You are here


IT, computing, etc. -- technical stuff, not political or social.

"They've Got Cooler Gung Fu In That Bazaar"

Mozilla Firefox irritates me.

No, I haven't tried the latest build yet (0.6 was my last), and yes, I'm sure it's good. But I just don't get the point of writing two applications which don't share resources (Firefox and Thunderbird) to replace two apps (Mozilla and Mozilla Mail) which do share resources. Especially if you make damn sure they can't share extensions and themes. Maybe someone can explain that to me...

In the mean time, all the new extensions are being written only for Firefox. I suppose there's a Bazaar-model lesson to be learned from this -- maybe, that when all other factors are held equal, the perception of coolness trumps other considerations...

So in the mean time, new users will be initiated to Mozilla with a version that is essentially deficient in features. Perhaps this is the skeleton key:
By moving to the "Firefox bazaar", extension developers have avoided tainting themselves by association with the mainstream. Heaven forbid that Firefox should ever become a popular application -- where would they go, then?

Cult of Personality Flaws

Over the weekend, something up to 3000 blogs disappeared from the net. They were disappeared by Dave Winer. He didn't bother to announce or explain for a few days; then when he did, it was as a large MP3 audio-blog entry (a move that seemed calculated to limit the audience). (Jeneane Sessums has helpfully posted a more dialup and syndicator-friendly transcript.)

He's getting royally roasted over this, which is appropriate (when you know something is going to harm people, you have the option not to do it, and you do it anyway, you ought to expect some flames).

I feel curiously detached over this. Winer's reasons aren't sufficient, in my opinion, and it looks to me as though he's actively dodging responsibility for his actions. But I think I understand the place he was at when he made the ill-considered decision to dump the free weblogs. It's a place I've referred to as the "f*ck it moment": That place in an implementation-gone-bad where you just want to toss it all up and let the chips fall where they may. He got into a migration without having properly scoped it, and without a rollback plan. Thinking on his feet, and maybe late at night, he just said it: "F*ck it." And it was writ.

The worst blowback on this is on Dave Winer. People who've read his blog or dealt with him long-distance for years weren't surprised; some said things like "Anyone relying on Dave Winer deserves what they get." But now many thousands more people think he's a jerk; many potential employers or investors in his next venture will think he's unreliable, or won't have the people skills to pull it off. This is particularly important, because he no longer works for Userland, and his fellowship at Harvard is over. I also think he's a jerk (based on the "rude to the waiter" metric); but he's a jerk who's going to need to find another job, and he's not doing himself any favors here.

The people whose sites have been zapped can be accommodated, if Winer or Userland choose to accommodate them. But Winer's reputation didn't need any more tarnishing.

Sometimes, Technology Is The Problem

Terrorists with leverage are scary, but I'm much more scared of nutty, cocksure attempts to build "technology" that supposedly keeps us safe. Terrorists get tired, give up, or shoot each other over the spoils, but once the hardware's installed, a lousy technology is harder to kill off than a cockroach.
[Bruce Sterling, speaking with Bruce Schneier]

Via Bruce Schneier's June 2004 Cryptogram, a "discussion" between the Bruces Schneier and Sterling that, though it consists mostly of one-paragraph positionings, does get in a few bon mots.

Cryptogram is worth looking at, too, if only for its revealing analysis of the effect of the superficially unspectacular Witty Worm. Witty was nearly unique in the degree of technical competence exhibited by its creators: If they'd chosen a different target, we could have lost the whole net in 45 minutes, instead of just 12,000 nodes.

Virus-Proof Your PC: For Free, For REAL

Paul Boutin, writing in Slate, offers "virus-proofing" tips [Daypop cites] that boil down to:

  1. Secure Outlook and IE, as best you can.
  2. Download the latest Microsoft security updates.
  3. Scan for spyware.

Not really such a simple plan, as it happens, not least because it doesn't leave you intrinsically safer than when you started. These are all important things to do, but: Applying the security patches to Outlook still leaves you using Outlook, which is frankly just plain something that no one should do without a paycheck riding on it; applying the Windows security patches is important, but it leaves your ports open to attack from the outside world; and checking for spyware is something you wouldn't have to do if you didn't run Outlook or IE in the first place.

Here are my three steps, roughly in order of importance:

  1. Stop Using Outlook. Replace it with something that doesn't use Explorer components, and which has sensible security defaults, like Mozilla Mail or Mozilla Thunderbird. They are superior to Outlook in every important regard; Outlook's only advantage plays to Yogi's gambit ("the only reason that place is so popular is because everybody goes there").
  2. Get A Personal Firewall. ZoneLabs and Kerio both have free versions that have all the basic features you'll need, especially if you're following recommendation [1] and [3]. BlackIce is also good. In a pinch, the mainstream solutions like Norton or McAfee are better than nothing. Do it, though -- even if you're on dialup. Just do it, already.
  3. Stop Using Internet Explorer. I hardly ever do, and I very seldom suffer for it. I use Mozilla, instead. It's better on just about every metric that really matters: Faster, safer, more rigorous and extensive standards support. I only use IE for applications which explicitly check for it, like Outlook Webmail, for work. (See [1]...) Mozilla is simply safer by design than Internet Explorer ever could be, if only by virtue of the fact that it is not deeply integrated into the Operating System in the Microsoft-approved manner.

These three steps will make your computing life markedly safer.

Notice the absence of an admonition to update Windows, install a spyware scanner, or install a virus checker. Those are great steps, they're important, with importance roughly in the order in which I've given them, but these three measures I highlight are by far the most important and powerful things you can do to enhance the security of your own system. Do them, and it becomes very difficult for a worm, trojan, or virus to infect even an unpatched, un-virus-scanned system.

Aside: I suppose I should point out that Slate is an MSN property, and as such, ill serves its masters by suggesting non-Microsoft solutions...


Abstraction Layers

Jeff Veen talks about appropriate levels of detail orientation: "It's a balance between paying for a watchful eye, and maintaining some flexibility in the tools I use. I want to hack my templates, but I find it hard to care what modules are compiled into Apache":

So it was a relief to me that a couple more pieces of Web infrastructure moved into the "somebody else can worry" realm. The first is feeds. I spent a few years with the W3C working on HTML and CSS specifications, so I'll likely never bother to read another rant about which idea is more brilliant than the other when it comes to the minutia of standards making. RSS and Atom in particular fit squarely into that category these days. Goodbye to all of that. Rather than fret over the various feed templates on my site, I can now just point to Feedburner. They bravely content negotiate for all known aggregators and spit out the Right Thing. And lots of other stuff. Go look. They're cool.

Along the same lines, Ping-O-Matic will help promote your site for you. When you publish an entry on your blog, the software you use will go tell a couple of sites that you've updated. Typically, or will get pinged, and they'll make a record of that. Then, search sites like Technorati and DayPop will come visit you and update their indices. But with the number of pingable sites is constantly growing, how can a Web author keep up? Now, you can just enter Ping-O-Matic into your blog publishing software, and let them keep track of all the new ones....

Sage advice, if you can afford the fees (for now, I can) and site promotion matters to you (... eh... I suppose it should). Veen can, and it does, because he makes his living in part by virtue of being the geek-cred version of "famous."

But then Dave Winer has to go and spoil it, as he so often does:

"Leave the hard stuff to someone else," says Jeff. "It wasn't supposed to be hard stuff," say I. It was supposed to be transparently simple. We're in a bad place, because after the next level of hard stuff it won't be possible for an intermediary to sort it out. Then we'll bemoan the lack of support of "standards" but the problems won't get solved, and eventually we'll give up and move on. Why we can't learn from the mistakes of the past is the mystery of the human hive.

... which, of course, entirely and spectacularly misses Veen's point: It's still "hard stuff" whether it's RSS 2.0 or Atom. It's hard stuff because Winer focuses on the wrong users: Geeks.

Veen's point is that there are levels of detail that it makes sense to pay attention to. For the vast, vast majority of actual users (Grandma, Dad, Uncle Harry, your boyfriend/girlfriend, etc.), Atom vs. RSS is irrelevant at a technical level.

By the way: I find it quite implausible to suppose that it truly "won't be possible for an intermediary to sort it out." That's kind of an absurd thing to say, especially for someone with a lifetime of experience in software development. It just plain doesn't make any sense, frankly. If they're both XML, and unless one or the other of the standards is so wildly extensible that you can't actually discover on the fly what it's supposed to mean -- which is to say, if it utterly ignores the concept of the semantic web -- then it will be possible to abstract between them.

And at the non-technical level that Winer tries to speak to with his talk of single platforms, it still doesn't matter, because it's a relatively simple matter to create abstraction layers. The existence of services like Feedburner prove that; the fact that it is difficult for individual hackers to reinvent the wheel in abstracting from some blogging software's data model to both Atom and RSS is not a technical argument on behalf of either platform.

Life Hacks: Tips for Getting Things Done

Cory Doctorow points to Danny O'Brien's notes for a talk on "Life Hacks". Just a survey of personal survival tactics used by some Geeks of O'Brien acquaintence. Handy stuff; simple stuff, like "most users use todo.txt" (like me, though I date my filename).

The general lesson: Simple is better. Complex solutions don't get used. "Some bits of life are too short to learn another app."

A consequent: Record your information; increasingly (because it's simple), this means recording it in blogs where it can be dumped as RSS. (Since these guys are geeks, they're rolling their own and "scraping" to actual RSS; if this were to be applied in general to other forms of "text", like XML, then somethign with a richer capabilities set -- like Atom -- is clearly a better solution.)

(True to form, O'Brien's notes are as a text file...)

There's no substitute for a critical mind

John Gruber asks: "Hereâ??s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not?"

Here's one simple answer: Because not enough people care about the Mac to exploit it.

Harsh, but true. The Mac enjoys a tiny market share. There's no bazaar-model karma payoff in developing exploits for it. And since it's not a commercially viable server platform, there's little financial payoff, either. These are facts, and they have nothing to do with any supposed superiority of the platform.

The same truth explains the prevalance of adware and spyware on the PC: There's a financial payoff. No such payoff exists for the Mac.

If the Mac ever becomes a commercially viable server platform, or gains a market volume that passes some critical bazaar-karma threshold (to be determined) (and by the way, it's number of active units that matters, not market share), then Gruber will start to see adware and spyware on Macs. It will happen.

There is another, less simple (but not by much) reason for the prevalance of spyware on the PC, and that's Microsoft Outlook. If you run neither Outlook nor Explorer (and running the former implies running the latter), you virtually eliminate the possiblity of involuntary infection by email viruses.

I'll rephrase that, since it's important: No one should ever choose to run Microsoft Outlook as an email client. It's a bad application: It has a profoundly crappy user interface; its design for security is mind-bogglingly bad; it's slow, bloated, and buggy; the design is contemptuous of standards like the proven and robust mbox format; the support for multiple email accounts is poor at best, from a user interface persepctive; and finally, Outlook makes it difficult to keep and restore backups, and is outright hostile to migration between mail clients.


W.W.A.d.T.D. [What Would Alexis de Tocqueville Do?]

To paraphrase Lincoln: You can't fool all of the people all of the time; but a plurality, most of the time, is good enough.

For the last couple of weeks, every time there is a major story, someone attacks Groklaw, placing scores of offensive pornographic links as comments on old stories. When they all got removed the first time, next they interspersed tech words with the porn, hoping to get past our filters, I suppose. They seem to use a bot, so it does affect us. I didn't put it out as a press release and imply or accuse SCO or AdTI of doing it, even though it is certainly possible, because ... well, because folks in the free world don't do such things. We are not in the business of trying to destroy anyone or ruin their good name with implications without proof. If I ever get proof, I'll tell the world, naturally. But I don't call press conferences on a hunch, even though I have one.

[Groklaw] [link added]

There's a free-market hit-tank called the Alexis de Tocqueville Institute, that recently published a very ill-researched tome on the origins of Linux. The report's gotten a lot of press, and has been widely and effectively discredited, sometimes by the people cited within it as authorities (e.g., Dennis Ritchie, Andrew Tandenbaum). Event their own experts don't support them.

So now they're claiming to have been literally attacked for their incorrect views.

It's endlessly curious to me that wild, paranoid accusations have become so primarily the domain of conservatives. Wild wingnut leftists hardly merit notice anymore, though I'm sure they're still out there.

There really can be only one reason for it: Money. As in, Conservatives have it, and are willing to give it to wingnut conservatives to act as their cannon-fodder. "Liberals" with money aren't that "stupid."

So, why in the world would "conservatives" want to fund wingnut radicals? Perhaps: Because it works. Because if the way you get power is by convincing as many random people as you can that they agree with your aims, it doesn't matter who those people are or how you do it.

Aside: For the first several weeks that I had this new blog up, the bulk of my external referrers were porn spammer sites. I couldn't figure out why; now I know: They wanted to insert into my comments. I should enable comment posting with moderation just to see what comes in...

"I Fight For The Users"

Sometimes, it pays to know who your "users" actually are.

I'm going to work with users, they seem to appreciate what I do. The techies and developers, until further notice, are bums. I almost want to say I hate what the technology industry has become, but when has it been anything but back-stabbing, low-road bullshit. We could be so damned powerful if we just worked together, but that clearly isn't what's going on.
["Competitors", Dave Winer, Scripting News]

OK: They're not working together, because they're not working with him. That's clear enough.

After all, he's the CEO of Userland. He must fight for the users.

It would do Winer good to read what he writes: "I assume our readers are smart, and that they'll make the right decision given all the facts. And by assuming readers are smart, we attract smart readers."
["Competition can be good"]

If the readers are that smart, they'll figure it out for themselves. Isn't that what the Cluetrain was all about? And isn't Dave Winer all about the Cluetrain?

Here's a user speaking: If Atom turns out to be a superior form factor -- as determined by the marketplace of users -- I have no problem with that.

And here's a "techie user" speaking: If blog software can't abstract to/from either Atom or RSS without all the hassles that Dave focuses on, then there's a problem with the basic architecture of the application. Better architecture (and especially better abstraction layers) make for better user experience.

On Being A Good 'Security Consumer'

The invasion of Iraq, for example, is presented as an important move for national security. It may be true, but it's only half of the argument. Invading Iraq has cost the United States enormously. The monetary bill is more than $100 billion, and the cost is still rising. The cost in American lives is more than 600, and the number is still rising. The cost in world opinion is considerable. There's a question that needs to be addressed: "Was this the best way to spend all of that? As security consumers, did we get the most security we could have for that $100 billion, those lives, and those other things?"

If it was, then we did the right thing. But if it wasn't, then we made a mistake. Even though a free Iraq is a good thing in the abstract, we would have been smarter spending our money, and lives and good will, in the world elsewhere.


We need to bring the same analysis to bear when thinking about other security countermeasures. Is the added security from the CAPPS-II airline profiling system worth the billions of dollars it will cost, both in dollars and in the systematic stigmatization of certain classes of Americans? Would we be smarter to spend our money on hiring Arabic translators within the FBI and the CIA, or on emergency response capabilities in our cities and towns?

As security consumers, we get to make this choice. America doesn't have infinite money or freedoms. If we're going to spend them to get security, we should act like smart consumers and get the most security we can.

[ZDNet -- Bruce Schneier, "The security trade-off"]


Subscribe to RSS - InfoTech