The Joys (Not!) of SonarQube

Published at 22:05 on 9 February 2022

Or maybe I should say, “The Joys (Not!) of SonarQube As Implemented by My Employer.”

SonarQube is a code-analysis system. It analyzes computer code and enforces coding standards. If it doesn’t pass the sanity checks, builds don’t properly complete.

I have nothing in general against coding standards, and I fully admit that the code I write is not 100% perfect. I also have nothing in general against tools to help uncover questionable coding practices.

The problem is the automatic mandatory implementation, with it being like pulling wisdom teeth from an elephant to get any exemptions from.

Consider my recent use of a random number generator. It was in a bit of performance-sensitive code, and the random numbers were not being used for any cryptological or other security-sensitive purpose. The default (crap quality radomizer) Java ThreadLocalRandom class was good enough, plus it had lots of convenience methods for doing things like generating a floating point number within an arbitrary range. So of course I used it.

Nuh-uh, no can do! SonarQube says that’s a security violation. I start inquiring about what can be done to get an exemption, and learn that it’s such a pain I’m better off recoding. So I do that, blowing a half day in the process (I have to implement a bunch of convenience routines missing from the SecureRandom class).

It’s made worse by SonarQube itself being of generally shoddy quality. Its metric for there being enough test coverage so unreliable that a commit can pass muster on a branch, yet get failed when merged to master, even when the result of the latter merge is exactly the same as what was on the branch. That’s right: you have no idea if a merge to master will succeed or fail. Every merge might well prompt last-minute frenetic test-writing.

So I decide to write a boatload more tests, just to err on the side of high test coverage and avoid triggering the wrath of SonarQube. Everything works just fine on the branch, so I merge.

The build then promptly fails, because get this, the new code has insufficient test coverage.

That’s right, SonarQube is refusing to accept my test classes… because they themselves don’t have tests! Can you say “Catch-22” boys and girls?

Again, this wouldn’t be so bad (it would be more humorous than anything), if SonarQube were implemented in an advisory capacity instead of a mandatory one.

Actually, it’s still humorous. If they want to piss away their money on stupid policies that waste productivity, fine. I just make note of all the unnecessary busywork their policies cause and report as necessary when queried about why something takes so long. Their loss.

The Awfulness That Is Airbnb

Published at 16:01 on 27 October 2021

Executive summary: Avoid Airbnb like the plague. Pretty much everything about them sucks.

So, about a week and a half ago, I thought I wanted to reserve a room for a few nights in Vancouver, BC to do some apartment hunting. I decided to check out what was available on Airbnb.

The first thing that happened was the site was almost totally unusable. It is one of those piece of junk web sites that is crammed full of as much badly-written client-side Javascript as possible. I’m sure the site works fine on the high-end gigabit connection at the office where the testing is done. Problem is, not everyone has a high-speed, high-end connection, and the site is so heavy with hidden (and sometimes excruciatingly slow) requests to their servers, without any user feedback that this is happening, that the site is virtually useless on a slow connection.

So I wait half an hour and the site becomes barely usable. I manage to find what looks like a very attractive deal; apparently someone cancelled at the last minute and something desirable is available at a competitive price. I try to reserve it, and at one stage it drops back into two-factor authentication and asks for a cell number to text. I enter my number and receive no text. I try a few more times, then a message comes up that Airbnb is now blocking texts to that number for 24 hours.

So I wait 30 hours, and by some miracle the good deal is still there. I try again, only to discover my number is still blocked. So I borrow a friend’s phone and attempt to use it for two-factor authentication. The first text takes forever to get delivered, so long that I have given up and tried again. That second try causes Airbnb to proudly proclaim it is now blocking texts to my friend’s number as well.

At that point, I write off Airbnb entirely, and give up in disgust.

But Airbnb was not done imposing its suckiness on me. At one stage in that process, it did ask for a credit card number. It turns out that Airbnb, despite pestering me with two-factor authentication and refusing to complete my transaction, did nonetheless try to bill my credit card at that point… from the United Kingdom. Why a San Francisco-based company would instigate a charge from the UK for a sublet in Vancouver, BC is beyond me, but that is exactly what Airbnb did. Seeing a charge from the UK come within mere hours of a charge from Canada, my credit union then decided to cancel that credit card.

When I called my credit union to ask why charges were suddenly failing, they did some investigating, and their reaction was “Oh, Airbnb. They tried to charge you from the UK. We run into this sort of thing often with them. We advise our clients always call us before using Airbnb to stop their credit cards from being cancelled.”

So now I must wait for a new credit card to arrive before I make my next trip north. Fuck you very much, Airbnb.

Upgrading My Wire Strippers

Published at 13:33 on 11 May 2021

Adam Savage (of Mythbusters fame) came out with a video last year singing the praises of automatic wire strippers.

A little quick research uncovered that such strippers work poorly, if at all, on PTFE (Teflon) and THHN insulation. That pretty much killed the deal for me, as I semi-regularly deal with both such wire types. But it got me thinking: stripping wire is something of a headache, because I always chintzed out on wire strippers. I bought some cheapo strippers many decades ago and have used either them or a knife. Stripping wires has always been something of a fiddly process for me.

Conclusion: I could benefit from owning some better tools, and should spend some of my birthday gift money on them. I opted for the Klein No. 11055 and 11057 strippers (yes, both of them, since I routinely have need to strip wire in a wider gauge range than any one set of strippers can accommodate). And let me say, it has been very nice to finally have a proper set of quality tools to do a task I frequently need to do.

Initially, I had toyed with the idea of getting some European-style wire strippers like these, simply because I thought they might be better than the styles used in the USA, and the “not invented here” principle was stopping their adoption. If that were the case, it should be easy to find glowing reviews from the few Americans who had discovered this style of tool. Quite the contrary, however: no such reviews existed, while there were reviews from Europeans raving about the Klein strippers above.

The morals of the story:

  1. If a recurring task has been a continual annoyance (even a minor one) and there exist tool(s) to make it easier, it is probably best to just can the stinginess and buy the tool(s) already. I should have upgraded decades ago; it would have saved a fair amount of frustration.
  2. Do your research. If I had ordered automatic or European-style wire strippers, I would have ended up disappointed.

Crimping versus Soldering

Published at 15:26 on 31 March 2021

The world is full of analyses like this one that confidently perform crimping to be better than soldering. The real world is not nearly so simple.

Yes, a properly executed crimp connection with a quality crimp connector is by all measures superior. The devil is in those weasel words.

Given that it is possible for a crimped connection to be superior to a soldered one, and given that crimping is faster than soldering, why would anyone solder? Soldering when connections can be crimped seems obsolete.

That is how many retail hardware stores promote crimping, often in a big blister pack with cheap crimp connectors and a cheap crimping tool like this one. Well, good luck with that. It takes a skilled craftsman to execute a quality crimp with a cheapo tool and cheapo connectors. It is, in fact, easier to learn to solder.

An anecdote to close: When I worked in IT support, the department purchased a cheap crimping tool, that could crimp both 6 and 8-position modular connectors, and some bulk cable. No longer would custom lengths of cable need to be special ordered.

Those crimps were responsible for trouble ticket after trouble ticket. When I broke the crimpers in the attempt to exert enough force for a quality crimp, I put my foot down and insisted they spend over $100 on a name-brand, quality crimping tool and set of crimping dies. It was money well spent, because the number of trouble tickets dropped to zero on connectors crimped with it.

It’s not that bad with standard wire crimp connectors; $25 or so can get you a good, compound-action, ratchet-based crimping tool. Even then, it’s good to budget in some practicing, and learning how to recognize a bad crimp. But again, that’s not how crimping is sold. Most of those crimp kits don’t even cost $25 total, and no mention is made of skill development.

Personally, I solder. Already have a soldering iron and know how to use it as a result of messing with electronics for many years, and I don’t splice wires often enough to justify the expense of a crimping tools, the clutter managment headaches of maintaining a stock of crimp connectors, and so on.

New Honeywell Round Thermostats Suck: Do Not Buy

Published at 13:48 on 21 October 2020

I ordered one to use as a mechanical, low-voltage thermostat for my electric heating after I converted it to low-voltage control. It came up on my Amazon product search, and had what seemed to be a decent rating of 4.2 out of five stars. That, plus the appearance of familiarity with the product (I have lived in homes with older versions of them before) prompted me to choose it.

Big mistake! Turns out it’s not a mechanical thermostat at all; it’s an “intelligent” (I use the term very loosely here) electronic one, complete with a printed-circuit board hidden inside. It’s just disguised to look like a traditional mechanical thermostat.

If Honeywell had properly engineered such a design, there would be no problem. But they did not. Look at the actual written reviews for it on Amazon’s product page and you will see something unsettling: a large number of one-star reviews, with those bad reviews rated as being the most helpful.

For further amusement, go to the HVAC-TALK site, feed “Honeywell CT87” into the search box, and you will be rewarded with some archived discussions of this model by HVAC professionals. The general consensus is that they are junk and should not be installed.

The main problem is apparently how the firmware emulates a traditional mechanical thermostat’s anticipator (a tiny electric heater inside a thermostat that “anticipates” the tendency for heating systems to overshoot past the set temperature). It assumes a fixed and unrealistically rapid rate of temperature increase when the heat comes on. It works OK if it’s barely cold enough to need to run the heat, but as the outside temperature drops, it gets less and less accurate; you have to set the thermostat ever higher to get the same inside temperature. This has apparently even caused frozen and burst pipes for some homeowners!

To make a shitty product even worse:

  • They have an internal, undocumented lithium battery that will die within a decade, degrading performance further.
  • They have an undocumented power-stealing design that is incompatible with some systems.
  • The case design, in contrast to the traditional Round case, has poor air circulation which makes for poor sensitivity.
  • The temperature-sensing thermistor is mounted directly on the circuit board, making its sensitivity to air temperature worse yet.
  • Their circuitry is unreliable and prone to failing entirely within a year or two.

Honeywell Round thermostats didn’t used to suck; in fact, they used to be the most popular thermostat out there, and would last decades. That was when they were mechanical. But that design used mercury switches and ended up getting banned*. Instead of choosing to go with a mechanical magnetic snap design, Honeywell chose the electronic route, and badly botched it.

* For good reason. Mercury is toxic, so old mercury thermostats should be recycled. Instead, they generally end up in the trash, causing toxic waste problems.

What’s infuriating is that this has been a problem for most of a decade, and Honeywell is still selling these defective-by-design pieces of junk, apparently because I am not the only one suckered by their retro appearance into believing they are simple, mechanical, and reliable.

Caveat emptor!

Using Your Cell Phone in Canada for Less

Published at 19:08 on 25 January 2020

If you live in the USA, it’s easily possible to use your cell phone in Canada, but the most straightforward way of doing so (roaming) is unfortunately very expensive. Virtually all U.S. cell carriers consider any sort of international roaming to be a high-end feature. Either you will pay an exorbitant fee per day or per call to use it, or you will pay an exorbitant fee (i.e. at least $50 per month) for a high-end plan that offers roaming without such extra fees.

If, like me, you’re a cheapskate who has traditionally received cell service via a discount plan like TracFone (which doesn’t offer international roaming at all), the prices are likely to make you say “Ouch!” They sure made me say “Ouch!”

For years, I stuck with TracFone despite living in a state that borders Canada, and just put up with being out of cell coverage range whenever I was in Canada. Recently, however, I moved further north, to a county that borders Canada directly. The closest big city to me is now Vancouver, so if I want to do big city things, odds are I will be traveling to Canada to do them. Furthermore, my parents are getting evermore elderly and frail, so it is getting evermore unacceptable to be without cell service.

My solution? Forget about roaming, and just buy a discount cell plan from a Canadian carrier. I did some research, and subscribing to the least expensive plan by Public Mobile increases my monthly costs by less than half the amount that any option for purchasing the right to roam in Canada would. Public Mobile is basically Telus’ discount brand, which is important because cell coverage in rural areas of Canada is often quite spotty, and Telus has the best coverage in rural B.C.

The silly bit is that I’m now paying more for the right to use my cell phone in Canada than I do for the right to use it in the USA, but that’s more a function of what a screaming deal TracFone is than what a raw deal Public Mobile is. Canada’s cell charges tend to be high simply as a result of Canada being large and sparsely-populated, which results in fewer users having to bear the costs of maintaining a large network.

There are some catches, however:

  1. Calls to my U.S. number won’t follow me into Canada; my Canadian service plan comes with its own separate Canadian phone number. For me, that’s a minor drawback: I can simply tell anyone who has business being able to contact me to use my other number when I’m in Canada. For someone whose career depended on always being available at a given number, it’s not so minor a drawback.
  2. I had to install a SIM card from my Canadian carrier into my phone. In my case, that was a minor issue, as my phone has two SIM slots in it. If I had a phone with only a single SIM slot, this probably would have prompted me to buy a new phone (which would easily pay for itself within a year from the savings it would enable). I definitely would not want to fiddle with swapping SIM cards each time I visited Canada.
  3. If you have a phone you purchased from a cell carrier, you are most likely shit outta luck: most phones sold by carriers have been deliberately crippled so as to not work on any other carrier’s network (I purchased my phone from an electronics retailer, and purchased a SIM card from TracFone separately).
  4. If you are a Verizon customer, you are probably shit outta luck. Verizon uses a nonstandard technology that other carriers do not use, so many Verizon phones could not be made to work on any other cell network even if they were somehow unlocked.

One final thing: if you go to the web sites for most Canadian carriers and attempt to order a SIM card from them, you will discover that they absolutely refuse to ship such things outside Canada. My solution was to wait until my next trip to Vancouver and visit a London Drugs outlet (they sell Public Wireless SIM cards). Once you have the SIM card, Public Wireless will happily let you register it to a USA mailing address, and associate it with a USA credit card.

I think there’s a few entrepreneurs importing Canadian SIM cards and offering to ship them to US addresses, for a fee, but the key here is for a fee. Being a cheapskate, it was easy enough just to wait until my next trip to Canada and buy one in person. I then went to a nearby coffeehouse with free WiFi and used my phone to register itself for service. It was activated and on Telus’ network within an hour.

The Shoes Start Dropping

Published at 22:09 on 16 December 2019

Today, Boeing announced that they will “temporarily” stop production of the 737 Max.

Note that I put “temporarily” in quotes. I predicted last April that the only lasting fix for the 737 Max will involve the scrap aluminum recycling industry, and I am sticking by that prediction. It may take an ill-considered recertification of that aircraft, followed by the loss of more lives, to seal its fate, however.

Yes, It’s a Cult

Published at 10:44 on 2 June 2019

Many cults have their members dress distinctively in public. Here’s one stereotypical example from the 1960’s:

How is that fundamentally different from this (snapped recently on the ferry one afternoon):

Answer: it’s not. Not so far as I can tell. Both expect you to turn over your life to the cult. With cult religions, it’s rituals and faith-based beliefs in things that cannot be proven. With cult employers, it’s the cult of high technology.

Both cults expect you to devote your life to the cult, wearing the clothing the cult provides, and devoting your “free” time to activities the cult approves of, generally ones that support the cult’s mission.

And I think that, in addition to my age, is really hurting my employability. I have my lifelong interests, and I’m not interested in putting them on the back burner in the name of prioritizing any cult’s interests (no offense, geeks, but role playing games and science fiction simply don’t interest me). I’ve developed my own idiosyncratic sense of personal style, and I’m not interested in changing it in order to become a human billboard for some business. I regard social networking as a baleful influence on society, and participate in it only reluctantly, under an assumed name. I firmly believe that what I choose to do in my unpaid hours is none of any employer’s business.

If you value your personal liberty, you don’t belong in a cult of any kind. It’s just that simple.

Intellectual Property Stupidity

Published at 11:37 on 17 May 2019

So, I recently modified two existing software tools a bit and connected them together with a shell script to make a tool to extract individual TrueType fonts (.TTF files) from a TrueType font collection (.TTC file).

And the Property Rights Über Alles crowd immediately took offense, because this is a tool for “piracy.” Purportedly, simply because I am extracting files from what amounts to an archive I am creating an unauthorized derivative work, in violation of the copyright on the fonts.

I say bullshit. The fonts were in TrueType format before my extractor operates on them, and they are in TrueType format after it does. All that changes is what was a single file becomes multiple individual files. That’s it.

Really, now: If this “violates” the “terms of the license,” then you can’t even install software (including fonts) legally in the first place. Because how do installers work? By extracting files from archives, that’s how!

On top of that, just how are glyphs rendered? By reading the information in font files, copying it into memory, and doubtless in many cases normalizing it into a standard form in the case of software that supports multiple font file formats. That, too, is the dreaded and forbidden act of extraction. Worse yet, it is followed by the modification of the extracted data, producing an unauthorized derivative work (according to the property rights über alles crowd)!

It gets worse: the internal coordinate system in font files has nothing to do with the coordinate system on a screen or a printed page. Multiple scaling (multiplication) and offset (addition) steps must be performed in order to render text at the desired size and place. And if you print the text, or render it into a PDF, yet more transformations are performed on that raw data. And I haven’t even gotten into all the transformations that must happen if you send your text to a printer.

The biggest difference really is, the files from my extractor linger indefinitely on the filesystem, instead of being fleeting data in main memory somewhere. Even that’s not completely unique to my case, however: PDF documents contain stored fonts in a persistent and transformed form.

PDF documents must contain font data, in order to serve their intended purpose of being “softcopy hardcopy” that remains true to their intended format everywhere they go. If they didn’t have embedded fonts, they would fail in this purpose on any computer that didn’t have the needed fonts present. The fonts in PDF documents are transformed both to save on space, and to limit the utility of the embedded fonts for piracy.

As in the case of PDF documents, my extracted font files shouldn’t matter, and I doubt it does. Unless I distribute the extracted fonts (and I don’t plan to), they are private, internal data used by a few applications on my computer, nothing more.

That so many people are apparently incapable of seeing this just points to how divorced from reality the status quo has gotten when it comes to property rights.

No Surprise

Published at 15:45 on 6 May 2019

In the least surprising news development since the Sun rose at the forecast time this morning, it turns out that Alexa and Siri are, in fact, home eavesdropping devices.

George Orwell was an optimist. In Nineteen Eighty-Four, everyone had a telescreen in their home because the government forced them to. In today’s USA, people agree to it because advertisers have convinced them it’s personally convenient.