Using Nuget Package Restore Instead Of Checking into Source Control Is Evil

 NuGet is great and wonderful and makes acquiring packages for .Net project easy and encourages consistency in directory structure which is always a happy thing.

But this trend towards using NuGet Package Restore instead of checking into source control is evil.

Dynamically downloading NuGet files has these supposed advantages:

1. Reduces the amount of disk storage for version controlled files
2. Reduces the number of binaries you need to checkin.  We all know that checking binaries into a version control system is bad because Git doesn't play well with binaries.

Well neither of those are compelling to me.  Disk space is cheap.  Really.  Don't worry about it.  You  can store binaries in Git and it's OK.  Really.  Philosophically it's bad to store binaries, but in the real world no kittens die. 

Seven Reasons not to do dynamic downloading of NuGet packages:

1. The most compelling reason for not pulling your libraries directly from NuGet.org for each build is security.  NuGet.org is a huge security risk.  A bad guy could quietly inject malware into NuGet packages and the resulting malware would be embedded the next day via continuous delivery in hundreds of projects on the web.

A security researcher would hopefully find the malware in a few days, but by then the malware has compromised thousands of machines.

By taking a library and putting it in version control you protect yourself by giving the internet time to test the libraries.  You may hear that your package was corrupted, and you have time to fix it.  After a few weeks, the packages are probably fine.

2. NuGet will go away someday.  It won't be tomorrow, but eventually a better technology will replace it and if you try to build your system in 10 years you may be out of luck. I know this is true and wrote about it extensively on my GeoCities page.

3. A package author may remove her code from the NuGet feed the night before you compile your next release.  Sure you can get a backup from somewhere, but it takes time.

4. The NuGet.org goes off line.  NuGet.org is not guaranteed to always be up.  I've been working from home late at night and couldn't compile because NuGet.org was offline.  Eventually I contacted a coworker who emailed me the missing libraries, but is that any way to develop software?

5. Late at night, your build server may lose internet connectivity and your six hour build fails.

6. Reading libraries from a disk is faster than pulling from the internet.
7. Dynamically downloading dependencies complicates the build.  You have to remember to do a "dotnet restore -v Minimal".   OK, it's not much more complicated, but it's an extra step.

In conclusion, spend an extra $100 bucks on a terabyte of disk space and checkin all your dependencies.  Your co-workers in 10 years will thank you.

How Not to Write User Documentation

One of my pet peeves is user documentation that is written backwards in time.  For example, I received this today:

"Enable and Set Automatic updates to "Automatically Download and Install them" in Tools >  Options section."




Although this is a trivial example, in my mind I have to push the instructions onto a "stack" and then pop them off as I go.  This would have been easier:
"Run XXX.  Select "Tools/Options".  Then set"Set Automatic updates" to "Automatically Download and Install".

If you are writing user instructions, please write them chronologically in order of what your tender user would do, not what you just did.

Setting Up a New Windows 7 Box

Here's my list of things to do with a new windows 7 box in 2016: 

Set Preferences
-----------
Right-click RecycleBin, select "Properties" and uncheck "Display delete confirmation dialog" box
In the task bar, right-click select properties and set "Taskbar buttons:" to be "Always Combine"
Add environmental variable "HOME" and set to C:\home\mfincher so emacs can find me
Add C:\home\mfincher\bin to environmental variable "Path"
Create C:\tmp so ange-ftp can work.
Turn off error reporting, "My Computer"/Properties/Advanced system settings/Advanced/Startup and Recovery/Settings/System failure, set "Write debugging information" to "(none)"


Install Utility Programs
------------------------
Install Emacs and a

Install spell (https://www.emacswiki.org/emacs/AspellWindows)

ssh 

Install SoapUI from https://www.soapui.org/downloads/latest-release.html

Install Chrome and Firefox, set up sync in Firefox to get old bookmarks and addins
Install Launchy from https://sourceforge.net/projects/launchy/files/
Install AutoHotKey from https://autohotkey.com/download/
Install ConEmu from https://sourceforge.net/projects/conemu/

Install PostMan inside Chrome

Install Notepad++ from https://notepad-plus-plus.org
Install Mouse drivers
Install pdf reader sumatra - http://blog.kowalczyk.info/software/sumatrapdf/download.html
Install Paint.Net http://www.getpaint.net/download.html
Install Mezer Tools https://www.bayden.com/mezer/ Windows-s for capture Windows-c for calipers 
Install 7-zip for zip/tar files from http://www.7-zip.org/
Install Process Explorer  http://technet.microsoft.com/en-us/sysinternals
Install cygwin, add c:\cygwin64\bin to "Path" environmental variable so emacs can see "gzip"
        or unxutils from https://sourceforge.net/projects/unxutils/ 

Install SourceTree for git repos - https://www.atlassian.com/software/sourcetree 

Install cmder from http://cmder.net/ 

Install Microsoft Programs
------------------------
Set powershell to use unsigned scripts: add  "set-executionpolicy remotesigned" 
Install SQL Server and Red Gate's SQL Search
Install Visual Studio and ReSharper

Install "Remote Desktop Connection Manager" from https://www.microsoft.com/en-us/download/details.aspx?id=44989 

Copy Files From Old Computer
----------------------------
Copy My Documents, My Pictures, c:\home, c:\opt
copy over all the old databases
Copy over inetpub directories
Copy over old Microsoft Mail archives, *.pst files
Copy root directory of Perforce files, C:\workfiles
Copy the old %AppData%\Launchy\Luanchy.ini config file over to new machine 
Copy Themes from %userprofile%\AppData\Local\Microsoft\Windows\Themes C:\Users\fincherm\AppData\Local\Microsoft\Windows\Themes
 

Teaching My Nine Year Old Daughter to Program with LightBot.com

I introduced my nine-year old daughter to lightbot.com to show her how to program.  LightBot.com is a wonderful site where you can download a little game to a device (she has a $50 android table) and learn to program a little robot.

The game is amazing at teaching programming.  After learning the basics, the site introduces kids to the concept of functions and recursion (although its called 'loops').  Kids think they are just playing a game, when in reality they are learning some basics of programming.

Why Kanban Doesn't Have Sprints. Agile Austin Lunch May 13, 2016

Thirty Agile Austiners attended a free lunch at Kasasa to discuss with value of time boxing a sprint.

What are benefits of timebox?
Predictability / Focus Priorities / Cadence / Estimation  / well documented, it comes in a box

 Problems with Timebox:
1.  If testing takes four days at the end of a sprint, what are the developers doing those last four days?
Timebox encourages crossfunctional team members; developers that test the last few days.  Is this the best use of their time?
2.  No room to do important bug fixes or building infrastructure.  Too much noise to estimate accurately.
3.  Have to do lots of padding for noise.
4.  Poor quality, and no refactoring, results from cramming something in at the last minute.
5. Timebox has a negative effect on morale, as a sprint is considered a failure if only 9 of 10 items were done.  When this goes on sprint after sprint morale suffers.  Then developers start to pad estimates which then starts to look excessive.

Notes:
Kanban - one piece flow - watch a single work item carefully to see blockers
Kanban is flow based, Scrum is iteration based.

Photos from Agile Austin May 10, 2016 "Implementing Kanban at Drilling Info"

Jay Paulson from Drilling Info presented the history of Kanban at Drilling Info to 36 people.

My random notes:
Jay took all the Jira issues, put them on sticky notes, and posted them on a wall.  50 items were in QA.  The physical visibility surprised people.

Service Delivery Manager shepherds items through the system.

Four Principles of Kanban
Flow like water around the rocks of resistance
1. Start with what you do now
2 Agree to pursue evolutionary change
3 Initially respect current processes roles, responsibilities, and job titles
4. Encourage acts of leadership at every level in your organization from individual contributor to senior management.  Encourage feedback.


Jay used the getKanban board game
used physical and electronic tool (Rally)
Columns on Board:
Ideas / Robert / Acceptance / Grooming / Implementation / Demo / Release / Verify

Jay is writing leansheets.org.

Little's Law Metric
Delivery Rate = WIP/LeadTime
Teams own their own process

David Anderson's book.

Meetings:
Daily Standup - team creates agenda, place for feedback, customer focus
Replenishment / Commitment Meeting  - part of Planning Session
Delivery Planning Meeting / Weekly
Risk Review - look at blocker to understand risks, review hidden risks, review WIP
Strategy Review / Quarterly - review metrics (lead time, quality, capacity)
Service Delivery Review - weekly
Operations Review / most important monthly meeting of all the managers

Recommended Books:
The Goal /
The Phoenix Project /
Kanban from the Inside by Mike Burrows
Actionable Agile Metric for Predictability by Vacanti

Highly measured process, Key Performance Indicators

Many agile projects fail from lack of discipline in developers.  Agile is not a silver bullet.  Developers need to be disciplined.

Sleep Number Bed Smells Bad When New

We love Sleep Number beds - the kind with an air bladder and remotes to get the right level of firmness.  Recently we bought two new ones for the kids.  But the smell of all the off-gassing of the Volatile Organic Compounds (VOCs) was overwhelming for our highly allergic and sensitive family.

We left the mattresses in a spare room with the window open to air out for a few days without success.  They still reaked of plastic.  The smell was in the air bladders and was trapped inside the mattress covers.

I removed the inner bladders and hung them in the garage on some rope to air out.
Over the course of a few weeks the smell of plastic slowly died down.
I put the bladders back in the mattresses and they smelled fine.
We love our new Sleep Number beds now.