I wish I could remember where I got these. I’m pretty sure it was a markov chain, trained on common idioms and placed on someone’s website, likely linked to from an IRC I was in, or on hacker news, and I think I just refreshed it over and over and kept the ones that stood out? But it’s also possible that someone wrote these exact things, and compiled them into this specific list intentionally… I searched a few on google though, and found no results!

So while I can take no credit for their brilliance, these have been in a text file on my computer since about February 2017 — time to set them free:

“A bad workman is king.”
“Practice is the best medicine.”
“Every cloud costs lives.”
“Pride doesn’t grow on trees.”
“A chain never strikes twice.”
“Doubt is the sweetest fruit.”
“A golden key is no use.”
“Live for today, for tomorrow never strikes twice.”
“Half a loaf washes the other.”
“Half a loaf must be endured.”
“Fools and horses are all that cost lives.”
“Beauty abhors a vacuum.”
“Honesty corrupts absolutely.”
“Two is company, but three makes strange bedfellows.”
“Talk makes the most noise.”
“Crime dies young.”
“Those who don’t learn from history never forget.”
“The pen is always right.”
“Speak of the devil and he gets monkeys.”
“An empty barrel happens.”
“Lightning makes lemonade.”
“Those who can, do; those who can’t, must be endured.”
“Power corrupts; absolute power will never hurt me.”
“Hindsight is always greener on the other side.”
“Failing to plan wins.”
“When the going gets tough, the tough are golden.”
“The love of money is hot.”
“A little knowledge wasn’t built in a day.”
“Two heads are the best form of defence.”
“Give a man enough rope and he doesn’t fall far from the tree.”
“Money is king.”
“Great minds are the bottom line.”
“If you pay peanuts, you are cheap.”
“Every dog may look at a king.”
“A free lunch is next to godliness.”
“Tuesday’s child is just a bowl of cherries.”
“Lightning is nine-tenths of the law.”

Google’s “Verify it’s You” pattern is dangerous

Years ago, Google introduced “Verify It’s You”, basically just a prompt to log back in after session expiry, and it has always irked me: it trains users to see an otherwise unidentified tab with a generic google login form, and enter their credentials by rote.

Google, could you please verify it’s you?

There should be some better sign on this page that it was actually recently signed into my account, in part so that I can investigate and know for sure I’m not being conned by some clever phisher, but more importantly so users at large are not generally predisposed to blindly entering some of our most important credentials to nondescript forms. They don’t even retain the favicon of the app you were on! It’s just a generic google favicon.

If this were a small shop, a random business, heck, even a bank, this behaviour might be fine. You tend to know where your bank tab is. But most days, I end up logged into 2+ google accounts with a motley assortment of gmail, drive, meet, youtube, and calendar tabs scattered around. Was this random tab the one I opened a calendar invite in and forgot to close? Well, I’ll just enter my password to see…

I wonder, how many attackers are there out there exploiting it?

Planning Poker is a Finger Pointing at the Moon

And boy, do people hate planning poker.

It comes up all the time with friends and coworkers. When talking about life as a dev, work processes, management, or the industry as a whole, eventually someone mentions work-costing, and people hate points being assigned to work they have to do.

Planning poker is one common name for the act of a group choosing those point values for future work, to determine the time and the effort the group believes will be required to perform the work.

And people have legit issues with it: the method their team follows, its accuracy in finding costs, how frequently it’s done, the way the points get used, and the reasons they have to do it. But most concerns are targeted at the ineffectiveness of costing, which misses the true, hidden point of the task — and you can’t blame them for missing it! They see the finger, not the moon.

Buddha’s no moon

The finger and the moon are an old zen metaphor: those who seek the moon and find people pointing fingers to the sky shouldn’t mistake the fingers for the thing they seek. They shouldn’t mistake a temple, or an idol, for the end result of the teaching. The finger is just a thing that helps them get to the thing.

Planning poker is often discussed as a way to determine the cost of work, and that’s how it’s sold. Many companies only bother to do it because certain strata of management want to know what things cost and when they’ll be finished. Planning poker puts numbers to work, so why not use it? Some people want to use the costs it produces to forecast future project timelines, while others want to measure their teams’ (or, frightfully, individuals’) relative productivity by their completion of certain numbers of points in given time periods. But planning poker isn’t really good for or about any of that — it’s just a finger, pointing at the moon.

The moon here is all the parts of your work that you don’t even know exist until you’re working through the middle of them. It’s all the hidden costs that an optimistic Product Owner would never consider. You can’t have one person sit on their own in a room and just see all these things, so what can you do?

You can build a temple with a finger in it pointing at the moon, i.e. a process that naturally leads to the discovery of these unknowns. That’s planning poker.

Planning Poker is not itself a Heavenly Body

Planning poker has many variations, but it’s typically done by having cards in roughly fibonacci number increments from about 1 to 33, which every member of a small development team has a copy of while attending the session. A story or task to be costed is selected — it may have a prior general assessment as “large”, “medium”, etc. from an initial triage lookover, and after some discussion of the task, everyone privately chooses a card with a cost from their own set. They all reveal simultaneously to avoid a big group-think in first selection.

On any appreciably complex story, at this stage you will find a cost disparity between team members. Someone who is junior might think something they don’t understand is more or less expensive than makes sense to the rest of the team. Someone who is feeling pessimistic that day might put in a high cost, or vice versa with an optimist, or just someone who knows more or less about the problem space. Now that the cards are down, the discussion begins — the finger has pointed.

“Junior Dev Danny, why do you think this story will take 3 points?”, quoth the scrum master.

Danny now has to fumble around and rationalise their cost. They might have good reasons, and they might not. Everyone sitting in the room listens, and other members of the team can agree or disagree and give their own reasons. You do this a few times with the outlier costs, write down the most legitimate concerns and new stuff that fell out in the process, and what you’ll find is this:

  1. Your cost will average toward a meaningless number.
  2. You ended up with a far better description of the task.
  3. Everyone on the team better understands the work to be done.

If you asked everyone to just improve the description, or just read through all of the tasks? Especially without the meeting? You would end up with shit. No one cares enough to read closely over all of the tasks. People hate that stuff and it would be culled from your process simply by never happening.

But if you get everyone in a room and ask them to assign point values for the sake of finding out the cost to the business? Well, you still end up with shit on that front. No one cares enough to do a great job by themselves, if it’s even possible, and people hate this stuff and want to remove it from the process because they feel it’s a waste of time, even as they make use of the way better descriptions and feel good knowing what the whole team is working on. As a byproduct of the process and its shit, we all get to see the moon.


There are some caveats here. Being evaluated in any way by the points output gives a lot of awful incentives to game them, even subconsciously, which leads away from good discussion. Also, doing punishing amounts of discussion over small bits of work builds enough process-hate to get people to check out and stop even listening, which also leads away from good discussion. And trying to evaluate work that is too remote (e.g. if you’re on a team that is too large, or is handling many totally unrelated projects, or is trying to work 6 months into the future rather than on stories for the next few weeks/month) will let people zone right out during the process.

For these discussions to happen you need a right-sized, reasonably focused team that’s only having the meetings they need to have, and they have to be able to talk without fear of being penalised for wrongness. This is sadly a tall order for some places!

So whatever you do with the numbers that come out of planning poker, please don’t measure your team by them in any sort of performance-review capacity, and though they’re better than nothing at all, please don’t trust the numbers to tell you the exact launch date.

But keep doing the estimation!

Keep watching the skies

It gives a key time to teach junior developers about your systems. It gives product, design, and QA people more confidence and context in the work being done. It gets everyone on the team invested in every task. And it uncovers a huge amount of work that you otherwise wouldn’t see until you were standing in the middle of it! This lets you adjust course before you have momentum built, while you’re less invested in work you’ve already done, which may even have been the wrong work to do in the first place if you’d only sat down and talked it through as a team.

These things are absolutely key to producing good software in a reasonable period of time and making life less miserable for everyone. It has saved teams I’ve been on so much hassle, so many times. We found the moon.

Planning poker absolutely helps us all to find it, even though it mostly sucks at accurate cost estimation, and people can grossly misuse the numbers it produces.

searching for special chars in vim and setting aliases in windows cmd

Vim Spells

This morning I was looking over the old reading list and noticed that A Night in the Lonesome October had some strange characters floating around, which I wanted to delete. I felt that deleting them all using vim’s search/delete seemed like a good plan, but I couldn’t recall a way to copy the line containing the special character from the text buffer over into the command-mode search/replace/delete string. I wanted to do it without using my mouse or shell, and knew there must be a way — ahoy, to the internet!

This stackoverflow question had exactly what I needed in one answer, and then a great improvement right after. The initial solution is to yank into a letter-named register using "ayw (" = specify that a register name follows, a = overwrite the ‘a‘ register, y = yank, w = a word, so all together that command says “yank a word into register a” — you could also use, say, "ayy to yank a line, etc), and then to use CTRL-R followed by the register (in this case, a) to paste from the register straight into a command-mode string. The followup that improves this in general use is to avoid named registers and use the implicitly-filled ‘0‘ register, so you can just, say, yw as normal to yank a word, and then use CTRL-R 0 to pull from the 0 register which got filled implicitly by the yank command.

I also didn’t quite remember what the command-mode string to delete a line matching a pattern was. I tried :%d/search term/ first, but I only got trailing-characters-errors as a result, so I turned back to the internet. Google quickly turned up this vim wikia tip that it’s %g/search term/d. %g to globally search and execute a command on matching lines, and /d to specify delete as the command to be issued.

I haven’t ever really used registers in vim, so this is one more of those thousand steps up the mountain in my ongoing (decade-plus-long) vim user story. These are such arcane tools, but at least when you get them to do the work you want, it does still feel like wizardry. With luck, I’ll remember these pieces a bit better next time and cut Google out of the loop. 😀

Windows CMD Aliases

In a mildly different zone of computer use, I was missing a few of my common command-line aliases in the windows shell, cmd. I tend to use ‘s‘ for git status, ‘d‘ for git diff to see the unstaged changes, and ‘c‘ for git diff --cached to see what’s staged to commit. I have some simple alias commands in most of my unix home dirs, but recalled windows being a bit stubborn here last I looked.

Thankfully, the god-emperor of the internet Google quickly served up this fine stackoverflow, which listed a few interesting options:

  1. doskeys in an alias.cmd that gets loaded via the shell shortcut with /K
  2. doskeys in an alias.cmd that gets loaded via a registry key
  3. .bat files in an aliases folder that you add to your PATH.

These are all pretty cool ideas! I was only vaguely aware of doskeys before reading this post, so that’s a keeper at the least.

After some thought, I opted for the registry editing route — here’s why: I use at least 2 shortcuts to open cmd, and I don’t want to have to modify the launch string in both. Moreover, I definitely don’t want the potential to forget to modify one or to end up with different launch strings in different places, so the shortcut-editing answer didn’t fit my needs. The .bat-files-in-a-dir solution is aimed at reducing the computer-load of repeatedly loading all your aliases, and I only have 3 simple ones to add for now. On top of that, a .bat for each of them seems like overkill.

Over 1 Billion Yaks Shaved

All of this is, as usual, procrastination. I’m in Paris for a few weeks and taking a few grey morning hours ostensibly to look at making start on a javascript clone of Into the Breach that fuses in some more Advance Wars-esque ideas (resources, construction, territory, different map sizes) and I need to a) break that problem up a bunch, which is hard, and b) sanely upstream all of my tetris (playable link) work on creek into creek itself before I go spawning new projects like baby spiders in the wind.

Those are daunting tasks. So instead of working on them, I chose to give the world yet another blogpost with a few links deep into the stackoverflow hivemind.

I also noticed that viewing individual blogposts seems to have grown some content-type issues after the migration I did a few weeks back, so I might have to fix that before I do anything else. The procrastination show must go on!

update: fixed! Configuring nginx for wordpress just took me a lot of reading and trial and error. 😀

Hello from Hong Kong!

I’ve just migrated hosts and this blog is now running on a different operating system, web server, php version, and database version, and all of its content got pooped out into a file and slurped back up in between, so I need to make a post to test that things are actually working.

So far so good! By the way, I’ve been travelling for the last few months and am presently in Hong Kong. I’m leaving tonight to go to France, and will likely head home in the next month or so via a few other euro-countries. So far I’ve been through some limited spots in England, Iceland, Germany, Greece, Singapore, Indonesia (Bali), and China (Shenzhen). Lots of amazing things to see, but it’s been just about enough whirling of the winds!

In other wyatt-tech-news, I’ve been working on a tetris clone on and off while travelling, which you can play with here if you’re so inclined.