Sunday, October 3, 2004

Americans misjudge online risks

Americans 'misjudge online risks': US computers users know more about Janet Jackson's breasts than about security software on their own PC. A survey found that 90% of those asked could remember when Ms Jackson suffered her "wardrobe malfunction". But only 60% recalled when they last updated anti-virus, firewall and operating system software on their PC. The survey, by a US security group, found people were getting more worried about computer security but some vastly under-estimated how at risk they were.

e.p.c. posted this at 15:36 GMT on 3-Oct-2004 .


This post will make sense to approximately two readers.

While doing mass-cleaning and thorwing away of the detritus from various moves and houses and jobs, I came across the December 1993 draft of Unlimited Storage Availability for MVS/ESA, featuring the GETTMAIN macro. GETTMAIN was very different from the existing GETMAIN macro in that it would allow you to acquire all virtual storage across all computers in existence at the time, this being 1993 this was probably 1Gb or less.

GETTMAIN was a joke, in case there's any MVS lurkers scanning their 1993 era Init & Tuning guides looking for it.

Anyway, it was funny in its own Myers Corners Lab exclusive way, and reflected a time at IBM when you could take a moment to have some fun at work. I'm sure those moments have been excised from the corporation, wouldn't want people to enjoy working after all.

e.p.c. posted this at 18:27 GMT on 3-Oct-2004 . , Comments [3]

Monday, October 4, 2004

Cries of 'media bias' hide sloppy thinking

Philadelphia Inquirer | 09/26/2004 | Center Square | Cries of 'media bias' hide sloppy thinking For journalists, it's getting Rather weird.

The ruling spin on Dan's Big Blunder seems to be: Rather exposed as a biased hack; mainstream media exposed as arrogant, obsolete gatekeepers; the blogosphere rules!
For any journalist who understands his real job - helping the public life of this nation work well - the rise of citizen comment on the Internet should be something to celebrate.
The blogosphere is a dynamic expansion of things newspapers have long done to aid democratic dialogue, from letters to the editor to experiments in civic journalism.

e.p.c. posted this at 23:39 GMT on 4-Oct-2004 .

Thursday, October 7, 2004

The Long Tail

Wired 12.10: The Long Tail. Touching the Void was published in 1988, an account of mountain climbing in the Peruvian Andes. In the mid-1990s, Jon Krakauer published Into Thin Air, an account about a disastrous day at Mt. Everest. Through the magic of word-of-keyboard recommendations at sites like, The Long Tail suddenly started to sell again and today (according to this article) outsells Into Thin Air two to one.

What happened? In short, recommendations. The online bookseller's software noted patterns in buying behavior and suggested that readers who liked Into Thin Air would also like Touching the Void. People took the suggestion, agreed wholeheartedly, wrote rhapsodic reviews. More sales, more algorithm-fueled recommendations, and the positive feedback loop kicked in.
This is not just a virtue of online booksellers; it is an example of an entirely new economic model for the media and entertainment industries, one that is just beginning to show its power. Unlimited selection is revealing truths about what consumers want and how they want to get it in service after service, from DVDs at Netflix to music videos on Yahoo! Launch to songs in the iTunes Music Store and Rhapsody. People are going deep into the catalog, down the long, long list of available titles, far past what's available at Blockbuster Video, Tower Records, and Barnes & Noble. And the more they find, the more they like. As they wander further from the beaten path, they discover their taste is not as mainstream as they thought (or as they had been led to believe by marketing, a lack of alternatives, and a hit-driven culture).

Read the complete article at Wired.

e.p.c. posted this at 10:10 GMT on 7-Oct-2004 .

Dumb move by AMEX on paperless billing

Apparently, someone at AMEX has gotten the idea that their paperless billing was too easy. Instead of being able to pull up a statement online in HTML, they are switching to only allowing PDF downloads of statements. I don't really have anything against PDF, except that it kills the utility of being able to log on and check out my bill online. Instead I'd have to log on, click around, download the PDF, and then wait for Adobe's ever-more-bloated Acrobat Reader to fire up.

Ok, perhaps I do have something against PDF.

In any event, I assume that this was a cost cutting measure for AMEX. Instead, at least in my single solitary case, it's going to cost them more since I declined to continue receiving paperless billing.

Petty, petty, petty I know it's the only way you catch the attention of beancounters. Logic certainly doesn't work.

e.p.c. posted this at 12:17 GMT on 7-Oct-2004 .

Google does SMS

From the Google Blog, Google is now supporting SMS queries.


e.p.c. posted this at 17:45 GMT on 7-Oct-2004 .

Sunday, October 10, 2004

One week to go

I guess actually a bit less than a week to go until the wedding.

I've been manically working to finish some projects that I have before going into wedding la-la land. Unfortunately my brain started checking out last week as the last-minute wedding things started to bubble to the surface. I'm sure no one will notice the few things I forgot to complete for the wedding.

Well, perhaps except for the ties.

Anyway...the wedding is next weekend, then we escape to Lake Placid for the following week, a sort of honeymoon/vacation/mental reset.

e.p.c. posted this at 19:40 GMT on 10-Oct-2004 .

Wednesday, October 13, 2004

Pre-wedding signoff

Signing off for the wedding and vacation in Lake Placid.
Back on around the 25th October.

I shut down comments on all other entries (hmmm, it occurs to me that the SQL I used shut down comments on all blogs I host...need to fix that).

And please, whatever your political leanings may be, please please please vote November 2nd. I don't think we can take another close election like 2000.

e.p.c. posted this at 22:23 GMT on 13-Oct-2004 .

Saturday, October 23, 2004

Back from LP

We returned from Lake Placid last night...about a six hour drive (including a US Border Control checkpoint nearly 100 miles inside the US on I-87).

Frisket spent the week swimming in the lake of course. I read about a third of Shockwave Rider again. Probably as much as I'll manage to get through for awhile. Lisa, of course, managed to read about six books while we were there.

It's going to be a busy week...Pat (my brother) returns to L.A. tomorrow after housesitting for us for the past week. I have some political web site stuff to wrap up before the election. Next weekend I fly out to Seattle for several days with Azaleos, Lisa flies to Orlando to serve as an observer for the election.

Frisket will man the home-front while we are away.

e.p.c. posted this at 16:27 GMT on 23-Oct-2004 .

Sunday, October 24, 2004

Stupid security tricks

I'm working to port a web site over from my development testbed to a production environment. I've written everything in PHP. Nothing fancy, except for two things: it assumes standard PHP libraries are available, and it assumes PHP is configured to run with safe_mode off.

The site I'm moving to has safe_mode set to on which caused the script to explode in bits of PHP all over the place.

Except...they have safe_mode set up stupidly. The reason for this flag is to prevent someone from writing up a script to access and possibly serve files it shouldn't have access to, because the script is being run by a webserver running as user nobody or root or something else other than the author of the script. Makes sense really. Except that things like common libraries are, well, common and hence do not share the same userid as the author of the script.

The people behind PHP recognized that as a problem and came up with different ways of enforcing can be absolutely paranoid and only allow scripts to read or access files which match the userid which authored the script, or far more flexible: match the group the of the script (since many shared sites use a common group for web "content"). There's also a variation where you can restrict specific commands within PHP.

So, with safe_mode set on this production site I have two options: I can try and mirror the necessary libraries into the user's space (a waste of space in my opinion plus it creates an unnecessary maintenance burden on the user), or it turns out I can run the script as a CGI and step around all of the safe_mode restrictions entirely.

This second step is even recommended on the production site's help as a way around the restrictions of safe_mode.

For whatever reason that seems sort of silly to me, I mean, it's like locking your doors and then saying "Oh, by the way, our keys are under the rock in front of the lawn urchin."

Furthermore, eitehr way, I have to rip out some code I'd written to keep the script secure by passing along the userid and password used to authenticate access to the script, avoiding hardcoding a userid/password in the script itself. Instead I'll have to hardcode or remove password protection from the script itself and add a userid/password field on the form created by the script.
Either way, it's ugly.

I don't question the motivation, but the implementation leaves much to be desired.

e.p.c. posted this at 01:27 GMT on 24-Oct-2004 .

Tuesday, October 26, 2004

Wow: Eminem's Mosh Music Video

Guerrilla News Network Eminem's Mosh Music Video

e.p.c. posted this at 00:24 GMT on 26-Oct-2004 .

Wednesday, October 27, 2004

New version of ecto

I upgraded my copy of ecto over the weekend...the new version supports a rich text editing mode (sort of like using MS word instead of typing in raw HTML). I haven't used ecto much lately but it is a nice frontend to MT.

The only problem I'm seeing with the Rich Text editing option is that it doesn't support all HTML tags. While understandable, it'd be nice if there was an option to ignore HTML tags it doesn't understand (or define new tags, or something other than to strip out tags it doesn't understand).

I see from this post that the developer of ecto is running into the same problems using the various blog APIs I've been running into (though I'm only frontending MovableType these days). My biggest problem: getting content entered by users converted into clean UTF-8 encoding for XML-RPC. MovableType does not appear to normalize content when you retrieve it via the XML-RPC interface, so you can end up with content entered via the MT forms which you cannot retrieve via XML-RPC (at least using the PEAR PHP XML classes). I'm not necessarily blaming MT, I have no idea where the fault lies.

e.p.c. posted this at 17:26 GMT on 27-Oct-2004 .

Blogging coverage in NYT and WSJ today

In Madison Avenue Ponders the Potential of Web Logs we learn that the advertising world still doesn't know what to make of weblogs and blogging. Fears of loss of control over content, brand and message are colliding with the recognition that the better blogs tend to be snarky, irreverent, and are not necessarily professionally written.

The WSJ has a generally positive article about the use of blogs and blog software in classroom settings. Schools are using blogs to allow students to collaborate on projects as well as just to keep diaries on school activities. One school is highlighted as having cancelled blogging due to concerns about possible conflicts with existing policies covering student communications, specifically that posts should be/should have been reviewed by teachers prior to being made public. There are also concerns about students being contacted by outsiders via email or comment feedback.

e.p.c. posted this at 21:42 GMT on 27-Oct-2004 .

Thursday, October 28, 2004

Web Offers Hefty Voice to Critics of Mainstream Journalists

Today, the Times covers blogging twice, first in this article, Web Offers Hefty Voice to Critics of Mainstream Journalists, which highlights the torrent of criticism of political news and journalists emanating from blogs on the left and right: The criticism comes from both sides of the political spectrum and from an array of perspectives - middle-of-the-road independent critics like those at the Columbia Journalism Review; unabashedly partisan blog authors; and even from within the mainstream news media. ABC's political Web site, The Note, frequently critiques individual reporters..

e.p.c. posted this at 12:29 GMT on 28-Oct-2004 .

On Fridays, Bloggers Sometimes Retract Their Claws

e.p.c. posted this at 12:55 GMT on 28-Oct-2004 .

Weird trackback thing

I noticed that one entry here had a trackback (there's what, three people who read this site?). I followed the trackback and...the article wasn't spam, but it had absolutely nothing to do with the article I'd posted (a link to something at the philly inquirer), so I deleted it.

Might be my next hack: ensure that incoming trackbacks actually link to the article being pinged.

e.p.c. posted this at 13:27 GMT on 28-Oct-2004 . , Comments [1]

Fund-raising group milks vulnerable senior citizens

e.p.c. posted this at 16:59 GMT on 28-Oct-2004 .

Friday, October 29, 2004

Useful visio how-to

I thought this was really useful, and I've been using Visio for years: Boxes and Arrows: Wireframe Annotations in Visio : Special Deliverable #11

e.p.c. posted this at 11:16 GMT on 29-Oct-2004 .

Sunday, October 31, 2004

Desiging for failure...

I watched a History Channel series on engineering disasters in September and posted my thoughts about the shows here, this is a followup pointer to two essays I read this weekend by Dan Bricklin: Software That Lasts 200 Years and Learning from Accidents and A Terrorist Attack.

I have no insights to post (yet) except that assuming successful operations at all times seems to be an open invitation to failure, possibly catastrophic failure at that.

e.p.c. posted this at 11:03 GMT on 31-Oct-2004 .

Slightly acerbic and eccentric dog walker who masquerades as a web developer and occasional CTO.

Spent five years running the technology side of the circus known as

More about me here.