chxo internets

Why Google Shouldn't Index Flash

Wed, 02 Jul 2008 09:01:00 -0400

Apropos Adobe’s latest PR gimmick, Robert Hansen asks, how happy are you going to be when Google sends you to some complex Flash movie as the result of a web search? How do you feel when you see PDFs or PowerPoints in the results right now? I routinely skip over them as “more trouble than they are worth”.

If the information you are looking for is buried in a Flash movie, there is no way to link to it directly. You will end up searching, quite possibly in vain, through menus and animations until you find what Google promised. Not pleasant.

I call this the 3 Legged Dog problem: when your theater company’s website is built using Flash, how does someone link to a specific event on your calendar? They can’t, I’ve tried.

AA Rechargeable Batteries with built in USB Charger

Thu, 26 Jun 2008 08:37:41 -0400

Genius. Use batteries by day, charge in USB hub or laptop overnight.

Don't Wildcard Your Domains to Google

Mon, 23 Jun 2008 07:52:24 -0400

As pdp points out on GNUCITIZEN, domain admins need to make sure they don’t get carried away when outsourcing to Google apps. It’s tempting to put something like this in your DNS:

*.example.org. IN CNAME ghs.google.com.

Don’t do it! While it’s nice to have docs.example.org and mail.example.org and all that pointing to big-G with just one line, it also means that some prankster could use Blogspot to set up blog.example.org and hijack one of your subdomains.

Google will hopefully fix this particular exploit (by requiring proof of domain ownership in Blogspot) but other services may be vulnerable.

This problem is by no means limited to Google; use wildcard DNS with extreme caution. If nothing else, having kiddieporn.example.org resolving to your organization’s servers is a PR nightmare waiting to happen.

The default Mac Firefox 2 theme.

Sat, 21 Jun 2008 10:36:00 -0400

The default Mac Firefox 2 theme.

Who stole the orange from Firefox 3?

Sat, 21 Jun 2008 10:26:00 -0400

I finally got around to installing FF3 today. The verdict? Nice browser, sub-standard chrome. And none of the available themes for OSX is any better.

The problem is that they turned Firefox.app into a Safari clone. I use both browsers, and one of the reasons why I use Firefox more is that I like the look of the interface. It’s less boring. It balances web content nicely. It’s saturated while still being professional. Safari is understated and serious. Firefox is bright and clever. Or was. As others have mentioned, Moz didn’t even get Safari right.

What really kills the deal for me is that they made the RSS icon blue. You know, because Safari’s is blue. :-p

It hurts my brain.

It’s also an odd move for an application whose branding is orange and blue to remove all the orange from their user interface.

Default Mac Firefox 3 theme. /rolls eyes: If I wanted to use...

Sat, 21 Jun 2008 10:06:00 -0400

Default Mac Firefox 3 theme.

/rolls eyes: If I wanted to use Safari, I would use Safari.

On Attractive Targets

Thu, 19 Jun 2008 08:02:03 -0400

On Attractive Targets:

As we continue to turn to Google, Amazon, and others to outsource email and server operations, I find myself wondering if we aren’t just making life ridiculously easy for black hats, spies, and marketers. Let’s see, you could find a way into each of 3,000 heterogenous little networks… or find a way into one network with 300,000 clients. Hmmm, which will you choose?

Here’s my advice: don’t outsource anything you wouldn’t want released to the public someday, where someday could mean tomorrow.

Firefox 3 Download Day

Tue, 17 Jun 2008 07:36:06 -0400

Firefox Download Day, world record, blah blah blah. It’s time to upgrade yer browser. Then again, if they really wanted to set a record, they would have posted FF3 by now (7:40am EST, nearly midnight in New Zealand).

Be sure to check out the Field Guide to Firefox 3 for whenever you actually do download it.

Ad-Friendly Ad Blocking

Tue, 17 Jun 2008 07:05:00 -0400

The way browser-based ad blocking works currently (hello Firefox users!), one or more extensions prevent the browser from downloading images from certain servers, prevent the Flash plugin from playing animations, and/or prevent the javascript includes that insert ads into the page.

This works great. Suddenly the internet is free of annoying crap in the margins, allowing you to concentrate on the annoying crap you’re looking for.

But of course, when the ads are blocked, no one gets paid. The world’s browsers need to request and download the images—hundreds of thousands of times—in order for the sponsorship arrangement to work out.

It would be great if you could tell blocking extensions to “accept, but do not display” advertising on a site-by-site basis.

Is There A Case for Metered Internet?

Sun, 15 Jun 2008 10:02:00 -0400

If you paid for your internet by the Gigabyte, would you think twice about watching a Miami Vice marathon on Hulu? Would you get mad at being rickrolled? Would you limit your calls on Skype?

Or would your ISP suddenly feel enormous pressure to provide you with as much bandwidth as you want, when you wanted it, in order to increase revenues and maximize shareholder value?

I have no doubt that metered pricing would chill demand for high-bandwidth services, and lead to the kind of thriftyness we used to assume for interstate telephone calls. At the very least, we would all have internet meters on our dashboards, and favor content providers that optimize their offerings and use low-bandwidth ads.

But in a fair market (heh), you would expect internet providers to price their Gigabytes attractively, in order to sell more of them. The more data they move, the more money they make. This is already the case on the server side. The price per gigabyte for a high-bandwith datacenter is under 20 cents, and you can easily get as much bandwidth as your hardware is able to consume.

I think it will be a painful adjustment: there issues around security, high-bandwidth advertising, family usage, and monitoring. But if metered pricing finally gives the CEOs a long-term incentive to move packets, instead of limiting them as they do now, I’m all for it.

Apple Design Awards

Sat, 14 Jun 2008 09:56:07 -0400

Apple Design Awards:

If you want to know why the iPhone is a game-changing mobile device, just take a look at the winners in the iPhone Developer Showcase. As you do, imagine these applications running on any other phone or handheld.

For four out of the five, I can’t.

"Always beloved as the place that had more lox than the Panama Canal, Barney Greengrass was a..."

Thu, 12 Jun 2008 07:58:12 -0400

“Always beloved as the place that had more lox than the Panama Canal, Barney Greengrass was a primordial fixture of the quondam mythical kingdom of the Upper West Side. These days it is more than just a remnant, though, being a significant caravanserai on the Silk Route leading to Zabar’s, Fairway and Citarella.”

- A centenary ode to the Sturgeon King by Glenn Collins, NYT.

Unstuffit on Leopard

Tue, 10 Jun 2008 10:38:51 -0400

Unstuffit on Leopard:

I refuse to install StuffitExpander, because the default OSX zip support is fast and efficient and free, unlike Aladdin’s crapware. But that means that on the rare occasion that I actually need to unstuff a .sit archive, I need an app that can do so.

It turns out that Dag Ågren’s “The Unarchiver” is just the sort of minimalist open source unstuffer I need. Nice work, Dag!

EncFS

Tue, 03 Jun 2008 09:18:12 -0400

EncFS: The breadth of utility enabled by FUSE continues to astonish me. The EncFS project allows you to create a file-by-file-encrypted filesystem… anywhere.

Lecture by Clay Shirkey on the 4 levels of group interaction...

Sun, 01 Jun 2008 16:19:00 -0400

Lecture by Clay Shirkey on the 4 levels of group interaction enabled by the internet and it’s “ridiculously easy group forming”: sharing, conversation, collaboration, and collective action.

“In this medium, freedom of speech, freedom of the press, and freedom of assembly are all now the same freedom.”

via Coding Horror.

Problems with OpenID

Fri, 30 May 2008 12:42:18 -0400

I was considering implementing OpenID for my web apps, but then I saw this review of all the potential problems with it. The article is biased, and some of the arguments aren’t particularly strong, so here’s a short list of the reasons why OpenID is not for me:

Because an attacker knows the url of your login page, he can potentially act as a man-in-the-middle and phish your credentials. This is solvable, but proposed solutions include fairly heroic measures like browser plugins or client certificates.
Your OpenID provider knows exactly which websites you log into, and how often.
Single point of compromise: if your password is sniffed or the provider is haxxored, your identity is stolen for every site on which you used that OpenID. A big OpenID provider is a lucrative target for bad guys.
Single point of failure: if your provider is unreachable, you can’t log into any sites.

It seems a little unfair to pick on OpenID, because these risks are present in any single-sign-on system. Google apps are also famously at risk for the same thing. In fact, using GMail has been creeping me out lately, I cringe a little every time I click a link from email, knowing that the sender knows I’ll be logged in when I do.

Scaling Twitter, and the Friend-Follower

Wed, 28 May 2008 07:14:59 -0400

On yonder Twitter Developer Blog, al3x points us to his favorite explanation of why scaling Twitter is so difficult. It’s a great read, and it goes into fairly accessible detail about the problems involved in scaling a message-intensive social network. As I understand it, you can either duplicate messages so that each follower has a copy (cheap lookup, massive storage) or you store one copy and aggregate everything per request (cheap storage, expensive lookup). This is a classic comp sci tradeoff.

Unfortunately the author of that post (for his own reasons) and Twitter (for theirs) dismiss the idea that scalability can be addressed through a distributed system. In this approach, everyone (or many people) run their own Twitter-like service that stores their status updates, and makes them available to the world (or to a selected set of followers using OpenID).

The following could be done today using a simple newsreader: if you subscribe to the RSS feeds of your friends, then no matter what service they are using (Twitter, Pownce, LinkedIn, Facebook) you can collect all of their status updates in one place.

Ah, but how do you find out who is following you? One of the great things about a social network is that communication is two-way within the walled garden. I can see who is following my posts, and scan their feeds to see if I want to follow them. If distributing messages is easy, distributing the social graph of who knows who is much harder.

This requires a slight twist on the standard newsreader, and I’m going to call it a “Friend-Follower” application unless someone points me to a better description.

A friend-follower knows who you are, and where to find the feed of your own status updates. It uses this information to aggregate your posts with the posts of those you are following (so that you see them as a conversation). It also uses this information to perform a trackback style notification whenever you decide to folllow or stop following someone else’s updates. Your microblogging software (your own personal Twitter) would also receive these updates and maintain your personal social graph as an Atom feed.

Of course, Twitter and the other big social networks are not going to make this easy, because their business models are likely built around the assumption that they can deliver very large audiences to advertisers. They aren’t going to modify their systems to allow you to have friends on other networks, provided they can solve the scaling problems mentioned above.

Nevertheless, it isn’t hard to imagine that a neutral third-party, like Google, might see the value in being keeper of a social meta-graph that bridges all of these walled gardens. Let a million Twitters bloom!

"Of the more than 180 countries that issue paper currency, only the United States prints bills that..."

Wed, 21 May 2008 09:10:00 -0400

““Of the more than 180 countries that issue paper currency, only the United States prints bills that are identical in size and color in all their denominations.””

- Blind Win Court Ruling on U.S. Currency
We saw a guy in the Times Square subway station on Friday night, holding up a five dollar bill and yelling “How much is this? Can anybody tell me how much money this is?!?”

Map of GNU/Linux distributions over time, by kde-files.org. The...

Sat, 17 May 2008 13:23:00 -0400

Map of GNU/Linux distributions over time, by kde-files.org. The most successful distributions (whatever that means) are the ones with the most branches.

My geek train has ridden on Red Hat, Mandrake, Linux From Scratch, Gentoo, Ubuntu, Xandros, Lindows, and Debian.

Gold Farmers

Sat, 10 May 2008 11:48:15 -0400

From the We Make Money Not Art interview with Ge Jin, director of a documentary of “gold farming” in China

Is gold farming regarded differently in China than it is in the USA, Europe or Japan for example? Is the practice seen as more acceptable by the public and the government? How much does China try to tax and regulate the business?

“Culturally, real money trade is indeed more accepted in China than in other countries. For example, the successful game Legend from Giant. Ltc thrives on incorporating real money trade in game design. Western game companies dare not do so blatantly because many gamers may think the game is not a level playing ground that way. But the Chinese gamers seem to accept this inherent unfairness, as if they see so much injustice in real life that they don t expect the virtual world to be better.

“The government doesn t seem to have any problem with the gold farming business. It has not figured out a good way to tax virtual trade yet, in some rare cases, some gold farms pay a fixed amount of tax based on very rough estimation of trade volume. There is currently no policy directly regulating this industry. Though there are regulations generally aiming to purify content of games and limit how long people can play online games.”