the power of password and too many of them

Summer recess is almost coming to an end; I’ve been really lazy and grinding the HOTS (Heroes of the Storm) ladder, which really reinforced my resolution ~ that I am glad I did not decide to become a games programmer. It’s a thankless task and at the end of the day, all you get is abuse.

Anyway, in light of recent Dropbox password fiasco, I just realised I have so many usernames and passwords that I cannot keep track of! I use KeePass for most of my “less frequent” accounts but OMG, there’s just so many frequent ones. I have been spending the better part of the day generating random passwords and resetting net footprint I know of.

The infrequent ones also poses a problem; “where else have I created random accounts that can somehow come back and haunt me?“.

I think in general it really boils to three common ways of dealing with so many sets of usernames and passwords:

• have the same password (bad idea!)
• have some sort of system to work out your password (not terrible, but not good)
• carry a USB stick with KeePass installed??? (not feasible)

So, there you have it ~ a list of all bad ideas. Despite my reservations about giving Facebook all my life stories and “how to find me anywhere on the net”, I am rather thankful for the “connected accounts” feature, which means I have some centralised manner of managing anything and everything I’ve touched on the net over the past few years.

If you’ve read till here and expect some sort of insight from me, I’m sorry. I don’t have an answer. I guess this is what the journey is about!

So, what’s YOUR solution to the zerg swarm of username and passwords?

new trainline app feature!

just a random non-related post. the service I wrote that resolves postcode to nearest stations is now live on our app.

Yay?

 

New feature 🙂 wrote the service behind it @thetrainline pic.twitter.com/0lqSaSa1aB

— Takaloy (@takaloy) July 1, 2016

 

casual linux 101

… pretty much …

short advice on 3rd party products

at trainline, the developers are given a lot of leeway in terms of our choice of technology, implementation and software to enable us to deliver value for our customers. as peter parker’s uncle once said, it also comes with some set of responsibility: when picking up a new tech, we have to consider things like stability and pricing.

we’ve had the opportunity recently to pick up a new technology and it is hidden another bug bear of mine ~ APGL license, which really means that “it’s free for developers to get you hooked but we’re really a commercial product”. the real problem was when we wanted to get a quote on how much it’d cost ~ then we hit a bloody brick call called “contact us”. what that really means is “if you’re a big company, we’ll pull a figure out of our arse and see if you’ll bite”.

seriously, at this day and age, such opaque pricing and ancient practices need to go. pricing should be transparent, because you’re no longer dealing with CEO and managers with zero clue about technology. Developers are your real customers and if there’s one thing we absolutely hate, duplicitous practices.

tl;dr;

you may have the most exciting piece of software in the world ~ and if i click on ‘pricing’ section and gets slammed with a “contact me” button, then i’ll kindly tell you to piss off.

i am not giving you the chance to cheat me a ludicrous sum just because you can, if you think your product is worth jack then put a tag on it.

 

small newrelic things I learned this week

Working with NewRelic in Nodejs is so much easier compared to working in .net. It’s unbelievable the amount of hoops you have to jump through to get async, OWIN running. One of the things that fail for us when trying to deal with NewRelic using OWIN was that it barely works if you run it via windows service, and you have to append every call with custom instrumentation. The effort is exponential compared to node/IIS.

Just shows how little newrelic cares for .net customers.

On a happier note, our team got our first NodeJS mini app to production this week. As a backend team, this is a sort-of-milestone!

Translating postcode PAF

Had a small task today to figure out the raw data from UK Post Office PAF files and thought I’d share this with you. The documentation is actually available here (only realised it later … who reads manuals anyway?!) and if you read the documentation unlike me, perhaps you would’ve have spent an hour or two trying to work out what this gibberish meant.

Example line:

EC1M3HE3664260403063100008435000100000000000000500000000000000000000103452761S

distilled into:

EC1M3HE                                             — postcode
36642604                                             — address key
030631                                                   — london (locality)
00008435                                             — farringdon (thoroughfare name)
0001                                                       — road (thoroughfare describer)
00000000                                            — (dependent thoroughfare name)
0000                                                      — (dependent thoroughfare describer)
0050                                                      — number 50
00000000                                           — building name
00000000                                           — sub building name
0001                                                      — number of households
03452761S                                           — the trainline

 

automate everything. including yourself.

A colleague of mine directed me to a funny article which features a build engineer who apparently had to automate everything, including his job. I think it’s bloody brilliant (if it were true!) but here’s a repository to back it up!

Here’s an excerpt from the readme.

xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown… If something – anything – requires more than 90 seconds of his time, he writes a script to automate that.

xxx: So we’re sitting here, looking through his, uhm, “legacy”

xxx: You’re gonna love this

xxx: smack-my-bitch-up.sh – sends a text message “late at work” to his wife (apparently). Automatically picks reasons from an array of strings, randomly. Runs inside a cron-job. The job fires if there are active SSH-sessions on the server after 9pm with his login.

xxx: kumar-asshole.sh – scans the inbox for emails from “Kumar” (a DBA at our clients). Looks for keywords like “help”, “trouble”, “sorry” etc. If keywords are found – the script SSHes into the clients server and rolls back the staging database to the latest backup. Then sends a reply “no worries mate, be careful next time”.

xxx: hangover.sh – another cron-job that is set to specific dates. Sends automated emails like “not feeling well/gonna work from home” etc. Adds a random “reason” from another predefined array of strings. Fires if there are no interactive sessions on the server at 8:45am.

xxx: (and the oscar goes to) fucking-coffee.sh – this one waits exactly 17 seconds (!), then opens a telnet session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has a TCP socket up and running) and sends something like sys brew. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.

xxx: holy sh*t I’m keeping those

Every programmer’s dream, literally.

 

Supporting older / newer certificates

Over the Easter weekend, our network team decided to do the right* thing and blanket turned off TLS 1.1 support.

Unfortunately, a small section of our internally created certificates did not get this message causing a few internally consumed services going down with messages like “underlying connection was closed” in both c# and powershell.

So if you’re having the same problem, here’s a code snippet for how to handle calling an obsolete security protocol.

c#

ServicePointManager.SecurityProtocol =
SecurityProtocolType.Tls |
SecurityProtocolType.Tls11 |
SecurityProtocolType.Tls12;

powershell

[Net.ServicePointManager]::SecurityProtocol = 'Tls' , 'Tls11', 'Tls12'

note: the best possible course of action is to update your security protocol to the latest, or advise that your vendor to do so. do this only as a temporary workaround.

Bob and TDD

Whilst I’m in midst of my hiatus, here’s an interesting article about Test Driven Development written by Bob Martin.

Giving Up on TDD

It’s a great read and whilst I think the tone of it leaves much to be desired, it is his style and the message is there.

Having said that, I think here lies the typical difference between a consultant, contractor and a in-house developer. Fortunate or otherwise, I’ve been working with legacy code my entire career, and things like “oh but you have a fundamental problem with design” is just a fact of life. The subtext is this: you have a fundamental problem that the design is not fully compatible with TDD.

Is there a difference? Yes, an ocean wide difference. The former makes a naive assumption that anything that isn’t compatible with TDD is bad design. The latter makes no such assumption.

My experience is this: there are places where TDD is impractical, but it is preferred where possible. Neither should one make the assumption that TDD means good design.

Override a registered service with LightInject

Ever wondered how to override (overwrite / overload / replace) a service you’ve already registered in LightInject? Had a colleague asked this question today and thought I’d share it with you.

First of all, you shouldn’t need to override a container. However, there may be cases where you might need to (like using a service locator anti-pattern).

Here’s a small code snippet on how do it.

	_container.Override(r => r.ServiceType == typeof(IFoo),
	(f, r) => new ServiceRegistration()
	{
	ServiceType = typeof(IFoo),
	ImplementingType = typeof(NewFoo),
	Lifetime = null,
	ServiceName = ""
	});

view raw LightInjectContainerOverride.cs hosted with ❤ by GitHub

Do you know of a better way to do it?