Quoderat

Dealing with strangers

david — Tue, 08 Apr 2008 20:50:39 +0000

From the leader in this week’s Economist:

“Financial progress is about learning to deal with strangers in more complex ways.”

s/Financial/Technical/ and it applies just as well. What else are we doing in tech, if not figuring out ways for strangers to deal with each-other? Sometimes we focus on designing safeguards, like firewalls or spam filters, and sometimes we focus on creating opportunities, like social networks or source code repositories.

A political posting

david — Sat, 29 Mar 2008 15:55:58 +0000

Late in 1963, shortly before he was assassinated, U.S. President John F. Kennedy asked Canadian Prime Minister Lester B. Pearson for his opinion on how the U.S. should cope with escalating unrest in Vietnam.

Peason: “Get out.”

JFK: “That’s a stupid answer. Everyone knows that. The question is how do we get out?”

How, indeed? As JFK had finally come to understand, military conflicts, justified or not, are like a Chinese finger trap: it’s easy for a political leader to order the troops in, but very tricky to pull them back out (just ask the British about Northern Ireland, the Russians about Chechnya, or even Pearson’s Canadian successors about southern Afghanistan).

Good luck to President Clinton, President McCain, or President Obama (alphabetical order) in January 2009 — they’re all smart and well-intentioned people, but they’re going to find that the trap has already been pulled very tight, and there’s not much room left to wiggle free.

Strange web exploit attempt (?)

david — Mon, 04 Feb 2008 12:52:17 +0000

In the search logs for OurAirports, I noticed a series of searches for URLs:

http://www.feliciano.de/Webgalerie/bilder/Italy/une/yiwul/
http://www.unduetretoccaate.it/codice/aseje/wocobo/
http://www.altaiseer-eg.com/ar/articles/jed/umut/

At first, I thought they might be a kind of link spam — some sites display recent searches — but when I checked one of the URLs, I found something totally unexpected:

They’re all the same. This is almost certainly related to passwords: is there a known flaw in a PHP content-management system like Drupal, or in the PHP API for a search engine like Lucene, where this would do some damage, or is it just a test probing for weaknesses? Is the PHP code supposed to be served up literally like that, or should I be seeing the MD5 instead?

Delayed echo in the echo chamber

david — Sat, 02 Feb 2008 22:31:21 +0000

Some people compare blogs (and mainstream media) to an echo chamber, constantly repeating and amplifying the same messages, but the echoes usually die out quickly. Not so, today, when I found this story on the planenews.com aviation news feed:

21 Feared Dead in Munich Crash.

About twenty one of the 44 passengers and crew of the British European Airways airliner which crashed yesterday near Munich carrying the Manchester United football team and many journalists are feared dead. About eight others are in hospital, seriously injured. Frank Swift, the former international goalkeeper, who had become a journalist, died in hospital.

I didn’t hear about any crash yesterday, but according to the Wikipedia article on Manchester United, there was a crash near Munich on 6 February 1958 that killed eight of the team’s players. In fact, when you follow the full story link in the posting, there is a story about the crash. The phrase “From the archive” is hidden in the deckline, but the dateline is “Saturday February 2, 2008″ (probably automatically updated by the site). There’s nothing else in the online version to indicate that this is an archived story from 7 February 1958, though a Brit would probably know that British European Airways ceased operations in 1974.

This is an easy mistake to make trying to keep up a blog of current events, and I don’t mean to suggest that the maintainer is stupid, or that I couldn’t do the same thing — in fact, next December, watch this spot for postings about an air attack on Perl Harbor.

Is the problem Wikipedia, or David Megginson?

david — Wed, 23 Jan 2008 20:04:47 +0000

The Wikipedia article about me was vandalized yesterday (vandalized version) by someone from the IP address 24.225.66.95, which seems to be in or near Raleigh, North Carolina.

What should I do?

~~Edit the article myself to remove the vandalism?~~ — OK, that’s a really bad idea
~~Go in anonymously and edit the article?~~ — also a bad idea
Rejoice in the fact that my article is important enough to be vandalized?
Despair in the fact that my article is not important enough for anyone else to have noticed and fixed it?
Reconcile myself to the idea that the edits are not vandalism at all, and I am, in truth, “a freaking looser who knows nothing” and “a noob”

I’m leaning towards #5, though I’m disappointed that kids these days seem to have forgotten how to swear properly: “a freaking loser”???

Google analytics for XML 2007

david — Mon, 21 Jan 2008 15:51:27 +0000

I forgot that I’d enabled Google analytics for the XML 2007 web site. Even though the conference is long over, I though it would be interesting to look and see what some of the trends were from September 2007 to January 2008 (keeping in mind that these stats apply to the kind of web users interested in a tech conference, not to the web at large).

MacOS is still #3

Despite the halo effect from the iPod and the widespread use of Mac notebooks among speakers, MacOS still hasn’t managed to make much of a dent in the visitor logs:

Windows: 80.70%
Linux: 9.57%
MacOS: 9.44%

If MacOS can’t beat Linux on the desktop, I don’t know if it has a bright future.

Internet Explorer below 50%

Firefox is still #2 behind MSIE, but for this crowd, the gap is small:

MSIE: 49.61%
Firefox: 41.14%
Safari: 3.50%
Mozilla: 3.22%
Opera: 1.76%

If you’re designing or maintaining a web site with a tech audience, you’d better be testing on Firefox as well as MSIE.

Screen resolution and colour depth

I know that web designers like big layouts, but the sad fact remains that 1024×768 is still the most common resolution (and remember that the browser window may be much smaller than the screen):

1024×768: 28.32%
1280×1024: 25.84%
1280×800: 10.61%

A long tail of resolutions follows, but it’s worth noting that the classic 800×600 has only 1.96%. Better news comes from colour depth, where almost everyone has 16bpp or better:

32bpp: 80.29%
24bpp: 11.89%
16bpp: 7.37%

Traffic

Search engines, referrers, and direct access were all important traffic sources:

Search engines: 36.77%
Referring sites: 34.97%
Direct traffic: 28.22%

Blogs did show up among the referring sites, but the biggest traffic producers were traditional links from partner organizations (other conferences, IDEAlliance itself, etc.) — these were also the stickiest, since most people coming from these links went on to read more than one page.

As far as search engines go, I was surprised to find that nothing really matters but Google (assuming that Google Analytics isn’t biasing the numbers):

Google: 94.16%
Yahoo!: 3.46%
Live: 1.51%
MSN: 0.45%

I knew that Yahoo! and MSN were behind in search, but I had no idea just how bad it was (at least in the tech crowd). More than half of the people who found the site via a search engine went on to read more than one page.

The top search phrases were rather dull and predictable:

“xml 2007″: 28.50%
“xml conference”: 8.22%
“xml conference 2007″: 3.20%
“xml conferences” 3.04%

And so on through a very long tail. Individual speakers’ names start appearing soon, but none with more than 10 searches. I trolled through the low-frequency search phrases for something funny (and maybe risque), but all I came up with was the number “736″, which resulted in three visits. I gave up trying to find the site in the Google results for that number. Does anyone really search for a single three-digit integer, and if so, how many pages of results will that person scroll through?

LAMP stack stability

david — Thu, 10 Jan 2008 18:53:43 +0000

I’m using a single dedicated server to host ourairports.com, megginson.com, and a couple of minor domains. OurAirports is a database-heavy application using (currently) a MySQL v.5 database hosted on the same server. I’ll offload the database to a separate server if traffic keeps increasing, but as long as I’m getting compliments from tech people for my fast response times (mainly thanks to MySQL’s built-in query caching), there’s no point paying for extra hardware.

Uptime

My ISP set up the server for me last summer with a bare-bones Ubuntu distro, then I installed the extra packages I needed using aptitude over ssh. Since then, I’ve done many Ubuntu in-place upgrades, rolled out hundreds of changes and upgrades to the web apps and dozens to the database schema (some very significant), and upgraded WordPress n-teen times. Check this out:

$ uptime
 13:08:31 up 175 days, 10:02,  1 user,  load average: 0.23, 0.06, 0.02

That’s right — since my ISP first set up the server with a basic Ubuntu system, I’ve never had to restart it. In fact, if Apache and mod_php (PHP5) had ‘uptime’ commands, they’d show almost the same amount of time, since I restarted them only to make configuration changes in the first few days of setting up the server (unless apt stopped them to install a newer version during one of my upgrades). I’ve restarted MySQL more recently, but again, only to experiment with configuration changes (especially for fulltext).

-1 for being cool, +10 for having a life

Using reliable old technologies like Linux, Apache, MySQL, and PHP doesn’t win any cool points, but it certainly makes maintaining a web server and its applications easy. I can go on vacation, for example, without worrying about being able to get online to fix or restart my server every couple of days. I don’t have to stay up until 3:00 am on Sunday night so that I can take the server offline to roll out new software versions or bug fixes (aptitude installs any security fixes in place). I spend lots of time with my family. I go to my kids’ school concerts. I learned banjo and mandolin (why not, since I have the free time?).

It’s the developer, not the language

And yes, my PHP web app is easy to maintain and extend, because I designed it to be that way (I can often implement, test and roll out new features in a matter of minutes, even when they require database schema changes) — it’s the developer, not the programming language, that determines the quality and maintainability of an app. A lot of newbies use PHP, so there’s a lot of bad PHP out there, but the same can be said for any language, even Ruby.

Social web sites: the new Proprietors?

david — Thu, 03 Jan 2008 14:21:26 +0000

Image: Thomas Penn, second proprietor of Pennsylvania, not as nice as his dad William.

Almost a year ago, I wrote that Open data matters more than Open Source — it doesn’t matter (to you, the end user) whether a web site is using Open Source software or not, if they still keep your data locked up.

Here’s a nasty example: Robert Scoble has just had his Facebook account disabled for running a script to try to scrape his personal information off the site (since Facebook doesn’t provide him with any other way to get it).

I understand that Facebook needs to protect against malicious bots — and they might decide to restore his account once they know what Robert was actually trying to do (though for now all traces of him have vanished) — but do we really want to have hope for the good will of social sites and beg for our own data every time we want it? Are web site owners the new version of the Proprietors in the early American colonies, who can grant rights as favours when they see fit?

Religious wars hit close to home

david — Fri, 21 Dec 2007 13:57:08 +0000

Update: I read that the school concert went ahead, with Frosty the Snowman replacing the modified Silver Bells as the token non-religious song on the programme (Frosty makes no reference to any religious holidays).

Both of my children attended Elmdale Public School here in Ottawa from junior kindergarten to grade six. Now, my kids’ alma mater has triggered a nation-wide moral panic by changing the line “it’s Christmas time in the city” to “it’s festive time in the city” in the song Silver Bells for a grade-two and -three concert.

I’ve already gone on record saying that it’s OK to wish me Merry Christmas — I’m as proud of my Christian background as some of my friends and neighbours are of their Jewish, Muslim, Sikh, and Hindu backgrounds — but that’s not what this was all about. The primary choir was already singing songs about Christmas and Hanukkah, and the choir leaders decided to add an additional song that was non-religious. I think that the existing non-religious songs Jingle Bells or Winter Wonderland would have been fine, but they decided to take Silver Bells — an otherwise secular pop song about shopping downtown in a city — and replace the word “Christmas”. Silly? Probably. An attack on Christmas or Christianity? Hardly.

The real attack on Christmas and Christianity

Here are some people who might need help understanding the idea of Christmas and Christianity:

the school parent(s) who decided to take this to the media
the newspaper columnists who made a primary class holiday concert into a national culture battle
the talk radio hosts who urged listeners to go after the school and ended up putting the lives of hundreds of small children at risk
the hundreds of people who called or e-mail messages of hatred (and a bomb threat) to the nice women working in the school office

According to the Christian New Testament, Jesus didn’t have anything good to say about people like this — he far preferred the company of prostitutes and tax collectors to the religious self-righteous. If you are religious (any religion), pray, meditate, or just hope that their hearts can still be opened this season.

E-mail users fight back

david — Mon, 17 Dec 2007 02:14:38 +0000

A bit over a year ago, I ran into an unusual problem — for several days, I stopped receiving messages from a customer (in the middle of an important project), then I discovered the messages all hidden deep in my (gmail-hosted) spam box. Everything from that domain was suddenly being flagged as spam.

What happened? This customer had a large mailing list that they used for announcements, etc. My guess is that they sent out an announcement, a lot of other gmail-users flagged it as spam, and whatever weighting algorithm gmail uses tipped it over so that the messages were no longer considered legit by default. I was able to train gmail not to treat those messages as spam (for me, specifically), but it took a week or two before I could trust that some of them weren’t being sent to the spam box.

Hard-core spammers have always had to deal with this kind of thing, and they spend a lot of time trying to figure out a way around it. What’s happening now, though, is that companies with legit (or semi-legit) e-mail lists are also starting to get into trouble, because web-mail makes it possible for hundreds or thousands of people to get together and all vote your e-mail to be undesirable.

The letter of the law isn’t enough

That this isn’t a legal thing. It doesn’t matter at all if your e-mail list is opt-in or opt-out, if the “Send me announcements” checkbox was checked by default or not, or if the recipient originally clicked 10 screens of disclaimers before buying your product/signing up for your service. If they don’t like the e-mail you’re sending them, they’ll just click “Spam”, even if you had a legal right to send it; and if enough of them do it, the e-mail value of your domain fast approaches nil.

You’d better make sure that your mass e-mails have stuff that people actually want to read:

I don’t care that your company just won five awards — SPAM! (even if I said before that it was OK to send me e-mails)
I probably do care that someone wants to connect with me on a social networking site that I actually use.
I don’t care that a merchant I did business with from 2 years ago has a Christmas special on something I’d never buy — SPAM!.
I don’t care that your web site has a new look — SPAM!
I don’t care that your company has a training session coming up in Tulsa, since I don’t live anywhere near there (and probably wouldn’t go anyway) — SPAM!
Yes, I am interested in the tracking info for the books I just ordered. Thanks.
I do care that there’s a substantive change to a site that I use a lot.
I don’t care about a change on a site I haven’t logged into for a year — SPAM!.

And so on.

This new collaboration is an unexpected side-effect of the shift from desktop e-mail clients to web mail, and it would be foolish for companies not to pay attention. If you consider your domain name to be a valuable part of your corporate identity, don’t piss it away by sending out poorly-targeted mass e-mails, because no matter what prior permission you have, people now can … and will … punish you. After all, it takes only a single mouse click.