epc++ ...another year, another post

I have nothing to contribute to the various discussions over Katrina except to say Contribute.

In other news... Todd is in town blogging the US Open for IBM. I "worked" at the Open a couple of times (loosely defined as: I showed up and hung out with the web team). I don't have any nifty stories to tell, once you've seen Chet write/rewrite a scoring system live while the matches are going on you lose the little details that make it into a story.

Ok, I do have something to add about Katrina: this is amateur hour at the White House. Yes, this was an incredible storm, but it was not unexpected. You make a plan and you execute on it....it's become that there was no plan. This crap about "just getting started" is just that, crap. 20,000 people survived the hurricane, only to be at risk of dying now due to the absolute lame-ass response by the administration. Blaming people for staying behind (when it's now clear that many people had absolutely no way of leaving) is disgusting. This is the cost of starving FEMA since 2000. This is worse than the response to Andrew in 1992. As a political gambit, the administration has nothing to lose, there's no more elections to win.

Ahem, so contribute to the Red Cross, or whomever you think will help people immediately. Don't contribute to an unrelated charity which just threw up a donate link to take advantage of the disaster.

Overload

I finally O'd on Katrina coverage and generally haven't been watching TV since Friday. I find the whole situation appalling and the administration response disgusting. I've given to the American Red Cross and today gave to Habitat For Humanity. Habitat is planning Operation Home Delivery to help victims of Katrina...they will assemble a house-in-a-box, all the components to build a basic house, so that the units can be shipped to the affected areas and assembled with minimal delay for other materials.

Last night, Lisa had the brilliant idea of seeing Singing in the Rain at the Walter Reade theater in Lincoln Center. I'd never seen it before (other than the title number, out of context) and honestly haven't laughed so hard in years. Todd was also snorting quite a bit during the moving. It's available on DVD now, which we apparently have somewhere in the house.

Todd returned to Austin, TX this afternoon. Frisket was sad to see him depart as Todd accidentally fed her 2½ cups of food at a time, rather than the 1 cup she's supposed to get.

A perfect storm for George W. Bush

Bush's Perfect Storm:

Imagine if a few weeks ago someone had polled all of the Bush critics in the country, and asked them to list the primary faults that they see in this administration. I suspect, give or take a few entries, the results would have looked something like this:

• Obsession with Iraq at the cost of all other national priorities
• Unwillingness to admit mistakes
• Hostility to science
• Embarrassing juvenile attitude
• Indifference to the fates of the poorest members of society
• Cronyism and unwillingness to fire anyone for incompetence
• Tendency to spend way too much time on vacation
• Inability to plan and execute large-scale operations effectively

If Hurricane Katrina ends up being the turning point when it becomes clear to a solid majority of the country that Bush has been a fundamentally incompetent leader, I suspect it will be because the Katrina crisis turned out expose all eight of these flaws.

More...

Dreaming A New New Orleans

WorldChanging: Another World Is Here: Dreaming A New New Orleans, Version 1

On leadership and public service

Fascinating essay on leadership, public service, and the lack thereof these days: Groundhog Day: Change

[...] There is something that keeps a group of people together that is more than just a paycheck. We "honor" individuals within our group as a way of renewing and strengthening that thing that keeps us together. It's about faith, which is a word that is much abused of late. It's about keeping faith with one another, and the really important things we believe, even if we don't think about them much. To honor someone is to keep faith with them. Honor, the noun, is the quality of having kept faith with one's fellows.
Leadership is the act of renewing and strengthening that faith. Leadership is embodying that faith and living it, having it be a part of one's life, recognizing that each of us is a part of something greater than ourselves, and that's not our company or our corporation.

On Donating Online

Todd write a nice post over at his IBM blog about donating online. I wanted to comment on it and entered into the little wormhole of IBM's current registration system.

Like all registration systems, it asks for a lot of information (I'm guessing mostly for marketing purposes). It bounced me on my first try for a password (too short, that's fine). And it bounced me for not filling out a not-noted-as-required set of address fields (usually an asterisk accompanies fields which are required).

And...given that you have to register to comment, when it returned me back to Todd's latest post, I sort of expected to be able to add the comment. Sadly, no.

You have to log in again. My first shot failed (I'm guessing whatever is being used these days to copy authentication information around has a bit of a delay). My second attempt worked...but I got yet another form of information to fill out (here's a hint to whomever at IBM might read this: at this point you would have lost me entirely if it weren't for the fact that I owe Todd some link juice, and I enjoy taking potshots at IBM so I needed something else to blog).

Only after filling out yet another bit of information (I'm guessing DeveloperWorks has it's own marketing database which doesn't get populated by information from the intergalactic IBM database, so DW needs to ask a variety of bits of information, again) do I get a chance to make the comment, which at this point and my increasing years, I almost forgot. (My comment was essentially: also check to verify that pages are encrypted when you go to submit a donation, and that the encryption certificate matches the name of the organization you expect to be serving you the page).

Two additional observations: my own comment actually ends up being wrong, temporarily, for the American Red Cross site which has redirected donations to be served through Microsoft's MSN servers. At this point I should go on a digression about IBM and the ARC's DisasterRelief.org project, but I won't as it is pretty boring (well, except for the patent infringement case, and the corporate and non-profit politics that we encountered). Maybe some other day.

Anyway, observation two: we (the galactic those-of-us-who-can-stake-some sort-of-minor-claim-on-being-internet-pioneers, admittedly minor in my case) never quite got around to the fact that it's nice to serve up an encrypted page, but as far as I know no browser tells or warns you when you submit an encrypted form to whom you're submitting the form. Sure, Firefox and MSIE and every other browser will warn if the form is unencrypted, but I wonder how hard it would be to do the SSL CONNECT and pop up something if some level of the certificate doesn't match the certificate of the site which served up the form (No, I don't expect most people who read this site to understand that last comment, it's directed to Sean and Chet and Paul, assuming they're still reading here).

i.e. if the CN, OU and O don't match, or some level of them don't match (it's ok if the CN's don't match if the O and OU match), pop up a warning of some kind.

I mean, who cares if the content was encrypted when it was sent to you if I've managed to change the URL of the form to post to my little offshore bank account instead of the site you expected. As far as I know, no browser warns when the target's certificate does not match the certificate that served the original encrypted page. Browsers do warn if the submission is unencrypted, or if the CN doesn't match the hostname of the server when you connect via SSL.

Just an idea...maybe I'll submit it to Mozilla.

Ok, one more thing about ibm.com's registration system

See, once I start I can't stop.

Anyway: it's been my experience that when I register at a given web site, the system sends some sort of confirmation back to the email address used for registration.

Perhaps it takes awhile, but I've received no such confirmation from the ibm.com system.

Perhaps totally mistaken, but it appears that the IBM.com registration makes no attempt to verify that whoever registers a given id really maps to an email address in the real world. The requirement probably existed, but got transformed out of the implementation.

Say goodbye to my blogroll (temporarily)

I've decided the blogroll is just so 2001 and am removing it temporarily until I finish a nifty AJAX-y replacement (look for it some time around 2009). In its place will be links to my Bloglines subscriptions and my del.icio.us bookmarks.

Frisket and I on the Promenade

Remembered to bring my tripod along for tonight's walk. I put other pictures up at Frisket's site and on my flickr account.

This year, the Tribute in Light is atop the Battery Parking Garage, directly opposite my pre-Sydney apartment on Battery Place, about six blocks south of the WTC site.

American Peace Activist Detained in Australia

This is distressing...an American peace activist, Scott Parkin, has been detained in Australia as a threat to national security: Question over activist's deportation - National - theage.com.au. The only reason people can come up with is that he has led or participated in a number of anti-war rallies in Sydney and Melbourne.

Meanwhile, back in these parts, it's apparently legal to detain U.S. citizens now with no need for the messiness of indictments or trials. For all I know, Padilla is a complete scumbag. Or not. No indictment has occurred, no judge has heard evidence.

He's been imprisoned entirely on the dictat of the President. There is nothing to prevent the President, then, from arbitrarily imprisoning citizens without recourse to indictment or trial. Now, some will argue that the guy was caught at O'Hare allegedly planning to do some nefarious deed. Allegedly. Fine, present the evidence, indict him, and hold him for trial.

For your entertainment, read this essay from the 1992 and the US Army War College The Origins of the American Military Coup of 2012. I know, it can't happen here, we have a system of laws...except when the President can decide not to follow them.

Don't depend on my markup for your application

When I was a certain corporate webmaster, I'd frequently be escalated because of a change in the markup for www·ibm·com. See, people would write applications which screenscraped something off www·ibm·com, perhaps the stock quote, our news headlines (which was perverse since we had a CDF feed from like 1997 on), whatever. People would screen–scrape and rely on the precise structure of the page, rather than request an API to the relevant content (likely because they couldn't justify the cost to us, or didn't have a legitimate reason to have access to machine-parseable content). Apparently this is happening more frequently as people write Greasemonkey scripts for Firefox. Just to repeat, a web page is not an API. It got to the point at IBM where we'd ban IP's we found doing machine harvesting of specific pages and republishing the content.

What people are doing with Greasemonkey is different, but somewhat the same: unless I as a webmaster explicitly say or make a covenant with you that a given URI is meant as an API (regardless of the format of the content), you're on your own. If I update it and it breaks your application: tough noogies. If you want to pay me to build a dependency on my application, then let's talk, but otherwise the idea that someone who provides content on the web is somehow obligated to make sure it works with random, arbitary applications is just bizarre. It was bad enough when we were expected that a given web page would work across every browser platform in creation.

Mess of links for 17.09.2005

At Access Matters, I found a nice writeup of results of testing the interaction between JavaScript and screen readers. As a followup I'm curious to find out how tweaking the DOM using JS affects screenreaders and other accessibility technologies.

The American peace activivist I wrote about earlier this week was deported, er, removed from Australia and billed AUD$11,700 for ASIO's removal services. I'm interested in this because the activites he was allegedely removed for a perfectly legal in Australia as well as the U.S. They may be annoying (dissent is always annoying, right?) but legal. He has yet to be told why he was deported except that he presented a security risk. So remember Americans: your rights cease when you leave the U.S. Express a contrary opinion (on a U.S. topic)outside the U.S. and

Also in Australia, the fig trees of Hyde Park (Sydney's Central Park are apparently dying due to three soil-based diseases. Authorities are to remove 34 fig trees in an attempt to save the remaining trees.

Mosquito is a parody of Firefly. Be sure to catch Serenity if you're a Firefly or Joss Whedon fan.

An essay I need to re–read a couple times: Gene Smith on cost of information discovery responding to a post on why tagging is expensive.

Saturday in Amagansett

Spending the weekend in Amagansett with Abigail, Alister, and Harriet Lewis-Bowen.

Went to the beach last night and this morning. The surf is rather high due to Ophelia passing by (and it was high tide as well). Frisket doesn't swim in the ocean here, but was romping around in the surf and splashing in the tidal puddles left behind on the dunes.

I'll post more pictures here when the connection's better, or you can go to my flickr account to see them.

magpierss and google desktop don't cache

Checking through my web stats I noticed a large number of requests for the feed for this site. Checking around, I discovered two IPs ([24.16.107.1xx] and [129.33.1.3x]) which were slamming the feeds, requesting over and over again, and not using modified-GET requests.

What? You don't know what a modified-GET request is? Ok, briefly: modified-GET request in essence occurs when a web user agent (basically: a browser) has already requested some resource (a page, a graphic, any resource) and has cached it locally (on disk, in memory, doesn't matter). The user agent sends a request for the resource (ie: GET /resource) but adds a bit of information that says but only send me this if it's changed since this timestamp. The timestamp is derived from the Last-modified header sent by the server the first time the resource was requested.

This is something that was invented as recently as 1993. Maybe 1994, though possibly as early as 1990 when TBL invented HTTP and the web. It's not new, and anyone writing a browser or other agent for the web should really, really, really implement it.

Especially if you're writing something which has the potential to request a resource repeatedly, like a feed reader or news aggregator requesting an RSS feed.

In the ancient, pre-broadband days, the value was that if you already had an image cached locally, why wait for the entire image to be re-sent from the server. Actually, there's still value: it reduces bandwidth utilization on the server side, and helps make sites appear to respond faster.

It's really critical for files which could be requested by automated agents

So, in digging through, and checking out those IPs (the 24.x.y.z is a comcast subscriber in either Washington or California, it literally reverse resolves to two host names, the 129.x.y.z is one of the IBM gateways in Southbury, CT) I discovered the guilty user-agents are Magpie RSS, a PHP based feed slurper; and, surprisingly, Google Desktop.

I'm not going to do anything, for now, since it's clearly only two people (and, if you're reading this feed, you'll know who you are ;-), but it's something I'll have to keep a watch for on the other sites I work on which genuinely might have more than a dozen people reading various feeds. My standard solution is pretty drastic: block the user-agent from requesting the feed.

A sub-concern: Google Desktop doesn't accept compressed feeds. See, I have a hack which compresses the RSS and Atom feeds using GZIP, and then use content negotiation to serve the feed. My stats show that about 75% of the feed slurpers use compression, which helps minimize bandwidth utilization. Magpie RSS uses compression. But Google Desktop? Not only does it not use conditional, modified-GET requests, it doesn't (apparently) support compression.

Why is this important? Extrapolating a bit from the data on my site, at 5000 users of Google Desktop would swamp my site, actually a bit less than that, but 5000 users would put me at the bandwidth limit on my site, and degrade performance for anyone who actually wants to read my site. For Magpie RSS (which on further investigation appears to be installed on someone's site and requests my RSS feed on demand? If you're reading this and are using Magpie RSS in this way you might want to see if it has a caching option for the feeds it requests), the numbers are better since it uses compression, so it would take almost three times as many Magpie RSS "users" to push my bandwidth utilization over the limit.

Neither situation is likely with this site, but a commercial site like any of the Weblogs, inc., the *ist network, DailyKos, etc could easily hit this subscriber numbers. And while it'd be nice to have 5000 people reading the feed, the bandwidth used by Google Desktop ends up being wasted, since it's unlikely that people drop everything and read the feed twice an hour, the entire day.

So, if you use Google Desktop, drop a note to Google asking that they implement compression and modified-GET requests. If you use Magpie RSS, it needs to cache feeds, and use modified-GET requests.

Computers taking out the subway (stamp)

Apparently, people have discovered that with a graphics program and color printer you too can print authentic-looking stamps for various loyalty cards. As a result, Subway, Cold Stone Creamery and others are eliminating these loyalty cards due to rampant fraud.

Wired News: Fraud Sinks Subway's Sub Club: Somebody told us you could buy our stamps on eBay, said Subway spokesman Kevin Kane. We didn't believe it. But sure enough, they were there.

Wired via c|net news.com

Earworms

Every time I read a story about Hurricane Rita, bits of Lovely Rita by The Beatles start cycling through my head. I'd include a link to it on iTunes but Apple (Computer) and Apple (Corps) continue to tussle over naming, and licensing issues (Apple Corps is the licensing company formed by The Beatles in the 60s).

Spending the morning wandering around Astoria (perhaps Jackson Heights, I don't really know Queens) looking for wifi while the car gets a 40,000 mile checkup. Somewhere on the PA Turnpike to Illinois the yellow "service" light went on exactly at 37,000 miles so I figured it was just the regular service thing. I'm hoping it was just the regular service thing as I haven't had a chance to bring the car in until it had 40,300 miles on it.

Bag-o-Ads

Bag-o-Ads, originally uploaded by epc.

Every week we get these pennysaver or ad-paper type papers thrown on our stoops. We end up with four or five copies for our two unit building. I usually gather my copies and dump in this trash can at Hicks and Pineapple, however some enterprising apartment manager decided to toss the whole bag into the trash (for apartments they just dump these bags on the stoop). Sadly, some business, somewhere is paying for these.

The Present Failure of Tagging

Interesting essay on tagging, proposes introducing refactoring into the use of tagging: Table or Booth: The Present Failure of Tagging: To be a useful shift in the way we store and retrieve relevant information, tagging must be able to match the dynamic and relatable nature of our brain. As it now stands, tagging doesn't evolve with our changing ideas of how our saved landmarks (tags) relate. This makes retrieval of relevant information based on these landmarks barely more useful than a single category-style bookmark (even a public one). One could use Delicious Director to perform some amount of refactoring, but not in the extreme–programming model of refactoring.

Trying like mad to get a bunch of things done before going away for a week (weekend in Amagansett followed by three days in San Francisco at the Web 2.0 Conference).

Tomorrow night we're going to go see Serenity,, the movie spinoff from Firefly. Firefly was a tv series by Joss Whedon of Buffy The Vampire Slayer. Fox killed it after a few episodes, but it lived on and was brought back to life so to speak by its DVD release in 2003. So many DVDs were sold that Whedon was able to get backing for a film.

Lisa and I saw an advanced preview back in June. The film was mostly done, I recall some places where music or sound seemed to be missing and I think there was one scene where the star field was empty.

But wait, what is Firefly/Serenity about? The series and movie track the crew of a spaceship sometime in the future (a future where English and Mandarin Chinese are the prominent languages). The crew is not from Starfleet...they tend to do "good works" but along they way they might rob, steal, or otherwise do things which would find them at the wrong end of a photon torpedo in the Star Trek universe.

It's neither Star Trek nor Star Wars.

The future in Serenity is gritty, dirty, complicated, definitely not perfect. People get shot, and die, no fancy gizmos that magically determine all medical problems and fix up the patient for another run. There's grease in the ship's engine compartment, and it looks like the engine compartment of a semi, not the glitzy white-collar office of The Enterprise.

The writing on Firefly was crisp and witty, it's what television is mostly lacking these days: well written, smart dialogue.

The movie opens in the year after the end of the series, some time has definitely passed, but not all that much. There are some changes in the crew, but the core of the crew remains together to the end. Part of the plot point about River gets resolved, though other questions result.

So, anyway, we're going to that tomorrow, along with a zillion other people I suspect. Serenity has had this both cool, and somewhat bizarre, marketing setup featuring fanatic fans called The Browncoats (named after the losing faction of the series' civil war, the faction the crew belonged to). Fanatic. At the preview we attended, the theater manager spoke beforehand and admitted he'd never seen the theater sell out as it had on a Thursday night in the middle of the summer, and this happened in many cities across the U.S. and U.K. Rather than treat the fans as some irritant in the econo-system, Universal and Joss Whedon have worked with (and coöpted) them to be a core part of the marketing machine for the movie.