Subscribe: secretGeek
Added By: Feedage Forager Feedage Grade B rated
Language: English
connection  console  don  end  front end  front  lot  machine  net  new  npm  oracle  people  powershell  run  time  windows 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: secretGeek

Copyright: Copyright 2016 Leon Bambrick

Television Bankruptcy

Thu, 24 Nov 2016 05: 08:44 GMT

I am declaring myself bankrupt on consumption of new media.

In particular I've declared television bankruptcy. Heard of some amazing new show? I don't care anymore. My ears are shut.

It also means that I can't ask anyone else to avoid "spoilers" on anything. I just assume up front that if I haven't watched it yet I may never watch it: even if it's a new seasion of show I love. Spoil away. I'm a TV bankrupt, I can't take any new loans against future viewings.

On the plus side, this frees me up to read about stuff on wikipedia in advance of seeing it though... some things I think I enjoy reading about more than actually watching, for example, critically acclaimed films from before the 1980s... often boring to watch, but interesting to learn about. (Putney Swope in particular springs to mind)

Same for books. I have a short amount of time each night (Min: 0, Max: 20, Mean: 3, Unit: minutes) to do any reading. I need to find really choice material that will hold my attention for possibly months on end. I'm still working on deciding what to put into this gap.

Mostly for the last year or two I've been reading a steady diet of Sci-Fi. But it's hard to find anything good enough when the diet is so limited. I'm now in the category of "If you only read 1 book this year... make sure it's...${this_book}"

Book suggestions welcome. (Spoilers about television shows are also permitted.)

The Joy of Making Simple Edits to Microsoft's Docs

Wed, 16 Nov 2016 07: 05:47 GMT

.bb1 {border:1px solid #888} When working on the previous blog post, I spent some time at microsoft's documentation site, where I noticed a small error: two similar articles had their titles swapped with each other. As in: Foo had Bar's title and Bar had Foo's title. Usually you see an error like this and just move on. But the edit button caught my eye, and I decided to try fixing the mistake. I was pretty apprehensive because these kind of things so often lead to yak shaving, and my current schedule does not permit the shaving of yaks. So I clicked 'edit'. This took me to a github repo containing the source file, written in markdown. Hey, I write everything in markdown these days, so this looked promising. I backed up and soon found a page describing how to contribute. Reading the description there, a tiny bug fix like this doesn't require too much work. I "forked" the repository: ...and then cloned the fork of the repository onto my local machine, with: git clone UPDATE: There is a much simpler way to do this, that avoids the need to press 'fork', or to clone onto your local machine. It is detailed at the end of this article in a P.S. I found the files that need to be corrected, made the correction, and then committed the changes locally: git add * git commit . -m "title of and iis-with-msdeploy were back-to-front." Double checked that the changes I'd made were the right ones, by inspecting them again... git diff --cached Then pushed the changes back to github, so that my online forked version of the repository was correct. git push At github, in my fork of the repository, I clicked on 'New pull request' which led me to a page where I could see how my fork differed from the original repo. I reviewed the changes once more, then clicked the 'Create pull request' button. I wrote a brief description of my change and then sent it into The Ether by clicking the first green button I saw. Off it went. Wheeeeee! My pedantry, embodied in digital form, zipping around the globe. Back in the original repository I saw a fleet of bots spring to life, checking and analyzing everything that was happening. One of the bots noticed I was a first time contributor, and asked me to digitally sign a contribution license agreement. It even gave this helpful guarantee "I promise there's no faxing" which was a nice touch. I was then whisked expertly through a DocuSign process where I gave a website enough details about me that they could prepare the paperwork for this contribution license. It arrived in my inbox a minute later. I signed what I needed to sign, digitally, and was amazed that some team of people, somewhere in the world, had designed this well enough for legal hoops to be jumped in mere moments. This sort of baloney would've eaten up a week, easily, not too many years ago. While I was busy doing the signing, the bots were hard at work verifying everything else, and I noticed from other emails that the bots were now happy, and had decided to forward my pull request onto their human masters. I felt oddly nervous at this point. Battle scars from years of forum administrators shouting that a question has just been asked in the wrong forum, or from bureaucrats rejecting work because form 27B is not filled out in triplicate... a knot formed in my stomach as I prepared for a tiny little rejection, of this tiny little contrib. Shortly thereafter there was a kind response from the original author, who was happy with the contribution, and the deal was done. It was a good feeling, good enough that I felt inspired to write about it, at a time when I do not have time for writing about things. You know me: I usually just take pot-shots at microsoft from afar, and have plenty of fun doing it. But now, this increasingly open microsoft lets me make positive contributions instead. And having done it once, it will be easier in future. I hope that this extremely detailed walkthrough will inspire you to consider making a tiny contribution t[...]

6 different ways to run an core web application

Tue, 15 Nov 2016 07: 57:26 GMT

Gratuitous self promotion: Joseph Cooney and I will be talking about running core on Linux, at the upcoming DDD Brisbane conference at 4:05 pm, 3rd of December, less than 3 weeks from now. Now that you've suffered through the advertisement, here's some content. PLEASE tell me if I say anything misleading in what follows... if I'm going to stand in front of people and pretend to be worth listening to, I want some rigorous vetting to occur first. Tell me leon, what are all the ways you can run an core web site? Well I don't know all the ways, but I do know 6 different ways! Get your head around this lot (even if it requires extra background reading) and you'll understand a lot about how core sites work. Visual Studio F5 If you're developing an core website in Visual Studio, then you might run it by pressing F5, for debugging purposes. But that's not the only show in town... Commandline "dotnet run" Your website is really a dotnet console app, that self-hosts a website using a tiny webserver called Kestrel. (There's a lot to unpack in that sentence, but just let it wash over you for now) You can run it, from the console, by calling dotnet run from the folder that contains the project.json file. The output in the console will say something like: Now listening on: http://localhost:2000 So if you then browse to http://localhost:2000, you'll see your website (and the console will show logging info about your visit) dotnet publish → cd bin{...}\publish → dotnet YourProject.dll On your local machine, you can prepare the application for deployment by running "dotnet publish". This builds the application artifacts, does any minification and so forth. If you don't specify where the published results go they will end up in YourProject\bin\debug\netcoreapp1.0\publish If you go into that folder you can run the resulting artifacts by calling: dotnet YourProject.dll Note that you don't call "dotnet run YourProject.dll" -- leave out the run for this one! So the commands in full (starting in the folder that contains the project.json file) dotnet publish cd bin\debug\netcoreapp1.0\publish dotnet YourProject.dll IIS You can host it in IIS. I've never done this and don't intend to. Me and IIS are parting ways for now. But it can be run by IIS. More info here: Publishing to IIS and here: Publishing to IIS with Web Deploy using Visual Studio. Running on Linux, from the console.... "dotnet YourProject.dll" You can grab the artifacts from your local computer's "publish" folder (created in step 3), and copy them onto a Linux machine (using a technique such as SSH, scp, sftp). Then you can run it in the console, exactly the same as step 3: dotnet YourProject.dll (This assumes that you have have .net core installed on that linux machine already, instructions here.) From a different console attached to the same machine, you can view the website by running, for example: curl http://localhost:2000 ...which isn't the most comfortable way to surf the internet. But since our webapp isn't accessible from the open internet, it's about the best you can do at that point. Also, as soon as that first console window is closed, the application will stop. So this is not your final production technique. For that.... Running properly on linux, with supervisor + nginx In Linux you can configure supervisor to run your application (and keep it running). This is analogous to the work that Application Pools do in Windows land. And nginx is a popular webserver, analogous to using IIS on Windows. The two work together to run your application and deliver webrequests to it. You set up nginx to receive requests from the internet and pass them on to your application (i.e. to "proxy them" through to your application, also know as acting as a 'reverse-proxy') Details about using supervisor, at Supervisor... it keeps your app running! To learn h[...]

Have you ever seen the International Space Station?

Sun, 30 Oct 2016 07: 30:54 GMT

The International Space Station is a gigantic space base, the largest artificial object in space, and there are people on board! Real actual people, all the time. Ever since the year 2000 it has been continuously occupied, with anywhere from 3 to 10 people.

It zips around the earth, 350 kilometers above the ground. It moves so quickly (about 30,000 kilometers per hour) that there is no gravity (well, only a tiny bit of gravity) and it completely orbits the Earth 15 times a day (once every 92 minutes... in the time it takes you to watch a movie, that station goes right around the Earth!)

And one of the best things about it is that when the conditions are right, you can see it very clearly from Earth, without using a telescope or binoculars. The best time to see it is just after sunset, when the sky is getting dark but the ISS is up high enough to still catch the sunlight. It can appear far brighter than any other star. It travels from one side of the sky to the other quite quickly, in about 5 minutes.

My 6 year old daughter told me last night, "When I grow up I'm going to be an artist or a scientist, and if I'm a scientist I might get to go up on the ISS." (My ten year old said "Oh suuuure" because she's currently studying for her masters in sarcasm, which some very talented kids receive by age 13).


If you want to see the ISS for yourself, these are the steps:

  1. Sign up at Spot the Station — and NASA will email you every time viewing conditions are favorable from your location.

  2. Get a smartphone App such as SkyView (SkyView on Apple Appstore, SkyView on Google Play store) which helps you locate astronomical bodies.

  3. When you receive an email from Spot the Station create a reminder to tell you when to go check the sky. For example you might receive an email at 08:00 telling you the ISS will be visible at 19:00 that night. So immediately set a reminder for 18:55, to make sure you don't forget.

  4. At the appropriate time, head outside, and use your app (such as SkyView) to locate the ISS.

  5. Be amazed and filled with awe.

By the way, even if you don't do any of the other steps, you should check out SkyView (SkyView on Apple Appstore, SkyView on Google Play store). It's very handy being able to locate planets, stars etc, and you learn a lot.

And here's an example of the email you get from NASA. It's so succinct that if you don't remember signing up you won't realize what it's talking about:

26 Oct (1 day ago)
to: me 
Time: Wed Oct 26 7:15 PM, Visible: 6 min, Max Height: 88°, Appears: 11° above NW, Disappears: 15° above SE

Teach kids (and adults) to master algebra with DragonBox

Fri, 22 Jul 2016 07: 24:57 GMT

Lately I've been playing with an app called DragonBox. This game has expanded my mind.

It presents itself as a simple game, with a level structure and game play reminiscent of Angry Birds. The first few puzzles are very easy. Slowly, as the game progresses, new rules and abilities are introduced. And each new rule or ability is oddly specific, maintaining a pleasing kind of symmetry. Every time you solve a puzzle, or master a new ability, there is a satisfying feeling of victory.

Slowly, over many levels the complexity of the rules are increased, but always in a fun and engaging way. And slowly the style and appearance of the elements in the game transform from boxes, critters and dice, until eventually, ever so gradually, they become letters and numbers, and you see that what you have been manipulating all along are equations! Beautiful wonderful equations!


I found this app because I was playing with Tangle. What is Tangle? Tangle is a tool from Bret Victor for creating 'Explorable Explanations', and somewhere in my reading, someone mentioned DragonBox.

I was playing with Tangle, in order to create this minimum price calculator, as part of that damn book I'm still damn well writing.


Building a minimum price calculator was a lot of fun. I finally got all of the ideas about costs clear in my head, ten years after writing my actual first product. Costs. Boring, but crucial. I've done what I can to make them fun. Have a play.

Or if you would rather learn algebra than build a product, play with dragonBox instead.

Improvements to the Way MessageBox works, in latest Service Pack for Windows 7, 8 and 8.1

Thu, 07 Jul 2016 17: 06:52 GMT

No doubt you are all familiar with the way the 'System.Windows.Forms' MessageBox behaves in all versions of the .net framework.

For example you type this code:

MessageBox.Show("Please click OK.");

And you get this result:


With the upcoming service pack for Windows 7, 8 and 8.1, improvements to the System.Windows.Forms.dll mean that the style of messagebox will be altered slightly. The exact same code:

MessageBox.Show("Please click OK.");

Will produce this slightly altered dialog.


The service pack is being automatically deployed during a forced reboot as soon as you finish reading this sentence.

Post Slackathon Wrap up

Fri, 24 Jun 2016 05: 40:07 GMT

It seems an eternity ago now, but just last weekend a very special event occurred: we held the inaugural Stupid-Ideas Powershell Slackathon, where people from around the planet came together to build and share frivolous things with Powershell. You like numbers? Here's the numbers: 87 people asked to join the Slackathon and were sent slack invitations. 71 of those people answered their invitations and joined the slack site. On the actual weekend people contributed: 35 separate folders of powershell code that are publicly available for your reading pleasure (detailed below). 45 files within the slack group (snippets, images, etc) The publicly available contributions came from 14 different people. One thing that surprised me was that some people didn't talk in slack at all, but quietly contributed really interesting code, which spoke volumes. There were also 7 "profile.ps1" files that people chose to make available. These are great reading for anyone who lives by the slogan: Live fast, die young, leave a well maintained profile.ps1 file. And there are prizes! Prizes, yes! People seemed to contribute for the sake of contributing, so I don't want to over-emphasize the prizes. Any contribution is a thrill. In the end I went ahead and sent a NimbleText Bundle (NimbleText + NimbleSET) to every one who contributed public code. But to award the other sponsored prizes, I put all of the contributions (see below) into a spreadsheet and assessed them all on a range of criteria. After much deliberation, here's how the remaining prizes are distributed: Prize for Slackathon Fever The 'slackathon fever' prize was awarded for most contributions and highest points total. The prize for this is a copy of Douglas Finke's book: Windows Powershell for Developers (O'Reilly). I have the envelope here. The winner is... It's a tie! Two people with the same number of contributions and equivalent overall score: Prateek Singh and Douglas Finke! Well, I suspect Doug already has a copy of his own book. But he will now have to send a copy to Prateek as well. So Wrong It's Right! The 'so wrong it's right' prize is for misuse of technology. This was hotly contested, and I was torn between a few. I ended up awarding it to a very deserving though simple entrant: Ken Erwin, with his Favorite Drink script. Unless the team from Chocolatey issue a protest, Ken will receive a Chocolatey Pro license. The Toppest of the Top! This is the big one, the toppest of the top prize also brings a Chocolatey Pro License, but on top of that you get a profound sense of shame and a permanent blotch on your resume. The winner of this was Glenn Sarti for 'Ascii Art Conversions'. Finally, here's a list of all the contributions and who to blame. (If you want your name redacted just send me 15 bitcoin) table.blame_topic { margin-left:20px;border:1px solid #CCC;padding:5px;border-collapse:collapse} table.blame_topic th { text-align: left;padding:5px;background: #FFF;} table.blame_topic td {padding:5px;} table.blame_topic tr:nth-child(odd) {background: #F2F2F2;} BlameTopic Glenn SartiASCIIArt-Conversions Doug FinkeAskWolfram Chris HuntAudioPeakLevelMeter Glenn SartiBieber Doug FinkeCentralLimitTheorem Lee HolmesDefiant Ken ErwinDevOpsLibrary Lee HolmesDominos Doug FinkeExportDataTable Ken ErwinFavorite-Drink Prateek SinghFind-UnsecureWIFIConnection Prateek SinghGet-Celebrity Prateek SinghGet-Joke Prateek SinghGet-Nutrient Doug FinkeGetChange Doug FinkeGoogleAndBingMaps Prateek SinghGoogleMaps Prateek SinghHangman Justino GarciaInvoke-Chipotle Glenn SartiInvoke-Yolo Doug FinkeMaze Leon BambrickOut-TShirt Joe BeaudryPosht-ly Leon BambrickPowerSpell Brandyn ThorntonRussian-Roulette Prateek SinghSet-RandomBackground Chris HuntSingleSampeMajority Doug FinkeSpellingCorrector Prateek SinghTest-AdultContent Ken ErwinTic-Tac-Toe Leon Bambrickmagic8ball Doug Finkemoonphase Leon Bambrickmusic Paul L[...]

Less than 3 days until the Stupid Ideas Powershell Slackathon.

Tue, 14 Jun 2016 16: 57:24 GMT


What's that?

It's a newly-coined portmanteau of the words Slack and Marathon. It's a lazy, online event, where people from around the world give as much or as little time as they can spare over the course of a weekend, to achieve Stupid And Entirely Un-Noteworthy Things, with any kind of tenuous link to PowerShell.

Why should you join?

So far there are 53 people who've joined the slack channel (and a further 23 who are yet to accept the invitations they requested)

And these 53 people seem to mostly be very clever and knowledgeable bounders, brimming with knowledge on the PowerShell. They're all very keen to help any inexperienced dabblers, so I hope that anyone who hesitated join before will now jump in while they can, knowing that they'll be well supported by a super helpful team.

Enough jibber-jabber Leon, how do I join??

src="" width="760" height="1000" frameborder="0" marginheight="0" marginwidth="0">Loading...

Alternatively you can:

And how long until it starts?

Run this command to find out...

New-TimeSpan -Start (GET-DATE) -End (get-date -Date "2016-06-17T11:00:00Z")

Days              : 2
Hours             : 11
Minutes           : 26

It'll be here in the blink of an eye!

Any further details?

See my previous post on the topic!

There are now confirmed prizes, such as 2 Chocolatey Pro Licenses, A copy of Douglas Finke's book: Windows Powershell for Developers (O'Reilly) and I'll give away a few copies of my own product (NimbleText) for good measure.

Some of the snippets that have been discussed so far are available at our public floobits site.

Here's an example of a Wolfram-Alpha script that Doug Finke has been working on (click to enlarge)...


Also -- you can order a slackathon T-Shirt here:


The Stupid Ideas Powershell Slackathon

Tue, 31 May 2016 15: 39:28 GMT

When is it? Friday 17th June 2016. How do I join? Fill out the form below. ↓ Or simply email me ( Or send (@secretGeek) a direct message on twitter including your email address. What does it cost? It's free! And there are prizes. Where is it? It's an online event. It is everywhere. What do I need to do? Think of something simple, fun, funny, stupid, puzzling or plain wrong that you'd like to achieve in powershell. It doesn't need to be humorous, it may just be some recreational programming you've been kicking around in the neglected pipelines of your mind. On the weekend of June 17-19 2016, there will be people online, at a special instance of "slack", willing to help you achieve your weird ideas. At the end of the weekend a summary of all participation will be written up, and prizes awarded in a range of fun categories that are yet to be decided. (Some possibilities below) Why PowerShell? Powershell is much maligned. Any time I perform a public act of powershell I am met with the meanest comments. I'm attacked by linux users, insulted by 'real programmers', scoffed at by web developers. But I'm willing to fly my freak flag, even if it does have a powershell logo on it, and want to share the joy of powershell with others. Why Stupid Ideas ? I've always approached the serious topic of technical learning through the lens of frivolity and play. And I have so many stupid ideas! Surely there are other powershellers who harbor whacky ideas. Surely powershell is not just a corporate tool, whose only lot in life is to quietly get the job done. There must be a place for stupid ideas, even in the world of PowerShell. Okay, when exactly is it? { margin-left:20px;border:1px solid #CCC;padding:5px;border-collapse:collapse} th { text-align: left;padding:5px;background: #FFF;} td {padding:5px;} tr:nth-child(odd) {background: #F2F2F2;} TimezoneFromTo Sydney/Brisbane9pm Friday, 17th Juneapprox. 9pm Sunday, 19th June Auckland11pm Friday, 17th Juneapprox. 9pm Sunday, 19th June UTC2016-06-17T11:00:00Zapprox. 2016-06-19T21:00:00Z London12 noon Friday, 17th Juneapprox. 9pm Sunday, 19th June New York7am Friday, June 17approx. 9pm Sunday, June 19 California4am Friday, June 17approx. 9pm Sunday, June 19 That's weeks away! No, it's only... > New-TimeSpan -Start (GET-DATE) -End (get-date -Date "2016-06-17T11:00:00Z") Days : 9 Hours : 4 Minutes : 20 Seconds : 51 What sort of stupid ideas? It's completely up to you! Here's some things I think would be fun to work on: out-tshirt A cmdlet that directs your text/images to a custom t-shirt design website, and returns a url where that shirt can be purchased. e.g. "hello!" | out-shirt returns a url where you can buy a t-shirt with the word "hello!" on it. dir *.png | out-shirt returns urls to buy t-shirt for each of the pngs in the current folder. dir *.png | Add-Feature -Moustache -Fangs -Glasses -Scar Add-Feature is a commandlet that uses OpenCV face detection to find faces in pictures and add features such as Hitler Moustaches, bushy eyebrows and so on. This could have put my 8 year old self completely out of work. There is a much longer list of suggestions and resources further down. Those two examples were not particular highlights. You said there was a form to fill out? Lo, and what a form! src="" width="760" height="1000" frameborder="0" marginheight="0" marginwidth="0">Loading... Alternatively you can: email me ([...]

Hosting an infinite number of apps in the cloud for free, on your own domains.

Mon, 16 May 2016 04: 55:24 GMT

Longer title: Building and hosting an infinite number of scalable secure web apps on custom domains, with no vendor lock, only using skills I already have, for free. Sometimes I talk myself into the seemingly impossible. While writing a stubborn paragraph of my book (Your First Product... go sign up!), I wanted to know just how cheaply I could host a custom web app in the infamous cloud. For example, could I do it for free? Cheap is good, cheap is wonderful, but FREE is magical. If you can host apps for free, then you can host as many apps as you dream up. Whoosh! Bing! Blam! Another thought? Another app! Once I'd realized what I was attempting to achieve, I put it in tweet form as this: How to create scalable secure web apps, cheaply, with no vendor lock in, only using skills I know.— Leon Bambrick (@secretGeek) March 5, 2016 And promptly gave up on the idea, as it was clearly BONKERS. Or at least I tried to give up on it. My mind kept turning the idea over... there must be a way to have it hosted for zero dollars, without vendor lock in. Sometimes if you set up a system with a lot of constraints, you see that it's impossible. And you then need to work out which constraint to relax. (This is called "engineering") So I did what any true engineer does, I used a spreadsheet. I put all the constraints in their own column, and listed different solutions on each row, then checked which constraints they broke. Anything involving Azure cost too much, and was too likely to lead to vendor lock in. Heroku had a lot going for it, but relied on technology I don't use. GitHubPages had a lot of advantages -- but don't permit any kind of server-side code. At the same moment as I started looking into 'Parse' I heard that it had been shutdown. Finally I stumbled on an architecture that suited my needs. It was a hybrid, like that mythical beast with the head of a lion and the belly of a zebra, or however those old myths used to run. They were pretty popular back in the day. Here's what I came up with. That's right. As befits a zero-dollar architecture diagram, I have resorted to the use of Comic Sans. The front end is static html and javascript, hosted by GitHubPages. GitHubPages are free, and they let you configure your own domains or sub-domains, so for example I could have "" be served from GitHubPages, provided I own the domain (...and have wrestled it back from some pesky Ukrainian). One downside is that the repository has to be public, as private repositories at github still cost a little money, but since this is just the front end of the website, I see no harm in making the code available. The front end uses javascript (json) to talk to the back-end, which is an app hosted elsewhere. The back end is hosted by appharbor using their free tier. Because it's the free tier they won't let me have a custom domain, they assign a url such as but that's okay: this is just a back-end which the customer never need see. AppHarbor is a great way to host the back-end of a site, because I can deploy to it from the commandline, by just pushing to a repository. I don't want the backend code to be public, so I need a private repository. Private repositories at github cost money. For one low monthly price you get unlimited private repositories... but that's not good enough for my constraints, nuh uh. Fortunately, bitbucket gives you unlimited private repositories for a single user, and appharbor integrates just as nicely with bitbucket as they do with github. So there we have it. GitHubPages front end, appharbor+bitbucket back end. A way to host an unlimited number of small applications, on custom domains, in the cloud, without learning any new tech or getting slugged with fees from anyone. (One thing I didn't solve was the[...]

How to Left Pad, for real

Wed, 23 Mar 2016 21: 01:26 GMT

So someone removed a bunch of their packages from the node package manager, and this in turn broke a lot of other people's software builds. There have been 1 million articles written (so far) wherein sweaty-fingered coders tie themselves in predictable knots asking: Does this mean NPM is doomed? Does this mean opensource is doomed? Does this mean opensource wins, because it can respond so quickly? Does this mean micro-dependencies are terrible? Can something still be a knee-jerk reaction even if someone specifically says it's not? Does this show that NPM is an evil corp? Doesn't this mean that you should do a trademark check before publishing anything ever? Should you check in your dependencies? Should your dependencies have checked in their dependencies? Has everyone forgotten how to code all of a sudden? It's like everyone has gone crazy! Has everyone gone crazy!? ...and so on. But I don't want to ponder any of that. I just want to look, very carefully, at the code itself, in the center of this maelstrom.... function leftpad (str, len, ch) { str = String(str); var i = -1; if (!ch && ch !== 0) ch = ' '; len = len - str.length; while (++i < len) { str = ch + str; } return str; } I've had left-padding (and right-padding) functions on my brain lately, as they were added to the most recent release of NimbleText. I was curious if this function behaved the same as mine. 11 lines... what could possibly go wrong? So I grabbed this implementation and tested its behavior. I was surprised to see it gave different results to my function! Specifically -- what does the leftpad function do if you give it a string such as 'HELLO' and ask it to left-pad it to a width of 4 characters (i.e. a length that is smaller than the initial string)? In NimbleText, to answer this question I asked my customers, who uniformly pointed to the behavior of Oracle's LPAD function. Oracle's LPAD function, if given a len that is smaller than str, will truncate the result. e.g. LPAD("HELLO", 4) returns "HELL". So that's what I implemented for NimbleText. But that's not what this function does! Instead: leftpad("HELLO", 4) returns "HELLO". The difference is minor -- but minor things can have dramatic consequences. For example if someone assumes that leftpad(someString, 10) has an invariant property that it always produce a string that is 10 characters long, they could soon end up with a security vulnerability. I mentioned this on Twitter and celebrity whitehat hacker 'OJ' responded with: I wouldn't want a leftpad() function to trim strings Which I attribute to a latent desire he has to see more and newer vulnerabilities in code (not that there's any foreseeable shortage of vulnerabilities looming otherwise) ...but anyway -- what would you expect from a leftpad("HELLO",4) ? Should the package manager maintain a running vote, and the people can decide democratically on every question? Or should there be... I dunno... what's the dirtiest word in software... A standard? [...]

Today I Learned

Mon, 14 Mar 2016 05: 16:39 GMT

A month ago I saw an article on Hacker News about someone who created a github repo, in which they recorded any interesting and resuable solutions to the problems they encountered.

I started doing the same thing, storing little markdown files inside my 'utils' repo (the private repository where I keep copies of all the little tools I use on every machine, plus my powershell profile etc.)

Pretty quickly I had 100 such files, and I looked into what I could do with this growing knowledge base. I found out about 'gitbook' which is a way of rapidly turning a github repo full of little markdown files into a genuine book.

So here's the product... the free book I wrote without trying to write a book...


Today I Learned (

(and here's the git repo, error corrections welcome!)

Inside that book, I've written a short article on "getting started with gitbook" so you can do the same thing, including details on how to use gitbook locally (for example for documentation inside the enterprise!)

npm is not just for node... npm is for EVERYTHING

Tue, 01 Mar 2016 05: 08:13 GMT

npm -- the node package manager -- is a bit of a beast. In fact it's a lot of a beast. it's a crazed, snaggle-toothed snarling monster hell-bent on ruling the entire world and crushing all opposition beneath its giant cloven hoofs. If you've only heard of npm in connection with node, you may be excused for thinking, as the name implies, that it is just for managing node packages. node is a specific server-side technology, so perhaps that is all that npm cares about? Not at all. npm cares about everything. npm does everything. Here is how I thought of it, when I was young and foolish. Consider these three basic types of package managers: Machine-level package managers These package managers install entire applications. Think chocolatey, apt-get or yum. Application-level package managers These package managers install components an application relies upon during dev/build. Think nuget (or gem, or npm) Front-end package managers These specialize in components for the front end component. Think Bower. (Or nuget in previous versions) I thought npm comfortably belonged in that second tier. It's like nuget I thought, but for node. Shrug. Then I learned about the "-g" (global) parameter. And realized that with npm you can install packages that are available "globally". So it has crept up into that top tier as well. It can do what chocolatey, apt-get and yum do. Not a problem I thought... then I took a closer look at Bower. It's an interesting and well-liked package manager for the front end. But I started hearing more and more about people preferring to use npm for front end packages too. Apparently you combine npm with Browserify and/or dedupe -- and you quickly see it's got the 3rd category covered as well. Not to worry I thought. npm is just one part of a rich tapestry of tools. Task runners, for example, are another category of tool used by web developers. There's a growing number of these task runners out there, and two in particular always seem to be vying for supremacy: Grunt and Gulp. But recently I've been hearing more and more about npm scripts. "npm scripts" are a way of making npm aware of easy to use aliases that point to longer scripts, exposed by a package.json file. They give you a convenient way to just use npm for everything. And that's where we've come to now. You can just do every damn thing in npm. I'm kind of hearing an update to Atwood's law, something like: Everything that can be done in npm will be done in npm. Any thing that can't be done in npm will be replaced by a thing that can. Maybe npm stands for "node's perfect monster". Even if you have never used node, and never want to use node, you will still need to use npm. By January of 2017, all other technologies are being phased out permanently, in order to make room for nothing but pure npm. Introducing intellisense-like command completion for npm on windows I say all of this by way of introducing a helpful tool that gives you intellisense-like behavior when using npm on windows. Doug Finke has written a powershell module that gives you tab-completion when using npm on windows. In powershell version 5 from an elevated prompt, find and install the NPMTabCompletion module, from the new Powershell gallery, like this: Find-Module TabExpansionPlusPlus -repository PsGallery | Install-Module -Scope AllUsers Find-Module NPMTabCompletion -repository PsGallery | Install-Module -Scope AllUsers (As shown, you first install TabExpansionPlusPlus) Then, from a freshly opened prompt (that does not need to be elevated), import the module into your session. Import-Module TabExpansionPlusPlus Import-Module NPMTabCompletion (You will also need to either add those commands to your profile, or run them [...]

Console Is Forever

Fri, 26 Feb 2016 11: 51:10 GMT

When I was a wee-little lad, in the 80's, I loved the console.

What a mystical conversation: human talking directly to machine!

When "Windows 95" was released I thought the console was dead.

When I started "working" as a professional developer, I sometimes used the console, but considered it a quirk due to my peculiar upbringing.

As the WindowsTM versions rolled by, I never shrugged off this "quirk". One day "PowerShell" (Monad) arrived — I adopted it, unlike a lot of my colleagues. I used it on and off.

One day, a colleague said "You use the console a lot... are you a linux developer?" Interesting I thought.

Recently I've looked at linux and npm.

I realise now that my "quirk" — my penchant for consoles — is not in "spite" of GUI superiority.

It's a much simpler reason.

2-D GUIs are nice. One day they may be 3D! (That would be fun.)

But consoles... The good old console. Console is forever.

The Secret Life of Connection Strings In Oracle! (Oracle DBA's Hate Me.)

Tue, 02 Feb 2016 00: 45:09 GMT

I don't know if you've ever had to work with Oracle, but if you have, and if you're primarily a .net developer like me, I wonder if your experience is anything like my own. The very first thing you do with Oracle, as a developer, is to connect to it. And you soon discover that the way connections are specified in Oracle is batshit insane. With a SQL Server connection string, there are a couple of quirks*, sure. But essentially, the connection string holds all of the details that are used to connect. Every detail you could possibly want goes into the connection string. (* Regarding connection strings. I've always wanted to register the site "" which simply redirects to "" but is much much easier to remember.) In Oracle, a connection string is just the first mirror in a long hallway full of mirrors. A hallway that leads into a maze of mirrors, that takes you to a forest filled with monsters and more mirrors. We had an issue recently where a connection string that worked perfectly well on 7 different machines did not work on an 8th machine. When we looked into how the connection worked on those first 7 machines, we found it was different on every single one. When we took this knowledge to the 8th machine, we began to feel a terrible sense of foreboding. The further into the issue we looked, the more terrified we became. Eventually the authorities found our skeletal remains at the bottom of a steep ravine clinging to a well thumbed printout of Oracle documentation. Here is how you usually connect to Oracle: You follow some simple instructions, and you get some generic error messages. You're not panicking, you're just a little out of your depth. Eventually some oracle DBA scoffs into the room (that's the way they walk, they scoff as they walk) pushes you off your keyboard and does some magic incantations in front of your computer. You keep looking over their shoulder, trying to learn about this strange magic. You see strange registry keys, shocking environment variables, keywords like "tnsnames.ora" and some other disturbing flashes of technical wizard-pokery. Was that LISP!? For a moment you get one sickening glimpse into the infinite pit of sorrow. After that it just works, and you soon forget how tricky it was, you confine it to a dark corner of your psyche. The rest of your experience with Oracle is never as daunting as that first connection. But by then the Oracle DBA has cemented their role as an irreplaceable technical God. Well I'm here to blow the lid open on their whole racket. I'm here to teach you all the things they don't want you to know. I'm going to expose their little shitshow and all of its pathetic quirks. Get ready. In an Oracle connection string, the Data Source attribute is used, not for connecting to remote machines, but for searching your local machine. I'll give you an example. If the connection string looked like this: User Id=scott;Password=tiger;Data Source=bbSales12 What do you think happens with that Data Source value? (bbSales12) Here's what happens.... The value of Data Source is an Alias. And Oracle wants to Resolve that alias. According to the documentation, Oracle first looks in "the connection pool" to see if it has already "Resolved" that alias. Given that, at this point, we haven't started talking to any remote machine, we must be referring to some kind of local connection pool. Probably some kind of in-memory dictionary. Documentation is sketchy of what that is. But let's press on. Ignore that bit. Assuming we haven't resolved this alias before, then we need to look at tnsnames.ora. What is tnsnames.ora I hear you ask? It is the thir[...]