TV Man: My Favorite Weird News Story (Art Project?) of the Year

The Funniest Thing I’ve Ever Seen From Congress

Possibly the first time I feel like I’ve truly gotten my tax dollar’s worth in pure entertainment:

Not only is this just an amazingly funny takedown of a breathtakingly stupid piece of proposed legislation–but it also introduced me to what is apparently a whole line of quite–umm–striking work from artist Jason Heuser, whose modern-day masterworks include:

George Washington wielding a mini-gun!
Bill Clinton, Lady-Killer!
Teddy Roosevelt Taking Down Bigfoot!
And George W. Bush with Twin Revolvers, Riding a Shark!

And here, of course, is the patriotic image which started it all:

Ronald Reagan, Riding a Velociraptor, firing a machine-gun, with a rocket launcher on his back.

Check out Jason’s Etsy store here:

Breaking HTTPPostAsync When Debugging in IIS Express, or “Wasting 5 Hours in Programming’s Version of a Really Crummy Escape Room”

It’s 3 AM, the day after Daylight Savings Time threw everyone’s internal sleep clocks into absolute chaos. (I say “chaos” based on both my own personal feelings, as well as the flood of fire service calls we’ve had today, including an overdose, a suicide attempt, and numerous other ways that our local residents have signaled their general lack of fervor at the idea of getting up tomorrow).

Worse yet, had it not been for the time change, I could have started this blog post with “It’s 2 AM, and the fear is gone” — and my opening would have been much cooler. Now I’m blaming Daylight Savings Time for writer’s block too. Way to go, DST.

But nevertheless, here I am, writing a pretty darned geeky blog with the hopes that some poor schmoe might stumble upon it in a session of mad Googling and save themselves some of the five hours I’ve just blown on one of the more painful programming pitfalls I’ve managed to stumble into in recent memory.

As part of a general modernization of ComicBase’s web APIs, we’re testing out a new set of calls to our servers which locate all the items you’ve sold on Atomic Avenue and let you deduct them from your inventory–as well as (minor spoilers here) finding all the comics you’ve scanned with the app while you’re out in the real world and which you now want to add to your desktop database.

Since it’s incredibly helpful to be able to watch the action on both the client and the server side of things when you’re doing work like this (and since it’s considered presumptuous for the programmer to set breakpoints on the production server which would stop the site cold), I’ve been working with a local copy of the ComicBase.com and AtomicAvenue.com sites, running under a development version of the web server software called “IIS Express” . Things had been going well, and I was watching the program carefully validate the user’s credentials, look up their databases, get the right data and post it back to the user–all the while checking for all the jillions of things that could go wrong in terms of bad passwords, invalid user accounts, lost network connections, and just about any other simulated problem you can imagine–trying to make sure we handled them all as gracefully as possible.

It’d been a long weekend on this project, but as I say down around 10 to finish things up, I was feeling pretty good about my chances to knock off early, grab a beer, and maybe even check out that crazy Polish cyberpunk video game I’d started a while back (Observer). All I really had to do was step through the different cases in the debugger, make sure they were being handled right, then remove the breakpoints and watch the whole thing run at speed to get a sense for how the system would feel in real use.

Everything was going well, but as I started tidying up and removing my breakpoints, breakpoints, suddenly I started getting bad data back from the web requests which were rock solid mere moments earlier.

So I put the breakpoints back and started single-stepping through them, puzzled all the server calls came back exactly as expected–only to give 404 errors moments later when I let them run at speed.

That’s when the night started to blur into one long slog which resembled nothing so much as an escape room whose puzzles had been planned by a madman. I’d check the code, it would behave. I’d set a breakpoint for a couple of lines after the call completed, and it’d work. But if there was ever a case where two web calls in a row fired off, the second one would always fail.

“OK”, I thought… It’s probably some sort of thread issue, which seemed all the more plausible that any call that I waited even a couple of seconds on before proceeding to in the debugger would run normally. Unfortunately, chasing down problems like this–whether they’re thread deadlocks or inadvertent calls to non thread-safe libraries–are a royal pain in the tucchus to track down.

The hours went by as I double-checked that all my async calls were properly awaited, that I hadn’t accidentally blocked them by calling “.result” at the end of any methods, and so on and so on with all manner of obscure programming lore. This was followed by endless googling on StackOverflow to see if anyone else had a similar problem or could suggest answers.

I tried removing the asynchronous calls; I tried marking all the relevant async calls with ConfigureAwait (False) to help them keep their context straight; I even tried rewriting all the HTTPClient calls in the old-style WebClient mode which allowed me to get rid of the mere idea of anything being asynchronous at all. Sure it’d mess up system performance and make the app seem slower to users, but as the clock edged past 2 AM and all the Fiddler packet traces in the world showed nothing useful, I was willing to try darn near anything to make some progress.

But even rewriting the whole set of web calls to be fully synchronous using the ancient WebClient routines was getting me nowhere. They ran great in the debugger, but immediately returned 404 errors when run without breakpoints set. What the living heck was going on?

So then–as much to make my Fiddler traces make more sense if I had to post the whole thing up on StackOverflow in the hopes that someone smarter than me could figure it out, I decided to move the new routines up to our production server and get a trace of them running there.

And they worked.

Perfectly.

With no debug points set.

Over the next several minutes, many curses were muttered as I leaned on the Ctrl-Z (Undo) key and watched the last several hours of my typing undone, block by block, until I was basically back where I was when I sat down to work tonight. The only real difference was that the code I was using to call the routines was pointing to the real server, running the real version of IIS instead of the IIS Express running on my development system.

And the whole darn thing was working right.

Sooo… what did we learn here? Well, there’s apparently a strange glitch in the behavior of the various web pieces of the Microsoft web client framework which keeps repeated calls to those routines from resolving properly when used on a Microsoft Visual Studio 2017 session on IIS Express. Basically, if you’re going to use the local server to debug, something may not resolve quite as fast as it should when it comes to the web calls, and if your calls start stacking up, you might want to try either slowing down your debugging, or moving some of the critical pieces to their final homes and testing there before you give up.

I also learned a lot of ways not to solve this problem, which has its own sort of value to programmers. And I would up learning about 4 entirely different techniques for making web post calls–all of which blew up in exactly the same way when run at speed on the development system. In a way, that’s what made me suspect that the problem may not have been purely code-related at all.

I also learned that I truly detest Daylight Savings Time. And now at 3:55 am, I am absolutely going to bed.

Aww! My first bomb threat–Spammers are soooo cute!

From my email yesterday:

From: Riley Mitchell <Marcel@virtualfirefox.com>
Sent: Thursday, December 13, 2018 11:59 AM
To: sales@comicbase.com
Subject: Rescue service will complicate the situation

Hello.  My recruited person carried a bomb (Hexogen) into the building where your business is located. My man assembled the bomb according to my instructions. It  is small and it is hidden very carefully, it can not damage the building structure, but in case of its explosion there will be many wounded people.

My man is watching the situation around the building. Ifany strange behavior, panic or policeman is noticed the bomb will be exploded.

I can call off my recruited person if you make a transfer. 20’000 usd is the price for your life. Pay it to me in BTC and I guarantee that I will withdraw my recruited person and the device will not detonate. But do not try to cheat- my guarantee will become valid only after 3 confirmations in blockchain.

My payment details (btc address)-1CF9VQhwjJutPxwVq5QLFA7j7baq4RDb3w

You must pay me by the end of the workday. If the workday is over and people start leaving the building the device will detonate.

This is just a business, if you don’t transfer me the bitcoin and the bomb explodes, next time other commercial enterprises will send me more bitcoins, because it is not an isolated incident.

To stay anonimous I will no longer enter this email account. I check my  wallet every 25 min and if I see the money I will order my man to get away.

If an explosion occurred and the authorities read this letter: We arent the terrorist society and dont assume any  liability for acts of terrorism in other places.

Standing strong with heroic resolve in the face of this terrifying threat, I refused to negotiate with this international criminal mastermind. It was a tough decision, but these are the times where it’s critical to show these thugs what Americans are made of. 

I’m sure you’ll all be relieved to know that the building (my house) still stands, although frighteningly, we did lose Bob the Minion, one of our beloved inflatable Christmas decorations, whose lifeless body was found in the center of our lawn this morning.

I’m sure many in the sleeping outer world must think Bob’s death was a mere blower malfunction of a four year old $30 Christmas decoration. But we can now reveal that his demise was almost certainly an orchestrated hit job to let us know that These Men Were Serious.

But even as we mourn the loss of Bob–a faithful employee whose warmth and goofy appearance always brought a smile to all who knew him–we owe it to his memory to remain steadfast, and to never give in to shadowy forces such as these which would terrorize innocents in search of financial gain.

The Surveillance State of the Web (And A Better Alternative to Chrome?)

surveillance-1-fotoliaI don’t know about the rest of you, but I’m getting increasingly creeped out by the constant surveillance that we’re all under, particularly in the Google/FaceBook environment. To summarize but a few of the highlights:

  • Your physical movements are being constantly noted and aggregated via your phone’s GPS and location services–even when you seemingly opt out of those services.
  • Even if you’re not logged in to Google or FaceBook (or Amazon, or Microsoft), the tech giants are actively tracking your movements around the web by the use of omnipresent ad tracking cookies which their ad networks serve up on almost any major site you visit.
  • Every time you sign in to a site using social sign-on (that “Log in with FaceBook” or “Log in with Google” code that so many sites–and yes, even ComicBase and Atomic Avenue–use to allow you to avoid adding yet another password to your no-doubt huge list) your login is noted on FaceBook or Google’s servers–and the IP and tracking cookie information allows them to know that you’re the same person who visited any site where one of their ads appears–and now that formerly anonymous site usage is tied to a verifiable identity.
  • Everything you say within range of your Smart TV or Alexa speaker can be recorded and saved on their servers when they’re activated.
  • Every search you type in a search engine or browser is recorded, logged, and aggregated–along with your IP and device information.
  • Every time you call out “Hey Google” or trigger Siri, Cortana, or Bixby, your voice and search are recorded and stored.

And as if this wasn’t enough to complete the panopticon of your life, Google Chrome, the dominant web browser in the world today, recently released a change which automatically logs you in to help “sync” your information between devices.  Of course, keeping all your bookmarks current is the visible benefit to you–but firmly establishing your identity and correlating everything you do while using a web browser or mobile device is the true benefit to Google.

Unless you’re a noted crime figure, it’s likely you’ve never been under anything like the level of surveillance that you’re under today, courtesy of our web browsers and our smartphones. Note also that it’s enormously difficult to escape any of it, even using tools like VPNs, since there are so many redundant mechanisms and tripwires scattered around the web–all with the common mission of aggregating who you are, where you are, and recording as much of what you do and where you go as possible.

And it’s worth noting that all this is just the stuff that we personally signed up for by installing our various tech gadgets and apps, and by clicking through the “Agree” buttons on all those end-user licenses we never read. At the same time, actual law enforcement (and even private companies) are participating on a more global scale to monitor our every movement using everything from both fixed and roaming license-plate scanners and facial recognition, easy-pass toll devices, car GPS transponders, and wholesale processing of entire networks of internet and cellular data — no search warrants required, so long as a particular individual isn’t being targeted. All the information just sits there until it’s needed, which ever-cheaper storage ensures can be a long time indeed.

A Few Countermeasures

To start at the end: I don’t believe there’s a practical way to keep any real sort of privacy in today’s world, but there’s much you can do to at least staunch the river of information you’re constantly sending to the tech companies. Call it pure cussedness on my own part, but even if the battle to escape a surveillance state is a losing one, I see no reason to staff up my own Stasi command post with the personal mission of spying on myself.

It’s been months since I uninstalled the constantly-snooping FaceBook app from my mobile devices, and try to make sure I “log out” whenever I (more and more rarely) visit the FaceBook web site. But this is merely Orwell’s equivalent of blocking the hidden camera in the television when Big Brother has dozens of other listening devices hidden around your house, as well as thousands dangling from street lamps.

Also, do yourself a favor and take a trip over to the Google Privacy Settings and FaceBook Privacy Settings–particularly the deeper “Profile” and “History” sections. After you get over the shock of seeing that both sites can meticulously trace that road trip you took in 2015 down to pictures of the lunch you had at that out-of-the-way cafe, do yourself a favor and delete it all, and turn off as much of the tracking as you can. Then come back every month or so and do it all over again, as you’ll discover that any number of things you did–as simple as putting in a direction request in Google Maps, or buying concert tickets to a show–will continue to add new information to your personal dossier. I’d personally never assume that anything deleted is gone forever–backups often exist, after all–but it’s a start.

Log out of Google, Bing, and other search engines whenever possible, and turn off their “sync” options. Yes, it’s less convenient to check your favorite news sites this way, but remember that–as currently implemented–anything you sync, like your web history–is also synched to Google’s servers.

(And speaking of Google’s servers: all those saved passwords are being backed up too–and the passwords to your local wifi networks are apparently saved as clear-text on Google’s servers. Even when data is encrypted, however, it’s a safe bet to assume that the people doing the encrypting have a copy of the keys.)

 

Giving the Brave Browser a try

brave-logotype-full-color

Since the recent Chrome sign-in fiasco (which Google is currently backing away from slightly), I’ve decided to see what else I can do to stem the flood of personal information to the Silicon Valley tech giant. On a recommendation, I recently gave the Brave browser a shot, and I like what I’m seeing so far.

Built built a crew led by ex-Mozilla chief and Javascript inventor Brendan Eich, it’s a browser that embraces the clean design of early Chrome, while combining it with very smooth and user-controllable privacy settings which seem to do an excellent job of blocking intrusive ads, tracking cookies, and the like. Best of all, by getting rid of all this surveillance foo, it seems to load and display pages noticeably faster than any of the more established alternatives like Chrome, Safari, and Edge.

Eich and the crew over at Brave also seem to be rethinking the whole online ad ecosystem. Since the ability to block ads also threatens to undercut the financial basis that supports the sites you use, they’re trying to rebalance the financial incentives by letting you directly support sites you visit using cryptocurrency-based “Basic Attention Tokens” or BATs, which act to funnel your voluntary donations to the sites you view the most. I’m not sure how I feel about the whole scheme at this point (and I’m more than a little skeptical of cryptocurrencies in general), but I do appreciate that the Brave crew is thinking about the overall problem, and I applaud their view that we ought to be moving beyond the place where we, the web’s users, must effectively become the product to be sold in order to provide all the great “free” new and information the web provides.

For now, however, I’m giving Brave a spin, and so far I’ve been impressed enough to make it my default browser on both my desktop and mobile devices. Here’s a decent video review of the whole thing by ThioJoe.

Uh Oh…

High Court: Online shoppers can be forced to pay sales tax

https://apnews.com/332abb7455cb4b60b2effc0852ff3c89/High-Court:-Online-shoppers-can-be-forced-to-pay-sales-tax

For anyone but the very largest retailers (think: Walmart, Amazon), this has the potential to unleash an absolutely ruinous storm of neverending tax paperwork on us from literally every state (and possibly county) in the country–all of which would likely require their own filing processes, tax rates, rules, and potentially auditing facilities.

We got a tiny taste of this when we used to exhibit at the Chicago Comic-Con, where our (then California-based) company had to apply for an Illinois sales permit each year and do separate sales tax and use filings (as well as deal with the inevitable bureaucratic foul-ups and notices) just for the purpose of being able to sell during a 3-day comic book show. Imagine every small company with an internet presence having to do this every quarter for virtually every tax jurisdiction in the country.

This is bad news for small businesses (meaning anyone without hundreds of millions in annual revenues). I can’t wait to see what inventive solutions the government will now cook up to make the problem even worse…

Bickford’s Law for Large Project Development

If you haven’t tested a particular part of your project recently, just assume you did something to the rest of the project which broke it.