another weird week

Well, it’s the end of another weird week. July is almost over. It’s been hot all week, and it’s going to be even hotter this weekend. I just saw a notice that Duke Farms is going to be closed over the weekend due to the heat, including the Sunday farmer’s market, so I guess I’m going to have to buy all my food from Shop-Rite tomorrow, assuming I can survive the three-minute walk from my apartment (and back).

Our July 4th security incident at work has basically turned July into a “lost month” for all of us. We’re coming out of it, but we’re still not at 100%. My development VM is still in pretty bad shape, since all outgoing internet access from it has been locked down, and most of my firewall requests don’t seem to have gone through yet.

I’d hoped for a quiet day today, working from home, but my internet was down, so I had to drive in to the office and work from there. It was still a quiet day, with very few people in the office, and the A/C in the office is better than my apartment A/C, so there’s that.

I was wondering if it would be hot enough tonight to discourage people from showing up for the usual Somerville Friday classic car thing. Looking out my window now, it appears to be a little less crowded than usual, but not by much. Personally, you couldn’t pay me enough to hang around outside tonight looking at cars. I was thinking about watching “The Gray Man”  on Netflix tonight, but the reviews aren’t great, so maybe I should find something a little lighter.

I had planned on blogging a bit about day two of SDCC, but I couldn’t find any news that I thought was interesting enough to blog about. I watched a few trailers and a bit of live coverage from Marvel and IGN, but it was all pretty meh. Dungeons and Dragons movie? Meh. Amazon “Rings of Power” series? Meh. I kind of wish I could watch some stuff along of lines of Mark Evanier’s panels, but nobody’s livestreaming that kind of stuff.

not at SDCC, day one

Wow, today is the first full day of SDCC. I’ve been so busy this month, since the July 4th incident, that it kind of snuck up on me. I had, at one point, though about taking a few vacation days to coincide with SDCC, and just spend a few days decompressing, reading comics, and absorbing whatever interesting news comes out of the con. But I didn’t do that. And, at this point, if I tried to take a vacation day, I’d probably get laughed at. I’ll try to take a few days next month, maybe.

I never seriously considered actually going to the con this year. I assumed it would be near impossible to get tickets (as it usually is), plus I’m still not comfortable in large crowds, nor am I enthusiastic about cross-continental air travel right now. The con is requiring folks to be both masked and vax’ed, so that’s good. But this BA.5 thing is scary, even with full vaccination. My feelings about COVID-19 at this point are mostly in line with this Jigsaw video from today.

Anyway, we’ve got record heat going on here in NJ right now. San Diego sure would be a nice place to be. Looks like it’ll be mid-70s there all weekend, while we might hit 100 here on Sunday. Maybe I’ll have time to watch a few panels over the weekend, or maybe read the program book PDF. Sigh.

Some software notes

Two weeks in, and we’re still cleaning up after the security incident at work over the July 4th weekend. I’ve gone into the office most days since then, and I think all that extra exposure to other humans has gotten me sick. I’ve been mostly useless since Friday. I’m hoping I can go back to my usual schedule this week (M/W/F at home, Tue/Thu in the office). Or maybe work from home all this week, if I don’t start feeling better by Tuesday.

Anyway, all the security shake-ups over the last two weeks have gotten me thinking about some of my software choices, and I thought I’d write up some notes on that.

LastPass vs 1Password

I’ve been using 1Password for my personal password storage since 2014, and I’m still happy with it. But I just (finally) got added to our company’s corporate LastPass account, so I can use that for work. And that comes with a free personal LastPass Families account, so I went ahead and signed up for one.

Short version: I don’t think I’ll be using it for anything. I think it’s probably fine for casual users who need a simple password management solution, but it’s not nearly as good as 1Password. I guess my biggest gripe with it is that it’s very much oriented towards in-browser use. There’s a native Windows 10 client, but it’s very limited and just not very good at all. Again, I think it’s probably fine for a lot of people, but it’s just not good enough for a power-user like me.

LINQPad

I mentioned in my last post that I was thinking about upgrading my LINQPad Pro license. I went ahead and did that, and upgraded to the “Premium” version. The NuGet integration works well.  Access to NuGet is still blocked from my developer VM, so I can’t use it there yet, but I can use it on my desktop PC, where I’ve also installed it. I haven’t tried the debugger yet, but I’m curious to see how well that works.

And the dev VM is still so locked down that I couldn’t actually activate the new license over the internet, but the developer provides a way to get around that, so that was appreciated.

TextExpander vs AutoHotKey

On Windows, I generally use AutoHotKey for my keyboard macros and text expansions. I’ve been using it since 2007. I don’t have the actual AHK product installed on any of my work machines, but I have a compiled script that I do run on my work machines. It was starting to look like that might be an issue last week, due to some new security software they were running on our machines. It now looks like it’s OK, but that got me briefly looking at other solutions that might work, and which I might be able to get whitelisted at work.

So I went back to TextExpander, which I used to use on my Mac, circa 20142016. I stopped using TextExpander when they went to a subscription model, since I was having some trouble with it anyway, and it didn’t seem to be worth the money. But that was a while ago, and they now have a Windows client too, so it seemed to be worth looking into it again.

I signed up for a 30-day trial and installed it on my personal desktop PC and MacBook. It works fine, and does some interesting stuff, but it still has some of the same issues with secure input fields that it had when I last used it. That’s not really TextExpander’s fault, but it does limit its usefulness on the Mac. On Windows, it seems to work well, but it’s not nearly as powerful as AutoHotKey. (Or at least it doesn’t seem to be.)

On the Mac side, this has got me thinking again that I should really try Keyboard Maestro. It looks to me like it’s closer to what I want than TextExpander is, and it’s a one-time purchase rather than a subscription. Maybe when things have settled down a bit, and I’m feeling better, I’ll finally give it a try.

I still have some time on the 30-day TextExpander trial, so I’m going to continue messing around with it. Maybe I’ll figure out how to do some fancier stuff with it, and/or how to work around some of its limitations. I really like the idea of having a single macro program that works across Mac and Windows, so that’s a motivation not to give up on it yet.

 

Visual Studio extensions and alternatives

Another (relatively) quick post for today: It just occurred to me that, since my work VM has been restored from an older backup, the changes I made to Visual Studio a week ago are all gone. And that’s fine. I wasn’t entirely convinced that CodeRush was something I wanted to stick with anyway.

Since my VM is a little messed up now, I’ve been thrashing around a bit the last few days trying alternate ways to test some stuff out. I have some PowerShell scripts that I usually run on my VM, and I thought it would be fairly easy to copy them over to my laptop or desktop and run them there. But the specific set of modules I need is apparently a little complicated, and I haven’t been able to exactly recreate my environment. I’m sure I could, given time, but oh well.

Then I came up with the idea of installing LINQPad on my desktop and running some stuff there. That wasn’t terribly hard to do, but I’m referencing some DLLs in those that aren’t on my desktop, and, again, recreating the specific environment I needed got a bit too complicated and I gave up. That did get me thinking about upgrading my Pro license to a Developer license, so I’d have nuget support. I might still do that, but not right away.

And, finally, I have been looking at JetBrains Rider a bit lately. I noticed last week that their prices have gone up. Rider is still pretty affordable though. The old price was $139 for the first year (for personal use); the new price is $149. As a subscription product, that’s still enough that it’s not an impulse buy for me. I’d have to know that I was actually going to use it consistently, outside work. But lately I’m not doing enough programming outside work to justify it.

troubleshooting MSAL

This is just a quick one: in the aftermath of last weekend’s thing at work, they’re now blocking all outbound web traffic from my development VM. Which is kind of a problem when you’re trying to test out some web services on some restored servers, and you need to authenticate with MSAL. While trying to figure out exactly which addresses I needed to have whitelisted, I stumbled across an article on logging errors in MSAL.NET. This is a good example of something I needed, but didn’t know I needed until I stumbled across it, while looking for something else!

For now, I’ve just implemented this in my test program with the simple logging code included in the code sample, but, when things settle down, I might try to add MSAL logging into one or more of my programs as an option that I can turn on or off in the config, and log through Serilog (my current favorite logging library).

The end of a weird week

As I alluded to on Tuesday, we had a security incident at work over the July Fourth weekend, so we’ve been spending all week cleaning up after that. There’s a statement about it on my company’s blog. I won’t link to it here, since I don’t necessarily want this post to show up in searches or referral logs related to it. (I’m not going to post anything I shouldn’t be posting, and I don’t know enough about the details to say much anyway, but just in case…)

On Tuesday, we were told to just stay home and chill, basically. They didn’t give us any real info on what happened, so that was basically just a “snow day,” as I mentioned in my last post. On Wednesday, they had made enough progress with the initial mitigation that we could start working on our disaster recovery. So, since then, it’s been a lot of “hurry up and wait” work, where servers are getting restored or rebuilt, scanned, released, and then we can do final setup and testing. I’ve been in the office Wednesday and Thursday, but I’m hoping I can get away with working from home today.

There are a lot of people working very hard on this. For me, I’m primarily a programmer, with only limited admin responsibilities. There are only two servers that I’m “officially” responsible for (out of hundreds total across the company), so mostly I’m just waiting on other stuff, answering questions, and helping out where I can. I feel a little guilty, knowing that some people are sleeping in their offices while I’m going home and sleeping in my own bed, but of course there’s not much I can do to help those folks, other than to stay out of their way.

I had a bunch of other stuff to say about this, but I think I’ll just say that I think we’re doing a pretty good job of handling this thing. Everyone has been calm and professional through it all, at least from my limited vantage point. There’s still a lot of work to do, but we’re making steady progress.

Purely by coincidence, I read an article in Communications of the ACM last week that talked about the best way to handle outages in IT. The article is more about unintentional errors that cause outages, rather than security incidents, but there’s a lot in common. I like the idea that “DevOps celebrates mistakes.” I hope that, when we’re back up & running, we’ll get a good postmortem on this that we can learn from.

some downtime

It looks like I unexpectedly have the morning off from work. Or maybe all day. I’m not sure yet. Anyway, this means I can waste time on the internet and nobody can stop me and I don’t have to feel guilty about it. Anyway, I noticed this old post from 2006 in my “on this day” sidebar this morning, and I clicked through on the link, expecting it to be dead. But it’s not! And, weirdly, there’s a new Jigsaw video out! With the first appearance of Dr. Kranium since 2011! And it’s a really funny video too! I’d completely forgotten about Jigsaw, and would likely never have stumbled across this video if I hadn’t been pointlessly clicking around on my own blog. So the lesson here is, I guess, that blogging links to dumb puppet videos sometimes pays off 10+ years later.

Visual Studio extensions and tweaks

I’ve been spending some time at work recently messing around with my Visual Studio setup. I’ve been fine with my current setup for awhile, but I started getting restless recently. I guess it started when I started reading Clean Code, and watching the associated videos. That got me thinking about automated refactorings, which got me looking at JetBrains Rider and Resharper. And looking at Resharper reminded me of the existence of CodeRush.

I’ve occasionally thought about trying out something like Resharper or CodeRush, but I never got around to it. There are a number of reasons for that, mostly around the cost and the possible performance penalty. But I noticed recently that CodeRush is now available for free, so I figured I’d give it a shot. (And I think Roslyn made it easier for extensions like CodeRush to work without a big performance penalty.)

My normal VS setup, which I’ve stuck with for a while now, is pretty basic, with Mads Kristensen’s Web Essentials, and DPack Rx. I use DPack primarily for the numbered bookmarks, and Web Essentials for a number of random things. CodeRush includes numbered bookmarks, so I thought I’d try removing DPack, installing CodeRush, and seeing how that worked out. So far, I’ve found that CodeRush’s numbered bookmarks don’t work quite as well as DPack’s. There are a number of other interesting features in CodeRush, but I’m not sure if any of them are compelling enough for me to keep CodeRush installed.

I also briefly considered uninstalling Web Essentials, and then just reinstalling the specific extensions from that collection that I’m actually using. But I couldn’t quite talk myself into that, so I’ve still got the whole collection installed.

On a related subject, I recently listened to an episode of .NET Rocks with Mads Kristensen on VS 2022 extensions. And another one with Mark Miller (author of CodeRush). I’m not currently subscribed to .NET Rocks in my podcast client, but I do check in on it occasionally to see if there’s anything interesting.

Getting back to the general subject of VS extensions and setup, I also revisited my work setup and tried to decide if I could switch from VS 2019 to VS 2022. I do my VS development at work on a VM that’s running Windows Server 2012 R2. That probably seems weird, but it’s necessary for Dynamics AX development. And VS 2022 isn’t supported on Server 2012, though I could probably get it to work. So I’ve been going back and forth on whether or not I should try to install it on my current VM, or maybe ask my boss for a new Windows 10 VM to use for VS 2022. I’ve decided to stick with VS 2019 for now, but I may need to ask for a new VM at some point. In part because I have a .NET 5 project in VS 2019, and .NET 5 is no longer supported. And .NET 6 isn’t supported in VS 2019. So it’s all kind of complicated. Asking for a new VM shouldn’t be a big deal, but I’m a little nervous about it, since I just got a new boss, and I’m now in a different sub-division of the IT department, and the rules about this stuff might be a little different than they were under the old boss, so I want to feel things out a bit before I start asking for stuff.

I did install VS 2022 on my personal laptop back in May. I do like it, and would love to be able to switch over to it. (Unlike some previous versions of VS, they don’t seem to have made any really bad UI decisions that make me want to stick with the older version…)

I also spent a little time messing with the default font in VS on Friday. I’ve stuck with Consolas for quite some time now. But  I was watching a LinkedIn Learning video on Friday where the teacher’s setup was using Cascadia Code, and it looked kind of nice. I’d read about Cascadia Code when it came out, but I never got around to trying it. So I switched over to it for a little while, but then decided to switch back to Consolas. The whole code ligature thing is interesting, but Consolas just seems to work better for me.

All of this fiddling around made me think about the balance between sharpening the saw and… pointless procrastination. (It’s bothering me that I know that there’s a clever metaphor similar to “sharpening the saw” that basically means “pointless procrastination”, but I can’t remember what it is.)

Well, I’ve now killed a bunch of time on a hot Saturday morning, drinking iced coffee, waiting on my grocery delivery, and writing a rambling blog post. My plan for the rest of the day revolves mostly around watching the last two episodes of Stranger Things on Netflix. Life is good, I guess.