Code Reviews

A little while ago, I made a mention about a project called Rietveld (and this also applies to ReviewBoard). Today, I finally got a chance to dive a bit deeper into how these two tools work and sadly, it is the opposite of what I would like.

The issue with both of these tools for me is that they work on the concept of diffs. A developer writes some code, uploads a diff and then waits around for people to approve it. After it is approved, the developer then checks the code into the repository. This is a good model in open source projects where people are contributing patches and do not have access to check in code themselves. It is more like a patch management system. It is also a good model in larger corporate environments where controlling everything that goes into the code base is done with QA teams who test these patches before they go into the repository.

That is not how the company I work for works. We have a more agile development process where we are all expected to have at least a decent understanding of the entire codebase. Thus, we are checking in code all day long and diff are emailed to all of us. The expectation is that we read each others diffs and will comment on them appropriately. This is more of an after the fact type system. Sure, some bugs can (and do) creep in because they are missed in larger commits where we don't read the entire email, but I'm not worried because QA should catch those before they go to production, when they do testing in our preview environment.

What I would like is a system that has a log of all changes that go through the source repository. When you log into the system, you see a list of all the changes that have not been reviewed yet and a list of comments that have either been made about your code or you made about someone's code. This would be similar to the list of the diff emails sitting in a folder in my email account. I then have the option of just ignoring a commit or clicking through to see more details about the commit. The details page has a list of the files which were changed and a diff of any text based changes. I can click on any line and make a comment. That comment then becomes an issue for the developer who made the commit. The developer gets an email and has to respond. The only person who can close out the issue is the person who created it in the first place. Both people are bugged in various ways (emails and in the webui) until the issue is dealt with. The social politics around all of this is that these issues become highest priority above all else because code is already into the repository and a release can't be made until all of these issues are resolved.

Update: I posted to the ReviewBoard mailing list and got a very helpful response, but still isn't quite what I want to see (the UI isn't there to support it). Check out the comments on this posting. Crucible is very close to what I want, but costs $$$. Others are interested in starting an open source project.

New Project: svntask

I just created a new super simple project on the super nice code.google.com project hosting called SvnTask in order to have a nice stable codebase that does what I need which is to get the Subversion revision number for a checked out working copy for a project. At work, we don't have release numbers because we aren't really shipping a product. Instead, we just use the Subversion revision number to track changes. Simple concept except...

SvnAnt seems to be unmaintained. There is some other problems like the requirement to pass in a password to do a checkin (ant doesn't have an easy non-cleartext way to do that) and I'd rather just have it use my saved password. It has also always bugged me that they got svn info and svn status reversed.

The recently released Eclipse 3.4 also uses the latest Subclipse plugin which upgrades your working copy to Subversion 1.5 and thus breaks the SvnAnt task with one of those nice classic subversion 'your working copy is too new' messages.

I also don't care about and don't want to mess with javahl. I just want a 100% java solution that uses the nice svnkit library.

Eclipse 3.x and Java 1.6 on OSX

Eclipse 3.x can't run using Java 1.6 on OSX. It is a known issue and probably won't be resolved for a while thanks to the fact that Apple has only shipped a 64bit 1.6 JVM. Thus, in order to get Eclipse 3.x to run with Java 1.6 set as command line default on OSX, you need to do the following:

1. In /System/Library/Frameworks/JavaVM.framework/Versions, symlink CurrentJDK -> 1.6. Leave Current -> A
2. I also changed the location of the java binary to: /usr/bin/java -> /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Commands/java
3. Right/Ctrl click on the Eclipse icon, Show Package Contents, edit the Info.plist file and uncomment the line that says: <string>-vm</string><string>/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Commands/java</string>

Now, you will have the best of both worlds as things stand today. Java 1.6 on the command line and Eclipse running under 1.5. Oh, by the way, if you haven't noticed yet, Eclipse 3.4 is out.

Bill Gates Usability Rant

Gizmodo has a funny email from Bill Gates about not being able to find a piece of software to download. A couple of the quotes from the story:

"So they told me that using the download page to download something was not something they anticipated.

They told me to go to the main page search button and type movie maker (not moviemaker!).

I tried that. The site was pathetically slow but after 6 seconds of waiting up it came."

So, for humors sake, I went to Microsoft's thorn, Google and did a search for "movie maker". The funny part is that the first link that came up is the Movie Maker 2.1 Download link:

Results 1 - 10 of about 12,800,000 for movie maker. (0.18 seconds)

It is a good thing that Microsoft didn't succeed in their hostile takeover of Yahoo because it is the third link on their search engine and took .29 seconds the first time I tried it.

Vuze Friend Sharing Feature

From the Vuze blog:

What is “Friends”?
In case you haven’t already discovered “Friends”, it is a new feature that makes it really easy to share your favorite torrents with friends. All you have to do is to become “Friends” on Vuze and then you can share any torrent with them, without ever leaving the application.

This is probably one of the most important features that has been added to Vuze. Add your friends and now you have your own private tracker without actually having to run a tracker. In addition, your friends automatically get higher priority over other people who are leeching off of you. I've wanted to see a feature like this for a while now because I generally trust my friends taste and the social networking aspects of a BT network is too hard to ignore. I'm 'lookfirst' if you would like to add me.

Corporate Responsibility

I recently complained back to the headquarters about their nasty ass Jason Sea Fresh Toothpaste and they sent me a nice letter and some coupons for more products. Their Sea Fresh mouthwash is excellent though. I applaud corporate responsibility.

Red Listing

At work we found that hackers were trying to brute force our login page. In other words, they were trying every combination of username/password that they could find to gain access to the site. You will often see lists of u&p's on random forums and they were using these lists to hit our login page many times a second. This creates an unnecessary load on the servers which can impact performance for our paying customers. Not a good position to be in.

There is several ways to defend against this attack and the most common one is to display a kaptcha for each login or registration. Sadly, this is a real pain for members because they have to try to type out the kaptcha and often end up failing. Why should paying customers suffer because of a few hackers? In the end, this causes more support requests or people just give up and go away. A far better solution is one that I just implemented that I'm proud of (so I'll talk about it here. heh). I'm sure I'm not not the first person to do this, but the implementation seems pretty rare because I haven't seen many websites doing it this way.

The solution involved creating a simple @Session bean to store state in memory on each of the servers in the cluster. I could use the clustered cache, but so far I haven't seen a need for the overhead of doing that. Using a ConcurrentHashMap, I store the zone the IP address was seen in (optional), IP address, first access time, last access time and a counter. Then, I apply some fairly simple logic to the stored information:

• if someone fails more than 3 times, they are shown the kaptcha.
• if someone fails for more than 1 minute, they are shown the kaptcha.
• if someone fails because they aren't doing things correctly, they are shown the kaptcha.

The first two options have the benefit of allowing people to screw up a couple times before they are required to pay the kaptcha tax. The third option is more like an immediate red listing. I use that when someone tries to send clearly invalid data to our servers.

Right now, I'm watching the logs and things are pretty promising. I'm a bit surprised at how many IP addresses are being red listed, but I think it will decrease with time as the 'hackers' realize that their tricks won't work with us.

Congrats LinkedIn

LinkedIn plans to grow after $53 million deal. Congrats. Now, maybe you can convince someone up high to make the "Who’s Viewed My Profile" section report useful data with or without having to pay an absurd $20/month. Oh and your site is running pretty slowly these days, now maybe you can afford to buy a few more servers. =)

p.s. I still think your social site is one of the most useful on the net and pretty much the only one I use regularly other than yelp.

Cosmopolitan takes on DRM and the RIAA!

Click the picture for a larger version.

Rack and Bags

For my new bike, I just bought the Tour Master Cortech Saddlebag and the Turbo City Denali Rack. Those two links are the cheapest I could find on the net.

The racks came silver colored, so I spray painted them flat black in the basement of the armory. =)





The racks seem really sturdy and putting them on was pretty easy. Although, the instructions were pretty much worthless and I ended up with a bunch of extra bolts cause I was able to use some of the ones that were on the bike already. I think that if I did a really long trip, I'd need larger bags, but this will do just fine for around town. With the gf on the back and all our climbing gear on the rack and in the bags, I can finally flat foot the bike. =)

Vibrator comes to Mars probe's rescue

SFGate comments are always great. Every once and a while they come out with a title for an article that just cracks me up.

Pentagon Wants Kill Switch For Planes

Seriously, I'm more scared by this idea than I am of someone crashing a plane into my house.

New Toy: Garmin zumo 550

Just picked up a new toy, a Garmin zumo 550. I can't wait to get lost with it. As with all new technology, it is always interesting to learn all the little hacks and extra features available on the internets. I'd love to hear any stories people have to offer.

Helicockter

Brilliant use of the Helicockter.

Safeway gas promotion

Whomever came up with this promotion is a rocket scientist. The closest participating gas station where I can redeem the $0.60 I've earned so far, is in Vallejo, 28.18 miles from my house. Really, what were you thinking?

Rietveld

At first glance, Rietveld seems very cool. As someone who spends a good portion of their day reading emailed subversion commit logs, I've always wanted a tool to properly annotate commits with comments. It really sucks having to reply to the diff email and make comments. There is no good tracking system for that except to keep an internal stack in my memory of all the comments I make and then make sure that my co-workers make the necessary changes. With open source projects, it is even more difficult because of the huge number of changes that happen on a daily basis. I can't wait to try this tool out.

Architecture astronauts

Joel's latest rant about Architecture astronauts is such a fun read.

New way to help homeless: Feed a meter

I kind of like the idea of installing machines that take spare change which is then given to the homeless by the city. I never give anyone change anymore because after my experience with the homeless and owning a night club, I know that all it is used for is drugs. Handing someone money doesn't help them get the help they really need. I really believe that panhandling and homelessness in San Francisco is totally out of control. I've done a fair bit of traveling around Asia and Europe in the last few years and I'd say I haven't seen a homeless problem this bad in any other large cities I've seen. Our Mayor hasn't done nearly enough to fight it. Sadly, I do think that the reality of doing something like this in San Francisco is that the machines will be quickly attacked and disabled.

UnsubscribeMe Storm

Today was rather interesting. For the first time in many years, I fell victim to an UnsubscribeMe Storm. First a little back story. Years ago, I was added to an email mailing list for a hair salon a friend of mine once worked at. Puddin gave me a really fun haircut and color that day. Pictures of the cut are even still online. Every 6 months or so, I get one email from the owner of the Blow Salon talking about a new fashion show they are having. No big deal. Hit delete and move on.

Well, for the first time, someone decided to hit reply-to-all with an unsubscribe message. I don't know who setup their mailing list, but they did it wrong (should have done it as an announcement only list) and the message went out to everyone on the list. Hello instant shit storm! Did I also mention that the salon happened to be closed today and it was clear the owner was off relaxing somewhere nice?

Therefore, this storm lasted longer and sent more messages than any other storm I've seen before. The best part is how aggressive many of the people got. Name calling ensued. Threats of action were tossed out. People continued to not read all the replies telling people to stop replying. More name calling. And then the jokes started and I can't say I stayed out of it, way too much fun to have.

First someone created a MySpace account using the address so of course the 'confirm your email address' message went to the list. Nice. So, I created a LinkedIn account figuring that everyone was already stuck together and there was no way out of this mess. Sadly, I wasn't able to read the confirmation emails quickly enough and someone hijacked the account before I could (they probably guessed I made the password 'unsubscribe'). Next up, I sent an email detailing in a very nice language how stupid people are (I got a lot of replies saying how funny it was). Someone else started sending Chuck Norris messages. Classics such as "Chuck Norris destroyed the periodic table, because he only recognizes the element of surprise."

Sadly, here we are at 10pm and this epic journey seems to have ended. Luckily, one of the final emails to the list was mine: Subject: Free haircuts for everyone. Body: If you act fast and respond to the email with 'unsubscribe' in the subject, you get a free mohawk. Everyone else who can't follow the directions gets a mullet. Of course, color costs extra.

Smoking

Did you know that effective July 1st, 2008, in California, smoking in a vehicle where a minor is present is an infraction. Awesome!

PeerGuardian

I just found out about a really cool piece of software called PeerGuardian. It has dynamic block lists of all the bad seeds on "The Internets" and prevents your computer from making connections to them. Before I installed it, I tended to get really bad performance when using Azureus. It took forever to connect to hosts and download speed was terrible! After I installed it and watched it block an ass-ton of hosts, the torrents started downloading immediately and the speed is amazing. I'm so lame. How come it took me this long to figure this trick out?

A Test

A friend of mine recently applied for a job and received the little test included below that I'd like to share. As someone who has to interview quite a lot of people, I thought it was brilliant because I generally do not like programming problems for interviews as they tend to focus on Computer Science style knowledge that doesn't really apply in the real world.

For this very reason, I don't think I could get a job at google (if I actually wanted to), yet I know I am smart and have shipped quite a lot of wonderful useful code. As far as I can tell, they are looking for CS majors, not people who ship great code.

This particular test is more unique than others that I have seen. It isn't a hard problem, if you know what you are doing. Instead, it is a test of how well you can follow directions and think about basic OO code design. I also like the JUnit and ant requirements. There is also several different valid ways to go about solving the problem. Creativity is encouraged.

Another reason why this test is great is because we generally ask for code samples from people we decide to hire. There has been several times now where someone passes the interview with flying colors (ie: great personality), yet they can't code for shit. Really, I have seen stuff like this:

String foo = new String("my string");

if (foo != null) { doSomethingFun(); }

Sadly, showing a complete lack of fundamental knowledge of the Java language. We have also gotten people who send us source code that is copyrighted by their employer!?! Even after we specifically asked them not to send us copyrighted code. Um. Next.

If you are looking for a job, please please please have some quality work to show. The best candidate will have at least contributed to an existing open source project. Even better, create your own! Nothing is more appealing to a future employer than someone who is motivated enough about their profession to spend at least some after hours time working on their own ideas, building communities, sharing knowledge, etc.

 

---

Model a simple class library in Java for the representation of a bicycle.  Show basic OO principles in this class library. Keep the approach simple, and show good balance of class responsibilities. Implement the library for 3 bike types.

Question should be answered by each implemented bike type:

Determine the Max and Min speeds in MPH for the road bicycle, mountain bicycle, and kids tricycle.

• For geared bicycles, Max and Min speeds should be calculated at a given front crank RPM. For Unit Tests, assume 90 RPM.
• For non geared bicycles, Max and Min speeds should be calculated for reasonable human RPMs.

Solution should contain:

Turn in one simple console app that performs the Max and Min speed for each bike type. Use JUnit to do the testing and ant for the build. Use Java5 style generics and collections where necessary. Submit a .zip file with everything in it.

Some things to think about a bicycle for your model:

Road bike

• Light, larger diameter Wheels, smaller width, higher pressure tire:
• Tire size 700c
• Gears, two sets:
• Front: 50-39-30 teeth
• Rear: 11-28 teeth , 10 speeds (11,12,13,14,15,17,19,21,24,28)
• Two wheels
• Rigid front fork
• Generally lighter than a Mtn. Bike

Mtn. Bike

• Heavy, smaller diameter Wheels, Large width, Lower pressure tire, more rolling resistance:
• Tire size 26 Inches
• Gears, two sets
• Front: 48-36-26 teeth
• Rear: 11-34 teeth, 9 speeds, (11,13,15,17,20,23,26,30,34)
• Two wheels
• Has a Front Fork – different travel 4-10 inches
• Can have a rear suspension - different travel 4-6 inches, makes bike heavier
• Generally heavier than a road bike

Tricycle

• Small diameter wheels, multiple sizes
• No gears
• Three wheels

Hints:

• Fixed geared bikes: How Stuff Works Bicycle Gears
• Geared bikes:  How Stuff Works Bicycle Gear Ratios
• Don't worry about wind resistance / road friction / tire friction / hub friction, the details!
• Forget about crank lengths
• Focus on gears and wheel diameters

I've got balls.

Taken at Stefano and Jessica's wedding.

Congrats to the both of them.

530-350-3896 / 5303503896

As I discussed earlier, I am on the do not call list, yet I am still receiving calls from telemarketers. Today I got one from the number above. I just reported it to the do not call list. Sigh, I hate spammers.

Log of calls:

4/10/2008 @ 6:29pm

4/30/2008 @ 1:27pm

Update: I just got another call from this number. Some guy was on the line saying he was from WorldMark and my first response was "Go fuck yourself" which really really pissed this guy off. He then proceeded to ask me why I would say that to him and I said cause I'm on the DoNotCall registry and he is calling me without my permission and because he is a spammer slimeball. Then I hung up. This made him so mad that he actually called me right back! I asked to talk to his boss and he said he was the boss and refused to give me his name. So, if you get a call, just say "Go fuck yourself" and say "Jon says hi."

Interesting software bug

I just happened to be reading about the F-22 Raptor because of a /. article about the F-117A Stealth Fighter Retired. This quote from the F-22 wikipedia article really caught my eye:

While attempting its first overseas deployment to the Kadena Air Base in Okinawa, Japan, on 11 February 2007, a group of six Raptors flying from Hickam AFB experienced multiple computer crashes coincident with their crossing of the 180th meridian of longitude (the International Date Line). The computer failures included at least navigation (completely lost) and communication. The fighters were able to return to Hawaii by following their tankers in good weather. The error was fixed within 48 hours and the F-22s continued their journey to Kadena.[57]

Porn Advertising

At work, I started a little skunkworks project to develop a dynamic advertising system (ie: Adsense for Porn) that was integrated with our affiliate tracking system. When I told people about it, they really saw value in the idea and gave me the go ahead to work on it full time. After about a months worth of work designing the system and writing the code, we now have a tool to create some of the coolest and most intelligent porn advertisements on the net. I really feel that this is going to drive quite a bit of traffic to our websites. Our affiliates will replace their boring static advertisements (for other companies) with ours. Why? Because our sites will convert the best for them and they will have a solid scalable system for tracking impressions, clicks and conversions in real time. Take a look at the bottom of my blog for an example of a really simple NSFW advertisement. Click on the ad and it takes you to the website. Future ads will have the latest trailer video, show the number of minutes until the next live show, show you information about the latest shoot and display all of it in your native language. As far as I know, a system that works like this and gives as much flexibility to the affiliates is a first in the industry. I love it.

Chainsaw Carrier

I'm so happy that my future motorcycle has a product available like this...

Mysterious Sound Waves Can Destroy Rockets

From /. : Mysterious Sound Waves Can Destroy Rockets: This is one of the most important and difficult problems I've ever heard of to solve. Imagine needing to solve this problem so that a $(#*&@# rocket (potentially with humans on board) doesn't blow up (and kill people)! Imagine having to literally invent a way to even test the theory of the problem! These people are way beyond brilliant.

PicLens press release

It has been a long time since my name has been associated with a press release... so I'm pleased to announce a release went out today about the Kink.com PicLens galleries and of course there is a silly quote from me. As a friend of mine noted... it must be a slow news day. Heh.

Hoping you are pleased using the Magic Cone.

Hoping you are pleased using the Magic Cone.