I keep finding these little areas of ignorance that surprise me.  Today's episode: British (UK) Keyboards are different from American (US) keyboards.  I never in my wildest dreams thought this would be so, but it's true.  Instead of the @ sign being above the 3 key, it's above the Right Shift ans shares a key with the single quote.  The Enter key is smaller too, and the double quotes is above the 2 key.

I just thought they'd replace the $ sign with the £ and call it a day.  Oh well, the more you know!

Permalink | Leave a comment  »

Today the internet is protesting SOPA and PIPA, and it's impressive to witness.  Absolutely huge sites are blacking out to raise awareness and prevent these bills from passage.  It leaves me feeling both hopeful and saddened.  I'm hopeful that this type of activism can help curb bad bills, but ultimately I'm mostly just sad.

Here are two bills that are almost universally opposed by constituents, are fundamentally flawed from both a logical and technical perspective, opposed by the entire technology industry, and are clearly funded and pushed only by rich and corrupt special interestes.  Yet the only thing preventing them from passage is massive worldwide outcry the likes of which we've literally never seen before?

Maybe this is democracy working, but it feels like things shouldn't be this hard.  Particularly in a representative democracy.  Bad bills are bad bills and they should be dealt with, but I think the reality is that this isn't even that bad of a bill when stacked up against recent travesties like the NDAA.

So maybe we can pull out of this tailspin as a country, but I've got a sneaking suspicion this is how empires die.

Permalink | Leave a comment  »

I'm trying something out and it only tangentially happens to correspond with the New Year.  It looks like a resolution, but it's not.  Essentially, I'm going to unplug from most current events when at all possible.

This flies in the face of my normal desire to read and know about current events obsessively.  I may not be a full fledged news junkie, but I definitely used to read two newspapers pretty extensively, and generally spend large chunks of time reading about current events.  I even used to take daily notes of important events with the goal of being able to identify trends and analyze coverage, particularly longer running items like the 2008 Financial Meltdown or the Arab Spring.  Ultimately, I came to the conclusion that I was better off reading well researched books that came out a few months or years later.  I enjoyed the treatment of the events better, they were more informative, and the coverage more balanced, and the whole experience was of course seasoned with hindsight.

This flies in the face of conventional wisdom, but should yield the following benefits.  

More Time

The idea had already been percolating a bit but was reinforced during the last few months of an international move where I literally didn't have time to follow current events.  The end result was I didn't care that much.  And I had a lot more time to devote to moving.  Now I'll have more time to devote to other things.

More Accuracy

There's a name for a phenomenon (that I don't have time to research) where you read media coverage of an event or detailed subject which you know a lot about and realize that the article is inaccurate, missing important details, or misses crucial nuance.  You smirk as you realize the reported missed the point or didn't do the subject justice, then move on to the next article and trust they're getting it right on all those other subjects on which you're not an expert.  I'd rather research things in a more classical manner and read books by experts, and challenge their ideas with research.  None of this requires a newspaper subscription or online RSS reader.

A More Informed Citizen

The upcoming presidential election in the United States will probably be one of the biggest wastes of time and money since the last one.  Here's a great article that surfaced recently which sums up my opinions pretty well: the US political process is dominated by money (94% of the time the candidate with the most money wins) and both political parties are essentially the same.  I've seen one blogger call them the Coke and Pepsi parties and I'm convinced it's true.  Both spend a lot of time telling you they're different, but at the end of the day, most people wouldn't be able to objectively tell.  Certainly both parties are hellbent on remaining in power and enriching themselves.  Both are consistently advancing positions that I greatly disagree with and won't be able to affect by voting for one candidate over another.  For damn sure I could never tell you (and I'd challenge you to honestly reflect for yourself) how one party affected my life compared to another to any measurable degree.

During the previous mid-term elections, I received a polling call that went through every single office and their attendant candidates that was up for election in South Florida, and asked if my choice as a voter would be affected by learning the following information.  All of them had been convicted for some form of fraud, bribery, election campaign funds misappropriation, and more.  The third party candidate calling me made a really good point: everyone in both parties is a criminal!

Ultimately, for the last two elections I've ended up spending an hour or so on Politifact for all non-national races, read the presidential candidate's books, and talked to a few people I trust and made my decision.  I've found that the above process educated me significantly more than the breathless campaign coverage I was reading every day.

A More Interesting Person

I'm not going to ignore current events - if people are talking about things that are happening, I'll tell them I haven't heard of the event, and they can explain it to me.  It's better than talking about the weather, it avoids me monologuing on my own opinions which can be a drag to others, and it'll ultimately make things more interesting for both of us.

A Few Exceptions

I will still maintain a daily reading of technical, work related, and hobby related blogs.  These are intensely interesting and enjoyable, and aren't really focused around current events most of the time.  I will also maintain a daily eye on the weather and train schedules because this is how I get to work.  I will monitor financial and investment information, but will limit most decisions to being made in a minimum 3-5 year time horizon (which is what I do anyway) and not worry about current doom and gloom.  Any substantive investment strategy should always assume gloom and doom by default and prepare for it, not react to the horrors of the day.

This is Not a New Idea

This is not a new or even novel idea.  I've seen this discussed in the book "I Was Blind but Now I See" by James Altucher, I believe it's referenced in "The Art of Nonconformity" by Chris Guillebeau, and when I really think about it, it's how I lived the first 15 years of my life without internet access in Asia.  I'm not really worried.

Updated 8 Jan 2011:

Updated thanks to a comment that just came in through email.  The phenomenon I mentioned above was coined by Michael Chrichton and is the Gell-Mann Amnesia Effect.  He also mentioned this in an essay title "Why Speculate?" Thanks "jcs"!

Permalink | Leave a comment  »

This is probably one of the more generic bucket list items I have.  Everyone has skydiving on their list, but it's also one that I could have completed at any point and just haven't out of laziness.  A good friend had his first experience in June out in Vegas and proceeded to become a converted zealot, going all the way for his license within a matter of months, and this convinced myself and a few others down here in South Florida to schedule the date.

I don't have what I'd call a major fear of heights.  More like a respect for heights.  My dad has what I'd characterize as a major fear of heights - the kind of thing where when you're walking along a balcony he's brushing a shoulder against the wall opposite the ledge.  I'm nowhere near that bad but I'm definitely not comfortable on catwalks or other similar spindly high structures.

The whole thing was scheduled very last minute, and I didn't even find out what time I was meeting my friends until 10PM the previous night, which probably served to push the reality out of my mind.  We drove down to meetup in Hollywood and immediately had a bizarre series of snafus paying for parking that culminated in us paying 10 bucks for 10 hours of parking after several unsuccessful attempts at alternate payment methods.

Piled into the car, the four of us headed south to Homestead where SkyDiveMiami is located.  All of us being technical, we joked how we hoped the experience would be better than their website looked.  We got lost several times along the way but finally made it and as we walked into the office.  Right then a guy in Super Mario Brothers Luigi costume walked through, parachute on his back, helmet and goggles on his head, and proceeded to bellow in an Italian accent: "I'm-a-Luigi and I DROP IT LIKE IT'S A-HOT" while performing several dance moves in a remarkably lithe manner.  I had to admit he was dropping it like it was a-hot.  An onlooker with a shirt that said "Sluts Love Me" laughed and then got yelled at to suit up so he could perform camera duties.

We checked in at the desk and were told to watch a movie which predictably started with a driving musical score and videos of skydivers giving the thumbs up and then cut immediately to a guy with the longest, most impressive beard I've ever seen (here he is, judge for yourself).  He began to talk about how there's no perfect plane, no perfect pilot, no perfect chute, and ACCIDENTS CAN HAPPEN.  He talked about death, and making sure we were willing to risk it all.  I kept looking at his beard.  I started to get a bit nervous.

We then began initialing and signing our way through the single most impressive legal release I could ever imagine.  We signed away our entire humanity.  There were clauses that we agreed to like even if we did sue, and won, we would have to pay all legal fees and winnings, back to ourselves.  We checked that we understood that we could die, and had reflected on this possibility.  We initialed that we had made arrangements to care for our family's financial future.  We witnessed for each other.  We declined an additional $300 fee that would release us from certain indemnifications.  We were basically scared to death after the completion of those forms.

Punctuated throughout were little interjections from some of the employees who exhorted us to not worry, we would have a blast.  They told us the only part that's weird is when we jump out first with no chute and the tandem guy jumps afterwards and swims towards us to link up.  It's got to be great to just see a constant parade of new fear coming in and out of your business each day.  We smiled thinly and began to suit up.

We had decided to do SkyDiveMiami's highest tandem jump, from 13,500 feet.  This would give us about a minute of free-fall (at roughly 120mph) until we deployed the chute at 5,000 feet, and we'd be strapped to a licensed parachutist instructor who would do most of the work.  I took a lot of comfort from the fact that if something wrong happened, we'd both die, as I'm a strong believer in the alignment of economic incentives.

Suiting up involved donning a union-suit style coverall, a harness, an altimeter, and fitting leather caps and goggles.  I listed myself as 210 pounds, and had to be weighed, where the scale confirmed I was actually 205, a full 20 pounds below the limit.

We waited outside and met our instructors.  Mine was maybe 5 feet tall and announced that "he always got paired with the big guys".  They were nice and seemed professional, checked each other's equipment and the eight of us along with one solo jumper climbed up a step ladder and into the plane.  A brief taxi later and we were taking off.  We could see out of a very large doorway that was covered by a plexiglass shield and after a minute or so we were pretty high up and I figured we were ready to jump.  Wrong.  I glanced at my altimeter, and we were at 2,000 feet.  That's when I started to get pretty nervous.  My instructor saw my glance and told me to relax, it would take us about 15 minutes to get to the proper level.  I glance around and all the instructors were sleeping.  One of them was doing his sixth jump of the day.

At this point I began to get irrationally terrified.  We hadn't even gotten a damn parking meter to work!  We'd been lost twice on our way!  I was in the plane with my friend Troy, the worst luck guy to fly with in the world: every flight I've been on with him was a disaster and we'd been delayed, emergency landed, and seen people arrested on flights we were on together.

Finally we leveled out and we were high enough you could clearly see the ocean, on both sides of Florida. The solo jumper got the thumbs up, shrugged, then just hurled himself out the plane.  That's when it finally hit me how stupid this was.  I'd had this idea that when you jump out of a moving plane you fly backwards with the wind.   But you don't.  You drop like a damn rock, straight down.  All of the instructors were talking to my friends, giving them last minute instructions.  Mine wasn't.  Instead, mine leaned over to one of my friends and shouted, "JUST REMEMBER.  THE MOST IMPORTANT THING IS.  OH WAIT!  YOU'VE GOT TO GO!" and then cackled to himself as they knee-walked towards the opening.

Then it was our turn.  When you jump out you're on your knees, strapped very tightly to your instructor behind you who controls the chute.  You kneel on the edge of the plane and look down and you can barely see the ground you're so high.  Then you cross your arms, lean your head back where you can see the wing of the plane, and with no count the guy just hurls you forward and out of the plane.  It's an amazingly terrifying experience, and I was just petrified as we hurtled down at remarkable speed.

One of the things they forget to tell you in the training that was probably the second scariest part of the experience was that at 120mph you have intense wind blowing in your face which makes it hard to catch your breath.  I've traveled at 160mph on a motorcycle around a track, and 185mph on straight roads, but that's with a helmet on.  Stick your head out of the window of a car at 60mph and it can be hard to catch your breath.  I couldn't catch my breath and I was thinking to myself, great, I'm going to hyperventilate, pass out, and this is going to be so dumb.

After about 15 seconds I managed to to figure out a way to breathe and then realized my brain was working very very slowly.  We were doing turns, and it didn't feel like we were falling, but I could see the horizon getting closer.  My ears were popping like fireworks.  I tried to remember to look at my altimeter, but I couldn't, and I lost all track of time.  It seemed like four seconds after we were out of the plane we had deployed the chute.  It got a lot quieter and less scary, until my instructor announced that he was going to make a few comfort adjustments.  He had me hold the chute controls, then started fiddling, and I suddenly dropped in my harness about four inches.  I mentioned we didn't need to be comfortable.  More fiddling.  I drop another few inches.  Then we began steering the chute around.

Meanwhile, our aforementioned friend Troy had a nice freefall, but when the chute opened, they immediately began spinning around and around at high speeds.  Another member of our party could see the chute spinning like crazy and heard his instructor mention "Uh oh".  Troy later recounted to us that he got dizzier and dizzier and just closed his eyes.  We don't really know what happened, something about the chute not deploying quite right, but in the end we all made it just fine.

We glided in and the last bit that was unnerving was that the chutes are amazingly maneuverable, which means you can descend quite quickly if you want to, but as we came in for our landing it was pefect and like stepping off a curb.  My instructor actually apologized for not hittine the 5 foot sand bullseye perfectly.  I couldn't have cared less.

I had a massive headache, I was shaky from adrenaline, I had slobber coating my entire face, and I couldn't even really process what had just happened, but we were back without any problems! We all were very grateful to our instructors and the very nice and professional crew at SkyDiveMiami for a very memorable experience.

Permalink | Leave a comment  »

NOTE: Updated Oct 17, See Below

This is a thought that's been percolating around in my head for the last year or so, but has recently become even more crystalized: I'll probably never hire another Systems Administrator.  A corollary to this thought would be: if you are currently a Systems Administrator or want to be one, you need to seriously begin planning on how to manage a career that will be mostly deprecated within the next 10 years.

Take a look at the current state of the art in cloud computing:

• Spin up a server at your favor cloud provider (AWS, Rackspace, etc.), then use Puppet or Chef to deploy your software stack.  Now you're done.
• OR, Spin up an App at your favorite cloud platform provider, then push your code out using Git.  Now you're done.
• For both solutions, plug in some off-the-shelf monitoring, and you're operating.

What's missing here is the configuration, setup, provisioning, doc writing, black magic and/or prayer of setting up the software, hardware, and getting the code running that used to be the domain of the Systems Administrator.  In just a couple of years, deploying a web application has now become almost identical to deploying a desktop application - instead of an installer we're using Git or Puppet/Chef. Instead of a customer's computer we're using a cloud platform or cloud server.

There's plenty still to do on the networking side, but that's headed in the same exact direction due to the same exact reasons: we want to be able to clearly define and programmatically execute the deployment of complex networks, just like we can with complex server offerings.

All of this falls under yet another buzzword: Dev/Ops.  Just like the cloud, we're seeing this being adopted by smaller, nimbler organizations that are focused on web products, but the trend is clear, and there's really no benefit in doing things the Old Way.  Even if you're still running your own physical metal servers, you're going to want to make sure that your own datacenter can leverage this type of workflow.  Now, the watchword to the development team is: it's not done until I can one-click deploy it.

The laggards on this will be those industries that have regulatory or legal hurdles to overcome with using cloud services (read: healthcare) or the very large companies with services and technology that's dozens of years old with no migration plan.

SysAdmins and future SysAdmins, you need to figure out where you'll live in this new workflow.  Probably in the margins around monitoring or desktop support.  Possibly serving as the gatekeeper in a sort of "operations Q/A" role.  Expect small companies to have SysAdmin openings dry up over the next 5-10 years and get prepared.

Updated October 17: Hello Reddit/r/programming and Hacker News!  I wanted to take a few minutes and respond to a few themes that seemed to pop up in comments on HN and Reddit.

1. I'm not saying Sysadminning is dead - just that the role is quickly changing.  Seems like a lot of people (anecdotally, many Sysadmins) thought I was saying the entire profession is dead.  Yes of course we'll still need Sysadmins on some level, but the crucial difference is that for many areas of a business these needs will be less and much much different.
2. Software development is changing too.  On complex deployments, developers can't absolve themselves of the responsibility to design infrastructure considerations into the solution they're building on the front end.  It's a scary thought to think that organizations are out there that don't have this level of partnership between ops and the devs.  This is why the puppet scripts should be written first and deployed on a test environment that's identical in as many ways as possible to the ultimate operating environment (another benefit of using the cloud).
3. Of course, any more complex deployment will need devoted SysAdmins, but like I said above, the skillset and day-to-day job will be dramatically different when wrestling with hundreds of servers instead of dozens.  More and more programming will become the norm and more and more upfront input into the solution will be an absolute requirement.
4. I received a very thoughtful email from a former SysAdmin of mine (previous company) who pointed out that the job is much more along "system integrator" lines now, and that the internal vs. external network distinction is essentially going away.  I agree.
5. Whenever your'e generalizing, counter examples abound.  Sure big companies and certain computing environments will still do things the Old Way but I'd challenge readers to objectively think if most business decision makers really want to hire someone and run their email server internally or just pay Rackspace/Google/Whomever to do it and worry instead about their money-making applications.  Even those organizations that need their clusters in house will invest in tech that allows them to mimic cloud operations on their own bare metal infrastructure.
6. A couple of amusing anecdotes - the comments on HN immediately became more positive after a well known commenter defended the post, and a Googler chimed in as well.  That's when the upvotes really started coming it seems.  On Reddit, the story was quickly downvoted!  Most users chose either a "genius" or "idiot" assessment of the post.  No real middle ground.

Permalink | Leave a comment  »

Update Oct 16: I had to go out of town unexpectedly so I haven't mailed anything yet.  Thanks for your patience.

I'm weeding out my books and hate to just throw books out, so here's the deal.  I'm keeping this list of books updated, and if you want one, either come by (if you know me) and get it, or if you pay shipping I'll mail it to you.  Just send me a comment or an email.  I'll cross out books that are spoken for, given away, and if I don't have any takers (which is a good probability, a lot of these are pretty old) they'll be donated to Goodwill or the local library.

• Practical C++ Programming
• Data Structures via C++
• Effective STL
• OpenGL Programming Guide, Second Edition
• OpenGL Reference Manual, Second Edition
• Perl Cookbook
• The Pragmatic Programmer
• PHP Pocket Reference
• Learning the VI Editor
• Unix Netowrk Programming Interprocess Communications
• Understanding the Linux Kernel
• Getting Started with OpenVMS System Management
• DNS and Bind, 4th Edition
• C Primer Plus, Third Edition
• STL Tutorial and Reference Guide, Second Edition
• Apache Cookbook
• LISP, 2nd Edition
• OpenVMS User's Guide, Second Edition
• Learning Perl
• Algorithms with C
• Practical C
• Effective C++ Second Edition
• Building Open Source Network Security Tools
• Programming Windows, Fifth Edition

Stay tuned!

Permalink | Leave a comment  »

Note: I've previously read and reviewed two other books by Charles Cumming here.

Charles Cumming is an interesting author, someone I happened to find recommended to me via Amazon.com's engine, probably because I've bought books about Spain and China where two of his other books are set.  I read both these books while traveling in Europe and enjoyed his style of equally focusing on setting and story.  You really live in the environment with those books, and I had The Trinity Six on preorder after that experience.

The Trinity Six, I'll admit, was a little hard for me to get into.  Being an American, I just wasn't as familiar with the Cambridge Five incident from the UK, and I often felt like you needed to really have a better grasp of the weight of that event to fully appreciate the idea that there may have been a sixth agent involved in the ring.

Cumming seems to be a student of the John le Carré school of spy fiction writing, and having never read le Carré before, he got me to download one of his books on the Kindle, which I slogged through and although I tried valiantly, I eventually lost interest.  The idea is to provide a realistic counterweight to the over-the-top James Bond tendencies you see in movies and focus more on plausible espionage plots.  In this, Cumming betters his hero (at least as far as I can tell from my admittedly small sample size).

The plot of the book is interesting - an academic finds himself hurtling along an investigation that involves Russian interest and geopolitical consequences, and the gritty scenes do the job well.  Still, I felt that Cumming almost tried to focus less on the descriptions of the scenes for the books - again perhaps because his readers in the UK would know what London is like and probably have visited Budapest and Vienna.  As a sheltered American, I need more.

All in all, I think this is a book that has merit, but hopefully the next will incorporate the setting more, something Cumming is a master at.  My last major criticism of his previous books (of using the verb "to sink" a drink) was rectified in this outing, and I like to think I had something to do with it.  Regardless, I'll preorder his next work sight unseen.  If you like spy novels that don't involve lunatic unrealism, The Trinity Six is a good outing and a quick read.

Permalink | Leave a comment  »

There's been so much written about Steve Jobs that there's not much to add.  Like millions of others, I remember the first time I ever used an Apple product.  It was to play Number Munchers and Oregon Trail.  My first Macintosh experience was on an LCII in one of the few airconditioned rooms in Taiwan - my elementary school's computer lab.  While I was too young to appreciate the differences between the (at the time) very outdated Apple II and our fairly outdated IBM compatible XT Turbo, the Macintosh was clearly completely different.  I managed to swing an editor job on our 5th grade newspaper which afforded me almost unlimited time to learn how it worked.  Everything was exciting on that machine, even word processing!

I bought my very first Apple product in college, the 2nd generation iBook with a 500Mhz G3 processor and OS X.  It was a little underpowered, but the hardware design was incredible and I remember being thrilled when I got several OpenGL school projects to run on Windows, Linux, and my new Mac.

To me, Steve Jobs embodies hope.  A college dropout becomes a billionare.  A man with limited technical skills becomes the an incredible driver of technology.  Fired from his company, failing at NEXT, he stakes almost all of his personal fortune and strikes gold with Pixar.  He affects industry after industry, despite many many setbacks along the way.  Sure, he was a jerk, but that's a hopeful story too - jerks can learn to movitate people and soften when they get older.  Of course, none of these thoughts are based on personal experience, but it's the perception I get.  Steve's life to me is a story of hope triumphing over reality.

I'm excited to read his biography, and I'm sad I never got the chance to meet Steve, except through his products, but here's to a legacy of hope.

Permalink | Leave a comment  »

The last couple of weeks have been quite eventful regarding Privacy issues on the web, although, it's unclear to me how much of this has been noticed by the general consumer.

• Facebook has released updates to its platform, which bring about two privacy-impacting changes: your life's "timeline", and the inability to logout from Facebook as they'll continue to track you across the web.
• Amazon's new Kindle Fire tablet, with it's "all new but not really" cloud powered browser, Amazon Silk.

As a stockholder, I love Amazon's new tablet offerings.  For the Fire, the price is great, the physical seems good, the OS looks good in the screenshots.  The only real disapointment to me on the Fire was the pretty miserable battery life (only 8 hours?).  The release of these devices is perfectly in line with Amazon's true mission statement as being the World's Best Fulfillment company.  Whether they're delivering books, baby formula, computing power or movies, they're the ones fulfilling it, and the Kindle line of products continues to be a digital extension of Amazon's famous, highly efficient warehouses.

As an armchair privacy advocate (hey, I donate to the EFF and Software freedom!  And I use Tor!) I'm reasonably troubled by the Amazon's cloud browser.  Unlike what millions of nerds thought when they watched the video, this is not new.  Opera's been providing this service on their mobile browser for years.  This is how many high latency (read: Satellite) providers implemented their browsing experience.  This is how Blackberry used to provide their browsing experience.  It works by keeping a persistent connection open to Amazon's cloud and heavily cache content saving DNS lookups, connection initiations, and on being able to prefetch common navigation paths.  Amazon does get points for telling us they're going to track our browsing habits in the Terms of Service, but this is yet another one of those small but troubling erosions of privacy that I believe the normal consumer is simply unable to rationally comprehend. 

Except this IS different from Opera/Blackberry/Others, because Amazon has a much higher incentive to use this data in initially innocuous but eerily invasive and potentially damaging ways.  Remember, as a shopper and a stockholder of Amazon, one of my favorite assets of theirs is their incredible recommendation engine, which is now being bolstered by information on what websites you visit, in what succession, and how long you spend there.

We need a Privacy Nutrition Facts.  It doesn't need to be regulated, but it should be voluntary, easy to read, and prevalent.  Just like how Firefox and Chrome solved the Phishing problem by warning you when you're on a risky domain (combination of crowd sourcing and URL parsing looking for those password strings), we need a way of accurately conveying risk to the consumer. 

Are we all sure that we want to be offered books about marriage counseling due to a few Google searches?  Do we want ads about relocation options and moving supplies appearing on my work browser because I visited a job board last week?

Don't we at least want the option of making the above decisions without needing to have a Computer Science degree or reading in-depth technical blogs or reviews of every major new product?  I do.  Just like Apple removed a lot of maintenance work from my life with their products, at some point it'd be great to not have to spend time on security due diligence with every gadget or service my extended family purchases.

And as for Facebook - they've long been almost blatant about how little they care about privacy.  The new flap over them tracking you around the web even after explicitly logging out is crazy and was defended by some as an "oversight" or part of the new strategy of "frictionless sharing."  I'd go so far as to say they're now actively endangering users on the web, and it's their "aww shucks" attitude fronting for their true corporate priority of privacy non-priority that makes it particularly infuriating.  But at least in my opinion, most of the "Aww shucks" is coming from new/young/sniped-from-Google-or-elsewhere employees of Facebook who desperately need to justify the mental model they have of Facebook as a company who cares about its users.  I don't think there's any confusion over the true corporate intentions, which are evidenced by action after privacy eroding action.  

Lets just say that I've added rules to Adblock to torch all Facebook cookies ( see here , there are also some plugins that do this for you now as well).  It does seem that they've tweaked their disingenuous logout procedure some in response to the controversy, but how many of their 500 million users are even aware that this every happened?  And they still track you, just "not as much".  In healthcare we've learned that deidentification of large data sets is almost impossible, and AOL's CIO got fired for not learning this when he release de-identified search results - when will we learn this with social networking as well?

To sum up - privacy is really important, and in many ways it has become an even more urgent problem with the variety of broadcast style mechanisms we have out there that are learning our habits and likes and dislikes, increasingly with an eye towards monetization.  Maybe it's the next great must-have plugin - a crowd sourced privacy grade for sites and application.

Permalink | Leave a comment  »

Software development is a remarkably fashion driven industry.  I'm definitely guilty of the default "newer is better" mindset that many technologists have, but one of the more bizarre fashion statements I hear constantly nowadays is "Oh, I mean, you know how PHP sucks."

I hear it at conferences, from developers old and young, in companies large and small.  Modern languages like Python and Ruby are better designed, maybe have cleaner syntax, have a few features that PHP does not, maybe even better library support, and they've got Rails and Django.   It's natural to conclude that PHP Sucks!

A few years ago when we started incorporating Ruby into our platform, this gospel was so well ingrained that when we found that long-running scripts chewed up a lot of memory we blamed PHP.  Because it sucked!  People were actually rewriting scripts into Ruby because they could run for a day without running memory, until someone noticed that there was a leak in our internally built database abstraction layer (wich Ruby didn't use), fixed it, and made PHP suddenly so much better.

But when I talk to developers and hear that statement, I like to drill in on why they think PHP sucks and here are the common reasons, in no particular order:

• We use PHP it at work and there's so much legacy garbage code.
• PHP encourages bad programming.
• PHP doesn't have the developer mindshare that Ruby enjoys.
• All the best companies use Python/Ruby.

PHP is older.  It has a good 5-6 years on Python and Ruby and that includes an incredible amount of growth for the web.  It was heavily used prior to frameworks and Ajax and Web2.0 and standards around TDD for the web.  Legacy garbage code is not the fault of the language, it's the fault of the developer.

PHP does not encourage bad programming.  Bad programmers or bad organizations encourage bad porgramming.  Blaming PHP for our lack of discipline is setting everyone up for failure the second time around with a different language.  I've seen just as much bad Ruby code as PHP, it's just there's usually less of it because there's only been a few years for the Ruby stuff to accumulate.

PHP doesn't have the same developer mindshare on the cutting edge, at least as far as I can tell, and there is some merit to the idea of using what is being progressed, but there are good PHP alternatives to a lot of the key cutting edge Ruby or Python projects.  Looking for a good framework?  Check out Symfony2.  Behavior Driven Design guys should check out Behat.  Heroku and several others now support PHP.  My guess is that "new car smell" of a new framework and new project is what people are really after.  Spin up a new project on PHP and use some of its modern conveniences and see if you agree.

Many good companies use Ruby or Python, many use PHP.  Here's a company defending its use of PHP a year ago.  There are still more lines of PHP code out there in some really great products written in PHP.

Bottom line: PHP doesn't suck.  Guns don't kill people and neither does PHP.  I'm not saying that Ruby and Python and PHP are all equivalent, but I am saying lets put down the fashion statements and really say what we mean.  Without truly understanding our reasons behind language choice, we're doomed to make really stupid mistakes like the anecdote above, and faulty decision making processes that hide true requirements produce bad decisions.

I also like trying new things.  My last two projects were a Rails and Django project.  But when asked why I was using them, I said "to learn" not "PHP Sucks!"  

Permalink | Leave a comment  »

Posterous' lack of any kind of 301 redirect for imported URLs is really really dumb.  For the life of me I can't figure out how their so-called migration process could be considered finished and ready for use without this, especially since the default Wordpress URL scheme is different from theirs.  Even worse, as far as I can tell, there's no way to customize the 404 to even point users to the fact that they could go to the main peebs.org domain and search for what they were looking for.

Sigh.

Permalink | Leave a comment  »

Peebs.org ran on flat files for the first year or so, then I built a custom blog engine (this was before Wordpress or really even blogging had been coined).  Then from about 2003 until today I've used Wordpress.  The problem is that Wordpress has become really time consuming to manage.  You need a server, which needs to be upgraded, and there are new updates coming out all the time.  These updates can break your theme, will break your plugins, and generally require a lot of fiddling.

I need this to be as simple as possible, so I made the switch to Posterous, and we'll see how it goes.

Negatives:

• Comments are gone, sorry.  Maybe one day I'll fish them out of the wordpress XML, but I doubt it.
• Formatting is a little messed up on some posts.  I'll probably fix the more popular ones at some point.
• Links are broken - this one is actually really annoying and is something Posterous should address.  If they don't want to support your old URL scheme, they should offer to redirect them sanely.  Or at least provide you guidance on their 404 page to click through to the blog you're trying to hit.

Oh well - the advantages of less maintenance and less friction overall are worth it for now.

Permalink | Leave a comment  »

Permalink | Leave a comment  »

• Some way to know what the schedule of app update notifications is - it's unclear to me if this is daily, whether I have to have the appstore application running all the time, etc.
• The App Store should intelligently close your application when updating an existing application.
• The App Store should be able to store your credentials, and not require credentials for doing an update if the app is in safe state (e.g. closed).
• There should be a compatibility layer in Lion that lets you run your iOS apps on your Mac.  I'm sure this is coming, but I wonder when.
• The App Store should offer to scan your hard drive and find applications that it can manage for you.
• On the Featured and other pages, you should be able to hide apps you've already installed.
• Somewhere down the line, it might be interesting to have a "lists" feature like Amazon.  Apple could even show what apps certain celebrities use in lists like the inflight magazines do for travel accessories.  Maybe that's too much on the pointless-marketing side.

Permalink | Leave a comment  »

• Netflix has a very short window to expand its offering globally before competitors start making that road a lot harder.  Last year was Canada, this year it's Latin and South America, next year they've announced they're hitting the UK and Spain.  A linchpin of any global expansion strategy will be their streaming service - it's cheaper to scale initially and can be maintained and improved by engineers working on the core platform.
• Netflix's content prices are undoubtably going to skyrocket over the next five years.  Streaming was an afterthought, almost experimental foray when it started, and there was no competition, but content owners are going to want to extract their toll now that they've seen how well it's worked.
• Those customers (in my own unscientific scanning of the comments and arguments) who complained the loudest chose to denigrate the streaming service as a "weak library".  If that's the case, choose the DVD option.  Problem solved.
• Very roughly, lets say all 85k people who whined on Facebook cancel, and lets say all other complainers are added in for a total of 150k cancellations due to the change.  Netflix loses something like $1.5 million dollars per month.  Assuming everyone is only on the cheapest plan which we know is not true, they'll gain an additional six bucks a month from their 25 million subscribers, netting them an additional $150 million a month.  They've lost less than 1 percent of their subscriber base and made out like bandits.  A price hike that only loses you 1 percent of your subscriber base?  That's an amazing success story.
• That extra revenue will be immediately deployed to taking their service global AND buying better content to bolster their streaming service.  The angry cancelers will find they don't have any serious alternatives, and will be re-subscribed within six months or less.  Blockbuster?  Redbox?  These are the alternatives that are out there, and they all suck.  Hulu might pick up some, but there simply is no replacement for the massive library of DVDs by mail.

Permalink | Leave a comment  »

I wasn't a big Disney buff until I met my wife.  She loves Disney, because, as she likes to remind me in that tone that only self-evident-truths-that-I-have somehow missed deserve, "It's the happiest celebration on earth!"  At first, I got a kick out of going to Disney because she did, now we both enjoy going and usually manage 2-3 days a year.  This is our unofficial guide to the parks. Tickets Disney tickets are expensive, and it's very difficult to get a good deal.  Your options are generally speaking the following:

• Florida Residents: If you're a Florida resident, you can purchase tickets at a discount with your valid Florida drivers license.  These are non transferable, and Disney fingerprints you to avoid the "have my Florida friend go one day then I'll go".  The discounts are very very attractive and if you pay attention they'll run specials that have restrictions (certain days blacked out, etc.) which will let you get down to roughly 40 bucks a day if you buy a 3 or 4 day pass.  This is the best deal you'll ever manage.  Note that most multi-day passes (but not all) can be upgraded within six months of your first visit to a year-long annual pass for the difference between what you paid and the annual pass rate.  This is another really good deal if you plan to go often.  Rule of thumb - if you're going to go more than 5 days in a year, get the annual pass because it includes free parking, which saves you 10 bucks a day.
• Out of Staters: You have a lot less options.  Generally speaking, you're going to pay full price, unless you can wrangle some sort of amazing package deal, but beware, these tend to not be the greatest deals once you analyze it.

Scam Options: There are plenty of scam options available:

• Timeshares: These involve sitting through a timeshare presentation (usually with two friends you've brought along) for 2 hours and result in theme park tickets and a room or two for a night.  This is OK if you're sure you can say no, but they make us nervous because you usually have to prepay a hundred bucks or so that will get refunded upon viewing the presentation.
• Tickets for some other presentation: See above. Same deal and same risks usually.
• Get a Florida ID to unlock the Resident Discount: These services will help you get a Florida ID card, but are often defeated by the fingerprinting that Disney does and it's illegal - a serious felony if you're caught.

Legitimate Discount Options

• Triple A (AAA) - They have a discount.  Use it.
• Military Families - Another nice discount if you're eligible.

The Bottom Line on Tickets

Disney is expensive, but here's the thing - you're going to spend as much money inside the park if you're not careful as you did on tickets.  Seriously.  Many find that the ultimate costs of food, drinks, parking, souvenirs, aren't closely scrutinized while they're there and add up to being way more than the actual park entry fees.  Our advice would be to focus on cost control in those areas and just bite the bullet on the tickets.

Controlling Costs Inside

Disney allows you to bring food and beverages into the park.  I'm not sure about alcoholic beverages, but for sure you could sneak them in if that's important to you.  We believe that eating as we walk around the park is one of the best things about Disney, but if you're watching your diet and trying to cut your costs, bring sandwiches and some bottles for water is the way to go.  We see a lot of people with CamelBaks on throughout the park and if you stock it with enough ice, a Camelbak should last you most of the day. Don't forget sunscreen - the stuff they sell inside the park is very expensive - $20 for a bottle, and you don't have a choice on this item.

Hotels

We would advise not staying on property hotels.  They are really expensive compared to other options out there.  Hotwire and Priceline are your friend, but beware of the fact that there are a LOT of older hotels in the Orland/Disney area that are run down.  We recommend Priceline since you can read reviews on the properties you're thinking about staying at before you pull the trigger, but we've had no real issues with Hotwire.  You can generally find accommodations that are decent in the 80 dollar per night range.  Many hotels have a resort fee or parking fee each day that's tacked on so keep that in mind when you're looking.  Many hotels also provide a shuttle which will save you the $10 a day parking fee at each park.

Times to Visit

We've been in the spring, summer, fall, and winter and even though we had a great visit in late April, it was a little skewed because it was during a weekday.  The Wife insists that January is the best time to go both for temperature and crowd control reasons, and of course, if it's during the school year try to go on a weekday.

Fast Passes

The fast pass has revolutionized Disney and its infamous lines.  These are your life savers.  The way it works is each ticket gives you a token that lets you cut in line between a certain timeframe in the future.  This time increments throughout the day until about mid afternoon most fast pass machines shut off.  We recommend a strategy of hitting the popular rides early.  In other words, if you want to hit Space Mountain (one of the longest waits in the Magic Kingdom) immediately make a bee-line to that ride as soon as you enter the park, and get your fast pass.  That will give you a relatively early time say between noon and 1:30PM, then once you're done you can Fast Pass your number two selection.  This will save you up to 2-3 hours of standing in line.

Line Monitoring Applications

You should also download an app for your phone that gives you wait times for each ride.  I use WDW waits and WDW maps - they're free and seem to work OK.  They allow you to input wait times and see wait times reported by others across the park so you can monitor your hitlist during the day and "sneak" into rides that have their wait times temporarily drop.  We've used this to snipe a ride with "no wait" that was close to us several times and it's remarkable how much wait times can fluctuate throughout the day.

The Magic Kingdom

This is the smallest of the parks, believe it or not, and also the busiest.  Expect the highest percentage of kids and stroller-jams.  We've found that even though most kids annoy us (we have no kids) one of the best things about the Magic Kingdom is to watch kids freaking out with excitement on the way into the park and during the day, and to spot meltdowns that occur when they get tired.  If you're lucky, the parent will also melt down and we take sadistic pleasure in witnessing this.

Here are the absolute must-see rides:

• Space Mountain - a fast, chaotic, clackety ride that's world famous because it's in the dark.  This is our first fast pass of the day always.
• Monster's Inc. Laugh Factory - this is probably the best, more underrated ride in the entire park.  I can't say enough good things about this show.  Essentially, it's a standup comedy routine performed by actors who voice and control the expressions of animated Monsters on the screen in front of you.  You can submit jokes, the audience participates, and no two shows are the same (jokes and gags differ).  This is an unbelievably creative ride and if you liked the movie, it's a slam dunk.
• Thunder Mountain Railroad - this may be a "kiddie coaster" but it's a fun one with awesome theming.  The ride is fun and feels chaotic enough to be exciting.  Try to get a seat in the back cart.  This is always our second fast pass of the day.

Things we Enjoy

• Tea Cups - This is another ostensibly kid ride that can be had in any park, but we attempt to spin as fast as possible and it's a relatively short wait.  If you do this right, you can usually be so loopy you're close to falling down at the end of the ride.
• Pirates of the Caribbean - this ride closed for an overhaul that lasted quite awhile but really only saw them insert a few Captain Jack Sparrow figures into the ride.  It's the same as it ever was, and that's generally a good thing.  It's got a covered line which gets you out of the heat and we generally use this line to eat a snack since it moves pretty well (usually not more than 40 minutes).
• Train Ride - we use the train to get around the park a lot since the Toon Town and Frontierland stations are well positioned to save you walking through the chaos of the middle of the park. Note - currently Disney is completely renovating/rebuilding/expanding the Fantasyland part of the park which means the Toon Town station is closed which really limits the train's usefulness.  This should reopen in 2012.
• Haunted Mansion - we like this ride because it seems to exemplify the old-school haunted house theme and has a very creatively themed line with funny tombstones, etc.  This is probably not a good idea for young kids.  Bonus - every time we've ever been on the ride it has paused or broken down for a few minutes and a voice comes on that advises you to stay inside your "Doom Buggy".  For us, this is the best part.
• The People Mover - a good way to rest your legs and relax.  Nothing earth shattering here.

Things We Hate

• The Hall of Presidents - Yes, I get this is a classic, but it sucks.  Although it is air conditioned and the wait is short, the problem is you'll be tempted to fall asleep during it if you pop in during the middle of your day.
• The Lilo and Stitch Ride - Easily the worst ride in the park.  It's a bizarre ride, but it makes a little more sense when we learned that it was originally an Aliens themed ride that got retooled.  It's horrible horrible horrible.  A complete waste of time.
• Small World - insane lines and that horrid song.
• Country Bear Jamboree - we thought we liked it as we had fond memories of this line, then we recently went to it and it ruined the memories for all time.

Food Guide

• Giant Smoked Turkey Leg - the single best food offering in the park.  These can be found in Frontier Land in a cart right by the river.  If you're on a high protein diet / low carb diet, this is essentially your only option, but who cares?  The meat is actually not turkey but Emu and it's awesome.  Make sure you bring dental floss if you're going to eat one of these - the meat tends to get stuck in your teeth and you can't buy it anywhere within the park.
• Cotton Candy - The Wife loves this.  You can get it on Main Street and also in Frontierland.
• Pineapple Soft Serve Float / Coke Float / Pineapple Ice Cream - my favorite dessert, can be found in Adventureland near the Pirates of the Caribbean.
• Taco Salad - find these in the food court opposite the Pirates of the Caribbean.
• Jelly Bellies - these are insanely expensive but they're inside the general store in Frontierland along with the Cotton Candy and Aunt Selma's massive cookies, which are really good.

Other Items We Enjoy

• There is a glass blower shop on Main Street on the right side when the train station is at your back.  Inside there are artisans that are shaping glass items and we've also seen them blowing glass to make goblets and other large items.  This is a lot of fun to observe.
• The camels in Adventure Land spit water on you when you walk by.
• The parades are always entertaining to watch, and even more fun to watch kids freaking out as their favorite characters walk by.  Protip: monitor line times closely during parades to hit a few rides while the parade soaks up large crowds.

Permalink | Leave a comment  »

Awhile ago I wrote an Open Letter to Mint.com laying out some major concerns I have with their service and their security implementation.  Almost all comments both here and on Hacker News and Reddit were divided into three categories:

• From non-Americans: How is a service like Mint.com even possible or legal? US Banks don't have two factor security?
• I totally agree that Mint.com and their service is insecure and I don't use them!
• I agree that Mint.com needs better security, but their service is great and anyway, it would be too time consuming/too expensive/too hard/too impractical to implement these security improvements.

Between the time I wrote that letter and now, we've seen RSA (the only major token based two factor security provider) have all of its hardware tokens compromised to much public uproar. At Sentry Data Systems, we've had two factor security implemented for years using time based cookies and additional security questions to challenge users when they were logging in from a device that hadn't been previously authorized.  This is similar to how many banks in the US do two factor security if they choose to implement it.  While not a HIPAA requirement, we felt that it was a great feature to offer that provided an additional layer of protection.  We'd originally offered RSA SecurID tokens to customers but found that most customers balked at the price, and even if they did use the tokens, many would simply tape it to their computer monitor or keyboard, or they'd forget the token at home which would cause quite the contentious support call. This experience brought to the forefront several issues that I had with hardware based tokens:

• Casual users or those who didn't value the two factor security benefit would simply leave the token lying around or affix it somewhere - it wasn't natural to expect a user to carry one more thing with them day-to-day.
• If there was a compromise, you have to replace all of your hardware, for everyone, everywhere.
• They were expensive.
• They were highly recognizable and screamed to informed observers that you had access to a system that was considered high-value by someone.

I even went so far as to start sketching out an iPhone app that we could deploy for our customers but it seemed like quite a lift to do it well (a correct implementation is key in cryptography systems) and it was with much delight that I ran across an outfit called DuoSecurity based in Michigan. They have really put together a fantastic service that provides both SMS based (challenge/response) and one-time password (via an iPhone or Android app) options for two factor security.  I signed up for the service, installed their package on my Ubuntu Linux server, and within about 15 minutes, I had a very strong two factor solution that avoids all the drawbacks of the hardware token approach...for free.  Yes - they provide up to 10 users for free to let you get your feet wet and see how the system works.  With the token being my phone, I'm not going to forget it, it doesn't draw attention to itself, I can't tape it to my workstation, and they can update the software if they need to. If their service goes down, you can configure it to not require the second factor (the default) or you can choose to prevent logins and keep a private key around for last-ditch logins.  Of course, for those of us running cloud based servers, there is still the risk that your hosting account could get compromised giving an attacker shell based access to the machine - hopefully Slicehost and other services will implement this type of additional security soon (Amazon's EC2 cloud already implements two factor security as an option). Duosecurity can be easily implemented with any web application, a lot of VPNs, and on your Unix/Linux servers quickly and easily.  If you're doing anything with medical, financial, or other sensitive data you should definitely check them out.  If you just like additional protection for your own servers and services, they're a great option as well.  Just in case you're curious: Duosecurity put up a great blog post about the steps they've taken to prevent compromise if they came under the same attack as RSA. A few thoughts on improvement:

• Give me an apt package please!  I don't want to compile things, and I don't want to edit configuration files.  These things make it hard to deploy on lots of servers.  I talked with a support rep from Duosecurity and they told me this is in the works already.
• Put a login form on your website!  They email the login URL to you but I shouldn't have to remember it.
• It's a little unclear to me if the pricing scales well- if I've got the same 35 users access 100 machines, does that mean I pay 35x100x$3?  That seems expensive.  Course, it's still way cheaper than RSA but at least you could bind an account to a token and not worry how many servers you were accessing.  It's possible that a single user crosses the server boundary, but again, I'm unclear on that.

Bringing it all back to the original point - there is simply no excuse why a service like Mint.com doesn't use Duosecurity to protect its own user's logins.  But the second issue still exists - how do banks provide consumers of financial data access without compromising the entire account? A poor man's solution of sorts could be taken by banks providing read-only accounts for customers that use generated, revokable passwords.  Google takes this approach with its own two factor implementation for Gmail.  You get texted when logging in normally, but for other applications, you generate a password that can be revoked at any point.  It seems like a decent compromise - you can't control the account from that login, and the password is of sufficient length and complexity that it's unlikely to be brute forced.  My initial suggestion of using Oauth is essentially the same thing. Congratulations to the guys/gals at Duo Security on providing a really great set of tools for developers and users.  I really hope it catches on and more and more providers begin offering two factor as an option.

Permalink | Leave a comment  »

Permalink | Leave a comment  »

• Relatively short distances (less than 4 hours).
• High population density.
• Good local public transport one you've reached your destination.
• High schedule density (a lot of trains providing lots of schedule options).

“In China, we will have a debt crisis — a high-speed rail debt crisis,” he said. “I think it is more serious than your subprime mortgage crisis. You can always leave a house or use it. The rail system is there. It’s a burden. You must operate the rail system, and when you operate it, the cost is very high.”

Permalink | Leave a comment  »

Permalink | Leave a comment  »