Use Subclasses and alternative interface implementations to reduce “future” bugs

Posted on April 7, 2011 by patrick

One of the little-appreciated consequences of subclassing or alternative implementations of Java interfaces is to reduce or eliminate “future bugs”.

“Future bugs” are bugs that are currently not wrong, but will cause problems in the future. Every conditional ( if, ? :, or switch ) is a “future bug”.

For example, in this simplistic example code, there are multiple checks for this.enableLogging. If new code is added then the developer has to constantly remember to check for the this.enableLogging.

public class Foo {
    private final boolean enableLogging;
    public Foo(boolean enableLogging) {
        this.enableLogging = boolean enableLogging; }

    public void stuff1() {
         .....
         if ( this.enableLogging ) {
             Log.warning("here in stuff1");
         }

         .....
         if ( this.enableLogging ) {
             Log.debug("still here in stuff1");
         }
    }
    public void stuff2() {
         .....
         if ( this.enableLogging ) {
             Log.info("here in stuff2");
         }

         .....
         if ( this.enableLogging ) {
             Log.debug("still here in stuff2");
         }
    }
}

Of course sane developers will say that this is silly code, follow the DRY principle and have something like this:

public class Foo {
    private final boolean enableLogging;
    public Foo(boolean enableLogging) { this.enableLogging = boolean enableLogging; }

    public void stuff1() {
         .....
        warning("here in stuff1");
        .....
        debug("still here in stuff1");
        ....
    }
    public void stuff2() {
         .....
         info("here in stuff2");
         .....
         debug("still here in stuff2");
    }
    private void warning(String message) {
        if (this.enableLogging) {
            Log.warning(message);
        }
    }
    private void info(String message) {
        if (this.enableLogging) {
            Log.info(message);
        }
    }
    private void debug(String message) {
        if (this.enableLogging) {
            Log.debug(message);
        }
    }
}

This is good enough for this simplistic example. However, consider a more realistic case with complex conditionals:

public class Foo {
    private final boolean enableCall;
    private final boolean enableEmail;
    public Foo(boolean enableCall, boolean enableEmail) {
        this.enableCall =  enableCall;
        this.enableEmail =  enableEmail; }

    public void stuff1() {
         .....
         if ( this.enableCall ||  this.enableEmail) {
             doThing1();
         } else if (this.enableEmail || this.bigCheck() ) {
             ... lots of stuff1 lines  .....
        } else {
             .. some different things here....
         }
    }
    public void stuff2() {
         .....
         if ( this.enableCall ||  !this.enableEmail ) {
             doThing1();
         } else if (this.enableEmail || this.bigCheck() ) {
             ... lots of stuff2 lines .....
        } else {
             .. some different things for stuff2() here....
         }
    }
    private void doThing1() { ... }
    private boolean bigCheck() { .... }
}
...
public class Bar() {
    ....
    Foo foo = new Foo(true, false);
    ....
    Foo foo1 = new Foo(false, true);
}

Do you see the bugs?

  1. Notice that in stuff2() the first conditional is different than the first conditional in stuff1(). Is this a bug? Who knows? ( Lets assume it is )
  2. Because the only users of Foo set either enableCall or enableEmail, the only actual code paths through Foo.stuff1() and Foo.stuff2() result in calls to doThing1()

A developer just inspecting Foo can find neither issue easily.

Subclassing/alternative interface implementations solve this problem. The subclass created decides, at object creation, all the conditionals.

So the above code becomes:

public interface Foo {
    void stuff1();
    void stuff2();
}

//  this.enableCall ||  this.enableEmail case ( The original stuff2() check was wrong )
public class Foo1Impl() implements Foo {
    public void stuff1() { doThing1(); }
    public void stuff2() { doThing1(); }
    private void doThing1() { .... }
}

// !this.enableCall && this.enableEmail case
public class Foo2Impl() implements Foo {
    public void stuff1() { if (bigCheck() ) { ... lots of stuff1 lines  ..... } }
    public void stuff2() { if (bigCheck() ) { ... lots of stuff2 lines  ..... } }
    private boolean bigCheck() { .... }
}
public class Foo3Impl() implements Foo {
    public void stuff1() {
          .. some different things for stuff1() here.... }
    public void stuff2() {
         .. some different things for stuff2() here.... }
}

public class Bar() {
    ....
    Foo foo = new Foo1Impl();
    ....
    Foo foo1 = new Foo1Impl();
}

Note the consequences of this division,

  1. doThing1() can only be called by a Foo1Impl.
  2. bigCheck() is isolated to Foo2Impl
  3. depending on bigCheck()’s implementation, bigCheck() may be could be called once to determine if Foo2Impl or Foo3Impl is created.
  4. There is no question about the stuff2() check being correct or incorrect. ( the conditional no longer exists! )
  5. And it is now obvious that only Foo1Impl’s code path is used. If this is a bug, the bug is now obvious. If not then the Foo2Impl and Foo3Impl code can be eliminated.
Posted in code review | Leave a comment

When to change careers (for Fred Wilson)

Posted on April 4, 2011 by patrick

Fred Wilson is wondering when to quit being a VC:

I was thinking about going out on top. So few manage to do it. Shaq is warming the bench in Boston. Brett Favre should have called it quits after he threw the pick in OT against the Saints. The Stones haven’t written a great song in thirty years. The money and the burning desire to “win another one” drives the great ones to stick around too long.

I also look around the venture capital business and I see investors who were at the top of their games in the 90s struggling to remain relevant. And I think about how I want to manage this issue myself.

  1. “Hanging up your cleats” as in “retire” is wrong way to talk about a career change
  2. Career change should be driven by internal issues (barring medical reasons, i.e sports injuries; economic, see the hollowing out of US manufacturing base )
  3. Instead of being “pushed out” look for reasons to be “pulled out” of the current career. Create a passionate interest elsewhere
  4. My rule is every new job must have 50% new things to learn.
  5. The best career is one where you are *bad* at it but *love* to do it.
  6. Variety is key. Voluntary career change is good because it is different
  7. Don’t use outside metrics internally. Internal motivation is what counts the most, not anyone else’s opinion.
  8. Stephan Covey’s statement applies “If you are green you are growing if you are ripe you are rotten”.

I have found no VCs interested in Amplafi, but every prospect that I talk to is interested. The prospects have experienced the problem personally and the VCs haven’t. The prospects can overcome my pitch’s weaknesses.

I think those VCs who have lost their edge need to do something completely different to get a completely new perspective on something outside their current fields.

Some suggestions for Fred:

  • Start your own small business. Start a Subway franchise and work personally at it using funding it with no more than franchise fee plus minimum capital. Go through the bank loan process and artifically diminish your assets for loan purposes to experience the hassles. See what the problems are there for small business owner. Run this business personally for a year taking no additional capital. Just really get into this as if it was the way you were going to make it.
  • Change people’s behavior and thoughts about the social contract of owing taxes

    Spend time and focused money people understand the tax structure. It would take relatively little money to help get local tax measures passed so that our government could function? Don’t focus on the state issues go ultra local so you can understand the issues.

    For example, here in SF the taxes are used to build stuff but no taxes are supplied to run things. The result is Caltrain ( SF Bay Area commuter train ) is in danger of shutdown. A primary cause is that poorly designed BART extensions are draining operating capital from the agencies that also fund Caltrain. Maybe in your area things are too expensive to influence, but what about in other areas?

  • You are passionate about education. Sometimes technology is the anti-solution. Right now, the US despises teachers and educators. The unions are held up as this evil menace. But every teacher I know is there because she (still mostly women) cares. They work long hours just to handle the current class. This leaves little time for self improvement.

    Create and personally run a company that:

    • that frees up the teacher hours.
    • Maybe better grading systems?
    • Find time wasters in the classroom that keep teachers from being able to execute. Stay away from attacks on “evil bureaucrats” How about what Intuit did for checkbooks? Intuit didn’t blame the evil checkbook, they just made the task of managing the checkbook easier.
    • enables teachers to share best practices without being judged.
    • Preferably services that a teacher could use without having to persuade the school or district to buy-in.
    • Teachers need CPE hours maybe leverage that point?

    Make the case for education in the Deep South and the rest of the nation.

Posted in career | Leave a comment

Don’t jump into a project, wade in

Posted on March 28, 2011 by patrick

When starting a new programming task (or company ;-) ), it is very tempting to just plunge in and start coding (or doing) right away. The release early-and-often mentality encourages this approach. Documentation becomes optional and design is seat-of-the-pants.

Hard-lessons learned here tell me this is very, very bad.

Take the time for these steps and minimize use of the computer, because it is very easy to give into the temptation to start coding. And when you are coding, you are thinking about implementation issues, not high-level design issues.

  1. Write down the goals: This is the easiest trap to avoid and the trap that catches most people. If the developer knows the goals enough to write them down, they can be confident that they are building what was asked for ( just send the written description to the manager or client ). Equally important, the developer knows when they are “done” and what is “good enough” to satisfy the immediate need
  2. create the use Case tests: Create pseudo-code showing the various operations needed by the project. Missing steps are discovered prior to implementation. Did a previously unknown piece of information just “magically” appear? How was that magic knowledge actually retrieved? Are operations out of order?

    To help clarify what is meant by a “Use Case Test”, here is an example of what I am currently working on:

    Peter wishes to use Amplafi to upload an image to his website.

    From Peter’s perspective,

    1. Peter uploads a image to Amplafi
    2. (Peter does other things)
    3. Amplafi asks Peter about Ftp username/password
    4. Amplafi ftp posts the file to Peter’s web site.

    An equivalent Use Case test looks like:

    1. Create a ResourceLocation representing the local temporary place an uploaded file will be stored
    2. upload the image from the user’s computer. (mocked, testing the use case – not the actual upload)
    3. look up the (test) ftp authentication information for the customer’s website (the ftp server is mocked as well, so username/password is fake)
    4. Determine the location the image will be stored on the ftp server
    5. create ResourceLocation holding the image’s ftp location
    6. perform the upload from Amplafi’s computer to the ftp server (the actual upload is to the fake FTP server)
    7. validate that the ftp upload was successful
    8. clean up the temporary copy on Amplafi’s server
    9. update the ResourceLocations created
    10. Notify the various statuslisteners about the transfer’s success.

    This example Use Case test discovers issues like:

    • The code not having access to the Ftp authentication information
    • Not being able to determine where the image should be stored temporarily on the Amplafi server
    • Not knowing when the temporary copy can be deleted.
    • No mechanism to handle a ftp upload failure ( ftp server dropped connection, had over quota error)
    • No mechanism for handling overly large files. ( 100TB anyone? )
  3. create the diagrams ( use paper ) It is tempting to use a UML tool to create the diagrams; resist temptation. You want to be able to throw away ideas with abandon. Spending effort to create a nice looking UML diagram is wasted if the design concepts need revisiting. Save the tool for when the design has been validated.
  4. create the interfaces: Create the interfaces needed by the pseudo-code in step 2. Define the purpose and nature of the interfaces and its implementors.
    • Are implementors expected to be stateless singleton services? Or are they database objects?
    • How are implementors created?
    • What services does an implementor have access to?
    • How much behavior should be the implementors have? For example, database objects should have minimal logic and have specialized managers do the business logic level operations.
    • What is the expected lifespan of implementors? Single transaction? Only for a session?
    • Life cycle control/ownership. Are implementors “owned” by another object and when the owner is removed so is this implementation?

    At this point, I have lots of interfaces, enumerations ( java enum ) that I am creating and destroying willy-nilly. With lots of TODO, FUTURE, and (yes even) HACK comments. Because I haven’t spent any time actually creating an implementation. I have no reluctance to discard, combine, or separate interfaces.

  5. create the test framework: At this point, the interfaces are nailed down, the test pseudo-code can be converted to actual test code, and …
  6. create the implementation Unlike true Test Driven Design methodology, I tend to write the implementations in conjunction with the test code. Too many times, I have discovered that nasty little issues around implementation require rethinking the interfaces and the tests. I want to minimize my investment in tests until I am reasonably certain that the production code being tested will not have major API changes because of implementation issues. (Example of an implementation issue: an external library requires data in an order that my planned implementation cannot handle)
Posted in software design, starting a company | Leave a comment

Privacy is best offline

Posted on March 14, 2011 by patrick

Art Petty Eric Rodriguez has a blog post about being fired for what is said on Facebook.:

Dan Leone is the perfect example; he was a stadium operations manager for the Philadelphia Eagles, and in 2009 when he found out that his favorite Eagles’ player, Brian Dawkins, signed with the Denver Broncos he posted this on his Facebook page:
“Dan is [expletive] devastated about Dawkins signing with Denver … Dam Eagles R Retarted!!”
(By the way, the spelling errors are Leone’s not mine.)

The next day management found out about Dan’s comments and told him they were letting him go to “Denver or Oakland or maybe Pittsburgh.” But, they really didn’t care how he would get there because Dan was to be terminated immediately for his offensive remarks about the Eagles and people with mental disabilities.
Dan’s termination illustrates this decade’s newest form of corporate dismissals – Facebook firings.
There are people in my generation who think “What happens on Facebook stays on Facebook.” Someone actually told me this and I responded with, “It’s all fun and games – until someone gets fired.”

Art Eric Rodriguez is repeating “and the sky is blue” reminders and unfortunately people do need to be reminded that the “sky is blue”. And that things “are not fair”.

<snark>Zuckerberg would be very upset with Art Eric Rodriguez. After all, you should want to share, and share, and share!</snark>

My solution is very simple. I am very minimalist online. I don’t create content online. This is especially true on something like Facebook.

I am not about to put my career in the hands of the never-ending privacy policy changes coming from Facebook or any other website owner.

Look at the questions asked by Facebook:

  • “I am interested in Males or Females” – sexual orientation are now freely available for employers to discriminate based on.
  • “Political beliefs” – another area that Facebook encourages users to answer. Another question that employers are allowed to ask about but is now freely available to discriminate on.
  • “Relationship status” – normally the single or married status of a job candidate is off-limits, but if it is publicly shared then it is impossible to prove employment discrimination based on marital status. Not married and living with your girlfriend/boyfriend? This is a problem with a large number of religious managers.

Most of the content that I create is on my blog, hosted on my server. When I say something online, if it is longer than a paragraph, then I just write a overview and a link to my blog. If I ever decide to delete the content, it is deleted.

Sure someone could go through the effort to copy my blog, but at least its a *manual* effort on their part.

In an age where google searches are easy, there are only a few defenses. The best one is to not post content on external sites. Quite simply anything written down can be held against you.

I find it incredibly revealing that the people who loudly proclaim that privacy is dead are well-off and able to financially deal with the impacts of private information being public.

Eric Schmidt, former CEO of Google, is a good example. But even he reacted strongly when his privacy was invaded. In 2005, Cnet reporters were banned access to Google.

NEW YORK (CNN/Money) – Google Inc. has blacklisted all CNET reporters for a year, after the popular technology news website published personal information of one of Google’s founders in a story about growing privacy concerns for the Internet search engine, according to a CNET statement.

CNET on Friday reported “Google representatives have instituted a policy of not talking with CNET News reporters until July 2006 in response to privacy issues raised by a previous story.” That story, by reporter Elinor Mills ran under the headline “Google balances privacy, reach.”

Google spokesman David Krane told CNN the company declined comment.

The CNET story, dated July 14, focused on privacy concerns since Google is amassing such enormous amounts of data about people. It reported that some analysts fear it is becoming a great risk to privacy, because it would be a tempting target for hackers, “zealous government investigators, or even a Google insider who falls short of the company’s ethics,” the article said.

To underscore its point about how much personal information is available, the CNET report published some personal information about Google’s CEO Eric Schmidt — his salary; his neighborhood, some of his hobbies and political donations — all obtained through Google searches.

Schmidt is officially Google’s chief champion and defender, and has publicly said that there has to be a trade-off between privacy concerns and functionality. He has brought up Google’s corporate motto, “Don’t Be Evil” in those defenses.

Five years later, Eric Schmidt seems little changed:

For those concerned with privacy, Google CEO Eric Schmidt gave them a few more things to start worrying about.

At a conference here Wednesday, Schmidt noted that using artificial intelligence, computers can take 14 pictures of anyone on the Internet and stand a good chance of identifying that person. Similarly, the data collected by location-based services can be used not only to show where someone is at, but to also predict with a lot of accuracy where they might be headed next.

“Pretty interesting,” Schmidt said. “Good idea, Bad idea?…The technology of course is neutral but society is not fundamentally ready.”

His comments came at the start of Techonomy, a new conference devoted to looking at how technology is changing and can change society.

Schmidt said that society really isn’t prepared for all of the changes being thrust upon it. “I think it’s time for people to get ready for it.”

Schmidt said these records are a challenge for everyone, himself included, as he noted he was a child of the 1960s.

On balance, Schmidt said that technology is good, but he said that the only way to manage the challenges is “much greater transparency and no anonymity.”

Schmidt said that in an era of asymmetric threats, “true anonymity is too dangerous.”

If this is so true, then why is Eric still sensitive about all his private information?

For me, I am help with a very common name including very famous people with an identical name. Google searching me turns up bad information. And that is just fine by me.

Update ( 18 March 2011): Brad Feld, a VC, seems to have rediscovered the value of privacy:

We were enjoying our sushi and talking about random things, like what our family restaurant was when we were growing up (Godfathers, Pizza Hut, Burger King were three of them) and where the smokers hung out at high school. Someone was mid-sentence when the manager of Japango walked up and asked if I was Brad Feld. I said yes; he handed me the landline phone and said “someone is on the phone with an urgent call for you.”

Everyone paused while he handed me the phone.

Me: “Hello?”

Them: In a voice that was clearly masked “Is this Brad Feld”

Me: “Yes, who is this?”

Them: “I wrrrr whrrr your rrrr.”

Me: “I’m sorry – I can’t understand you. What are you saying.”

Them “Brad Feld – I know whrrr you rrr.”

This went on for a few more exchanges. I figured out what the person was trying to say but I wasn’t really processing it so I kept asking what they wanted. Eventually I hung up. I explained to my friends what had just happened and we had a short conversation about checking in on Foursquare and I speculated that was what had prompted the call.

A few minutes later the manager came by, picked up the phone, and asked if everything was alright. I quickly told him the story – he was pretty perplexed and apologized for bothering us. A few minutes later he came back and said the person was on the phone again asking for me. I once again picked up the phone, this time with a little anxiety, but by the time I got on the line the person was gone.

Brad describes a repeated call and then concludes:

But yesterday’s call spooked me. I didn’t check in for the balance of the day. When I walked out of Japango, I was a little nervous about where I physically was for the first time I can remember while in Boulder. And I had a heightened awareness of my surroundings last night as I walked home.

I haven’t sorted this out yet, but as an early adopter – and a promiscuous one – of location-based checkin – I’m rethinking how I use this stuff and broadcast where I am. I expect this will be a much bigger issue in the future as humans become transmitters of their location (don’t believe me – just go read Daemon and Freedom.)

I guess it’s a good thing that this just happened and caused me to think harder about the implications. One of the reasons I immerse myself in this stuff is to understand the products and services, but also to understand the impact on humans and our society. While it’s easy to think intellectually about privacy, it’s a whole different deal when you have to process the ideas in the context of real issues that you encounter.

Posted in privacy, social commentary | Leave a comment

How to change jobs and careers

Posted on March 4, 2011 by patrick

A while ago I wrote this post about the elusive hunt for “rockstars”

In it I had this table which showed things from the employers perspective:

Good at doing Bad at doing
Like to do “Rockstar” Sweet spot
“future rockstars”
Hate to do Short-timer Stay away

The same table from the employee’s/job-seekers perspective looks like this:

Good at doing Bad at doing
Love to do Rut Growing
Hate to do Pain Suicidal

My general rule of thumb is that every job should be ideally 50% in the “Bad at doing/Love” region. The only thing the other regions are good for is getting you that opportunity to do stuff in the
“Bad at doing/Love” region.

Now what goes in each region?

  • Put all tasks or descriptions that are as fundamental as possible.
  • Ideally, are not job- or position- specific.

For example, your chart may look like this:

Good at doing Bad at doing
Love to do
  • Communicating with people outside company
  • See immediate results
  • Help people
  • Lead a team of 3 people
  • Presentations
Hate to do
  • Repetitive tasks
  • email
  • Detail-orientated tasks

Tailor your resume so that it gets you that learning opportunity that minimizes “Detail-orientated tasks” and leverages your ability with “Repetitive tasks” and “Communicating with people outside company” to get that opportunity to “Lead a team of 3 people”.

Obviously a quick post like this cannot be a detailed career guide, but I have found this quick-and-dirty matrix a good interview tool to help filter out jobs that are not a good match for me.

Notes:

  1. this chart does not apply to self-delusional people who are “bad at doing” but think they are “good at doing” the task.
  2. it is easy to be harsh on yourself so have some perspective about how bad you really are at something.
  3. Ask others to add to the regions
Posted in career, interviewing, management | 1 Comment

Checklist of things to do BEFORE starting your own company

Posted on March 4, 2011 by patrick
  1. Get incorporated as a California C corp ( $800 ). Reasons:
    • Incorporating later can be time consuming/distracting.
    • Procrastination makes for a harder job later.
    • Enables taking any investment directly in the company, rather than as a personal loan. (i.e. company is party to the investment not founder personally )
    • Enables hiring contractors ( consulting agreement is with corporation )
    • Enables financial separation between your personal finances and the company. ( important for IRS and other tax agencies)
    • Enables stock grants when that second co-founder is discovered. ( otherwise all you can do is a ‘handshake deal’ which lawyers love to litigate )
    • IP protection: if someone helps you, enables clear transfer of their IP to the corporation.
    • Succession: If someone bails how does their ownership get transferred.
    • Easier to handle non-equal ownership.
  2. Get a packet of legal document paperwork together:
    1. Consultant agreement ( both project and long-term )
    2. Adviser agreement
    3. NDA agreements
    4. Partnership agreements ( working with another company – just a basic document so there is something )
    5. Stock Option Plan
    6. Board of Directors Sample Minutes
    7. Corporate Bylaws
  3. Clear up all personal financial issues:
    1. I still have a 401k at last company that I have to do something about!
    2. I hired a certified financial planner — so the stock market would not distract me.
    3. Family issues if in a relationship and/or you have kids. Your family can support, hinder or neither your effort:
      1. Who will handle the day-to-day finances – pay rent, etc.
      2. What can be eliminated now from personal budget
      3. Who picks up the kids?
      4. Date nights and family time so you don’t end up distracted by a failing relationship
      5. When will you walk away from the company? This is important to decide now so that later in the heat of the company work you know when you should step back or end it. You may change the “walk away” criteria but you and your spouse should always know what it is. Very importantly you do not want to end up destitute as a result. Preserve your future.
    4. Financing. Know this in advance because it determines how and what kind of company you start
      • VC-funded: Seems attractive but do you want a VC calling you on a Friday at 6pm giving you grief? Also VCs want homeruns, a steadily growing business (like oh… Walmart) is not interesting to them.
      • Self-funded: You are your own boss but it is your own pocketbook on the line as well.
      • Bank loan: The bank will require that you personally guarantee the loan, but on the other hand they are not on your BoD.
      • Government Grants: ?
    5. Define Success. Know what you want out of starting a business.
      • Money? ($4million)
      • Income? ($130K/year)
      • Knowledge? Maybe the business will fail but you can still regard it as a success because you learned some things that you didn’t have the opportunity before to learn.
Posted in starting a company | Leave a comment

How to do “status meetings” right (aka avoiding “Death-by-Status”)

Posted on March 4, 2011 by patrick

A truism in the start-ups v. “big” company battle is that start-ups have a big advantage because they don’t have to waste time in internal communication. Status meetings are quick and focused; not long-drawn out off-site affairs.

However, many startups ignore the underlying reason and value for status updates and many big companies can easily avoid status meetings with a little bit of effort.

There is a value to status meetings!? What are you nuts?

Nope! Not talking about status meetings – status updates is where it is at.

Status updates can and should be sent by email every day. By everyone. Including the CEO.

For a status update to have value, it must:

  • Be explanatory as to the reasons work was done. If the reason can’t be articulated — why was it done? (“Did X so that Y feature could be turned on in the next release”)
  • Be forward looking. The status update must be usable as a planning document. When will the new feature be completed (in man-hours)
  • Enable bad process to be discovered. Is something impacting all 10 developers 30 minutes/day? Solving that annoyance will save 5 man-hours a week!

The status email should have:

  • successes (include “in progress” work): Brag. Celebrate successes. Explicitly indicate if:
    • work is completed as far as the sender is concerned
    • work is at a good resting point/milestone. Many times a task does not need to be “completed”, because “completed” means completely done as opposed to “major roadblock removed”
    • work still needs to be done on the task.
  • planned work for next work period, with best guess time estimates/completion date. Include next time available (very important for part-time people). Plan out tomorrow today.
  • frustrations arose that caused time to be “wasted” – use this to help spot problems with processes. The sender is NOT asking for help, but rather is calling out process issues.
  • roadblocks that help is needed to solve. The sender must provide enough detail to form an actionable question or request. All details that the sender has discovered about the roadblock must be written. Writing out the problem with all the known information:
    • anyone trying to help does not have to duplicate already done research
    • sometimes leads directly to an “obvious” next step
    • might enable someone else to immediately provide an answer with little to no additional questions.
Posted in management, starting a company, technical | Leave a comment

Party like it’s 1611 aka living credit card and (dollar) bill-free

Posted on February 3, 2011 by patrick

Late last year I found out from a friend that the U.S. Mint is making a strong effort to get the $1 Coin into circulation. For no shipping and handling fees, the U.S. Mint will send to consumers $1 Coins through the $1 Coin Direct program.us mint $1 dollar direct website

So I ordered, A few days later…

For over a month now I have been paying for everything with coin! No bills, no credit cards. The only exceptions have been my transit card and online transactions, including the coin purchase. $100 dinner, all in coin! $180 drug prescription – all in coin! Babysitting? coin!

Instead of carrying a wallet I now carry a money bag! People have asked about the weight. A $1 coin weighs about 8g so a $1000 weighs about 17.6 pounds. $50 dollars weighs about a pound. This must be horrible! Actually, no:

  1. I carry my laptop with me anyhow so an extra pound is not horrible.
  2. It is easy to control spending, carrying the extra weight means I just take exactly what I am willing to spend and no more. Really easy to stay in budget when all you have is coin!

The reactions have been all over the place:

  • “Are these quarters?”
  • “Are they collectables?”
  • “Are they gold?” ( Uncirculated $1 coins are shiny )
  • “What? Fine.” (And then dumps them in the drop safe)
  • “Are they real?”
  • “Do I have to take them to the bank?”
  • “I love them, you are taking Caltrain, right?” (Coffee house)
  • “We don’t pass them out as change.” (Safeway)
  • “Sounds like a good idea but don’t you have to spend time converting them to bills?” (Safeway manager – apparently the idea of using money as money is a new concept)
  • “I am going to give them to my wife” (A waiter who bought up the $100 in $1 coins that we paid for dinner with)
  • “My company gives them out as a sign of good luck during the New Years.”
  • “I am going to give these to my kids in the Christmas stockings”

Clearly, the Mint has a ways to go in the educational department, if cashiers are uncertain if the $1 coin is even money!

This program is a great deal for consumers. This is a cash advance through the U.S. government! WTF? Yeap! Lets look at a “traditional” cash advance:

  1. Go to bank
  2. Present credit card
  3. Ask for $1000 in cash.
  4. Get $1000 in cash
  5. Pay credit card bill of $1000 + super cash advance high rate of interest (25%).

Now a U.S. Mint cash advance:

  1. Go to U.S. Mint website.
  2. Enter Credit card information
  3. Ask for $1000 in coin
  4. Get $1000 in coin (5-7 days later)
  5. Pay credit card bill of $1000 + low purchase interest rate ( 0% if you pay in full )
  6. Get cash back from credit card company for “purchase”

This is also a great deal for the U.S. Government as well:

The intended purpose of the Circulating $1 Coin Direct Ship program is to make $1 coins readily available to the public, at no additional cost, so they can be easily introduced into circulation—particularly by using them for retail transactions, vending, and mass transit. Increased circulation of $1 coins saves the Nation money. The immediate bank deposit of $1 coins ordered through this program does not result in their introduction into circulation and, therefore, does not comply with the intended purpose of the program.

According to the Bureau of Printing and Engraving, $1 bills last only 42 months in circulation:

Denomination Life Span (months)
$ 1 42 months
$ 5 16 months
$ 10 18 months
$ 20 24 months
$ 50 55 months
$100 89 months

A $1 coin will last 25 years, 7 times longer than a $1 bill. This lifespan difference would mean that replacing the $1 bill with the $1 coin would save the U.S. government $500 million, however:

The Government Accountability Office’s (GAO) stated potential [ANNUAL] savings of up to $500 million in a report issued in September 2002, which was calculated on the premise that the U.S. government cease production of the paper dollar bill. However, the Native American $1 Coin Act of 1997 and the Presidential $1 Coin Act of 2005, which authorize both the Native American $1 Coin and the Presidential $1 Coin, do not call for the elimination of the paper dollar which is produced by the Bureau of Engraving and Printing. Consequently, dollar coins and dollar notes co-circulate in the marketplace.

(Update: ANNUAL was confirmed with a tweet from us mint)

Unfortunately, Safeway is not helping. My local Safeway is just sending the $1 coin back to the bank. This is my letter to them.

The US Mint is trying to increase the circulation of the $1 Coin through the $1 Coin Direct program. ( http://catalog.usmint.gov/webapp/wcs/stores/servlet/CategoryDisplay?langId=-1&storeId=10001&catalogId=10001&identifier=8100 )

On this page, the U.S. Mint states:
“The intended purpose of the Circulating $1 Coin Direct Ship program is to make $1 coins readily available to the public, at no additional cost, so they can be easily introduced into circulation—particularly by using them for retail transactions, vending, and mass transit. Increased circulation of $1 coins saves the Nation money.” ($500 million according to https://answers.usmint.gov/app/answers/detail/a_id/164 )

I have spent numerous $1 coins at my local Safeway and other retailers. However, I recently discovered that my local Safeway is taking the $1 Coin OUT OF CIRCULATION by continuously not using the $1 Coin for change. I urge Safeway to change this policy. I furthermore urge that the automatic change dispenser be altered so as to issue $1 coins in addition to the quarters, dimes, nickels and pennies.

Please help save our government money and use the $1 coin as currency!

One final note, do NOT help out the U.S. Mint by destroying $1 bills, it looks to be illegal (18 U.S.C. § 333 : US Code – Section 333: Mutilation of national bank obligations):

Whoever mutilates, cuts, defaces, disfigures, or perforates, or
unites or cements together, or does any other thing to any bank
bill, draft, note, or other evidence of debt issued by any national
banking association, or Federal Reserve bank, or the Federal
Reserve System, with intent to render such bank bill, draft, note,
or other evidence of debt unfit to be reissued, shall be fined
under this title or imprisoned not more than six months, or both.

Posted in political, random silliness, rants | Leave a comment

Internet businesses should pay sales tax

Posted on January 30, 2011 by patrick

Update (15 April 2011) : O.k. boy did I miss the boat on this one.

As as been pointed out in a series of comments on techcrunch ( I would post the link to the techcrunch post except with facebook comments I can’t use google to find the comment thread any more),

  1. No business pays sales tax for the goods they sell, businesses just collect sales on behalf of the taxing agencies.
  2. Services such as taxcloud make compliance trivial with a in-the-cloud API service
  3. States are working to stream line the definitions of what is subject to sales tax, so compliance is further simplified.
  4. Internet companies are not being asked to pay taxes to states and local governments that they don’t use.
  5. Internet companies are being asked to collect sales tax from the consumer who does use the state and local government services.

Therefore sales taxes ARE being paid by the beneficiary of the person/company being taxed – the person recieving the goods is the person paying the tax. Amazon’s refusal to collect a tax that Amazon is not actually paying is now even more galling. Amazon suffers no financial impact except to connect with a service such as taxcloud, adding the sales tax to the purchase and then sending the tax collected quarterly to each of the 50 states. So a company the size of Amazon is whining about 200 extra checks a year having to be sent? Get over it, Amazon and collect the tax already! Or is Amazon’s business model so fragile that it can’t take the hit?

Original post in which I fall into the trap of thinking that Internet businesses are paying sales tax:

Once again Internet VC’s just don’t get the real world. Brad Feld is of that “illustrious crowd” with his latest post

(Update: Sometime I need to take a breath before I post antagonistic sentences like the above, especially since I do not know Brad. In my defense, I have dealt with a long list of technophiles that think the solution to every problem involves more technology. These same technophiles don’t spend time to understand the needs of people who are tech-indifferent. But since I don’t know Brad personally, I can’t say that for certain about Brad. However, Brad’s statements that I quote below lead me to believe he is a technophile who does not understand technophobes or techno-indifferents.)

it’s just evidence that organizations like Downtown Boulder, Inc. don’t really understand the actual business economics of having a vibrant entrepreneurial community in their downtown.

This is an interesting statement about an organization that existed for businesses before the internet. Suddenly, Downtown Boulder, Inc. “doesn’t understand business and entrepreneurial communities”? How incredibly egotistical! Has Brad ever tried to understand a business in Boulder? Has he even run (or worked in) a brick and mortar store? Rather than try to understand the businesses in his own community – Brad feels like he is privileged to lecture them?

I would be willing to bet that Brad enjoys the Boulder community and downtown created by Downtown Boulder, Inc. Brad is in Boulder because of their work, not the other way around.

Lets look at some of the events listed on the DBI website:

  • Winter Sidewalk Sale
  • Fashion Under The Flatirons
  • Tulip Fairy & Elf Parade
  • Taste of Pearl
  • Bands on the Bricks
  • Noon Tunes
  • Open Arts Fest
  • Fall Festival
  • Munchkin Masquerade
  • Switch on the Holidays
  • St. Nick on the Bricks
  • Lights of December Parade

Under, First Fridays, this organization is clearly giving back to the community:

Boulder Creative Media-Plex – 1906 13th Street Suite 101 (downstairs)
1/2 block off the Pearl Street Mall

First Friday January 7th, 6 – 9pm: Art for the People – The art of ZMA, The Art of Sexy

Boulder Community Media (BCM) is a Colorado based 501(c)(3) organization dedicated to democratizing media and making it accessible to all. BCM provides artists of all ilks opportunities for the community to see their work.
BCM provides the Boulder Creative Media-Plex as a 5,000 sq ft venue in downtown Boulder for digital and visual artists to convene and collaborate.

Where is Foundry mentioned? So Brad bitches about the Downtown Boulder, Inc. but yet, DBI is creating a community and Brad Feld is contributing ….nothing…..

Why should DBI listen to him? Brad contributes nothing and offers little.
Pop quiz: Did the great Boulder downtown attract Brad or did Brad create the great downtown?

Continuing Brad Feld’s self-imposed victimhood,
Brad doesn’t bother to understand taxes

There is no basis for amazon paying state sales tax as they don’t use
any state or local resources! Presumably thats what the sales tax is
for, not to protect local merchants.

Excuse me?????

Brad, here is a partial list of local resources that Amazon directly BENEFITS from:

Amazon (and all other internet based stores) do use and depend on local resources to be able to sell:

  1. The highways and airports used to deliver the goods ( contrary to popular myth, gas taxes only pay 51% of the road system cost). Poor roads increase deliver cost and decrease both reliability and timeliness.
  2. Police protection: (paid for in part by sales tax!)
    1. Amazon is getting the benefit of police protection of the shipment. Quite simply, Amazon can ship something and have reasonable certainty that the package will in fact arrive.
    2. If the package is stolen enroute, Amazon gets the benefit the Colorado legal authorities will investigate the robbery.
    3. If Amazon shipment is robbed, the Colorado prosecutors will actually pursue an arrest and conviction.
    4. Fraud protection and prosecution
  3. Fire protection
    1. The distribution warehouse used by Amazon shippers meets fire code regulations. ( local Colorado tax dollars at work. )
    2. If there is any sort of fire, the local fire department will be available to put the fire out. ( no tax dollars, no firemen )
  4. a reliable electrical infrastructure
    1. its hard to for customers to connect to the Amazon website if the power keeps dropping out.
    2. electricity is produced in power plants which require their own fire/police protection
    3. power plants produce pollution. Or maybe Brad would like some dirty brown clouds (Colorado gets most of its power from coal-fired plants)
  5. garbage /recycling systems used to process the packaging waste products
  6. the e-waste problem from the batteries and printed circuit boards.
  7. the brake dust and smog generated by the UPS delivery trucks

Take any of these benefits away and Amazon’s business falls apart.

Some basic rebuttals to some counter-arguments:

  • The shipping company (UPS/DHL) pays taxes “on behalf of the shippers” and therefore Amazon shouldn’t have to:
    1. This argument moves the goal posts. The question is does Amazon derive any benefit from the local services and resources. Any taxes UPS pays is irrelevant to the question of Amazon’s benefiting from the local Colorado taxes.
    2. The shipper does not care too much about fraud. Amazon shipping something to a Colorado business or resident and then not getting paid is not UPS’s problem. The package was delivered, UPS expects to be paid.
  • Amazon only uses services that would be already supplied. This relies on the “single drop of beer” argument. ( A guy goes into a bar and asks the price a drop of beer. Bartender: ‘free’. Man: please fill my mug with drops of beer.) The reality is the individual effect may be small but everyone needs to contribute to the commons otherwise we have the Tragedy of the Commons
  • Amazon should only pay for an (itemized list) of local services that it directly uses. Really? Quick.. list every government service that you and your family use…. Did you remember:
    • Police
    • Fire
    • County Weights and Measures – the people who make sure that a gallon of gas is not 7/8 of a gallon
    • Water and Sewer – or do you prefer outhouses
    • Planning departments – or maybe it is o.k. if the house next door is replaced with a 30-story office building?
    • Parks and Recreation
    • Public Schools – yes I am sure your kids go to the best private school. If it helps to think of public schools as a place to store other peoples kids so they are not robbing your house, feel free to.
    • Courts
    • Prisons
    • Highway department
    • Search and Rescue

How about if the internet companies stop feeling so entitled and started contributing?

Posted in political, rants, social commentary | 5 Comments

How to do a redirect after POST

Posted on January 25, 2011 by patrick

Continuing an StackOverflow answer:

Its a little non-obvious but:

  1. create a keyed-object in the user session.
  2. the value is a Request + java Future for the result
  3. return immediately with a client-side redirect.
  4. while the client-side redirect is being handled, have a worker thread work on producing the answer.

By the time the client browser completes the redirect, getting the new page’s images, etc… the results are waiting for the user.

The alternative is to make the user painfully aware of how long the database is taking.

*Security Update (2011 Jan 24 ) :*

The key is vulnerable to attack since it is part of the response to the client, so

  1. Generate a random key
  2. Use user’s session id as a salt to create a SHA-1
  3. Store both the random key and the SHA-1 in the database with (, ) as the primary key. (no separate indexing on just the RANDOMKEY.)
  4. Use both RANDOMKEY and the SHA-1 as the db lookup.
  5. Do not store the Session Id (avoid privacy issues with being able to corollate many entries to the same user)
  6. Expire the results after 2-3 days. ( Allows a daily batch job to do the clean up and avoids creating problems for user sessions that are semi-long lasting )

This method requires any hacker to know both the session id and the random key.

This approach may seem overkill, but a redirect-hardened mechanism can be used for situations like password resets.

A purely random result key is highly problematic because of the high (and untested) impact of any collisions. I pick so strongly on this point because:

  1. the developer is lulled into complacency about the actual collision rate
  2. the impact of a collisions is unknown and probably untested
  3. when/if a problem shows up:
    1. it will be in production
    2. the problem will be intermittent
    3. difficult to reproduce
    4. be disguised as another issue
    5. possibly cause data corruption
    6. possibly result in private user data being exposed
    7. difficult to retroactively correct.
Posted in code review, technical | Leave a comment