A clever hack to determine which sites you've visited

No comments:
Aza Raskin has done it - he's written a piece of javascript that exploits a bug in CSS to determine where you've been on the web. He is positioning it as something useful, to show users only the social networking sites that they've visited to avoid "badge blindness". And it is useful. But it's also an invasion of privacy.

First, how it works. Basically, if you read the script he creates a new iframe, writes a bunch of URLs into it, setting some style attributes if it has or has not been visited. He then checks the style of each URL node. Pretty simple. Ordinarily you cannot tell what the style is of a visited link, because it would be a privacy concern. But Aza got around it.

Second, how to defeat it. The bottom line is that the only way is to disable your browser history. You could specifically defeat this script with a bit of Greasemonkey, but a) most people won't bother and b) even if they did it would be easy to counteract.

I would guess that we'll be seeing a patch from the browser vendors soon.

Ultimate Defrag

No comments:
Ultimate defrag is a pretty, fast, free defrag utility for Windows. Your data looks like it's smeared all over the disk, which is pretty accurate. Kind of puts it all in perspective.



Sun is in the virtualization game, too. Why?

No comments:
Turns out Sun has a virtualization solution, too. It's called VirtualBox (pretty good name, actually) and it looks like it's dual licensed open- and closed-source.

Just out of curiosity, I downloaded and unpackedthe "Open Source Edition". There was nothing obvious to click - just a bunch of files that looked like they were designed for CLI compiler invocations. It was kind of like downloading a Linux distro only to find you got just the header files! Needless to say, not a good experience.

The documentation seems to describe a different experience - no doubt I dl'ed the incorrect file.

I may try the other download. In the meantime, I have to wonder: why create yet another product? The field is rather thick at the moment: VMware, Virtuozzo, Virtual Iron, Virtual Server (from Microsoft), Xen (which powers Amazon's EC2), Parallels (for the Mac) and a variety of other niche products, like User Mode Linux. (Check out the full list of virtual machines on wikipedia)

This is especially puzzling since Sun is on Xen's advisory board. Things that make you go "hmmm".

A work of true genius

No comments:
Genius pops up when you least expect it. In this case, a game of Counter-Strike:Source spray:


The rise and fall, and rise of the thick client

No comments:
I've switched from Gmail to Thunderbird. Why? Two things: Firefox's instability and memory hogging ways, and Gmail's IMAP support.

The fact is that my firefox.exe process was getting into 400MB range and was crashing all of the time. It's not surprising: I was running gmail, meebo, firebug, and a bunch of other, smaller plugins. Firefox was essentially serving as a simple operating system.

Time to lighten the load. Thunderbird for email has been a big win - Firefox 2 never ran gmail very well, and Thunderbird is like a breath of fresh air. However much I miss email search and organizing messages by conversation, I like being able to write an email without fear of a crash even more. Plus, thick clients have other benefits like offline operation and better integration with other apps (e.g. I can use the "email this document" option in my applications now).

Meebo actually runs very stably, but it does take up a good deal of browser memory, and it doesn't do "auto detect whether I'm at my computer" thing - which has misled others to think I'm online when I'm not. Miranda does the trick (although it doesn't support Google Talk).

Another sign you've been reading too many logs

No comments:
...you start to rely on timestamps to remind you what time it is.

Another nifty tool for Windows: Taskbar Shuffle

No comments:
Doing development these days requires a LOT of programs to be running at once. A couple of shells, an explorer window or two, a browser (or two or three) a database client, Eclipse, etc.

(there is something to be said about the fact that having this many applications open at once is rather wasteful, as it spreads one's attention too thin. That's true, and if the startup time for these applications was fast enough I would happily close all of them except for the one I currently needed.)

But alas, the reality is that this is what we must do. And I've often wanted to reorder the taskbar, but could not. Until now.

Taskbar Shuffle lets me do that. Neat.

(Yes, if I was running OS/X this would be built-in.)

Coffee shop recommendation: Qatsi Trilogy

No comments:
Thanks to Nick from the coffee shop for recommending the Qatsi Trilogy, a series of movies related to Baraka.

Optimizing the Build Test Debug (BTD) loop

2 comments:
Ran across JavaRebel today. Glad to know there are people out there as frustrated with slow BDT loops as I am. JavaRebel is Hotswap on steroids. I look forward to trying it out with the JBoss/Hibernate/80 Mavenized projects they've got going on at youmail.com.

The ZeroTurnaround site has a short article on doing webapp development with JavaRebel. I actually had no idea you could do symlinks in Windows! Indeed, I downloaded sysinternal's junction.exe utility, and was off and away creating symlinks. Very cool.


Steve Souders from Google Performance on making pages faster

No comments:
  1. A neat tool, called cuzillion
  2. Don't put inline javascript between two resources or parallel downloads will be blocked.


Tomcat Virtualization

No comments:
Setting up a development environment is a very important part of a programmers life. It can be very easy or very hard depending on the architecture of the underlying system. The key differentiator between easy and hard is the amount of server twiddling that needs to happen before the app can run. I believe that, in the long run, servers get tweaked quite a lot, and therefore it's worth solving the problem of setting up a complex dev environment.

Unfortunately issues like this don't get a lot of attention. I think it's because, once setup, most programmers breathe a sigh of relief and get to work. Alas, all of the programmers that come later (and sometimes even you yourself) will have to go through that same pain. Wouldn't it be better to ease the pain of others?

That's what this post is about.

Consider installing Tomcat in Windows. Pretty simple. And yet there are at least three ways to do it.
  1. The normal way: install Java, then install Tomcat, then tweak it, the JRE, and the OS as needed.
  2. As a package: apt-get, or XAMPP add-on (alas, XAMPP still requires seperate Java install), tweak as needed.
  3. As an appliance: install vmware player, install pre-tweaked Tomcat appliance.
As a developer I badly want the appliance. The server side portion of an application tends to be under relatively strict control, and it's beneficial to work with the *exact* bits that will be running on the eventual production server. I don't want to be bothered with recreating server configurations on my local workstation, especially if my OS differs from production.

It may very well be that the image is maintained using #1 or (hopefully) #2, but I shouldn't have to recapitulate the effort of the sysadmin and/or architect every time I set up a workstation.

The appliance approach has other serious benefits. Virtualization lets programmers play with an entire multi-tiered system, and to treat the machine images themselves as deliverable artifacts.

Finally, this mode of development lends itself to deployment to virtualized infrastructures, like Amazon's EC2 (and it's inevitable competitors).

Some questions arise. For example, how much of the app do you bundle with the image? How do you patch the image OS without wasting lots of space (e.g. you want to avoid deploying a new 500MB image every time you patch one little utility) ? How do you develop using images (e.g. do you share the local filesystem to the host OS using samba? Do you force developers to use vi on the image? Or...) Should the image be responsible for source checkout and checkin too?

WRT checkout, I'm guessing no - that falls under the realm of developer tools. However, there is a strong case to be made that developer tools should also be under revision control and perhaps virtualized. Deviations could be tracked as branches. Great way to knowledge-share between programmers. (It's shocking how insular many programmers are about their habits and tools!)

Even the big boys get it wrong...

No comments:
MSN's homepage has some serious problems today (FireFox 2 for Windows):


Beginner level CSS and HTML tips from Apple

5 comments:
It's brief, incomplete, and out of date. But that said, this page isn't all that bad for beginner level CSS and HTML tips. It has a very nice set of links, including one to a rather good css mailing list.

(I wish pages like this would sport an author and a date!)

Now *that's* some Intellectual Property (Evernote.com)

No comments:
Wow. Courtesy Duncan Riley of TechCrunch fame, in his farewell post, he gushes a bit over Evernote, one of the coolest utilities I've ever seen. Check out the demo (embedded YouTube in the homepage. I love how startups are doing that! So rational!)

I've wanted something like Evernote for a very long time.

The problem with wikis

No comments:
Wikis seem to go stale really fast. I know this because I've used internal wikis at every company I've worked for or with in the last 8 years, and in each case the wiki was never an important part of anything. (Indeed, the wiki was often used by managers as a kind of threat - "add it to the wiki" is a way of saying, "please do some meaningless work that will never be read and will be quickly forgotten.")

But all writing on the net gets stale fast. Why does it feel so particularly bad with wikis?

I have a theory. I think it's because wikis set your expectations differently than, say, a blog. You don't expect a blog to stay relevant. Wikis feel static, and you expect them to stay relevant. It's a classic UI problem, actually. In truth, wikis and blogs are both just representations of an author's activities. One is merely presented in a different way. I believe that blogs are actually closer to representing the moment - one has a thought, one writes. Wiki's still subscribe to the conceit that this is an article, something that is correct and timeless and that fell out of the sky. Wikis hide the serial nature of authorship, while blogs do not.

Iron Man

No comments:
Disturbing on several levels. The overall message is definitely pro-weaponry, pro-violence to solve the worlds problems - not surprising for a comic book story, and something I've overlooked in the past. There is also a very strong misogynistic and anti-Arab message throughout the film: women are shown as (willing) sexual objects, or uncritical doormats. Arabs are shown as barely human, violent, cowardly aggressors who end up getting beaten not by Iron Man, but by an ordinary corporate villain, played by Jeff Bridges. (Iron Man kills a few Arabs early on, but only as a training exercise. His real challenge only comes against white people.)

Needless to say, I'm sorry to see Hollywood regress to near Amos 'n' Andy levels of insensitivity and fear/hate/violence mongering. That said, my inner child enjoyed the movie at face value - it was fast paced, the CGI was flawless, and there were tons of cool toys all over the place. But as an adult I cannot ignore or condone the poisonous messages that I see lurking just below the surface.

Kind of a bummer because as movies go, this one was actually really well made.

The cars were great (I can even over look the in-your-face product placement by Audi for that), the powered armor was quite impressive. But the device that stole the show was Jarvis, Stark's house computer assistant. Now *that* was not only impressive, but totally doable and it doesn't kill people - it just makes their lives a little better.

A plot nit: Stark Industries really could have stopped selling weapons and remained successful if they had started to sell those portable arc reactors that Stark developed in his cave. Those devices could have helped billions, and worth trillions. Uh, hello, solving the worlds energy problems in one blow? Was it just me, or did Jeff Bridges look so much like William Hurt that it was hard to remember who was playing the bad guy?

Overall I'm extremely disappointed that entertainment value trumps wisdom here. Our popular lore is filled with tales of heroes with much physical power but merely human wisdom. I think this is very insightful - there are men with superpower in this world, they are the ones that control the fates of thousands, millions, or billions. They don't have the ability to personally fly or do battle, but they command vast armies and/or vast sums of money. And here's the thing: they are just as likely to be the hero as a villain, and indeed may switch from time to time. This state of affairs is very new: for most of human history the planet has supported perhaps 10 million of us, and we hunted and gathered our food and lived quite insular lives. Relatively recently (within the last 10k years) we learned to farm, and our population densities have increased, and opportunities for concentrated power has steadily grown. What is the superhero genre about if not this rather stark fact that faces us all? Of course, my personal feeling is that so much power cannot safely be given to *anyone*, and this denies the vast majority of superhero lore that says, unequivocally, that we NEED superheros and are lucky to have them.

Superheros are kind of like a first guess at solving the problem of suffering - it seems ok at first but doesn't hold up to scrutiny. Superheros are great in certain kinds of emergencies - preventing a plane crash, or rescuing people from a burning building - but they can do nothing to change the course of humanity as a whole, because that requires individual effort from everyone, on a continuous basis. Inspiration to change for the better is, in the end, the only superpower that matters. And we are lucky to live in a world where we have not one but several superheros that wield such a power.

Why people put ketchup on everything (a post about emotional addiction)

1 comment:
I think that human beings can become addicted to almost anything. Drugs and sex get the most attention, but there are an infinite number of other addictions. Indeed, addictions are as numerous as the sensations which we experience. One can be addicted to uncomfortable feelings, or to types of conversations, or even types of people. In some ways, our personality is the sum total of these addictions, gross and subtle.

The subtle addictions are individually less problematic, but if there are many of them they can become so. For example, if one is addicted to "accomplishment" or "completion", it can be a problem for such a person to simply let go and relax. With effort, such a person may be able to relax, unless of course they are also addicted to "confrontation", or perhaps "debate".

Some may be puzzled by this use of the word "addiction". How can one be addicted to confrontation? That means, fundamentally, that one is biased toward confrontation in any situation, and may even generate it out of thin air. Some people enjoy confrontation because that's a mode of interaction which they feel they've mastered. Most human interactions (actually all human relations that differ from our animal cousins) exist purely in the abstract, and are therefore very sensitive to subtle variations in mood and perspective of individuals. It is possible for an intelligent human to manufacture emotional atmospheres that he or she is most comfortable in, even when they are not appropriate for others or for themselves.

Indeed, I believe that this happens all the time. We act unthinkingly to create the same circumstance that we've experienced in the past, even if it was negative. And why not? This is a not-too-shabby survival instinct for the intrinsically chaotic and unpredictable environment of mind. Repeating the "mistakes" of the past is the minds first-order attempt to impose order on chaos, and actually it works. It may be that religion, or perhaps morality itself, is a (much more successful!) attempt to bring order to the chaos our sentience brings.

What's the problem? Imposing an emotional atmosphere on every situation is the equivalent of taking a large ketchup bottle with you to every fine restaurant you go to, and smothering the food with it. The ketchup keeps your palate is safe from potentially unsavory foods, because all you ever taste is ketchup. But you risk many negativities, not the least of which is upsetting your relations when you "ruin" their carefully prepared meal with indiscriminately smothered ketchup. But also, in a purely subjective level, ketchup really doesn't taste that good and you'll probably have a better time experiencing the good, and the bad, without the condiment prophylactic.

To some degree I think everyone brings along their own condiments to every interaction they have. It may be ketchup, or mustard, or Lee and Peron's, or Worcestershire's sauce. Not only do they hide the true flavor of the food, but because we are all eating off the same mental/emotional plate, they often don't mix well together.


Movie Night!

1 comment:
Ok, so we saw Iron Man (Toan, Alex B, Robert, Marc and Me). Marc posed with his date: