Phillip H. Blanton invites you and a guest to talk about him.

Remediating the Java Deserialization Vulnerability

The most under-reported software vulnerability of 2015 is turning out to be a flaw in Java deserialization. It hasn't been given a fancy name and used in wildly overstated "news" articles designed to sell more subscriptions to Lifelock, but it is very dangerous nonetheless. Here is a good, in-depth article describing the vulnerability, providing some resources for determining if you are affected, and some details for crafting your own exploits if you are so inclined.

Scrap Your Work From Home Policy

In my current position I work from home often. Most of my work can be done without incessant meetings and constant interruptions, so I just sit here in my home office and do it.

Many companies suffer from an outdated idea that if you aren't keeping their cubicle warm, then you aren't working. For modern information workers, that's simply crazy. As long as you are getting your work done, who cares where you do it from?

Many successful companies have discovered that opening up their remote worker policies allows them to secure better talent at lower costs than does the old model of forcing people to pack their families up to relocate and then spend an hour per day trapped in traffic.

Enterprise Car Rentals takes 5 to 10 days to UNSUBSCRIBE YOU FROM THEIR SPAM!?!?!

So. Someone named "Phillip Blanton" but who isn't me, recently rented a car at Enterprise and used my GMail address. It happens all the time. I get notifications for a Pamela Blanton, and a Philip Blanton too. How come people can't remember their own GMail addresses and give mine out instead?

So Enterprise sends me a bunch of emails about this rental. Apparently Mr. Blanton also crashed the car he rented and they sent me details on that also via email.

Today I get an email asking me to rate my experience at Enterprise. I notice an "unsubscribe" link at the bottom, so I click it and I get this message...

5-10 days

Are you serious? You need, "five to ten days" to remove me from your mailing list?!? This is completely unacceptable. In the amount of time it took your server to craft that response, you could have flagged my email address as "unsubscribed" in your database.


Development Code Smells

I came across an article today on Quora where a developer was asking, "What are some bad smells in programming". If you don't frequent Quora, you should...

Quora Software Engineering
Quora Computer Programming

It's one of those Quora questions that elicits very intelligent responses and generates good discussion. It's a brilliant way to ask the question too. Can software smell? It sure can stink sometimes. The discussion led to one poster including this link from,, which is a very good primer on code refactoring.

Face it. Most of software development is refactoring. If you aren't refactoring constantly as you develop, then you aren't developing a more concise and clear understanding of the business problem. No matter how many meeting you have been through, or how many games of Planning Poker you have played,  when you open up the IDE for the first time you only have a rudimentary understanding of how the system is to come together. The more pieces you build, the better you understand how to build other pieces and how they should fit together. As that understanding begins to gel, you will ALWAYS need to go back to clean up and redesign the pieces you wrote earlier.

Refactoring is an indication that you are getting better at your craft, NOT an indication that you sucked at it yesterday.

So Refactor My Friend!

Text-Talk is Inappropriate for Business Communications

It's actually inappropriate for any communication, that's not a battle I'm willing to fight at this time. Suffice it to say that f u tlk 2 me lk ths n a txt, thn ill dlt ur txt.

With prejudice.

I recently ordered some charging cables for my daughter, who's cell phone only came with a male-male USB-C cable, so she can't plug it into a standard USB-A port to charge it, like on her laptop or in her car. That's annoying Google!

After placing the order for three USB-A to USB-C male-male cables, I get this email from the EBay seller...

"Thanks for your payment,we will arrange the shipment for u in 48 hours (no included weekend and international holidays). Then we inform u for the shipping information when the item is sent out to u.
Pls reply the message directly if you have any problem for the item."

I replied thus...

"Thank you.
Professional businesses don't use "u" in place of the word "you". When you are texting with your drug dealer, or meeting up at a rave, then that's acceptable. Otherwise it's not."

They replied and thanked me. They are a Chinese company and don't really understand English, so they were doing their best. They said they were "greatful" that I would take the time to help them improve their automated customer service system and that they would fix it right away.

They did seem concerned that their email may have offended me. I assured them that it's not offensive, just not appropriately professional for corporate communications.

Why do smart CS Grads want to become back-end developers?

I recently received a question in my Quora bucket. It was,

"Why do the smart CS graduates want to become backend developers?".

Well I’ve a degree in Physics with a minor in CS, and I have been a software architect for thirty years.

Grogg’s argument is thoroughly cemented into my reality. I’m a back-end developer/architect because I love solving difficult problems. I’m not a UI developer because I don’t care how many pixels this prndl is from that swoopy, ephemeral, ghosty thing.

In fact, I don’t even give a crap about what a “PIXEL” is and where it lives, unless I can re-define it against a new dimension.

As long as I can exercise my software with an array of unit tests and stick to purely algorithmic expressions of complexity, then I am happy.

How one chooses to reflect that to the masses is not my concern.

Raspberry Pi 3. Get one.

So. One of the guys in my class this week sold me on the Raspberry Pi. A friend of mine has been running the Colorado Springs ATC feed on a Raspberry Pi for years. I've always wanted one, but didn't pull the trigger until today.

Today, after leaving my client's site at around noon, I drove to the Micro Center in NoVa, and bought a Raspberry Pi. He told me that they are now about $30, but when I got there, I decided to buy a package with the necessary hardware for about $70. I also bought a wireless keyboard and trackpad for about $30, as well as a 64GB MicroSD card for about $35. I didn't need the 64GB SD Card and you probably don't either, since the pi comes with a 16GB flash drive. I bought the 64GB drive, because I wanted to be able to boot my device into OSMC from the flash device, have lots of room for the videos, and not have to delete Raspbian from the flash card that the Pi came with.

Clickbait. just... don't


Ok, I'm not rolling on the floor, laughing my @55 off. I just got carried away with the Internet jargon; but seriously...

OMG! Why are you people clicking on clickbait? When you see it, I promise, you will not be "astonished". You will easily believe what you read. nothing you see in clickbait will leave you "speechless", or "breathless". It will be dull and boring and you won't regret it if you just pass. I use OpenDNS and keep my block lists current so I don't normally see this crapfest. When I travel however, I use hotel wifi and am constantly barraged by an unending slew of BS. Take for example this single screenshot...



I mean, really?! There's something there for everyone. For instance, I'm having a bit of an issue not experiencing the best fight ever. I mean... what's the harm in ... NO! Don't click it. That only leads to more of it. When you click on clickbait, YOU become the problem. Don't be the problem. Be the SOLUTION!

By the way, NOBODY in Germany is hot. Especially not ANY German cops. Don't click on it. Seriously. Don't.



Wow... Getting scammed much?

So... I get this email this evening and have my "SCAM" switch flipped on like mad. People like me, who are computer security experts and software security consultants (I call myself a hacker) immediately see the frankly, juvenile attempts of a non-english speaking script kiddie, attempting to fleece "rich 'mercans" - Notice I said "'mercan" and not "Merkin" - of their ill-gotten gains... and are shocked that anyone would ever fall for this bullshit.

I mean, seriously. Would this entice you to enter personal information into ANY website?

... I tried for like, eight seconds to get my Snagit for Mac to do a scrolling capture so that I could post the whole thing, and gave up quickly. Getting Snagit to capture a scrolling region on Mac, Linux and Windows is as difficult as - trying to come up with a simile for difficulty. Suffice it to say, "not easy"... so I gave up and captured what I could see.

I mean... seriously. The bad guys are clearly asking for your, "Personal Information". If you respond to an email like this, then please send me your ... oh what the hell. Money. All of it. Send it to me now.