17 December 2012, lunch time
Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you. If you are under the age of eighteen (18), or under any other applicable age of majority, you represent that at least one of your parents or legal guardians has also agreed to this provision (and the use of your name, likeness, username, and/or photos (along with any associated metadata)) on your behalf. — The new Instagram terms of service, emphasis mine.
In the back of my mind I knew this day would come, but now that it’s here it isn’t any less disappointing. Instagram’s new rules are pretty draconian. A lot of times websites will have unfortunately worded terms of service, but they often written the way they are to facilitate displaying your content on their servers, etc. This language seems quite clear when it comes to Instagram / Facebook
Flickr’s new iOS application is quite nice, but I don’t know how I feel about spamming my Flickr feed with photos of Mythilli. Part of the original appeal of Instagram was that it was a nice light-weight way to share little snapshots. Flickr is a big mix of people posting one-off photos, big sets of photos from their vacations, and all sorts of other random stuff. Still, Flickr probably has the nicest terms of service when it comes to this sort of thing.
I really love Instagram, so this change is really bumming me out.
17 August 2012, early morning
Twitter published a pretty bizarre post on their developer blog yesterday, outlining changes they plan to make to how developers can interact with Twitter. To say it’s a little bit hostile to their developer community would be an understatement. I think it’s fair to say that much of Twiter’s early success didn’t come from the company itself. I mean, the site could barely stay up for the first few years of its existence. People stuck with Twitter despite the fact it often felt cobbled together. The two most iconic features of Twitter messages, @-replies and #hashtags, were both originated from the Twitter community. They ended up becoming official features because of their wide spread use. All of the good iPhone clients for Twitter were made by 3rd parties — including what became Twitter’s official client. Twitter’s official client is kind of a piece of shit compared to feature-rich Tweetbot or the simple and elegant Twitteriffic. I’ve been a Twitter user forever. Twitter launched on July 15 2006. I joined on July 28th 2006. I am user 3321. It took me a long while to warm up to the site, but I love it now. I find the direction they seem to be moving is more than a little disappointing. I think the best summary of the change comes from Ben Brooks: ‘This is the moment in Twitter’s life where they kicked Steve Jobs out of the company and told Sculley to run it.’
11 July 2012, late morning
If you are using Hudson/Jenkins you might want to review this article by my coworker: The Operational Reality of Opt-In Security Controls.
This has been a topic of much discussion in my office for the last couple weeks. My co-worker, unaware of what Jenkins and Hudson were all about, thought he had found a pretty crazy exploit while doing an assessment. It turns out he had actually found was a poorly configured instance of Hudson. Responses to his outreach have been mixed, to say the least. The people behind Hudson and Jenkins feel this isn’t a problem for them to solve. They provide a guide to harden your install, and feel it’s up to their users to ensure they deploy things properly. (This is similar to the attitude Rails developers took to their mass-assignment bug.)
Using Google he ended up finding misconfigured automated-build servers all over the Internet. (You’d actually be surprised and/or terrified by some of the people who had exposed their servers in this fashion.) He’s been sitting on this post for ages, waiting for people he has notified to get back to him on whether they have secured their install or not. For every person who replies promptly with a thank you, there are probably two people who don’t reply at all or who quietly fix their install and pretend he never got in touch.
I suspect one reason people simply go the no warning full disclosure route when they find vulnerabilities isn’t because they are trying to be malicious, but simply because it’s the path of least resistance. I suppose this is why patience is an important attribute for a good security professional.
31 May 2012, early evening
It’s been a very long time coming, but I finally have a Nest learning thermostat in my house doing whatever it is thermostats do. When they were first announced I hesitated just long enough that they sold out before I could buy one. I signed up to be notified when they had more, and eventually I got an email saying they had one waiting for me. It was only then that I learned they were only selling the things to people in America. That was maybe a half year ago. Between now and then is a tale of woe, lost shipments, interoffice mail, random strangers, credit card companies and the horror that is UPS.
You can tell the Nest came from someone who used to work at Apple. It’s packaged with the same aesthetics and the installation process was absolutely painless. It’s packed with everything you could possibly need to install the device: extra base plates, a screw driver, etc. I think it took about 15-20 minutes from start to finish. It’s got a really intuitive interface, especially when compared to other programmable thermostats. (I can barely figure out how my parent’s one works.)
The Nest actually arrived at a good time. For whatever reason my old thermostat would run the forced air fan all the time when the air conditioning was on. That was both costly and annoying. The Nest doesn’t do that. I suppose this is really the bare minimum you should expect from a thermostat. I’ll post an update after we’ve had it for a while and it’s become self-aware.
 Technology | Life
18 April 2012, early morning
My coworkers and I participated in the HackTO 2012 over the weekend.
Read the rest of this post. (724 words)
 Technology | Life
7 March 2012, early evening
GitHub recently fell victim to a security hole in Rails, the web application framework they use to build their site. A user of their site exploited the security hole and gave himself commit permissions on a repository that didn’t belong to him. I’m sure it was no coincidence that the repository that he chose to mess with was the official Rails repo.
Read the rest of this post. (441 words)
8 February 2012, early morning
This American Life excerpted part of Mike Daisey one-man show “The Agony and the Ecstasy of Steve Jobs” to produce a one hour podcast about how are tech-junk gets built. To say it’s a little bit bleak would be an understatement. It’s a full on Dickens novel crossed with some dystopian science fiction. Dasisey’s focus is on Apple, but at this point chances are good that Foxconn has made anything electronic you may own. The podcast is amazing and you should definitely listen to it.
The response to this story has been a bit all over the place. Most Apple blogs I read seem quick to let you know that HP and Dell and all those other shitty PC manufactures also make their junk in China. John Gruber actually linked to a (very old) article by Krugman about how shitty jobs in the 3rd world are better than nothing. I guess?
The New York Times has a great companion piece to this article that touches on why manufacturing has moved to China. It’s not simply a matter of costs. You really can’t produce the sorts of gadgets we enjoy today anywhere else in the world. This seems to be the most pulled quote from the article:
“They could hire 3,000 people overnight,” said Jennifer Rigoni, who was Apple’s worldwide supply demand manager until 2010, but declined to discuss specifics of her work. “What U.S. plant can find 3,000 people overnight and convince them to live in dorms?”
I bought a backpack from Goruck recently. I bought it because they are well reviewed backpacks. They also happen to by made in the USA. Goruck has written about this on their blog a few times. They had a post about how their GR1 is made. They’ve also written about their second factory, complete with goofy pictures of their staff. This side of things didn’t enter my mind at the time. Now that I think about it, my backpack is perhaps the only thing I own which I’m pretty confident was made ethically.
 Technology | Politics
2 August 2011, early evening
“These overnight text editors don’t reflect well on the genre or the platform. We are raising the bar, elevating the standard.” — Bare Bones Software President Rich Siegel in 2005
A lot of Mac users you meet today switched as Mac OS X matured, over the last 7-8 years or so. I switched when Windows 95 came out. I sincerely enjoyed using various flavours of DOS on my trusty 486. Windows 95 launched with a series of shitty betas (you had to pay for) followed by a snazzy ad campaign. Though I was a young man, I could tell that Windows 95 was a piece of junk. I did the sensible thing and switched to a Powerbook 5300cs running System 7.5.3. Believe me when I say, “it was dope.”
I used my Powerbook during my first term of University. By this point Macs were running OS 9. I would write Java programs in BBEdit and build them using the OS 9 Java toolchain. Programming in Java on a Mac in 1999 was pretty horrible. BBEdit on the otherhand was pretty great. I used it as my text editor of choice throughout university. (At least when I was working on my Mac. On the school’s Unix machines I used Vim.) The last big project I worked on using BBEdit was my compiler.
This blog has been around long enough that I can look and see when I first linked to the then new TextMate. Upon its launch it was greeted with a lot of confusion and mixed interest. Between 2004 and 2006 TextMate went from this fringe application used by a few people to basically the defacto text editor for the Mac. BBEdit’s core userbase always struck me as people who had used it prior to the launch of MacOS X. By 2006 lots of people were coding up the next hot Rails app on their brand new Mac using TextMate. 2006 was when I switched from BBEdit to TextMate.
The latest version of BBEdit launched with the release of Lion. It brings with it a slew of new features and updates. TextMate on the other hand hasn’t had any real updates of note since 2007. Any advancement in the application really came from its bundles. With the launch of Lion came a wiki page for TextMate outlining what was broken and possible work arounds. TextMate 2 has been in development for something like 5-6 years. I stopped using TextMate a little while ago because it started to feel sluggish on my iMac. I now exclusively use Vim. (MacVim to be precise.) I remember reading the Rich Siegel comment in 2005 and thinking he was being a bit of a dick. It took 6 years, but it turns out maybe he was right about TextMate.
BBedit 10 is now priced at a pretty aggressive $40. I’m curious to see if it can win back its place as the number one text editor on the Mac.
5 July 2011, terribly early in the morning
I was listening to Marco Arment’s show on 5by5 yesterday. Normally it is pretty on point, but yesterdays show seemed so wrong about Google+ I thought I’d say a few words. (A few of the Apple tech blogs that I read seems to be hating on Google+, seemingly because it’s from Google or because they hate social networks. This 5by5 show just stands out in my mind since I spent so much time listening to the damn show.)
To start off, Marco hadn’t even used Google+ when the show was recorded. Many of the tech blogs I read are also critical of the service despite not being invited to use it. Criticizing something you haven’t used before is silly. I would think that goes without saying.
Marco felt that Google had nothing to offer beyond what Facebook currently offers, all the while lacking the user base Facebook currently has. He talks about how if he could log in to Google+, he’d expect to see 4 geek friends, each talking about the testing out the site, and that’s about it. Meanwhile, even his Grandmother is on Facebook. My mom is on Facebook. That’s some serious market penetration. That said, she wasn’t on the site anywhere close to day one. Facebook at launch was full of Ivy League kids, and it expanded from there. Like today, when it launched there was a big well established player with a huge user base. People move from network to network when there are compelling reasons to move. I used to use ICQ, then switched to MSN, and am now settled on Google Talk. Each switch happened organically. All it really takes is a couple people who you have to talk and their communication medium of choice will usually win out. The question is whether Google+ will snag that set of key people. I would add that these sorts of social networks don’t have to be a zero-sum game. If the user base for Google+ never moves beyond a bunch of nerdy boys and girls that isn’t the worse thing ever. I suspect for many people, a social network their mom isn’t on is actually a compelling feature.
It also seems clear to me what Google is trying to do to differentiate itself from Facebook. Without looking at their crazy demo site, here are three things that come to my mind after using the site briefly and reading some blog posts from Google.
- Google is quite up front about how it plans to share what you post to the site. I commented upon logging in for the first time that all the requests to use this and that information were creeping me out, but they were really doing nothing different from Facebook, they were just not being secret about any of it. Google+ also has a very clear model for how you group your friends and family, and share information with them. Facebook’s privacy controls are inscrutable. Worse, they seem to be obfuscated on purpose.
- Google makes it very easy to export your data out of Google+. (It plans to make it easy to export data out of all of its services.) Facebook is a black hole for your stuff.
- Google makes it very easy to delete your account, and everything associated with it. You don’t have to find a page on WikiHow explaining what you need to do to delete your account. You don’t have to understand what deactivating your account means. You don’t have to wonder whether your account is actually gone or not. This is actually the one thing I like most about the service.
I don’t think I’ll use Google+ any more than I did Facebook. I don’t think Google is any less creepy than Facebook. Still, I can see that Google+ is a well thought out and well executed product, especially for something that just launched. I think it has a good chance of doing well. (Assuming they let other people use the site, anyway.)
11 November 2010, terribly early in the morning
I went to the Gladstone with a coworker and Tyler to hear Ali and Matt from Well.ca talk about how they keep Well.ca chugging along. They discussed the software development process at Well, the tools they use to get things done, and the corporate culture that facilitates the work they do. Ali’s one of the smartest people I know, so if you’re interested in starting a start up I recommend you copy what he does, more or less verbatim.
Since i’m new to web development I thought the talk was particularly interesting and informative. I learned about a few cool projects that I will share with you now:
- Matt’s told the audience about an automation tool he wrote called doo that looks quite nice. It’s made out of surprisingly little code. Ruby is a strange beast.
- Ali showed off a jabber bot called well-partychat. It’s an implementation of Partychat you can run behind your own firewalls. Partychat is a way to do group chats with Jabber, regardless of how shitty or not your IM client is. Since most everyone already has a Jabber account, this is a good way to set up a persistent chat room. Since it’s in something people already have open and running, I can see how it would actually get used over something like status.net or Campfire.
- Well.ca have somehow managed to trick out Speedtracer to do all sorts of magic. Sadly, i’m not entirely sure how. Speedtracer looks like a seriously awesome project in and of itself. It’s a profiler for Chrome that can tell you all about your web application.
After the talk everyone headed over to the Rhino for drinks. How did that place become the defacto hangout for Toronto software geeks?
Life | Technology
31 May 2010, mid-morning
And so my experiment with Facebook ends. I deleted my account today. Shima actually deleted her account first. Now I apparently have to wait 14 days for Facebook to actually delete things, whatever that means. I suspect they keep your information around forever, but who knows. I’m not sure what I’ll miss on the site just yet. Certainly I have some friends and family who only share stuff via Facebook. I’ll just have to go back to shunning those people, like I used to in the good old days.
Life | Technology
12 December 2009, late at night
It’s 2:15 on a Friday night. I got back from LeVack Block on Ossington an hour or so ago. It was their two year anniversary. It was a pretty good party. Rather than sleep, I thought i’d figure out how to generate my Blansdowne site using Sinatra, instead of generating all the static pages up front. I’ve actually got it all working, though I need to handle errors better. I’m impressed at how productive I am this late at night.
Life | Technology
2 November 2009, terribly early in the morning
This is pretty neat: the city of Toronto is releasing a bunch of the data and information they collect online, via the portal toronto.ca/open. There is a companion site, dataTO.org They look to be following the lead of the US government, who recently created DATA.gov not too long ago. This stuff is all generated using tax payer money, so I think it makes sense that the data be available to the public. You can grab the entire TTC schedule as a series of text files now. There is a real time XML feed of events and festivals taking place in the city. This address validator web service looks like it could be used to do a lot of interesting things. I’ll be curious to see what sorts of things people start creating with the data released so far, and what other datasets the city plans to release. There isn’t much online right now, but it seems like a good start.
 Toronto | Technology
19 October 2009, early morning
I’ve been using (playing?) Foursquare for a few days now. It’s a simple enough idea, and it’s well executed: users can use the site (or mobile application) to let their friends know where they are, and what they are up to. The idea is that your friends could discover you’re nearby and come meet up. Similarly, you could learn your friends are out and join them. You don’t need to publish all your check-ins, so you can use the site privately. You can also push your check-ins out on to twitter, so people who aren’t using Foursquare can still see where you are.
There are other applications and services that do this. (BrightKite is the first that comes to mind, and you can certainly put this information out there using Twitter.) What makes Foursquare interesting is that to encourage people to use the service by setting itself up like a game. You get points for: telling your friends where you are; going to multiple places in a night; going to new places; going to the same place several times; etc. You are also awarded boyscout-like badges for completing various tasks. Finally, if you go to the same place enough times, you will be declared the mayor of that place. These points and titles are more or less meaningless, but if you’ve spent any amount of time online you’ll know that people still love to collect meaningless things. (Karma on Reddit and Slashdot is the first thing that comes to mind.) Some people have labelled this sort of thing prescriptive social software. Foursquare is encouraging a certain sort of behaviour from its users.
The NYT recently ran an article on the service, which touches on some of the ways it encourages people to get out and see the city, meet up with friends, etc. It also looks at possible ways the service could make money. Businesses might want to encourage people fight for their mayorship since it encourages more people to visit them. Similarly, businesses might want to add badges to the game that encourage users to come visit them. There seem to be plenty of ways to monetize something like this.
As with most things on the Internet, the site is probably more useful when you know a bunch of people using it.
1 October 2009, lunch time
I am on Google Wave. As they were with GMail, Google is being fairly tight with how they are rolling out the service. Twitter is full of “can I get an invite” messages. (My invite came from my friend Ryan, who works at Google now. By coincidence, he’s the same guy who invited me to GMail way back in the day.) Unlike GMail, invites aren’t sent out immediately. You nominate someone for an account and at some point they’ll be sent an invite. For a service like Google Wave this is a stupid way to get things going. GMail was actually usable even if you didn’t know anyone else using GMail — it’s just an email client. Wave is something new and fancy. As such, I can only “wave” to one other person with the service, my friend who invited me. Awesome? He hasn’t replied to my first wave yet. Maybe it’ll be more exciting by the end of the week, but I have my doubts.
15 July 2009, early morning
The CRTC hearings that took place over the last week or so are fascinating to read about. Rogers did an embarrassingly bad job of presenting its point of view. On Monday, Rogers said, “It is the behaviour of the application, not the application itself that we are concerned with. If an application which could cure cancer acted in a certain way, it would be also be subject to traffic management.” Yes, Rogers testified they would throttle the cure for cancer. Bell didn’t fare much better yesterday, though there weren’t nearly as many bad sound bites. It did come out that they’ve cut monthly bandwidth caps by as much as 90% — some of their services now have a 2gb cap. And they throttle their traffic for 10 hours of the day. So you can pay for a 5mb connection and get a 80*kb* connection 1/3 of the time. (An 80kb connection is slightly faster than a modem.) What a deal! I really don’t understand how Bell can avoid hemorrhaging customers. They also spent much of their time on the stand avoiding questions or lying. Sadly, I think the CRTC is firmly in their pockets. The transcripts end with this comment from the chairmen to Bell: “I do not think we are very far apart. Thank you very much, we spent more time with you, but you did start the whole thing.”
If you aren’t already with TekSavvy you should switch. Vote with your feet. Bell and Rogers don’t deserve your money. (Even though their customers are apparently very happy.) If you switch to TekSavvy you can also avoid Bell’s internet throttling completely by using ML/PPP. You’ll also get to talk to real people when you call them for support. Seriously.
8 July 2009, terribly early in the morning
Google is making an operating system. An operating system that sounds like it is designed solely to run web pages. What?
A few years back Kottke was arguing that Google would do something like this, develop a WebOS. I thought this was the dumbest idea ever. I still do. Web applications have come a long way, but at the end of the day they are still a bunch of web pages. Apple’s Mobile Me web site is fairly cutting edge when it comes to putting a rich UI up on the web, but even that seems lacking when compared to the ‘real’ versions of Mail, Calender, Addressbook, etc. Computers are stupid-fast nowadays. Yes, even those lame-ass netbooks are fairly powerful machines. To not take advantage of this computing power seems foolish. Why run an entire web browser if the end goal is to view and edit contacts in an address book?
Applications that seamlessly take advantage of the Internet in novel ways are to be applauded. If my file system backed itself up automatically and securely to computers half way across the world, that’d be amazing. Apple’s MobileMe offering got off to a rocky start, but I see that as the direction computing should be moving in. Apple has a suite of powerful applications that can communicate with the web to share what actually matters to you: your data. This seamless movement of data between applications, computers, etc, is what the computer industries goal should be. Trying to shoehorn everything into a web page, not so much.
20 February 2009, terribly early in the morning
I bought my Unicomp Spacesaver keyboard about a half year ago. At the time it was a little tricky to quantify how nice the keyboard felt. It was certainly a step up from my previous Dell piece of crap keyboard, but just how big a step?
Read the rest of this post. (444 words)
18 February 2009, early morning
I have emails from when I in grade 11 on my old Powerbook 5300CS. I read them when I was home a few weeks back. It was funny and scary reading what I wrote. Those emails are over 10 years old now. I wonder what people who have replaced email with Facebook will have to look back on in 10 years time. My guess is nothing, but you never know. I think the uproar over Facebook’s TOS was justified, but the bigger issue I have with Facebook is that it traps all your interactions with the site on the site. There is no way to programatically export your data. While their messaging system is convenient, it’s locked into Facebook. If Facebook folds, or they decide to ban you from the site, there go your “emails”. Kottke compared Facebook to AOL, and the comparison is apt. A site that traps your data isn’t worth your time.
21 October 2008, early evening
Use Tomato/MLPPP to Stop Bell from Throttling your Internet Connection.
So the WRT54G router firmware I linked to earlier does in fact get around Bell’s (anti-competitive jack-ass) throttling of my Teksavvy internet connection. I love my router, I love Teksavvy, and I now love Tomato/MLPPP. I haven’t been able to download torrents during the evening for many months. (Bell throttles during off-peak hours, so while I was at work my torrents used to run at full speed.) I really didn’t expect a solution like this to develop: I was waiting for Bell to get their asses handed to them in court. Clearly, relying on your government to take a large corporation to task is an exercise in futility. If you’re on Teksavvy, and have a respectable router, I seriously recommend you upgrade to this firmware. Suck it, Bell!
So how does this work? MLPPP is used to aggregate several different network links into a single faster link — i.e. you can take several DSL connections and make a single faster one. With MLPPP the client will split a packet up into smaller fragments, and send each fragment with an additional MLPPP header over different links to the server. The server will then reassemble the original packet from the fragments it receives. You split your bandwidth over all your links, effectively creating a single faster one. You can run MLPPP over a single link, but it obviously offers you no advantage, as all your data is still going over the same link. In this case, the advantage comes from the fact that (for the time being) the hardware Bell uses to track and shape Internet traffic does not know how to process MLPPP traffic. Bell doesn’t reassemble the real packet to examine what is being sent, and thus can’t decide if it needs to be throttled. As long as your ISP understands the MLPPP protocol, you should be able to avoid throttling this way.
Update: TekSavvy now charges $3 for a static IP, access to newsgroups, and access to their ML/PPP server(s).
 Technology | Life
21 August 2008, early morning
Unspace discuss their past, and the future of Ruby. There are a lot of interesting links in the post, but of particular interest was the post about Hadoop by Ted Dziuba. (The subtitle, “On the emasculation of Twitter and Dirty Harry” is certainly enjoyable.) There is a lot of interesting stuff being done in Ruby, but like Dziuba, I find a lot of it quaint and half assed. Sometimes I get the feeling that the community around Rails seems to be a bit of a cargo cult. You have a core group of people who know what their doing, and a lot of people who echo what the core says, but who perhaps don’t quite grasp what’s going on. Someone discovers REST and all of a sudden everyone is going on about RESTful this or that. Someone discovers automated testing and everyone is going on about Runit and Rspec. Mind you I’m probably just an elitist C++ programmer. One day I’ll write a longer blog post about that, but not today.
Update: Rethink sort of mangled one of my comment’s, which i’ll repost here:
Read the rest of this post. (555 words)
Computer Science | Technology
7 August 2008, lunch time
My Unicomp Spacesaver arrived a few minutes ago. I knew it would be loud, but I think I underestimated just how loud it would be. There is a clackity-clack that comes with every key press. Typing out a sentence results in a not so quiet roar of noise. My plan was to use it at work, but i’m worried the noise is going to drive everyone around me nuts: our work space here is pretty quiet. I think this keyboard is a bit too loud. (Well, I know it is too loud, it’s really a question of just how annoying everyone else finds it.) Of course, it feels quite nice to type on. I’ll have to see if people start giving me dirty looks.
 Life | Technology
31 July 2008, early morning
I was talking to Tyler about Ruby Fringe yesterday: apparently it was a crazy success. I’m still disappointed I didn’t crash their last party. I did have some of their left over beer last night on the roof of their office, so I guess that’s something. People are going on about the conference like it was Woodstock. The fact they aren’t planning on doing another conference may mean it will end up developing the sort of mythos that surrounds Woodstock. At least amongst super-nerds like myself.
Read the rest of this post. (498 words)
Technology | Current Events
29 July 2008, terribly early in the morning
Matt recently wrote about how he uses the Inbox Zero method to manage his email. The general idea is that you don’t use your email inbox as a dumping ground for all the emails you need to deal with. You can read all about Inbox Zero on Merlin Mann’s web site. Like Matt I find the system works pretty well.
Read the rest of this post. (299 words)
Technology | Life
3 July 2008, terribly early in the morning
Tyler and Matt were laughing at me when I told them most of my music is saved as AAC files. It’s the reason my Muxtape is a bit lacking. I decided on this format a long time ago, after soliciting the opinions of my friends. AAC struck me as the format of the future, it being superior to the MP3 format and all. Reading what I had written then, I was working under the assumption that ACC would become as ubiquitous as MP3s. One day. Till then you can listen to RZA’s muxtape.