It’s not Irma La Douce; it’s Irma L’Acide (excuse my French). Nothing sweet about this Irma.
The remnants of the northern eyewall of the Category 2 hurricane hammered Lakeland and Bartow with 100+ mph winds and very heavy rain, moving more or less NNW.
Here in northwestern Hillsborough county, the heavy rain and winds have just passed us by, thankfully and almost unbelievably without known damage - we’ll see in the morning.
Here’s a radar image from Fox 13’s SkyTower radar app showing the tail end of the storm near us, and Lakeland due east in the danger zone of the Category 2 hurricane. Our thoughts are with those in the path of that eyewall.
Signing off until the morning for some well-earned sleep.
Irma is expected to weaken to a Category 1 hurricane by the time it hits Tampa Bay. One of the reasons given is shear: winds blowing from east to west is pushing Irma to the west (again), disorganizing its circular pattern.
This is in addition to the weakening from having its heat engine removed by being over land.
But like Paul Dellagatto of Fox 13 says, you can’t just look at a number and know what a hurricane is going to do locally. Irma still has an eyewall that is on its way. Anything in its path is going to have a tough time. There are also bands of high, gusty winds and heavy rain to deal with.
Irma is a very unusual hurricane.
It has rain bands that span the entire state.
People who have lived in Tampa for multiple generations have never seen the water in the bay recede as far and fast as they did.
In fact, they receded so fast that some manatees around Sarasota were stranded. We saw video of people dragging a manatee on a tarpaulin into the water, where it swam off.
Residents of those areas near the coast are apprehensive about the return of the waters, which come rushing back fast enough to drown unfortunate people who underestimated the speed with which the storm surge travelled.
Irma is also causing flooding along the entire east coast of Florida and beyond, even though the eye is on the west coast. The winds were high enough in Miami to destroy the anemometers measuring then.
Here in Tampa, we didn’t exactly dodge a bullet: We dodged a cannon shell, but a smaller yet dangerous bullet is still on its way.
I feel much more optimistic than I did 24 hours ago. Then, I was fearing a catastrophic Category 4 storm; now I am expecting a Category 1. Speaking of which, the rain is picking up now, and I think the outer bands are arriving.
Updates here may be delayed when power and communications go out.
Irma made landfall at Marco Island near Naples, at 130 mph. That’s really bad for Marco Island and Naples, and we should spare a thought for their misfortune.
Hurricanes seem to be zero-sum entities. Marco Island’s misfortune has improved our outlook in Tampa Bay. Its landfall is much further south than expected, meaning it is expected to weaken as it travels over land towards us. At the moment (and hurricanes are capricious things, so this is not cast in concrete), it is expected to be a Category 1 or maybe 2 when it gets here.
That’s a lot better than 4 or 5.
Irma is a hurricane of epic proportions.
It is so widespread that at the precise instant Irma made first landfall, Miami, 91 miles away from the eyewall of Irma, on the other coast of Florida, was getting 90+ mph winds and large storm surge, putting entire streets underwater and blowing over two cranes (hint: not birds) that were previously believed safe.
It is so big that it is causing heavy rain in Georgia - beyond the northern border of our state.
It’s still expected to dump 10-12 inches of rain over Tampa, and winds will still be a sustained 60+ mph, so it’s no picnic, and we will still be without power for anywhere from hours to days or weeks, but our outlook is much better.
Right now, anyway.
We’re waiting anxiously for midnight, the expected peak of the storm, but we are feeling more cheerful about our prospects.
Well, at least Irma is not tracking directly over our house anymore, although the eye is so big it doesn’t make that much difference.
I’ve been talking to our neighbors and my wife about going to a shelter, and also looking on TV at the people who are going to the shelters. Many shelters are already full, and most of the people there seem to be those who live in mandatory evacuation areas and mobile or manufactured or structurally unsafe homes, or are elderly or unable to take care of themselves.
I also heard a response by the meteorologist to questions asked on Facebook to Fox 13 that asked: is it safe to shelter in place in a house that has no storm shutters or window protection?
The answer was unequivocally that, as long as you are not near windows, in an interior room with no windows on the lower floor (we will be - our laundry room), and the house has concrete block construction (it does), and is not in an evacuation zone (it is not), it will be ok.
None of our neighbors are leaving, even those who have no window protection. They are hunkering down in a windowless room and riding out the storm. They are not stupid people - the ones I talked to are intelligent professionals.
We’ve prepared as best as we can. We have flashlights and lots of batteries for them, charged battery packs for the cell phones, food and water for a while. I’ve uploaded insurance photos of the house and possessions, and most of our important documents, to the cloud. The computers in the house are all off and my work is now on a cloud server. My personal data is on a WD MyBook, which is too big to backup to the cloud, so it’s in my backpack with my MacBook and critical things.
Here’s the bottom line: given that we have a well-built, newer house, and enough drinking water and food for 3 days, we are better off than many people in our region who need shelter and would be displaced by us if we went and we didn’t absolutely have to.
And that is ultimately unacceptable.
As stupid as it might sound, it’s a calculated risk (in an admittedly very uncertain threat model), so we’re going to ride it out. We’ve told our neighbors where we’re going to be, and of course anyone reading this blog knows, too.
It is going to be really rough, with no power, no running water, no cooling, 4 people being stuck in a small room for at least 12 hours and maybe more, and a massive hurricane blowing outside.
It is what it is.
I’ll update as power and communications allows.
For Tampa Bay, the current storm track has worsened the local outlook considerably. No longer going up the middle of the state, the track has moved westwards, threatening the Gulf Coast. From storm winds earlier expected to top out at under 60 mph, the forecast has increased to maxima just under 90 mph, and conditions which were recently unfavorable for tornadoes have become favorable.
People in our neighborhood looked uneasily at my next door neighbor, who had had the foresight to have plywood shutters made (probably long ago), nailing them onto his home’s windows. Like us, they probably wished they had thought of that, too, but too late.
Being from southern Africa, where the only natural disasters are flood and famine, this is terra incognita for me (and there’s much terra).
A grim outlook indeed unless the track swings further away from the west coast out to sea, which seems unlikely.
All SunCoast CU branches closed until further notice:
Due to the effects of Hurricane Irma and the safety of our employees, ALL Suncoast Credit Union branches and the Members Care Center will be closed at 1:00 PM on Friday, September 8th through Monday, September 11, 2017. We will reopen on Tuesday, weather permitting; however, this may change based upon the storm’s progression and emergency management recommendations.
Irma’s track has shifted west around 11 PM EDT last night so that it drives up the middle of Florida. This is a worst-case scenario because nobody walks away unscathed. It all hinges on precisely when Irma makes its right turn, and what the conditions are at that time.
I have friends and relatives around the world who would appreciate knowing my family’s status as Hurricane Irma approaches, and hopefully bypasses, Florida. This blog seems like a good way to publish our status.
I’ve set up my blog so that it lives on Amazon S3 and is replicated by Amazon Cloudfront. My blog source is on a private hosted git repository, and my publishing software (Octopress) is installed on a Linode that has read-only access to the git repo.
I have Working Copy and Byword on my iPad, so I can pull the git repo, update the blog and push it back to the git repo (if I have any Internet access).
To publish to S3, I’ll ssh to the Linode using Prompt, pull the git repo, and run Octopress to generate the update and push it to S3.
It’s probably overkill for a blog that almost nobody reads, but it’s good practice for me.
]]>ovftool
is a command-line utility from VMware that lets one do useful things
with VMs on ESXi and vSphere remote systems.
I had installed ovftool
and was trying to use it copy a VM between two ESXi
servers, based on this useful post from virtuallyGhetto. For various
reasons, it’s often a better idea to use ovftool
for copying VMs than by just
using scp
on the raw files.
Immediately, I ran into a WTF? moment.
$ ovftool vi://root@10.1.2.3/
Enter login information for source vi://10.1.2.3/
Username: root
Password: *******
Error: Could not lookup host: root
Error: Could not lookup host: root
???
This confused the living daylights out of me. This has nothing at all to do with looking up a host.
Right?
Wrong.
Locators. At least, the URI-flavored ones. A locator points to different resource types like VMs or hosts.
When ovftool
gets a URI, it’s more or less of the form
protocol://username:password@host:port/
or protocol://username@host:port/
(protocol
can be one of the standard schemes like https
or file
, or
VMware-specific ones like vi
or vcloud
.)
If ovftool
gets a URI without the password - which I would imagine most
security conscious people would prefer - it quite sensibly prompts for a
password and captures it without displaying it.
At this point, it appears that ovftool
forms the full URI - including
password - and uses that to authenticate with the remote system.
You can see where this is going.
The ovftool
PDF manual clearly notes (but not clearly enough, in my view):
Encoding Special Characters in URL Locators
When you use URIs as locators, you must escape special characters using %
followed by their ASCII hex value. For instance, if you use a “@” in your
password, it must be escaped with %40 as in vi://foo:b%40r@hostname, and a
slash in a Windows domain name (\) can be specified as %5c.
Now I get it.
ovftool
captures the password from stdin and does not urlencode it.ovftool
forms the URI with the unencoded password, and does not check
it for validity.ovftool
uses the URI to contact the remote system.root
in this
case - is considered to be the remote system’s host name.Error:
Could not lookup host: root
.This hypothesis can be proven as follows.
ovftool
at the Password:
prompt;ovftool
does wrongovftool
violates The principle of Least Astonishment. When a tool
accepts a password for input, it is expected that the tool does any
necessary transformations to it prior to using it. ovftool
must urlencode
the password if it obtains it via a password prompt.ovftool
fails to check that the URI is well-formed. The characters that
must be urlencoded in the various parts of a URI are well-known, and it
should be fairly easy to test this.ovftool
echoes asterisks once the
password has been entered, which is ok, except that it echoes the same
number of asterisks as the number of characters in the password. Exact
password length can give a useful clue to a would-be attacker (who would
need to be looking over your shoulder, but still, it’s so easy to avoid
this mistake).A simple workaround is to urlencode the password yourself on the command line. If you have access to a clipboard-copy-paste utility, the entire thing can be done without displaying the password.
Let’s say that your password is my@random pass/+?$#%^&*()-_+={}[]\|;:'”,/?
.
This code snippet will prompt for the unencoded password, urlencode it, and put it into the clipboard, ready for pasting. The advantage of using this over the various command-line urlencoding utilities - that might or might not be available - is that Python is available just about everywhere these days. If not, there’s always Perl.
python -c 'import urllib; import getpass; print(urllib.quote_plus(getpass.getpass()))' | $CLIPUTIL
Possible values of $CLIPUTIL
include
clip
(or redirect to /dev/clipboard
in older versions)pbcopy
xclip -selection c
git submodule
is powerful, error-prone, and often confusing unless it’s used pretty much daily.
Having a cheat sheet can be pretty useful, so here you go.
This cheat sheet is based on a post by Christophe Porteneuve (many thanks).
diff.submodule = log
(so you get clearer container diffs when referenced submodule commits changed).fetch.recurseSubmodules = on-demand
(so you are confident new referenced commits for known submodules get fetched with container updates).status.submoduleSummary = true
(so git status gets useful again when a referenced submodule commit changed).git submodule add <url> <path>
git clone --recursive <url> [<path>]
cd path/to/module
git fetch
git checkout -q <commit-sha1>
cd -
git commit -am “Updated submodule X to: blah blah”
git pull
git submodule sync --recursive
git submodule update --init --recursive
git submodule update --remote --rebase -- path/to/module
cd path/to/module
git commit -am “Update to central submodule: blah blah”
git push
cd -
git commit -am “Updated submodule X to: blah blah”
git submodule deinit path/to/module
git rm path/to/module
git commit -am “Removed submodule X”
]]>This is the in-memory layout of the Erlang list "phi"
.
[112, 104, 105]
As a reminder, Erlang treats a string as a list of small integers; 'p'
, for
instance, is 112
. Don’t worry too much about the bitwise details of the diagram
- we’ll cover those later on.
CAR
and CDR
denote the head and tail of the list, respectively (the Erlang
‘C’ source defines CAR
and CDR
macros, so I’ve adopted the same Lisp-y
terminology).
Each of CAR
, CDR
, and NIL
occupies one word in memory. A word is 4 bytes
on a 32-bit system, and 8 bytes on a 64-bit system, so “phi” uses 2 + 2 + 2 +
1 = 7
words (28 bytes on 32-bit, and 56 bytes on 64-bit).
That’s right: 56 bytes for a 3-character string on 64-bit systems.
This is why Erlang developers routinely store strings as Erlang binaries. For more information, see the Erlang Efficiency Guide.
Let’s dig a little deeper into the memory layout.
Erlang data is represented internally by a typedef
named Eterm
.
An Eterm
(a “tagged Erlang term”) is a data type defined in the Erlang
emulator C code in sys.h
. It is an unsigned integer that is chosen to
be at least as large as a pointer on the architecture for which the Erlang
emulator was compiled.
Tagged values are a clever way of saving memory by taking advantage of memory alignment rules, and using a word as either an immediate value or a pointer, depending on its tag.
An immediate value is a value that is in the word itself, as opposed to one obtained through pointer indirection.
A tag is a fixed number of least significant bits in the word, which are reserved for identifying attributes of the tagged data. Although this reduces the size of the data that can be stored in the word, it more than makes up for it by avoiding or reducing the overhead of pointers and descriptors.
On many CPU architectures, performance is penalized if access is made to data that is not aligned on a word boundary, that is, a 4 byte boundary on a 32-bit system, and an 8-byte boundary on a 64-bit system. This fact often drives designers of memory allocators to place data on word boundaries.
Addresses on word boundaries are even numbers that are multiples of the word size (e.g. 4, 8, 12, … on 32 bits, 8, 16, 24, … on 64 bits). This means that the addresses will have binary zeroes in their least significant bits: the least-significant 2 bits on a 32-bit system, and 3 bits on a 64-bit system. (This is because 4 in binary is 100 and 8 in binary is 1000).
Taking advantage of this, system programmers use these zero-bits to store information about the data, which could be an actual value like an integer, or it could be a pointer. When using a word, the bits are set at the time its data type is decided. If it’s a pointer type, those bits are masked off (zeroed) when the word is used (otherwise it would point to the wrong address).
There are 4 primary kinds of Eterm
:
Eterm
becomes a
header, which is a descriptor of the data, followed by the variable-length
data.CAR
and CDR
.
CDR
points either to the first node of the tail of the list, or NIL
.
CAR
, being an Eterm
, can be a List, Immediate, or Boxed value.Eterm
is a pointer to a Header.Here’s my view of what the various flavors of Eterm
look like for a 32-bit
version of Erlang.
Note the 4 primary types we just mentioned, namely Header, List,
Boxed, and Immediate. They are identified by the 2 least significant
bits (for example, Header is binary 00
, and Immediate is binary
11
).
BIGNUM
has a sign bit, so it really has two
header types).-134217729 < i < 134217728
. This is
the data type used to represent a character in strings, which is why using
binaries to store long strings is much more space-efficient.We’ve already seen Erlang’s list and small integer, so let’s look at some other basic data types.
A tuple is a fixed-size collection of values, somewhat like a struct
in ‘C’.
A tuple is also a boxed value, so it consists of a Boxed pointer (1 word) to
an ARITYVAL
header (1 word), after which appear the elements of the tuple.
The arity part of the ARITYVAL
header is a 26-bit (on a 32-bit system)
integer value containing the number of elements in the tuple. It follows that
the size of a tuple is 2 words + the size of the data following the header.
This is illustrated by this tuple of characters (integers, really).
{$H, $e, $l, $l, $o}
A binary is an interesting Erlang data type, because there is more than one flavor:
A heap binary uses this data structure:
1 2 3 4 5 |
|
<<"0123456789ABCDEF">>
There are two types of pid
: internal and external. An internal pid
refers
to processes on the local node, while an external pid
identifies processes on
remote nodes.
TODO
There are two types of port: internal and external. An internal port refers to a port on the local node, while an external port identifies those on remote nodes.
TODO
It gets interesting when we combine the data types. We’ll look at a tuple of lists, and a list of tuples.
{"phi", "eta", "rho"}
[{$p,$h,$i}, {$e,$t,$a}, {$r,$h,$o}]
Disclaimer
This information is based on an analysis I did of the Erlang C source code on
github circa June 2016. In particular, I looked at erl_term.h
and
sys.h
. I did my best to avoid mistakes, but I’m not an expert on
Erlang internals, so YMMV.
The org chart hierarchy is based on the manager
LDAP attribute.
Required LDAP attributes are, by supported schema:
inetOrgPerson | Active Directory |
---|---|
departmentNumber |
department |
displayName |
displayName |
manager |
manager |
o |
company |
title |
title |
The sections below summarize how to use this utility.
1
|
|
xdot
.1
|
|
1 2 3 4 5 6 |
|
1 2 3 4 |
|
Dear Bank of America,
Your MSB department believes I am a wicked money launderer or something, so you froze my personal account. If I hadn’t been paying attention, it could have been very nasty indeed, but I drained my accounts and left you only $27.08 in the one you subsequently froze. Don’t spend it all at once.
Apparently, my evil scheme was sending monthly child support to my kids in South Africa through XETrade. (By the way, I’ve been doing that since 2005. Oh! The humanity! This is an act that will live in infamy.)
I tried to tell you. I wrote, I called, but you simply ignored the facts.
So, goodbye. I’m breaking it off with you after 17 years. I’ve closed all my accounts with you, not just my personal one. Don’t call, don’t write. I’m not angry or hurt, I just can’t leave my money with you because I can’t trust you any more.
Regards, Me.
How, you may ask, were my nefarious activities (pfft!) finally exposed after a decade or so?
A new Bank of America computer system, I was told. And I learned about the strong arm tactics of the United States Department of Justice. And the sinister Operation Choke Point.
And… well, if you have the time and interest, here’s the back story.
I develop software for a living. Have done for 30 years or so, and I love it. In 1997 my dream of living and working in the USA came true, and I left South Africa together with my wife and child.
One of the first things I did when I got here was open a checking account with Bank of America. What a great name - it’s America’s Bank, right? My heart swelled with pride.
Fast-forward to late 2003. We all get our permanent residence cards, but my marriage is sadly over (amongst other things, immigration is hard on families). My wife and I negotiate a marital separation agreement in which I commit to sending monthly child support payments, helping with medical expenses, and so on. She heads back to South Africa with our two children. It is a sad time.
Initially I pay using wire transfers, but to do this, I need to go into my Bank of America branch every month and fill out a form. It also costs more than I think reasonable.
But the Internet quickly matures and in mid-2005, I sign up for XETrade. Now I can send my child support payments online at any time, for less money, at my convenience. I get better forex rates, which is good for my kids. XETrade gets paid via direct debit from my Bank of America personal checking account.
From 2005 to 2015 I send payments through XETrade every month. I also send extra money for things like birthdays and Christmas; to pay for nursing care for my late mother; and for my elder son’s college costs.
Everything is copacetic. And then it isn’t.
In November 2015 I get a form letter from Bank of America. My personal account activities apparently include some that are “consistent with activity commonly associated with that of a Money Services Business (MSB).”
I don’t know about you, but I’d never even heard the term “Money Services Business” until then.
The letter goes on to warn that unless the innocuously-named 8-page Customer Data Form for MSBs is filled in and returned within 30 days, my account will be frozen and closed.
At that instant, I take the letter seriously. Actually, I kind of lose my shit. For good reason, as it turns out.
The Customer Data Form for MSBs makes no sense to me. It asks questions about “the business” which, of course, I cannot answer, because “the business” does not exist.
I call MSB Customer Service and speak to a “Kim”. I explain that I have no clue what they are talking about and can’t fill in the form, and why are they targeting me like this?
Kim tells me that my account has transactions with Custom House, which apparently raises flags.
“Custom House…?” I rack my brains. Then it hits me: XETrade is a DBA of Custom House. No problem! I can explain everything, and it will All Be Ok(tm).
I describe how I use XETrade to pay child support to my boys in South Africa. I ask how I am supposed to fill in a form to which there are no answers, and she instructs me exactly which boxes to fill in and what to put in there.
I write a covering letter and fax the whole 10-page shebang to the MSB Fax Line. I fax it at least 3 times to make sure it doesn’t get lost.
I get a letter from Bank of America dated November 17 2015, thanking me for the documentation and inexplicably, mind-numbingly, stupefyingly, jaw-droppingly concluding that: “your business activities qualify, under federal guidelines, as a Money Services Business”. Did they literally not get the memo?
It includes a page from my completed data form, advising that I need to provide some extra information, failing which they will freeze my account.
I mean, wtf, right? Wtf,f,f,f,f?!!
At this point I realize that I have already lost the battle. Nothing I say or do that doesn’t involve an army of high-priced lawyers and Scrooge McDuck’s bank vault full of $$$ is going to make any difference.
I go into damage control mode.
I immediately open personal and business accounts at a local credit union and transfer most of my money from Bank of America to the new accounts. I leave only enough to pay outstanding bills and upcoming ACH transactions, and start the tedious process of changing all the ACH details, bill payments, and so on, to use my new accounts.
Now I wait to see what Bank of America does. I fully expect it will freeze my account without further notice.
It doesn’t disappoint me.
On Friday, December 18, I get notified via email that my Bill Pay on my personal account has been suspended. I assume this is because my account has been frozen, as threatened. There is no other notice that my account is frozen. Nothing.
The next day, I call Bank of America customer service. The representative confirms that my account is frozen until I return the required documentation. I politely and calmly tell the representative that it will stay frozen until the end of time, because I am never sending in the documentation. I explain the situation and decline all offers to “fix” it - it’s just blowing smoke up my ass, anyway.
I close all my Bank of America accounts and agree to let them mail me cashier’s checks for anything left in the accounts. I don’t care even if they take it all; it’s worth the remaining $100 to me to have the satisfaction of ending the relationship on my terms. I know Bank of America doesn’t really care about my tiny little account, compared to the impending wrath of the mighty US Department of Justice should they not kick me to the kerb.
Why did it take Bank of America more than 10 years to catch me in the unforgivable act of paying my child support every month? And why is it doing this in the first place?
It turns out that Bank of America recently installed a new computer system that flags “suspicious activities” in customer’s accounts. According to what I read, it was effectively strong-armed into doing this by the US Department of Justice (and FinCEN).
Which brings me to the sinister Operation Choke Point.
Operation Choke Point is
…the U.S. Department of Justice using pressure on the financial system to conduct “a massive government overreach into private businesses that are operating within the law.” bizzyblog
Let’s not mince words: a program that was built upon the goals of stopping financial fraud has devolved into a massive government overreach into private businesses that are operating within the law. … The intention of the government, it would seem, is to make the banks unwilling to deal with the government harassment and simply cut anyone in those industries off from the financial institutions. Nobody is happy about this. techdirt
Which legal private businesses are targeted? Those in “high-risk merchant categories”.
This is the DOJ’s shit list. Where do you think I fit in to this?
Yep - Money Transfer Networks. I committed the cardinal sin of using a Money Transfer Network to send support payments to South Africa, namely Custom House (DBA XETrade), a Canadian company. It seems that Custom House’s operations in the USA are handled by Western Union.
But… but… so what??
According to an informed source, it’s guilt by assocation. I was told that shady underworld types linger around Money Transfer Networks, such as Western Union (Custom House’s US partner). Hey, I’m not knocking Western Union, just passing on what I was told.
What should I have done? According to the same informed source, what other “respectable” people do: send money using the bank’s own wire transfer services. So that’s what I am doing now via my new credit union. I have to phone the credit union and give the details of my ex-wife’s bank account number, SWIFT code, and so on, every time. What - can’t they just save the information? Isn’t that why we have, you know, computers? The response was that it’s policy to have me call in and repeat all that data, every time, and have the phone call recorded.
Isn’t this a steaming pile of crap?
Who knew about all this? I certainly didn’t. But even so, I should be able to send my (legitimate) money to my (legitimate) family overseas any way I like, right? The land of the free and all that?
But if I do it again, the same crap will come down on me, so I dare not.
I have been warned, and hopefully, so have you, dear reader.
Bank of America MSB Customer Service: 1 (800) 213-0236
]]>A fungible resource is a human cog that managers and executives believe they can drop into a business machine to replace an existing cog. In other words, when developers part ways with a company, many managers believe that their replacements can quickly get up to speed and take over where their predecessors left off.
This is rarely true in any substantial development effort.
In his paper, Programming as Theory Building (PDF) Peter Naur - the “Naur” in “Backus-Naur Form” (BNF) - explains that as a program or system is built, the person or team that develops it builds a “theory” of the system. The theory embraces a dimension of software architecture beyond the well-known structural and behavioral views. This dimension cannot adequately be documented, a little like the “Quality Without A Name” cannot be described. No, it’s not woo. Every great developer understands this intuitively. (The paper is highly recommended reading for the patient and detail-oriented).
Naur describes how engineers who took over the development or maintenance of a system would modify it in ways that “make no use of the facilities that were not only inherent in the structure of the existing [software] but were discussed at length in its documentation, and to be based instead on additions to that structure in the form of patches that effectively destroyed its power and simplicity.”
He goes on to write that
“The conclusion seems inescapable that at least with certain kinds of large programs, the continued adaption, modification, and correction of errors in them, is essentially dependent on a certain kind of knowledge possessed by a group of programmers who are closely and continuously connected with them.”
Basically, you can’t throw away the old cog without steadily increasing grinding noises and smoke emanating from the gearbox as the system dies from the thousand cuts of unguided maintenance.
“The death of a program happens when the programmer team possessing its theory is dissolved…. The actual state of death becomes visible when demands for modifications of the program cannot be intelligently answered”.
Sounds familiar.
Does this mean projects are doomed when they lose their “theoreticians”?
Not necessarily. One way to soften the blow is to retain their services in a mentoring and advisory capacity. A caveat here is that if the advisors do not keep closely connected with the project as it changes, they will lose their special knowledge. Even more importantly, teams need to swallow their pride and actually take the advice of the old guard. This needs no small measure of maturity and humility, qualities which are conspicuously lacking in some developers.
So don’t be so quick to let core developers go. They are not fungible resources.
]]>This text is an excerpt from Carl Sagan’s book, Pale Blue Dot: A Vision of the Human Future in Space, 1997 reprint, pp. xv–xvi. The photo was taken by Voyager 1 from the edge of the solar system.
From this distant vantage point, the Earth might not seem of any particular interest. But for us, it’s different. Consider again that dot. That’s here. That’s home. That’s us. On it everyone you love, everyone you know, everyone you ever heard of, every human being who ever was, lived out their lives. The aggregate of our joy and suffering, thousands of confident religions, ideologies, and economic doctrines, every hunter and forager, every hero and coward, every creator and destroyer of civilization, every king and peasant, every young couple in love, every mother and father, hopeful child, inventor and explorer, every teacher of morals, every corrupt politician, every “superstar,” every “supreme leader,” every saint and sinner in the history of our species lived there – on a mote of dust suspended in a sunbeam.
The Earth is a very small stage in a vast cosmic arena. Think of the rivers of blood spilled by all those generals and emperors so that in glory and triumph they could become the momentary masters of a fraction of a dot. Think of the endless cruelties visited by the inhabitants of one corner of this pixel on the scarcely distinguishable inhabitants of some other corner. How frequent their misunderstandings, how eager they are to kill one another, how fervent their hatreds. Our posturings, our imagined self-importance, the delusion that we have some privileged position in the universe, are challenged by this point of pale light. Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity – in all this vastness – there is no hint that help will come from elsewhere to save us from ourselves.
The Earth is the only world known, so far, to harbor life. There is nowhere else, at least in the near future, to which our species could migrate. Visit, yes. Settle, not yet. Like it or not, for the moment, the Earth is where we make our stand. It has been said that astronomy is a humbling and character-building experience. There is perhaps no better demonstration of the folly of human conceits than this distant image of our tiny world. To me, it underscores our responsibility to deal more kindly with one another and to preserve and cherish the pale blue dot, the only home we’ve ever known.
]]>