November 30, 2003
@ 06:39 PM

The reviews are right, this game is the shit. It's been a while since I've actually said "Wow" out loud several times while playing a video game. A truly excellent game.


 

Categories: Ramblings

I recently wrote about LiveJournal's cookie-based authentication mechanism which makes it difficult for RSS aggregators to read "protected" LiveJournal feeds since the aggregator would have to "reuse steal cookies from your browser instead of using well defined HTTP authentication mechanisms".

My blog post and subsequent email to the LiveJournal development team resulted in the following response and discussion by the LiveJournal developer community as well as the following [excerpted] email response from Brad Fitzpatrick

We don't intend for aggregators to support our authentication system, and
we don't want it to be any sort of standard.  The fact that it works is
just an accident, really:  every page on our site is dynamic, and every
page knows who the remote user is, so when the RSS page queries the
recent entries for that user, the code which provides that is security
aware, and so doesn't provide things which it shouldn't.

Please tell people not to support our auth.  We don't want them to go
through that ugly hassle, and it might even change.  We don't consider it
a stable or supported interface at all.

Our intent is support HTTP Digest Auth in the future (but NOT basic auth)
specifically for RSS/Atom feed pages. 

I guess that clears things up. I'd like to thank the LiveJournal folks for promptly responding to my questions and clarifying the situation. Nice.


 

Categories: RSS Bandit

November 30, 2003
@ 04:55 PM
Chicken Little: In San Francisco, you never know what you're going to find when you knock on a car window -- but nothing prepared the cops for what they found the night of Nov. 3 down by Aquatic Park.

The window came down and there was a guy with a chicken sitting on his lap and a second chicken in a bag on the passenger seat.

"What's with the chickens?" the cop asked.

"I'm going to take them home and eat them,'' the driver replied.

"Lift up the chicken,'' the cop said.

The driver did -- and the next thing you know, the driver was in cuffs and the chickens were on their way to the humane society -- where (we kid you not) the hens were given a sexual battery exam by a vet the cops called in.

All we can say is, it's going to make for some very interesting testimony on the witness stand.

"But the killer will be the other evidence,'' a law enforcement source said. "A 15-ounce jar of Vaseline... with three feathers in it.''

[via Jamie Zawinski]


 

November 28, 2003
@ 05:19 PM

The Apple Human Interface Design Guidelines has a section on consistency which reads in part

Consistency

Consistency in the interface allows people to transfer their knowledge and skills from one application to any other... Ask yourself the following questions when thinking about consistency in your product.

Is your product consistent:

  • Within itself?
  • With earlier versions of your product?
  • With Mac OS standards? For example, does your application use the reserved and recommended keyboard equivalents? (See “Keyboard Shortcuts”.)
  • In its use of metaphors?
  • With people’s expectations?.

Recently Torsten's been changing the user interface components used by RSS Bandit from the DotNetMagic library to the Tim Dawson's Windows Forms controls due to the fact that the former is no longer free as in beer. Given that we are changing the look and feel of the widgets Torsten thought this would also be a good time to rearrange some of the menu options and remove some of the toolbar buttons. I tend to disagree. User interface consistency between versions of an application is very important especially when you consider it messes with the muscle memoryof users of older versions of the application.

Torsten has posted screenshots of the new RSS Bandit UI and is asking for feedback. His questions are phrased differently than I'd ask. I'd ask if users want the user interface to be consistent with old versions of RSS Bandit or not? I'd also ask if users prefer that we keep the old DotNetMagic user interface or move to Tim Dawson's UI components?  

If you use RSS Bandit I'd appreciate your comments.


 

Categories: RSS Bandit

November 27, 2003
@ 04:51 AM

Robert Scoble writes

Lionel, in my comments: "the problem is that it's "common wisdom" that Microsoft has more than $40 billion in the bank, so your point doesn't *sound* true. "how can they talk about resource constraints with that kind of safe deposit""

This is a common misunderstanding. First of all. That cash isn't just given out willy nilly. It's NOT our money! It belongs to our investors. They want to see it spent properly. Translation: don't let Scoble spend it on whatever he wants!

In 1999, Fool.com published an article called 12 Simple Secrets of Microsoft Management . One of the entries is entitled "Shrimps vs. Weenies" and is quoted below

7. "Shrimp vs. Weenies"

Even with its billions upon billions in cash, Microsoft is as frugal as Ebeneezer Scrooge. It's a company that buys canned weenies for food, not shrimp. Until last year, even Bill Gates and his second-in-command Steve Ballmer flew coach. (For scheduling reasons, the company purchased its first corporate jet.) Bucking the trend of most large, wealthy corporations, Microsoft remains in start-up mode where tight budgets are the rule. When you sit back and think about it, this frugality is less surprising and even explains how a company can come to accumulate such great hoards of cash.

This is probably the one of the most frustrating things to adjust to as a new hire at Microsoft; resource-strapped teams are the order of the day. There never seem to be enough devs to fix bugs and ship features or when there are there aren't enough testers to ensure that the code is up to snuff so you end up cutting the features anyway. Asking around about this leads to the realization that to many this is The Microsoft Way. I've heard all sorts of justifications for this behavior from the fact that it leads to managers making better hiring decisions since they never have as much headcount as they want so they don't waste it hiring people they aren't 100% sure will be good performers to statements like "it's always been this way". It's hard to argue with this logic given that this practice (and the others listed in the Fool.com article) have lead to one of the most successful companies in the world with more cash on hand than the annual budget of most third world nations.  

However every time we cut some feature because we don't have enough test resources or scrap an idea because we don't have anyone to code it up, I wonder if there's a better way...

 


 

Categories: Life in the B0rg Cube

November 26, 2003
@ 10:48 PM

A few months ago Mark Pilgrim posted an blog entry entitled How to Consume RSS Safely where he points out

RSS, by design, is difficult to consume safely. The RSS specification allows for description elements to contain arbitrary entity-encoded HTML. While this is great for RSS publishers (who can just “throw stuff together” and make an RSS feed), it makes writing a safe and effective RSS consumer application exceedingly difficult. And now that RSS is moving into the mainstream, the design decisions that got it there are becoming more and more of a problem.

HTML is nasty. Arbitrary HTML can carry nasty payloads: scripts, ActiveX objects, remote image “web bugs”, and arbitrary CSS styles that (as you saw with my platypus prank) can take over the entire screen. Browsers protect against the worst of these payloads by having different rules for different “zones”. For example, pages in the general Internet are marked “untrusted” and may not have privileges to run ActiveX objects, but pages on your own machine or within your own intranet can. Unfortunately, the practice of republishing remote HTML locally eliminates even this minimal safeguard.

The workaround Mark proposes is that aggregators strip out a bunch of tags from the HTML content of a feed before displaying it to the user. The only problem with this approach is that sometimes users to want  to be able to view this dynamic content be it Flash animations or special behaviors on hovering the mouse over an image via Javascript. Well, in the next version of RSS Bandit this will be a user configurable option, below is what the default setting for the embedded web browser used by RSS Bandit will be.

RSS Bandit browser security settings tab
 

Categories: RSS Bandit

November 25, 2003
@ 09:30 PM

I'm probably the last geek in the US to have seen Matrix Revolutions and like most I'm of mixed minds about the experience. On the one hand as an action flick the movie isn't bad but as a Matrix sequel there are just too many issues with it that will probably prevent the multiple repeat viewings that I have enjoyed with the previous two movies.

Looking at the comments on the recent Slashdot poll about Matrix Revolutions it seems most people had to come up "deeper meanings" for the movie to prevent watching it from seeming like a waste of money. I've tried but I can't, as a Matrix movie it was anti-climactic especially after the confusing roller coaster ride that was Matrix Reloaded. Like everyone my beef is with the large number of unanswered questions from the previous movies. The paucity of martial arts fighting in this movie was also a minus.

However, if this was the first movie in the series I'd seen I'd probably have considered it a good movie.


 

Categories: Movie Review

The LiveJournal FAQ states

All journals on LiveJournal have an RSS feed, located at a URL of the form http://www.livejournal.com/users/exampleusername/data/rss/, where "exampleusername" is replaced by your username.

Only the 25 most recent entries are displayed on this RSS feed. Protected entries are visible if the user requesting the RSS feed is able to authenticate with LiveJournal and has permission to see the entries. For example, if you view your RSS feed in your browser while logged in, you will see all your most recent entries in it. However, someone who is not logged in, or someone you do not list as a friend, would not be able to see any protected entries in the feed. For most RSS aggregators and newsreaders, this will mean that only public entries are included. This is because they generally do not provide any means of cookie authentication.

I can't tell which stuns me more the fact that LiveJournal implemented an "authentication" mechanism that requires RSS aggregators to reuse steal cookies from your browser instead of using well defined HTTP authentication mechanisms or the fact that they implemented this ghetto authentication mechanism knowing full well that most aggregators don't support it.

Based on my reading of the FAQ, a user has to login via the website then somehow pass the cookie sent from the server in the HTTP response to their aggregator of choice which then uses this cookie in HTTP requests for the RSS feed?  All this, instead of password protecting the RSS feed using standard web practices?

We just got a feature request to somehow support this in RSS Bandit but it seems so wrong to encourage this broken design chosen by LiveJournal that I'm tempted to refuse the request. Is there anyone else subscribed to a LiveJournal RSS feed that thinks having this feature (the ability to view protected LiveJournal feeds) is important? So far, I believe this is the first LiveJournal specific request we've gotten.


 

Categories: RSS Bandit

Via a post on Don Box's weblog I noticed that quotes from my weblog have been used to further an incorrect assumption about Microsoft's technological direction with regards to XML technologies in the future versions of Windows (aka LongHorn) and other products.

Steve Gillmor writes

A key inducement for migrating to Longhorn is WinFS. FS means future storage, and the scheme is a new file storage system that will make it easier to store and find data. Instead of leveraging the XSD standard, Microsoft designers rolled a new schema language to handle WinFS' new capabilities
...

Clearly, Microsoft wants developers to create tomorrow's applications on Longhorn and WinFS. Right?  So why did Dare Obasanjo, program manager for .Net Framework XML schema technologies, have this to say: "The W3C XML Schema Definition language is far from being targeted for elimination from Microsoft's actively developed portfolio." Obasanjo listed a dozen Microsoft products using XSD, including "Yukon," Visual Studio .Net, "Indigo," Word, Excel and InfoPath

The last three form the core of Office System 2003, which Bill Gates touted as the strategic development platform for the near future at the New York launch. With Longhorn still far away, Microsoft is asking developers to invest in XSD for now—only to have to unlearn and migrate when Longhorn appears in 2006.

As several people have pointed out WinFS schema and XSD do completely different things. A few people have suggested that Microsoft "embrace and extend" XSD to make it suitable to describe WinFS types but bitter experience has shown that this course of action usually leads to confusion amongst our customers and recrimination from industry watchers. In the words of Chris Rock, "You could drive a car with your feet if ya want to, that doesn't make it a good  idea!".

However Steve Gillmor's piece does point out the fact that the next couple of Microsoft releases targetted at developers will be bringing a number of new technologies for developers to learn and there will be pushback from those who don't see why they have to adjust to the changing landscape. Just today, I got an email from someone who pointed out that users of data access technologies in the .NET Framework will now have almost half a dozen distinct query languages to chose from when retrieving data including OPath, XPath, XQuery, and SQL. There are reasons why each one exists

  • OPath is an object query language
  • SQL is a relational query language
  • XPath is a dynamically typed language for addressing parts of an XML document
  • XQuery is a statically typed language for performing sophisticated queries on one or more XML documents.

However stating it bluntly there are twice as many query languages that will exist whenever the next version of SQL Server & Visual Studio ship than in the last version (OPath & XQuery are the new comers). I suspect that much the same way Steve Gillmor is writing "the sky is falling" style articles about the fact that there will be a schema language for describing WinFS types seperate from that for describing XML documents (yet as Mike Deem points out no seems to be asking why not use SQL 'CREATE TABLE' statements to define WinFS types) there will be similar complaints about the amount of choice we are giving developers with regards to data access technologies and query languages.

Sometimes I wonder whether developers would prefer an Über-language with everything and the kitchen sink integrated into it. Would developers really prefer that instead of having divergent query languages we just had one (i.e. SQL) with proprietary extensions for the different data domains which was used ubiqitously everywhere to query XML documents, in-memory objects, relational databases, text files, etc? If reporters like Jon Udell and Steve Gillmor are to be believed then this is the preferred approach to building software since on the surface people get to reuse their skills except that things will work differently than they expect. I'm actually curious to hear from developers who read my weblog as to which approach they think is preferrable. For example, should one use SQL to query relational databases and XPath/XQuery for XML or should SQL be the universal query language used by all with any additions needed for XML querying being grafted on to it in most likely a proprietary manner? 

This inquiring mind would like to know.


 

Categories: Life in the B0rg Cube

November 23, 2003
@ 01:11 AM

Last night a went to an Irish bar with a couple of friends to watch the Rugby World Cup. It was a well-fought match that went into overtime with a number of tense moments eventually resulting in England being victorious over Ireland Australia . The price of admission was a bit steep ($20) but raucous bar atmosephere was a fun way to watch my first rugby match. It reminded me of American Football with no pads and soccer-isms like "offsides", "throw ins" and "free kicks". The fact that the ball could only be moved forward by running or kicking which explained all the backward passes was also quite different from American Football. Definitely an interesting experience.

Last weekend I was at the Drunk Puppet Nite which also turned out to be an interesting experience.  Although, the fliers make it seem like it's all puppet shows there were at least three dramatic pieces without puppets of the nine or ten I saw. The quality of the show ranged from very good to abysmal. Some of the puppet shows were funny because they were well done (the one with the kid whose talking toilet convinces him to steal laxatives so he can get to "eat some butt chocolate")  while others were because they were so poorly done (two guys who seemed to have been tripping off of acid with hand puppets arguing about who ate what from who's refridgerator) . Other aspects of the show were just plain weird, for instance the scene that consisted entirely of two matronly women at a church service [complete with choir music in the background] who ate bananas in a very suggestive manner. The show cost $15, considering that this is the price of two movie tickets or three movies from Blockbuster I'd say that price was a little steep and $10 would be more fair. In definitely, beat sitting around the house though.

On an unrelated note, one thing that connected both nights in my mind was that at both events I was the black guy. Just me, no other persons of African descent were in the audience. I'm completely used to it now but often wonder if it shouldn't bother me in some way.  

Anyway, I'm off to get a haircut.


 

Categories: Ramblings