined it. That's case preservation, not case sensitivity. I just shouldn't have to request objects or data in a specific case sensitive form. If it's a development tool, just automagically convert it to the defined case. If it's a database, just give me the data.

And I hear the C folk charging along in the background arguing that there's a common standard for backing variables (ie: someProperty) to have the same name as properties, with just a case change (ie: SomeProperty).

Sorry, but that was never a good idea either. There are other ways that we can solve that problem, and I've lost count of the number of times I've seen bugs in code where a property should have been accessed but a variable was accessed instead.

When you break it down to its essence, what case sensitivity does is allow me to have two objects in the same object scope, that differ only by the casing of their names.

You'll have a hard time convincing me that that was ever a good idea.

Opinion: Over-dependence on geolocation is a pest

One of the real beauties of the Internet is its global nature. But ever since we've had it, people keep trying to ring-fence certain locations, and make applications location-aware. While geolocation can be useful, over-dependence upon it is a real pain in the neck.

The first situation where this is painful is in media restrictions. Companies are still trying to enforce country and region boundaries for media licensing.

We need to get past this.

As an example, I'm forced to help pay for the ABC here in Australia through my taxes. I don't begrudge it. I really like the ABC and couldn't imagine the country without it. But what I don't love is that when I'm travelling, they refuse to show me the same content that I watch at home, and more importantly, they're refusing to show me the content that I'm paying for. If I'm watching it on broadcast TV, fair enough, but if I'm watching it on my laptop, how is that reasonable? They've geolocated my network connection and decided that I can't watch it.

I realize that it might not always be them making the restriction. They might have licensed content under similar silly laws. But they also won't let me watch local news, etc. that they produce.

They need to come up with a better way to enforce these restrictions. What does it matter where I am when I'm wanting to watch it?

Google G-Suite is another one that frustrates me with a passion that's hard to describe. The issue with it, is that every time I connect from a different network, even within the country, they block access to my accounts.

Eventually they send me an email telling me that "someone has your password" (I'm thinking No S*** Sherlock, that would be me), and proudly telling me that they've saved me, from myself. And then even though they check with me later "did you block you", and I say yes, they still keep doing the same thing.

And they never learn. Even if I go back to a location where I've been before, they don't remember that.

Worse, the ISVs often have different points of presence, even within the country. If I'm connected to TPG, I could appear to have connected in Sydney,

Awesome image by Dan Freeman
Awesome image by Dan Freeman

and then minutes later, I might appear to be connected in Brisbane.

Awesome image by Wilf Luck
Awesome image by Wilf Luck

Same with my Telstra mobile broadband. To them it looks like I'm suddenly in the Gold Coast.

Awesome image by Asif Aman

Bottom line is that I've often barely moved.

It's only the connectivity of the ISP that's changed. And Google offer no way to disable that, apart from things like 2FA based upon your phone. But then they don't have a good solution if I'm travelling out of the country with a different phone, or am unable to receive SMS messages.

I'm not sure what the answer is as yet, but I know that heavy reliance upon geolocation certainly isn't the answer.

 

 

 

 

Opinion: Banks and Councils cause potential identity theft problems

Banks, Councils, and Government Departments are often lecturing customers about protecting against identity theft, yet they often a indirect potential cause of that threat.

Sending to Old Addresses

This one really frustrates me. When we change the postal address for one of our accounts, they almost always send a letter to our old street address. I can imagine why they think that's a sensible idea, but if we've already left that address, what they are doing is sending our private details to whoever now occupies the house.

How can that be sensible from a security point of view, in any way?

PO Boxes

Over the years, we've had a post box for most of our mail. It just makes sense because:

  • We travel quite a lot
  • Mail hanging out of a street letterbox is a clear sign that someone's away
  • It's way more secure than mail that goes to a street letterbox

And yet banks and councils so often insist on sending things to the street address. How can a dodgy mailbox on the street be a better place to send things than an Australia Post PO Box?

Australia Post PO Box Image
Australia Post PO Box Image

In some countries, PO Boxes have been used to keep things anonymous but in Australia, you have to do all sorts of identity checks to get one in the first place, so that shouldn't be an issue.

All they do by insisting on sending to street addresses is open their customers up to more chance of identity theft.  It's way too easy to steal accounts and other mail from mailboxes outside houses or apartments.

That's often all an nasty person needs to start an attack, and it's the very people who should be helping to avoid it that are causing it. These same account documents are often then the required items for proving or establishing an identity.

This is not reasonable.

 

 

Opinion: Corporate Compliance Isn't Training

I spend a lot of time mentoring on client sites, and many of the clients are large organizations. Often these organizations require me to attend "training" on a regular basis, to satisfy their corporate compliance goals.

I don't mind doing this at all, even though the course on conflicts of interest, or handling private or sensitive data, at company A is invariably almost word for word the equivalent course that I do at company B, and company C.

The ones that I really don't like though, are the ones where the corporate IT security is spelled out like it's obvious, and yet I know that what they're pushing doesn't meet any of the current guidelines that have been created from serious research into the topics. For example, the NIST guidelines on passwords would be a good start.

Training should involve learning something.

The vast majority of staff at the organizations wouldn't learn anything from these "courses" and invariably, the questions that they need to get say 80% correct on, are so mind-numbingly obvious, that I see many staff not even paying attention when the videos are playing, and just quickly answering the questions at the end, to keep their managers happy.

But my biggest issue is that for many companies, almost all the corporate training budget is now going to these "courses". My take on this is that the cost of delivering this material should be in a "corporate compliance" budget, not in anything that pretends to be a "training" budget.

 

 

Basic Photo Viewer in Windows 10 – Where have you been?

I teach SQL Server, BI, Azure, and AI classes on a fairly regular basis, and one thing I love to do is to show attendees images (or photos) of where the application of the technology has gone very right or very wrong. Ever since I'd installed Windows 10 though, that became much harder.

The Photos app that's installed with Windows 10 must have someone who loves it, but that's not me. There seems to be no way to just have it automatically maximize the images, so I'm always showing them, then having to resize them.

What I wanted is an app where I can double-click an image, and it would display it for me, maximized to whatever screen real estate I had available. The old Windows Photo Viewer did that to a reasonable extend, but the new Photos app in Windows 10 just seemed to have no way to do that simple task. I've seen a lot of articles by people desperate to reinstall the old Windows Photo Viewer. Microsoft has been making that harder and harder and even though you can get it working, it doesn't integrate with other things very well.

So the other day, I figured I'd just have to write an app that did what I wanted but thought I'd check the Windows Store first, and I'm glad I did. There's an awesome app called Basic Photo Viewer, and for those that hate paying for apps, even better, it's free. It has an option to upgrade to Pro but there's nothing in that for me at present.

It worked so well, I was wondering where it had been all my life. Well at least since Windows 10.

I set it as my default program for viewing images in Windows, and when I double-click an image file now, I see this:

There's a nice clean image. If I click the mouse up near the top of the screen, the menu bar appears. The top left has this:

 

 

And the top right has this:

There were a few settings that I changed. I chose to hide all pro features (or oddly it lets you set things you can't use), and I chose to have a clean screen by using this option:

The app can also do things like display a slide show by showing all files in a particular folder with a configurable delay, etc. but for me, I just wanted a simple program that displays an image as well as it can, when I double-click the image.

I can't believe I put up with the other app for so long, and didn't go looking for a better one.

Highly recommended !

 

 

 

 

 

Opinion: Having staff stumble around is false economy

One thing that I see time and again on customer sites is staff who really don't know what they're doing in trying to solve a problem, or when they are trying to implement a new solution, yet their company just continues to pay them to stumble around while getting almost nowhere.

I'm not talking about someone who's taking longer to achieve something than an expert. I'm talking about staff who are really out of their depth.

Paying someone to do that rather than getting them help or training, so that they know what they're doing, is simply false economy. Implementing poorly designed solutions is even worse.

An even better option would be to pay someone to sit with them and mentor them while they are doing the work. I have a real preference for this as it allows the mentor to just fill in the knowledge gaps, and after all, it's the staff who will be there later when the solution needs to be looked after.

The real trick for a manager though, is to work out how to detect when this is happening. I see three problems in this area:

  • Often the staff involved will not be keen to highlight their own deficiencies
  • Some staff like to just poke around on a problem or idea as that might be "fun"
  • Often the manager won't have the technical knowledge required to be able to detect the skills shortage and might be blind-sided by the staff

And yes, I understand that at many companies, the training budget is a separate bucket to the payroll. But surely someone must be responsible for the overall profitability (or cost avoidance) at the organization.

I'd love to hear your thoughts.

 

 

Opinion: Design the Business Model, not just the App

I posted the other day about how the pricing of apps has become silly. Most apps are priced so low that there really isn't much income but worse, most don't have a business model for the authors.

I'm sure that many smartphone app developers just think they can offer an app and get a bunch of money in quickly. They don't seem to have thought about what happens beyond that point.

But for both them and the users of the apps, there needs to be an actual business model. 

So many apps require ongoing back-end servers to function, yet they have no recurring funding model within the apps. Users will expect the app to keep working across operating system upgrades to their phones, even though upgrades to the apps will be required for them to still work well. Finally, ongoing bug fixes and security patches need to be funded somehow.

So many vendors ask you for $3 for purchase, yet have no ongoing income to fund back-end services and upgrade coding. They are typically depending on one of two things:

  • There will be a constant stream of new people buying their app so they'll have a good flow of income
  • They'll sell upgrades to the apps

Selling upgrades might work where functionality is added but will be a much harder sell when it's just fixing compatibility issues with later OS versions. Users will see that What I've noted lately though, is that a number of them are starting to realize they really have no ongoing business model at all. Here's an example:

I love the FlightRadar24 on the iPhone. It was cheap to buy and it just kept working, even though they didn't get income from me. Recently though, they offered an upgrade to a new version, but the subtle change was that for the upgrade fee, they'd convert your existing permanent license to a three month subscription for the new version. They're now trying to move existing permanent licensees to a subscription model.

Now they might be really clever and have planned to do all this in the first place, but I suspect that it's more likely they've realized they need ongoing income.

Image by RawPixel
Image by RawPixel

If you're going to design an app, you need to also design the business model. It's much harder to fix that later.

An MVP (minimum viable product) needs to be viable.

Opinion: Just how cheap should applications be?

In a recent post, I talked about my use of SnagIt and how I think people should be prepared to pay a little for applications. I'm endlessly puzzled by people I see stumbling around using free alternatives that don't do the job, when there are good options available.

I had some interesting feedback from that post and it got me thinking further though, about how much we should be prepared to pay for applications? Why is there an expectation that most apps that we use will be free?

The smartphone market is the one that seems most distorted on this. I've seen sophisticated applications that would have sold for hundreds of dollars years ago, being sold for $9. And what do the reviews say?

Great application but so expensive.

The perception is that that application should have been $3 instead. How dare they charge $9 when most apps are $2 or $3.

How did we get to this point? Worse still, the current app stores are making this even worse.

I was talking to a friend in Brisbane recently. He mentioned that he had built an app and put it into an app store. It was being sold for $1.99. When it was being used, it connected back to his servers that he was paying for. After the first month, he'd sold 300 copies and things were looking up. At the end of the second month, there were over 10,000 users connected to his servers but here's the rub:

He'd still only sold 500 copies.

So what on earth had happened? Turns out that someone had reverse engineered his $1.99 app, added advertising into it, and put it back in the app store as a different app, offered for free.

That's just beyond ridiculous, at least if we want there to be apps for us to buy.

I'd love to hear your thoughts.