radioAe6rt

I’ve made a few financial contributions to the Obama campaign, which is the most important run for the presidency in my lifetime. Be a part of our own redemption as a nation — help elect this man the next President of the United States with not only your vote, but with a small contribution to the campaign.

John Engelhart wrote a nice piece of code, RegexKitLite, that allows regex programming on the iPhone. RegexKitLite is part of his larger RegexKit project.

There is something funky about how the simulator and device SDKs work with respect to how this code pulls in header files, however. I had to insert an #ifdef as a hack to get the code to work on a real iPhone device. The code works as-is if running in the simulator. Here is the mod, to RegexKitLite.m:

#ifdef iPhone
  else { if((splitStrings = rkl_realloc(&scratchBuffer[1], splitStringsSize, (NSUInteger)1)) == NULL) { goto exitNow; } }
#else
  else { if((splitStrings = rkl_realloc(&scratchBuffer[1], splitStringsSize, (NSUInteger)NSScannedOption)) == NULL) { goto exitNow; } }
#endif

near the original line 579.

Some good links on programming view controllers and table views on the iPhone.

A reader of my OnJava article on discovering a Java application’s security requirements wondered what parsecodebase would look like in Java. Here it is. parsecodebase, a Perl script in the original article, takes the output of the profiling security manager and formats it, grouping on codebase.

A hearty thank you to my friend and author Jason Brittain for mentioning my Java security article in his Tomcat 2nd Edition work. I received a signed copy today from Jason, over ceremonial burgers, which will sit beside my dog-eared copy of his first edition work on my tech bookshelf.

Jason, nice job on the book. No Tomcat professional should be without it.

The question is why?

From John Battelle, Windows Live gains search marketshare in March, while Google loses a bit.

So I stopped on over to the Live site to execute a search whose results I need for a day trip. I wanted a map of 10th and Fulton in San Francisco. So I go to the FireFox toolbar and type “fulton and 10th avenue, sf”.

The Google results include a second click Google Maps result, which is exactly what I wanted. The Live second click was a link to the SF Chronicle that, as it turns out, did contain a map of the 10th and Fulton area. But I’m not going to follow that link, because a SF Chronicle link could contain virtually anything. Not only that, when I clicked on “Maps” in Live, the search string had not been sufficiently disambiguated for Live to present me with the map I wanted, namely the intersection of 10th Avenue and Fulton in San Francisco, CA. It wanted me to narrow the input, starting with a map of the continental United States. None of the suggested locations matched a location in San Francisco. What?

If Live wants to be taken seriously by a world trained to use Google, it needs to adapt to us, not the other way around. Of course, I’m logged into GMail almost continously for a couple years now, so Google probably knows what links I want based on my history. But until Live can get up to speed and surmount that history-less barrier it has with me, I find it unusable. The results returned are inferior to Google’s, not that Google’s are by any measure always spot-on. But at least I know how Google thinks, and vice versa, so I know how to manipulate it for effect. Besides, with the full faith and credit of Microsoft Research behind it, how many different things is “10th and fulton, sf” likely to mean? Live is linking to literal content rather than meaning behind the search input.

If Live eventually offers a consistently higher quality search experience than Google, I’d probably switch. Every six months or so, I go have a look at Live with some typical search input. And every time I come away with the same conclusion: they’re just nowhere close. And a question: who are these users who are getting value out of Live?

When I was kid, my friend Randy and I would occasionally ride our bikes down to La Benite Park to watch the Missouri River go by. The park is in Sugar Creek, MO, where we grew up. Recently, my interest in the Lewis and Clark Expedition was renewed, and I thought to take a look at their journal entries for the summer of 1804, when they passed through the Kansas City, MO area.

From the Moulton online version of their journal entries on June 25, 1804, we find Clark’s entry describing the camp at Bennett’s Creek. Note Footnote 4, where Bennett’s Creek is the same as La Benite, the name of the modern park itself, but then referring to a creek on the left hand side (south) side of the river.

Never did I go down to the park and peer out at the river, a thousand muddy feet wide and sweeping everything in its roiling path downstream, that I did not imagine the Expedition moving by, right to left (east to west), wondering what they looked like, what they did, what they talked about, what early 19th century spoken English in the West sounded like, what it would have meant to be with them. Watching and admiring Lewis, personal secretary to Thomas Jefferson himself.

Somewhere at a nearby curio shop I saw a set of after-dinner game cards printed with questions intended to stimulate conversation. One of these questions was: Would you rather spend a week living at some point in the past, or some point in the future? My answer, no contest: in the past, with the Expedition the day they paddled by my hometown.

LinkedIn got a facelift this morning, manifested mainly in the appearance and functionality of its home page.

One feature that intrigues me is the module containing news on places I used to work. For example, I used to work at IBM, and in my home page view there is a module that shows me stories about IBM. Not just any stories, but stories that have been annotated by LinkedIn as “Most Read”.

Most Read by whom? Presumably by people in my network, but I\’m not sure. Which leads one to ask how does LinkedIn know who is reading what?

[tags]linkedin[/tags]

One thing leads to another, in this case a visit to Denver led to reading Josh Waitzkin’s The Art of Learning, which in turn led to reading Loehr and Schwartz The Power of Full Engagement.

Loehr and Schwartz describe how to maintain high energy (physical, spiritual, mental, etc) for purposes of personal and professional performance. The authors argue that time management is not our modern challenge, but energy management. To continuously recharge throughout the day, they recommend taking a short nap or other mental relaxation spell after every 90-120 minutes of hard mental work. I opted for the nap, naturally. In my case, a 10 minute nap. Other relaxation spells might include quiet meditation or a brisk walk.

So I set a 10-minute timer, lay down, and focus on my breathing to quickly clear my thoughts, relax, and get to sleep. Now I have never timed my to-sleep like this before, but it seems that after about 3-5 minutes, dreamlike images begin to float by, and I sort of consciously note that, hey, that was a weird dreamlike image (I must be getting close to sleep). By 7-8 minutes, I seem to be sleeping. At 10 minutes I can barely hear the timer go off.

I wonder what those dreamlike images are and where they come from? I swear they seem totally random and in no way connected to what I had been thinking, my deep knowledge (not) of my own subconscious notwithstanding.

Update 1: Yes, the 10 minute nap does seem to dispel the fog that sets in after a period of work. Your mileage may vary, but I expect to see good results from this over time. In some cases, after the nap, the day doesn’t seem to be the same one I lay down to. It seems like a different period of time, not contiguous in anything but the logical sense with the pre-nap period. Not sure what this effect is, but there seems to be something to it.

Update 2: If you are at work and cannot take the nap, close the door to your office and do 15 minutes of yoga to clear the mind and reset the body. The point is to develop a ritual resetting of your energy level. Work, recover, work, recover.

[tags]sleep,personal performance[/tags]

It took four attempts spanning three months, but it was worth it: finally, I sighted Yosemite’s mighty Half Dome from the summit of Contra Costa County’s Mt. Diablo.

Friend David Beckemeyer and I made the trip up last week, on February 5. This was two days after a good Bay Area rain, which cleared the atmosphere of dust. Half Dome is 130 some odd miles from Mt. Diablo, so the air has to be clean, clear, and cloud free. Morning is the best time to attempt the view: by midafternoon, clouds start rolling in over the Yosemite Valley, obscuring the view. In addition to all that, winter is the best time to make the attempt, when the air is less likely to contain large amounts of water vapor.

There are a few simple ways to get the bearing to Half Dome from Mt. Diablo. You can go up into the beacon lighthouse and use the compass rose there to find due east. Half Dome is about 93 degrees off true north, meaning it’s just about due east of Mt. Diablo. If you’re using a magnetic compass, subtract about 15 degrees from its reading to account for magnetic declination in California. Either way, look for Half Dome sitting high on top the ridge, where the land meets the sky. Good binoculars (8×42 or 8×50) are required no matter how you sight. You cannot see Half Dome without optics. See below.

Yet a third way to sight Half Dome: Clifton Court forebay reservoir also lies along the line from Mt. Diablo to Half Dome. The reservoir is the large rectangular body of water half way between where you stand and the distant horizon. On an east-west line bisecting Clifton Court reservoir, follow all the way up to the horizon. Half Dome is lurking near that bisector where it meets the sky. David ginned up a map showing that line.

We stayed up top for about an hour, taking in the tremendous panoramic view Mt. Diablo affords, and showing Half Dome to the few passersby who wanted to know what we were up to, what with our binoculars, compass, and telescope. Mt. Diablo boasts one of the best so-called viewsheds in the world. The view of the Sierra Nevada, San Francisco proper, the Farallon Islands (60 miles distant) on a clear day, and the entire Bay is sight to behold.

You have to know where to look for Half Dome, to be sure. Even with good optics, you’re not really sure what size of object you’re looking for. As for sighting Half Dome with the naked eye, let alone viewing it, I’d say that’s practically impossible: at 130 miles and an estimated 2000 feet across, it takes up less than 0.2 degree field of view. Granted, there is some approximating going on here, but even if Half Dome were a mile across, you’re still talking less than half a degree field of view.

Finally, as an added treat, here is the Half Dome webcam, which refeshes every half minute or so. During the winter, you have a bird’s eye view of the hourly change in weather condistions that are common in the park. What a sight.

[tags]half dome,mt. diablo,yosemite[/tags]

It is, of course, heresy in some quarters to discuss global warming as caused by anything other than carbon emissions, but what the heck, let’s reference such a discussion. A group of Canadian (as if national origin matters) scientists is considering an alternate view: fluctuations in solar activity. It’s worth a read to remind ourselves that other thinking people have different views of climate change and variation. One thing is sure: these guys cannot be popular with the carbonists.

I’m not a climate scientist, but just a consumer of information like everyone else. Maybe carbon is the culprit for recent temperature changes, maybe not. But no matter to which view you subscribe, it’s important to at least try to listen to the other side in good faith. But with the massive momentum carbon has in this discussion, these guys are going to have a tough time being heard, let alone listenened to.

One thing I do find appealing in their work is that it lets me off the hook as a human being. If they’re right, I can take one problem off the long list of ecological, political, and cosmological problems that are my fault as a respirating homosapien. What a relief. I could use a break.

[tags]global warming,solar fluctuations[/tags]

Update: 3/14/2008 We run across another group of researchers who believes recent global warming is caused not as much by “anthropogenic” greenhouse gases as by decades-long fluctuations in solar output. This group does not attempt to refute that greenhouse gases contribute to global warming, but they do argue that the effect of solar fluctuations could account for as much as 69% of the recent temperature rise on Earth. 69% is a big number, and the value depends on the model used. But if the model has validity, it would certainly affect how (possibly read: whether) nations deal with carbon emissions.

I consider myself someone who reads a fair amount, not necessarily from books, but on the Internet, too. Too much of what I read is technical in nature, or keeping up with current events. A lot of this material is informative, but not nourishing. It makes us smarter, but doesn’t make us better. I won’t stop reading this stuff, because being smart has its advantages; it’s necessary if not sufficient.

However, reading a (nourishing) book on performance psychology recently surfaced this quote by Lance Armstrong that I found compelling. In discussing his experience with cancer, he wrote:

I remembered not much more than we are much better than we know, the rest being easy to fill in. Our goal now should be to determine in what ways are we better than we think we are, to discover where are those opportunities for growth.

We are much better than we know.

Normally I don’t post political material to this blog, but this year I make an exception. There is too much at stake to remain silent.

Larry Lessig has posted his position on why he is supporting Barack Obama for President. We would expect nothing less than a well-reasoned statement from Larry, and we get one.

That a man like Barack Obama can rise to become President of the United States makes me fiercely proud to be an American. The same America that gave rise to Washington, Jefferson, Madison, Lincoln. Tall company. But there are times when such great Americans must be called to mind. This is one of them. Our need is that great, our yearning for change that urgent.

That this change, this hope, is within reach is deeply redeeming. Without Obama in this contest, there would be no such hope, and no obvious path toward national redemption and cleansing that so many seem to need and want on so many different fronts.

[tags]democracy,hope[/tags]

It’s far too easy to get distracted by incoming RSS feeds if the RSS reader browser tab is open (The “I’ll just take a quick glance at the feeds” syndrome). I now make it a personal policy to not keep my RSS reader tab open during the day. I read news once in the morning, and that’s it until the next morning. For sites that get too chatty during the day, I subscribe to their email daily digest (e.g., the NYT), then read it at my leisure in the morning for a daily, sufficient dose of their content.

Smalls steps matter in becoming more focused and less easily diverted from path on which the day’s work lies.

Karla Starr at the Seattle Weekly writes another thoughtful piece on music discovery. This time the subject is not too little music to choose from, but too much. She quotes a Google executive who observes that in seven years, every song ever recorded will fit in our collective pocket.

The problem is that with this much choice, we don’t bond to any of those songs - we’re too busy skipping around, wanting to sample the next song, or being overwhelmed with choice such that whatever we do finally choose doesn’t satisfy us. Springsteen said something along these same lines: “57 Channels (and nothin’ on)”. Except now make that 1000 channels and counting. With this sort of abundance, music seems to lose some of its value. I remember when DJs chose music for us: yes, those were the bad old days, but when that one song came on that you’d been waiting for all day, the world was right again. We even called the DJ, asking him to play that one special song.

We’ve heard this theme before, when considering why people aren’t happier than they think they should be. It comes down to too many choices. You make a choice, but can’t help wondering whether some other choice would have been better.

Maybe Ford was onto something when he declared: You can have any color you want - as long as it’s black. And if Pandora really wants to help us discover and bond with new music, maybe it should remove the “Skip” button?

Thanks to Paul Lamere for the pointer.

[tags]music discovery[/tags]

Sean Sheedy has a cool post about the possibility of using Sun Microsystems’s SunSPOT technology with amateur radio APRS technology.

SunSPOT at its simplest looks like this: a processor board that includes a small Java based executive and a 2.4GHz RF link, and a sensor board that includes a couple basic sensors plus some general purpose I/O to interface to external third party devices. The development kit is not cheap ($550 USD), but is comparable in price to what you’d pay for a quality scratch-an-itch kit radio (think Elecraft). The dev kit also comes with all the Java libraries to get started programming.

Pretty cool.

[tags]ham radio, aprs, sunspot, embedded java[/tags]

Start off with a positive account of dealing with Amazon when a shipment went bad. Then, think about ranking the companies whose services you use on a regular basis. The possible ranks are like, dislike, and don’t care.

Amazon goes immediately into the like column, because, well, they’ve never disappointed us once in a decade of regular use. We buy almost all our books on Amazon, and many of those are used (so thanks, again, for not making us go to some other site to by after-market books). When we buy online at Target, we use our Amazon credentials and credit card payment instrument. We’ve even bought electronic gear on Amazon, including laptops.

Developer aside: Then throw in my admiration for the best web services for developers offered by any company, anywhere in their S3, EC2, whitelabel fulfillment, and SimpleDB services. Nobody can kill Amazon in this space, because no one is anywhere near close enough to squeeze off even a single shot. The Amazon CTO is a seer, and whoever came up with the idea of offering these services in the first place is a business god.

Down at the other end of my like column we find simpler services such as Peet’s Coffee and Trader Joe’s grocery stores. Peet’s and Trader Joe’s are the only neighborhood retail businesses I have ever wandered into on opening day and said “We’re glad you are here.” Other firms in this column are outdoor gear purveyor REI, who never quibbles when you return a product that may have gone bad — even years later.

In the don’t care column are the companies and services that must generally work for us, but whose names I cannot remember. There are dozens of them, and we probably interact with them infrequently. We include the category for completeness.

Finally, there are the anti-Amazon firms, who have time after time earned their way into customer antipathy and deep into the dislike column. Earned, in the sense of Marley’s Chain, forged one heavy link at a time. Here we find firms like the landline and wireless telephone companies, health insurance providers (Aetna is our new favorite, with highly-evolved ways of saying “No, that’s not covered”: upon appeal, they just send a copy of the original bill.), some physician’s offices who cannot bill correctly to save their own lives, and ISPs who tamper with packets (think Comcast) and bundle services we don’t want. These companies simply cannot be trusted to do the smart (formerly known as right) thing, yet we are forced to do business with them for lack of either a level playing field or real competition. With companies like these, it’s no wonder we actually root for companies like Google in a spectrum auction. Smart companies give customers no reason to look for love elsewhere, no reason to bolt out of spite and when it may not be in the customer’s best interest.

Amazon gets it, and they’ve earned making it easy to say so.

Jon Udell’s blog post on top IT Conversations podcasts of 2007 introduced me to eventful.com, a site created to aggregate local event information, as well as provide a way for fans or enthusiasts to publish visible demand for specific performers. Eventful is an interesting, useful idea, because it gives the public a way to express demand for a service, rather than just hoping marketing and past performance information results in a future performance of interest.

To take the service for a spin, I created a demand for John McEuen of the Nitty Gritty Dirt Band. Having seen McEuen at Caltech a few years ago, and having sung Will the Circle Be Unbroken with him from the front row, leaves me wanting to see him again.

If you’re in the Bay Area and feel similarly, join me in encouraging John to come play for us again.

With the advent of all things Ajax, Javascript is shaping up to be the new C. Not designed by any means to do everything, but used that way nonetheless, Javascript is on the verge of taking over the desktop client programming world. Especially so given the rising importance of cloud or utility computing, where bits are munged and twiddled on behalf of browsers/users in part on the desktop and in part in a remote datacenter somewhere.

C was born to painlessly port Unix from one machine architecture to another, and in this regard succeeded spectacularly. But it got used not only for OS porting and device driver implementations, but for everything else that needed getting done, right up through windowing systems in X11 to mail delivery systems in sendmail to desktop applications in Netscape. Writers could never figure out if C was high level or low level, like some wave-particle duality. Not that it mattered in practice, of course. It was both — or rather used as both.

The reemergence of Javascript reminds me of the same ‘use it for everything’ phenomenon. C had the advantage of an ANSI standard, prior to the days when language wars were so prevalent (consider the hopelessness of ANSI Java or ANSI Ruby in a world that moves as fast and competitively as ours). I don’t see where Javascript enjoys the same push to standardization, nor would I expect to see it. Of course, porting C application code to multiple platforms has never been easy, ANSI standardization notwithstanding, starting with infamous READMEs that instructed the developer to modify some set of header file #ifdef clauses for effect, depending on the target platform, to running the awe-inspiring almost-AI autoconf-derived ./configure script of modern times (C developers should not chide Java developers about write once, run anywhere, given it took 20 years to evolve autoconf). And of course, Javascript libraries have the now all too familiar browser-vendor checks, which try to route around proprietary “value added” features to find common ground in the big three browsers of today.

Obviously, operating systems will never be written in Javascript, nor device drivers. But as the browser becomes even more central to the web experience via online office apps and such, Javascript will be asked to do more and more, forking children, accruing capabilities, and articulating apps that can only be imagined at this point. And the sandbox model that browsers feature today may become more permissive, more of a virtual machine itself, granting selective access to hardware as needed.

So the more things change the more they stay the same. Where there was once C across multiple platforms, there is now Javascript across multiple browsers. In practice, both seek to do the same thing: make a single application appear uniform across multiple runtime platforms. And all the while alternately rewarding and frustrating the programmer in the search for the Holy Grail of write once, run everywhere.

The first step to recovery from any counterproductive behavior is to admit you have a problem. The bad news is that I have a problem in the area of username/password management. The good news is that my problem is not my fault. The problem is a result of just the way things are.

In my house (can’t tell you where), I have two lists of usernames/passwords for the various accounts that have crept into my life in the last ten years. The first list is somewhat long in the tooth, and is four printed pages. I don’t know why I keep that list around, but I do. It even has a number of yellow stickies on it with account information that found its way onto one. The second list contains account information that is more recent. Printed, this list is five pages long. So I have nine printed pages of account information output. Nine pages. Of course, the recent list is encrypted. Heaven help me if I misplace or forget the passphrase.

Unfortunately, account information proliferation shows few signs of improving soon. Microsoft’s Passport and Sun’s Liberty Alliance (remember these gems from way back?) were supposed to solve this problem, but for various reasons never did.

As for contemporary solutions, it looks like OpenID is gaining notoriety, but I don’t see it on sites that I visit with great regularity: Google’s gmail and Amazon come to mind. Come to think of it, I have never seen an OpenID-supported web site in all my travels. And I like to think I get around. Unfortunately, I don’t think we know much about security exploits against systems like OpenID for the simple fact that the world has no widespread experience with them.

Something’s gotta give in this space. I know I am not the only one keeping passwords in flat files, and mine cannot be the only list that is showing signs of unbounded growth. But specifically what to do about I do not know. But I know I have a problem.

Since its debut and addition to my reading list a few months ago, I have been a follower of Internet Evolution (IE). Bill St. Arnaud introduced me to the list (for grid and cloud computing considerations), and he and the founders have kept me reading.

A picture of the founding and contributing editors is emerging that I can get on board with: a sense of charming contrarianism, or perhaps better yet, a sense of Keepin’ It Real. Many posts are good and informative, but some clearly shine through, beaming the values of the founders. It started with Stephen Saunders’s Tokelau eulogy, seconded by his note on Facebook’s time-sink culture and Web2.0 sites that really matter, compounded by Nicole Ferraro’s irreverent account of how officially difficult it is to speak with the man who invented the web, and wraps recently with a vote for humans over the machine in a piece by Andrew Keen. What I most admire about these posts and authors is that they make thoughtful, sensible points without being mean, without being snarky.

Like a great many knowledge workers, I, too, have dozens of feeds in my bloglines reader that I dutifully read each morning. Internet Evolution is shaping up to be one of the most refreshing. Somewhere in the water at IE is a Mencken-like antidote to the cult thinking that the Internet is all there is to life, that digital relationships trump their wet chemistry counterparts, that the Internet makes us happy, that the Internet fulfills our every need. This from someone who lives on the Internet every day, making a good living thereon, and loves it as much as the next guy. But let’s keep it all in perspective, shall we? The Internet serves us - not the other way around. And thanks to IE for reminding us of it in their small corner of the world.

Next year is beginning to sound like the year of the cloud, here, and here. The industry needs something to talk about, what with VoIP not panning out the way it was expected, and Web2.0 having been talked to death for the last couple years.

I predict moving to the cloud will be more difficult than it appears, as either a) the cloud must manifest very high nines (7, 8, 9 of them) of absolutely flawless availability to avoid having to hire humans to tech-support it, or b) the companies offering cloud services must evolve a culture of high end technical support. After all, the technically-savvy customers moving to the proposed cloud will not tolerate being asked if their computer is plugged in by offshore support[1]. And, of course, DBAs, sysadmins, and skilled engineers will lose their jobs as the cloud craze builds, only for their former managers to find out a year or two later that some of those functions should have been retained. And moving (your) data from one cloud provider to another will be difficult, which is spelled in some quarters as stickiness or lock-in. In other words, while all electricity is the same, not all could utilities’s cycles will be.

So brace yourself: the hyperbole of cloud computing is about to descend upon on us, with all the attendant promises that it is The Next Big Thing.

[1] This is not a knock on offshore support so much as it is on their onshore trainers inserting inane questions into the support script to wear the customer down.

Update 12/18/2007 This is sorta what I’m talking about: I just tried to add a folder to an existing folder within Google Documents, and got this: The server encountered an error. Please try again later. Ok, so Google Docs is free for now, and I got what I paid for. But when they or their competitors start charging for this stuff, I’m gonna want to talk to a human to find out precisely what “later” means.

We have a new Gandalf on our hands here: Jimmy Page at the Led Zeppelin show at the O2 Arena in London some weeks back. God, these guys were, are, great.

…and The North Face can, and did, send me replacement shoestrings for my model AM8N3V2 T246 566292 12-071 hiking shoes that blew out a shoestring on one side. As a highly evolved economy, we have indeed arrived.

In this day and age where Customer Service is the corporate arm tasked, with a smile on its face, with telling customers to go, err, interact with themselves (here and here), I thank TNF for anticipating this situation of a failed lace, and for having a process that can get a new pair sent to me.

While I am grateful for the new laces, which I could not buy at any TNF outlets, nor for which generic laces could be subsituted, it sorta goes to show how low we’ve sunk. Why is customer service that works so conspicuous, when it should be the norm?

Thanks to Valerie at TNF for helping me with this.

[tags]customer service[/tags]

An obviously self-selecting poll of small numbers, but what does it say about the profession when nearly 40% of the respondents on today’s java.net poll say their career would be advanced by doing something other than programming? Is the career path for these individuals broken? Is the work no longer satisfying? Is it the language?

In 20 years of being around software and developers, none of the ones I talked to considered programming as anything other than a chosen field, a labor of love, digital literature, elegance sought and found. So, um, what happened?

The blogosphere is lit up this week with news of the Facebook Beacon ad program. The program enables Facebook advertising partners to send messages to Facebook when that Facebook user visits the partner site. The idea being that knowledge of where that user surfs, and what he does when he gets there, will help Facebook and its partners sell to that user via ad content placed in the Facebook News Feed. Not to mention Facebook serving as a repository that can be mined for information on where you surf, whether the subject shows up in your News Feed or not.

Some users are fighting back with, e.g., Firefox plugins that block Javascript-based network connections to sites of the user’s choice. NoScript is one such plugin, BlockScript is another.

While these are good tools to have around, I am reminded of how wearisome they become, what a drag they represent on the user experience. Drag like trying to combat spam, phishing, and malware with filters and virus scanners in an world with ever-shifting threat models. Sure, you can install one of these tools to keep an eye on what Javascript does when you visit a site, but since Javascript is so widely used now, you get lots of tripwire notices independent of the intent of the attempted connection. So what do you do when you get a rule violation from one of these tools? Disable all communications via Javascript with that site? Sure, you can do that, but in the process, you break, say, a bunch of Ajax eye candy, which can break the experience and/or functionality of using the site.

Facebook is not the first to use Javascript to report surfing action. Google Anayltics uses the same stuff, and it’s everywhere. Facebook just brought this issue to the fore, made users sit up and think about what their browser is telling the world about where you surf, where you mouse-over on the page. And users, while indignant this week, may find themselves eventually worn down by constant tweaking of their Javascript preferences such that they will give up and allow everything.

What would be forthright of Facebook is if they would publish to its individual users precisely which partner sites reported on that user’s surfing activities. The Facebook Privacy page tells us

We built Facebook to make it easy to share information with your friends and people around you. We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information.

So Facebook gives us control over our information. If that is true, then we should know what that information is. I cannot find where in my Facebook profile there exists a summary page that states what information about my surfing habits was transmitted to Facebook on behalf of an advertisting partner. From this I conclude that such information is not my information, otherwise I would be able to control it, per the Privacy Statement. That information, of which I am the subject, must therefore belong to someone else.

So, yes, I will be installing NoScript and will be trying at the very least to learn what Javascript network monitoring feels like from the user perspective. It means using the plain HTML version of Gmail, which I’m fine with. But it also means I just broke Google Calendar. See?

Update: 12/12/2007 After a month of using NoScript to control which sites are accessible via JavaScript calls, I can actually say that the overhead associated with its use is not particularly onerous. What I’d like to see from NoScript is a TTL or expiration on sites that are termporarily allowed. With such a timeout, temporary entries would age out and not remain active for long periods of time.

[tags]gmail,google calendar,facebook,beacon,privacy[/tags]

Unfortunately, I missed this big news a couple weeks back: Grails has gone 1.0 RC1. Congratulations to Graeme Rocher and the entire Grails community for this major milestone. I’ve experimented with Grails and have kept up with the platform’s progress for the last 18months or so. And getting to 1.0 has been a long, hard slog.

Grails is what allows you to leverage that giant portion of your abilities that is deeply invested in Java web app technology, but while operating in an efficient, sensible, and pleasant Groovy scripting mode. And it’s what will allow a lot of developers to remain in the Java ecosystem, instead of turning, for some good reasons, to RoR.

For this Grails alternative, and a quantum of taming the Java web app development process, we owe Graeme and the team a healthy dose of gratitude.

Nice job, all.

[tags]grails,groovy[/tags]

Oscar Celma and Paul Lamere have put together a worthwhile set of slides on the art and science of music recommendation. The slides speak to two important themes as it relates to music in our lives: how to find new music for your own listening enjoyment, and how “Music 2.0″ commercial plays can help you find the same.

These slides are full of fascinating data and observations, but close with perhaps its most compelling: music discovery is in its pre-Google stage. Much work remains to be done, and, like Google’s ascendance, some winner is waiting to take a huge slice of this business.

[tags]music recommendation,music similarity[/tags]

By now we’ve all heard that Google has unveiled plans for OpenSocial, a common set of APIs for social networks designed to challenge Facebook. Reminds one of the promise of Java: write once, run anywhere, followed by the same taking over the world, both on the desktop and on the backend. Remember for years that Java was instead chided as write once, debug everywhere. And while news releases like this keep bloggers everywhere breathless, write once, run anywhere is more difficult than it sounds. It could take years to get this right, if there is even a right answer in all this, for the reality to match the hype. And while OpenSocial will be fascinating to watch unfold, if it does at all, this game has not so much as started.

And it’s an odd twist of events that these social networks are being termed the web OS of our time, what with applications running on them. I’m not sure how much of this I hope is true. What are all those MIPS on our desktop for again?? Shouldn’t we expect more than running our apps on someone else’s platform? Isn’t this what we did back in the days of … hold on… here it comes… the mainframe? I thought we outgrew all that, what with our 575M PCs, and within three years, 1.3B PCs. At 2GHz per, that’s, like, a single 10^18Hz machine doing, what, again? Updating our collective Facebook status? Who would have thought that this is what would come to be understood as the great intelligence at the edge.

[tags]opensocial,social networks[/tags]

Every once in a while you run across a song that works at every level every bit as well as something like Hanson’s MMMBob (c’mon, music snobs, you know you love it). And I found one: Cornershop’s 1997 Brimful of Asha, while building a Pandora station around Fatboy Slim’s work.

What a contagious, kicky beat, every bit the equal of our very best pop songs. Check it out, beat a hasty path to the YouTube video.

[tags]cornershop,fatboy slim,pandora[/tags]

Rather than believing we operate on a plan of some sort, how much more interesting are the stories of our lives when we consider how delightfully serendipitous it all is. I’ve had few plans in life, preferring to generally go where it takes me and enjoy the ride, and where planning not to plan is planning nonetheless.

What would my life have been had I not pursued an old friend in high school as a girlfriend? Result: in the course of the pursuit, I met my better half (not the same girl), which made my very good life exactly what it is today.

What would my life have been had I not taken Prof. Schraeder’s Astronomy class in 1981 — where I sat in large lecture hall row three one day and was struck by the thunderbolt that I wanted to study physics. Result: Ph.D. physics, 1991.

And so on. This is adult amusement in the highest sense of those words, these ruminations on chance and events.

Which brings me to the modern US credit card economy and card payments. Every now and then I return to a dog-and-Victrola wonderment of how money and value move in the economy, of how important it is to our way of life that value and capital are easily available and that its movement during transactions finds low impedance along the way. Unafraid of a cliche when one is entirely appropriate, credit cards are part of the fabric of modern life. Who can remember life before them?

Indeed, but it was not always the case, and could have turned out far different than it has. Consider this from Ronald J. Mann’s worthwhile work on the credit card industry, Charging Ahead: The Growth and Regulation of Payment Card Markets around the World:

"...the most careful student of that period [early 1950s] has concluded that even the major issuers would have left the field if they had acted rationally. Working with access to the archives of Bank of America and Chase Manhattan, Timothy Wolters provides a fascinating case study of the Bank of America's decision to maintain its committment to the product that ultimately became Visa only because of a faulty accounting process that did not make decision makers aware of the true costs of the program."

What became Visa International was allowed to evolve because of an accounting mistake.

Moving money matters. In this case, how it moves - the result of an accounting mistake. Delightful, and, of course, ironic, giving new meaning to the hackneyed “Mistakes were made”. This of course is not to say that had this mistake not been made, card payments would not exist. But is there any reasonable doubt that it would not have turned out the way it did, and when? No, there is no reasonable doubt. The alternative outcome is vectoring off in some parallel universe, unreachable from here.

So the lesson is sort of clear: as much as we plan and plot, time and chance happeneth to them all (Ecclesiastes Chapter 9 Verse 11). And I wouldn’t have it any other way.

[tags]payments,credit card,card payments[/tags]

Thank high heaven for alternative radio, in this case Berkeley’s kpfa.org and its Tuesday morning messenger of great music, Victoria Z. Without stations like kpfa, it would be that much more difficult (it’s already a challenge) to find new, good, un-manufactured music.

While driving into town one day, tuned to Victoria’s show, I heard my first Balkan Beat Box number. And I actively liked it. Turn this up, because BBB is onto something. Tomorrow night in SF: the band live — and we’ll be there.

Have a listen, from Victoria’s show, and see if you become a new fan.

[tags]balkan beat box, victoria z, kpfa, playlist sharing,itunes[/tags]

My latest coincidence with identify theft and data security: we just received a letter from TD Ameritrade CEO Joe Moglia that torturously begins:

Dear Mark Petrovic,

While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain information stored in our databases, including email addresses, to be retrieved by an external source. Your information is currently included as part of our database either because you are a former client or because you had in the past applied for an account at TD AMERITRADE.

My first question is: What is unauthorized code and what does it mean to remove it? Is this a synonym for “software”, as in lines-of-code? Sounds like unauthorized code means “Trojan Horse” or virus, as the letter goes onto say that the unauthorized code was able to bypass detection by our anti-virus software and other protective systems. All reads: Windows-based financial services shop gets hacked.

My second question is: What is an external source?

What this opening paragraph says is that information about me was stolen from TD Ameritrade.

It seems sort of peculiar that the breach the letter describes was discovered while investigating (read: operating diligently on my behalf, followed by posterior-covering) the “industry-wide” (read: it’s not just us getting hacked) investment-related SPAM. One can run across network access anomalies in a lot of different ways, but specifically while investigating spam seems an odd, overly-specific segue into the disclosure of data theft. I doubt the discovery was made while investigating spam, which is sort of like saying we discovered it while thinking about email. But no matter. More information about me is now in the wild.

The letter closes with an assurance that ID Analytics, the firm brought in to assess damage, found no evidence of identity theft. And that I should keep a close eye on my credit activity. To which I can only say: thanks a lot — and no kidding.

So in December 2005, I received a similar letter from ABN-AMRO stating that tapes had been lost by DHL (read: finger pointing), the courier service, that contained my personal data. A few months ago, I received a similar letter from IBM HR - that is, that tapes with my data on them had been lost. And now TD Ameritrade steps up with this latest bit of bad news.

It’s become a full time job keeping up with who’s lost the information on my household that I entrusted to them.

[tags]td ameritrade, identify theft, data loss[/tags]

Google has released web based presentation software that sits alongside its existing Google Documents. Glad to see it, as their lightweight web offering easily meets the need of many a document.

And while I have a number of Google Documents associated with my account, unfortunately I can no longer access any of them. Under Ubuntu/Drake and Firefox 2.0.0.7 (and Firefox 1.5), the user interface is pretty, but otherwise dead to the touch. The Documents app responds to no mouse or keyboard gesture I offer it, and it’s been this way for months. Before Google Documents migrated to their prettier UI some months back, I could create and edit documents with no problem whatsoever. Not so now, and no clue why.

I’d troubleshoot the issue, if I only knew how. I posted a note to the Google Docs user group, but to no avail. And nothing unusual appears on the console on which Firefox was invoked when I attempt to interact with the app. Beyond that, I don’t know how to make this thing work. Too bad.

Update: 12/11/2007 Google Docs under Firefox in Linux is now working for me, magically. No idea why, but what the hey.

[tags]google documents,google presentations,writely[/tags]

Strangely enough, versionability is an issue with NetBeans, even in its current highly evolved state. By versionability we mean the ability to tar, zip, or VCS a NetBeans project and send it to another developer for them to work on. This is difficult because project libraries are created by using the hardcoded paths to the various jar files that make up the library.

So when I create library ALibrary containing /home/petrovic/projects/MyProject/foo.jar, followed by packaging the project to send to a coworker, the coworker finds the library jar missing because /home/petrovic/projects/MyProject/lib does not exist on their machine. It would be much better if NetBeans were to use a path relative to the project root for specifying project resources. afaik, neither Eclipse or Intellij suffer from this problem of paths absolutely rooted in the file system.

Without the ability to export NB projects and use them out of the box on another machine, it’s no wonder we still cling to writing our own project Ant build script, and instruct NB to use it. This gives you the control you need over where project resources are located. But then again, writing yet another complex Ant build script is the last thing we want to do.

[tags]netbeans[/tags]

In case the NetBeans5.5 FAQ for a missing Subversion client is not clear enough, the -J-Dsubversion.path command line argument goes in /Users/yourUserName/NetBeans/NetBeans.app/Contents/Resources/NetBeans/etc/netbeans.conf like so:

netbeans_default_options="-J-Xms32m -J-Xmx128m -J-XX:PermSize=32m -J-XX:MaxPermSize=160m -J-Xverify:none -J-Dapple.la f.useScreenMenuBar=true -J-Dsubversion.path=/sw/bin"

where you can see the explicit path to the Subversion binary in the last component.

[tags]netbeans svn,svn,netbeans[/tags]

I got on a Spring+Hibernate bender recently, determined to learn a few new things about declarative transaction management and annotating entity classes using Hibernate Annotations. In the course of this work, one needs a database, and the one I’m using is embedded HSQL and happens to contain about 1M records. To populate it I elected to use Spring’s JdbcTemplate helper class.

A few minutes into the population of the database, the JVM would issue an OutofMemoryError. Hours of debugging ensued, as I made certain that my code was not holding onto references that should have been garbage-collected.

I finally accepted the fact that a heap profile was in order, so I set -XX:+HeapDumpOnOutOfMemoryError on the JVM command line. The app harness is a Jetty webapp, so the application invocation goes like this:

$ java -XX:+HeapDumpOnOutOfMemoryError -jar start.jar

When the app died for lack of memory, it wrote java_pidXXX.hprof to the current working directory. JDK6 now bundles jhat, a heap analysis tool for just this sort of occasion:

$ jdk/jdk1.6.0/bin/jhat -port 1960 -J-mx512m tmp/java_pid13056.hprof

which after considerable crunching, starts a web server on port 1960 with the results of the analysis. Toward the bottom of the output, one finds “Show instance counts for all classes (excluding platform)”, whereupon I was presented with something like 500,000 held-references to org.hsqldb.MemoryNode and org.hsqldb.Row. This was for HsqlDb v1.8.0.7, using cached tables. I’m not an expert at reading this hprof output, but from the looks of it, those two classes hold references to each other that neither releases.

So I swapped HsqlDb out and the latest Apache Derby in, and the database loads fine. I can even see in the JVM profiler output (http://www.yourkit.com) how allocated heap memory now stays within safe boundaries.

It was a good exercise tracking down this memory issue, and good that another tool could be added to the set: jhat.

Update: A user in the know on the HsqlDb forum indicated that for cached tables, this OOM error should not obtain. By using jdbc:hsqldb:data/qsodb;hsqldb.default_table_type=cached for the JDBC connection URL, I was able to confirm his assertion. Setting what I thought was the equivalent property in the Hibernate sessionFactory properties hibernate.connection.hsqldb.default_table_type=cached did not have the same effect, at least not at the time the app needed it. All these tests can be verified by examining the HsqlDb properties file theDb.properties after the app starts up.

[tags]hsqldb,derby,spring,hibernate,jhat[/tags]

Driven by the rewards of a fresh, unorthodox presentation of the basic physics of radio, I reread Paul Nahin’s The Science of Radio a couple months ago. Both readings left me wondering what lay in Nahin’s references to radio’s early technological and commercial development. I’ve just finished reading two of those references, driven by nagging curiosity and, gradually, an emerging sense that by examining radio’s history we might better understand the Internet’s future, particularly the American Internet.

Both books are the work of Susan J. Douglas :   Inventing American Broadcasting: 1899-1922 and Listening In: Radio and American Imagination

I was working in the Operations end of the Internet industry in the mid 1990’s, during the fast paced, glorious uptake years of Internet services. When — imagine — you had to tell people how to get an email address, and when WinSock was part of the vocabulary. There was a sense in those days that “we were in charge now”. We, or us, used in the Cluetrain Manifesto sense, and meaning the network’s users, vs. them, meaning both the network owners and the government. Not long before, crypto pioneers had shown what was possible with public key cryptography and symmetric key exchange, followed by Netscape actually doing something with it — SSL-enabled ecommerce. We were going to ride this network with encrypted bits for as long as we liked, buying and selling widgets over it for as long as we liked, and speaking end to end in complete privacy for as long as we liked.

This Internet was ours, and it belonged to us because we thought it did, because we thought it should. But all we had were compilers and a few cheap computers. What we lacked was experience with how to hold onto the network we thought we had. And it turned out this Internet was not ours after all.

In a decade, we have seen the Telecommunications Act of 1996 essentially repealed. Seen hundreds, possibly thousands, of small ISPs either vanished or bought by a handful of larger concerns. Seen federal regulatory commissions essentially pick winners — big winners. Seen p2p go from a legitimate hope to something on the verge of demonized. Seen law enforcement ask for the same — and then some — eavesdropping backdoors they enjoy on the legacy telephone network. Seen the near certain death of any VoIP application touching the network. Seen it become commonplace for downstream bitrates to be 10x upstream, because the network owners believe our consuming content is more important than producing it. If we are in charge now, it is a bit hard to tell. Someone tell me when we are losing, because this winning is rather painful.

So what is left to us is the all the excitement of, what, Facebook? Of Twitter? As a friend notes, email and the web are out of the bottle, and cannot be put back without users taking to the streets. But that is where new features likely stop, because we don’t own this network and new features threaten those who do.

Radio, with its hundred year history, has lessons for us. Interspersed between Marconi’s 1899, the Titanic’s 1912, and World War I’s 1918, there was hope that radio would spread democracy, educate the masses, and serve as a vehicle for personal communication. By 1922, this hope had to be abandoned, marked by the Navy’s adoption of wireless, the dawn of federal regulation, and the rise of RCA and AT&T as corporate communications symbols. Turn the radio on today and see if you can discern what’s left of those hopes for this revolutionary technology.

The Internet is the late 20th century’s radio, a drawn parallel that is, I think, quite generous to the Internet. The models for co-opting the Internet from someth