MacBook, defective by design banner

Put the knife down and take a green herb, dude.


One feller's views on the state of everyday computer science & its application (and now, OTHER STUFF) who isn't rich enough to shell out for

Using 89% of the same design the blog had in 2001.

Back-up your data and, when you bike, always wear white.

MarkUpDown is the best Markdown editor for professionals on Windows 10.

It includes two-pane live preview, in-app uploads to imgur for image hosting, and MultiMarkdown table support.

Features you won't find anywhere else include...

You've wasted more than $15 of your time looking for a great Markdown editor.

Stop looking. MarkUpDown is the app you're looking for.

Learn more or head over to the 'Store now!

Friday, December 15, 2017

It's silly, but after swapping out my Dell Precision 5520 for my Lenovo Y700 for a few days (I've been stuck on projects in bad states that'd take too long to set back up on another box), I'm finding I really appreciate the speakers in this "gaming" laptop. I'd been using an external speaker with the Dell's dock, but it's not great, and I can't force myself to spend more on something I don't "need". The Lenovo comes through "for free".

You know, this Y series IdeaPad line is a great deal. You sacrifice some admittedly very important stuff...

  • Screen isn't great, or super bright
  • Battery life is craptastic (2-3 hours)
  • Trackpad isn't great (though it's improved on the Y520, apparently).

But look at what you get for $790 on the 520 (this was as cheap, iirc, as $700 on Black Friday)

  • 7th Generation Intel® Core™ i7-7700HQ Processor (2.80GHz 6MB)
  • 15.6" FHD IPS AntiGlare (1920x1080) with integrated camera
  • 8.0GB DDR4 2400 MHz
  • 1TB 5400RPM + 128GB PCIe SSD
  • AMD Radeon RX 560 4GB

Find another package that has that processor and an SSD for under $800. It's tough.

It's not a great gaming rig -- though it's not bad for gaming -- and it's the perfect desktop replacement that's still portable, if you get my meaning. It's super fast, and if you've got it plugged in most of the time you use it, the battery doesn't matter. But you can still pack it into your 15" laptop bag without any issues.

And the speakers aren't bad either.

Labels: , ,

posted by ruffin at 12/15/2017 09:59:00 AM
Thursday, December 07, 2017

Note to self: How to "touch" a git repo so you can commit the same thing a second time.

git commit --allow-empty -m "Touching after merge to kick new build"

Is that a code tool smell? Yes, of course it is. In this case, I'm doing it to kick off our build process, which seems to have screwed up earlier. And sure enough, it worked.

Labels: ,

posted by ruffin at 12/07/2017 04:01:00 PM
Monday, November 20, 2017

I can't believe how bad SourceTree has become over the last year or two. It's gone from buggy as crud to downright unusable at times. While setting up a new box for development today, I tried the most recent version, and it wouldn't stop asking me for my bitbucket password, even though I had zero tabs for repos that pointed to bitbucket. I'm also not a big fan of all the UI changes. I mean, it's just ugly now. The worst of iOS 7 style flattening plus a color palette from the Limited Edition Fluorescent Crayola Box.

I give up again.

What I did the last time I got absolutely fed up with SourceTree is to go back to version 1.7, the last version that looked great and seemed stable. I've been using that on my main dev box for months without incident.

But I do need to remember how to fix the security hole SourceTree 1.7 has, namely that they thought it'd be a good idea to open special SourceTree app URLs. Brilliant.

Luckily, the fix is a pretty straightforward registry hack. Here's a quick sum:

so fwiw, the vulnerability was...

SourceTree for Mac and Windows are affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface.

Versions of SourceTree for Mac starting with 1.4.0 but before 2.5.1 are affected by this vulnerability.

Versions of SourceTree for Windows starting with 0.8.4b but before are affected by this vulnerability. (edited)

but you can edit the registry entry to ignore any urls.

Windows Registry Editor Version 5.00

@="\"C:\\Program Files (x86)\\Atlassian\\SourceTree\\SourceTree.exe\""

Save those contents in a .reg file, open it, and profit.

The old value, in case you were interested, was...

"C:\Program Files (x86)\Atlassian\SourceTree\SourceTree.exe" -url "%1"

The deal here is that SourceTree will open, but it won't get fed the URL, so nothing adverse should happen. Guess you could just remove it all, or write the %1 to notepad or something similar, but since I don't really want to open SourceTree from a URL, this is fine by me.

And we're nicely back to SourceTree 1.7, its pretty obvious peak from where I'm sitting.

Labels: ,

posted by ruffin at 11/20/2017 07:22:00 PM
Thursday, November 09, 2017

From ShipIt Days | Atlassian:


24 hours to innovate. It's like 20% time. On steroids.

That's, um, nothing like 20% time.

Though, of course, 20% time was never 20% time either:

Yahoo CEO and formal Googler Marissa Mayer once bluntly denied its true existence

"It’s funny, people have been asking me since I got here, 'When is Yahoo going to have 20% time?'" she said on stage during an all-employee meeting at Yahoo. "I’ve got to tell you the dirty little secret of Google’s 20% time. It’s really 120% time."

That said, I think I'd take 10% time:

"It's not technically something that gets formal management oversight — Googlers aren't forced to work on additional projects and there are no written guidelines about it. Typically, employees who have an idea separate from their regular jobs will focus 5 or 10% of their time on it, until starts to "demonstrate impact." At that point, it will take up more of their time and more volunteers will join, until it becomes a real project." [attributed to "Google HR boss Laszlo Bock"]

Interesting final quote from Bock: "[The informal 20% time policy] operates somewhat outside the lines of formal management oversight, and always will, because the most talented and creative people can't be forced to work."

The interesting lesson is that you win when you convince your employee to produce more work. Maybe 20% time isn't such a bad idea for either side of the management fence. X hours of required work versus 1.2X of work the employee actively wants to give. Sounds like a win-win.

Labels: , , , ,

posted by ruffin at 11/09/2017 10:46:00 AM
Monday, October 16, 2017

After watching the fabulous video, here's what I think I learned... (There's the mention that other OSes have "other attack vectors", but if this is the worst, well, it's a lot more trouble than starting FireSheep...)
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux

  • Clones network on different channel
  • then it only works on "improperly configured websites", like (edited)
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux


"we make sure the victim can access the internet through our malicious network"

  • Course I'm assuming this youtube dude knows what he's talking about
  • Might be paper author?
  • here's the real trouble:
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux


Hacking app has to start "sending special wifi frames that can command android to connect to a different channel", which is the OS specific side of the vulnerability for Linux and Android.

  • ^ And there's your issue. :wink: So not super simple, but not a copper wire tap either

And even then, you'll lose the https badge in your browser when you're on those "improperly configured sites". Not good, but not a wide-open Heartbleed either, if I understand it correctly.

Labels: , , ,

posted by ruffin at 10/16/2017 11:03:00 AM
Thursday, October 12, 2017

Today, I had to make up some quick wireframes for a possible freeware iOS app. I did a quick google to find a free wireframe tool, and boy, they're almost all pay to play, or not only are they pushing you to pay to play, the few free features are hidden behind a sign up you have to perform before downloading.

I did manage to find a decent one in Not heavy on the tooling -- I think it brags about being minimalist -- and there are a number of things you have to roll... yourself... every... time (like buttons, which are rects with rounded edges that you then drop a label on top of and move together later), but for free, it's very nice.

Here's an example of one screen from the insanely complicated (har har) UI I made.

Have We Seen You? UI

(I'm helping a charity that distributes goods, and wants to ensure they haven't served anyone twice before everyone's been served, regardless of location. At the same time, we want to track an absolute minimum of information, and nothing that could be used as PII. So voila.)

I didn't see a way to use my own image, like a gear icon for settings, but for a mock-up, it's perfect. Quick and painless.

Labels: , ,

posted by ruffin at 10/12/2017 01:42:00 PM
Tuesday, October 10, 2017

I had no idea T-SQL's CONVERT had special codes for converting dates. Well, it does.

From How to use ROW_NUMBER() to enumerate and partition records in SQL Server - CodeProject:

Here is our final SQL statement, which achieves the business logic we wanted to implement.

      ,ROW_NUMBER() over(PARTITION BY FamilyID,
                         CONVERT(NVARCHAR(25), DateOfBirth, 111)
                         ORDER BY DateOfBirth ASC) TwinCode
  FROM [People]

IIn the ROW_NUMBER function above, I am doing several things. I’m grouping on FamilyID, and also grouping on a converted DateOfBirth. I convert the DateOfBirth to an nvarchar using the 111 conversion code, because that gets results like ‘2009/10/11′ and ‘2009/10/12′ which can easily be grouped by to achieve distinct dates. [emph mine -mfn]

The full list is here, at Here's a taste...

Without century (yy) (1)With century (yyyy)StandardInput/Output (3)
-0 or 100(1,2)Default for datetime and smalldatetimemon dd yyyy hh:miAM (or PM)
1101U.S.1 = mm/dd/yy
101 = mm/dd/yyyy
2102ANSI2 =
102 =

Labels: , ,

posted by ruffin at 10/10/2017 07:26:00 PM

Support freedom
All posts can be accessed here:

Just the last year o' posts:

URLs I want to remember:
* Atari 2600 programming on your Mac
* joel on software (tip pt)
* Professional links: resume, github, paltry StackOverflow * Regular Expression Introduction (copy)
* The hex editor whose name I forget
* JSONLint to pretty-ify JSON
* Using CommonDialog in VB 6 * Free zip utils
* git repo mapped drive setup * Regex Tester
* Read the bits about the zone * Find column in sql server db by name
* Giant ASCII Textifier in Stick Figures (in Ivrit) * Quick intro to Javascript
* Don't [over-]sweat "micro-optimization" * Parsing str's in VB6
* .ToString("yyyy-MM-dd HH:mm:ss.fff", CultureInfo.InvariantCulture); (src) * Break on a Lenovo T430: Fn+Alt+B
email if ya gotta, RSS if ya wanna RSS, (◔_◔), ¢, & Δ if you're keypadless

Powered by Blogger Curmudgeon Gamer badge
The postings on this site are [usually] my own and do not necessarily reflect the views of any employer, past or present, or other entity.