girtby.net

So you’re watching a new TV show and you’re hooked. It’s clever, the characters are believable, the dialog is witty, the cinematography is inspired, the direction is tight and the plot is engaging. You want to see more. You’re in love. With a TV show.

Continue reading...

Specialised web forums are commonplace these days. They cover the entirety of the long tail, and are therefore indispensable for discussing obscure, and not-so-obscure, topics.

These days I wouldn’t consider making any serious purchase without at least a brief consulation of the relevant web forum. Technical problems with just about anything can usually be resolved with a well-crafted search through the appropriate forum. Put simply, the web forum is the basic unit of online community these days.

But despite their ubiquity and obvious utility they remain frustratingly limited in lots of ways. In this post I vent some of these frustrations.

Continue reading...

I generally agree unequivocally with Bruce Schneier, but his recent column on vendor lock-in has me wanting to take issue with some of his points.

Vendor lock-in is real, but the example he gives of the iPhone is not a very good one. Why? Because it’s easy to switch: you call up the carrier (AT&T in this case) and say “I don’t like my iPhone, it’s too sleek and good looking and it’s user interface is too elegant. Instead I’d like to subject myself to some nonsense from the traditional handset vendors.” To which the AT&T person says “sure, we’ll charge you $X and ship out a new handset. When it arrives, just activate and transfer your contacts.” Bingo, you’re off the iPhone.

[Update: Andrew points out in comments that the 24-month contract may impede switching in this manner. I don’t know the details, but I’d be surprised if it was impossible to switch away from the iPhone, merely expensive. This is, to my mind anyway, not sufficient to justify the term “vendor lock-in”, but I suppose that depends on your definition. My definition is below.]

In Australia we have number portability which means that I can generally switch handset or carrier without too much fuss. I’m not sure about the situation in the US, but as illustrated above you are still free to switch handsets while keeping the same carrier. So if there’s lock-in at play here, it’s lock-in to AT&T, not the iPhone.

So what is vendor lock-in anyway? I would define it as the presence of constraints on a given product or service that are imposed by the vendor and which prevent you from switching to a different product. These constraints may take the form of missing features which would enable a switch, or of usage constraints imposed by licensing, or both. Either way there has been an explicit decision — technical or policy — by the vendor which prevents switching to a competitive product. Hence the term is a mild pejorative.

It’s a slightly confusing term because it applies to a product or service, and not to the vendor. So it’s quite possible for product X to exhibit vendor lock-in, but not product Y from the same vendor. “Vendor-imposed lock-in” might be a better term.

Note that there is an implicit assumption that the features and capabilities of the product in question are available elsewhere in the marketplace. In other words, there exists an equivalent product to switch to. This assumption does not always hold, and sometimes you may find yourself unable to switch to a different product, simply because there are no other products on the market with a given capability or feature. This does not, by my definition anyway, constitute vendor lock-in, because the inability to switch does not arise as a result of a decision from the vendor.

Does the lack of an SDK constitute vendor lock-in for the iPhone, as claimed by Schneier? Well, does the lack of this feature prevent switching to a different product? No, of course it doesn’t, as illustrated above.

In fact, it is the presence of an SDK which constitutes vendor lock-in, of a sort. Third-party applications written to the iPhone cannot, by definition, be easily be ported to other mobile platforms. If you suddenly decide you don’t like your iPhone any more, but have hundreds of third-party applications installed, you have a problem.

This problem is common to all computing platforms; vendor lock-in is a necessary consequence of all vendor-controlled SDKs and APIs.

Incidentally the delay in making an iPhone SDK available can quite easily be explained by the technical challenges involved, and does not neccesarily imply any policy decision by Apple to deliberately lock out third-party developers. Producing an SDK of any quality is a hard task, and the instant it is released it has to be supported for the life of the product. As Charles Miller puts it, “third party apps are for life, not just for Christmas”. It is quite understandable that Apple would make sure their SDK is just right before committing to it.

But where does the “no SDK == lock-in” idea come from anyway? I suspect that it arises from the expectation that we are able to install third-party applications on the iPhone. Where does the expectation come from? It comes from the disclosed fact that the iPhone runs OS X. If Apple had not divulged this fact, or if the iPhone ran some un-named OS — as is the case for all classic iPods, for example — there would be no expectation of third-party applications. It is for this reason no one is claiming that the lack of an iPod SDK exhibits vendor lock-in.

However, Schneier claims that there is* vendor lock-in on the iPod, due to the fact that “music purchased from Apple for your iPod won’t work on other brands of music players”. This is misleading; it is quite possible to purchase DRM-free music from Apple for the iPod and other players. Again, he’s incorrectly identified the source of the vendor lock-in, which in this case is *certain music from the iTunes Store and not the iPod.

To reiterate, vendor lock-in is real and is important. It is contrary to the idea of Free Data and deserves to be more widely discussed. However, let’s first understand what we are talking about, so that we can think critically.

I’m still in holiday mode and have not spent much time online studying the reaction to the idiotic mandatory filtering proposals from the new Rudd government, but I expect this editorial published in the Australian is mostly representative. I disagree with none of it.

However I just can’t help passing further comment, mainly because there is a lengthy discussion in the previously-mentioned Lessig book which outlines what I would consider an acceptable regulatory framework for controlling access to content online. So please feel free to peruse it for yourself (the section titled “Regulating Net-Porn” in particular), but it might be summarised as requiring publishers to rate their content in accordance with pre-existing legal standards (eg a “harmful to minors” HTML tag), which would in turn create a market for end-user filtering technology.

But instead of this, what are we getting? Mandatory (but perhaps a per-customer ‘opt-out’ ability) filtering of some vaguely defined standard using not-at-all defined technology and with not-at-all defined procedures for redress of inappropriate filtering. Just like the internet connection at work, in other words.

The point that strikes me upon reading Lessig’s book is that *if* filtering is to be performed (and I reiterate the point that I am not against it) it is better that it be performed by the government, in accordance with acknowledged moral standards, with process transparency and accountability. None of these are guaranteed (nor likely) if private interests are involved in filtering our content. As Lessig says:

It has taken key civil rights organizations too long to recognize this private threat to free-speech values. The tradition of civil rights is focused directly on government action alone. I would be the last to say that there’s not great danger from government misbehavior. But there is also danger to free speech from private misbehavior.

But in handing the filtering problem to the ISPs, the government is effectively absolving themselves of the responsibility to implement it as intended. ISPs will of course implement the content filtering using the cheapest solution they can find, even if the false-positive rate is 99.5%.

On the other hand they could require the ISPs to block sites on ACMA’s blacklist. And we all know how well that will work, right kids? But the point is that at least with ACMA you have some recourse.

I think that requiring government accountability is the key to ensuring an acceptable outcome. If they are serious about the problem of content finding an inappropriate audience, lets see them own that problem, not just outsource it to the ISPs and hope for the best.

Why do some Windows users hate iTunes so much?

I can’t understand it myself. I think a lot of the angst directed towards iTunes is misguided. Or misinformed. Or overstated. Or just a matter of taste. Hear me out.

Continue reading...

Some timely and sensible comments from Peter Marks on Radio National breakfast this morning, concerning the 2Clix / Whirlpool stoush. He made the point that the best way for companies to respond to adverse criticism online is simply to engage in a discussion.

I can vouch for this based on experience here on this blog; long-time readers will recall the response I got when I called a certain company “wankers”. A representative argued his case, and although I didn’t agree with him, nor change my mind about their product, it was certainly the best possible way for them to respond. See also the response I got from Internode’s CEO when I mentioned their service.

One other point I would make while we’re dispensing advice to companies trying to deal with online criticism. You should not only try to understand why your customers are upset, but also why they feel that public forums are appropriate for their grievances. It could be that they have tried and failed to contact you in some other way, and that the public forum is (or is viewed as) the only remaining option to air their grievance.

I shall illustrate this with a recent example, coincidentally also serving to air a grievance of my own. Case in point: flowers.com.au

Yesterday I went to their eponymous site and attempted to order a bunch of flowers. Having ordered from flowers.com.au once before, I was expecting a smooth experience. And it was, up until the point that I entered my credit card information and hit the submit button. The response was this:

Server Error in ‘/’ Application.

Object variable or With block variable not set.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object variable or With block variable not set.

… and so on, including detailed instructions on how to enable debug mode, and the stack trace showing some of the inner workings of their Visual Basic website.

Now because this error happened when processing my credit card details, I’m especially concerned. Did my card get charged? If so, did the order go through? In many years of shopping online I can’t remember ever encountering a failure such as this one; generally e-commerce sites make damn sure that their payment system is working 24-7. So I’m a bit surprised as well as confused. This is pretty much the worst way for the website to fail, for all concerned.

But no worries, the rest of their website is working, so I’m able to look up their contact details. They have a phone and an actual email address (as opposed to one of those horrible “email” web forms). I don’t want to phone because I don’t want to have to read out that horrible error message. It’s easier and more convenient for me to copy’n’paste the error message into an email.

The response? None so far.

Fail to complete a credit card transaction, and then fail to respond to queries about it? I think that’s enough to earn the “wanker” title. So: flowers.com.au, you are wankers.

So the question is: what do I do next? In truth, completing the transaction is no longer my priority. Even if I did get them ordered, the flowers are never going to arrive in time, so I need to make alternative arrangements anyway. And I also need to verify through my bank that the transaction was not completed. And that’s before I make any other attempts to contact the merchant. So at this point I get a far higher return on effort by posting publicly about my experience. At least that’s my perception. And I suspect many people who post negative experiences online do so because they have the same perception.

Even if I’m wrong about this, it would still seem to be prudent for companies to understand more about their customers motivations in posting grievances publicly. And not suing, obviously.

And now, another definition deathmatch!

Attention English-speaking people of Earth. Your use of the word “resolution” in the context of display technology has been confusing and infuriating us for some time now.

There are at least two common meanings. One refers to the absolute number of pixels in both the horizontal and vertical dimensions. The other refers to the pixel density, and is expressed in number of pixels per unit length, usually inches.

Can we please decide once and for all which one it is? Does the iPhone have a low resolution display at 320x480, or a high resolution display at 160 PPI?

I’m going to suggest that the first definition (that is, the horizontal and vertical pixel count) is more commonly-used and also has no convenient alternatives. Hence this should be the official definition of resolution. On the other hand, the term “pixel density” is a mostly reasonable substitute for resolution when this meaning is intended.

So what is often talked about as “resolution independence” isn’t really. Apart from various oddities in Windows, most graphical interfaces have been independent of the number of pixels on the screen for some time now. Instead what is meant is more accurately described by the slightly ungainly phrase pixel density independence.

And that is a topic for next time…

A recurring source of amusement is the number of sports whose followers all claim ownership to the term “football”. Wikipedia lumps them all together in one big, NPOV, article. As if they all had a legitimate claim to being called football. Naturally such neutrality will not stand.

I propose that one of these sports be selected and standardised by, I dunno, ISO or someone as the sport entitled to be called football. The rest of them will have to change their names.

The criteria by which sports shall be judged are: a) whether the foot contacts the ball with any kind of regularity during the normal course of the game, and b) how widespread the game is played around the world.

Let’s look at the candidates shall we?

First off there’s soccer. Played by just about every nation in the world. The foot contacts the ball often, the rest of the body rarely. It’s a pretty strong candidate, you have to admit.

There’s American football, a.k.a. Gridiron. Wikipedia tells me there is a Canadian Football as well, and as you can see from about 5 seconds at glancing at the pictures in the comparison article, you can see that Canadian football is played in three dimensions, whereas American football is only played in two. But in neither of these games do feet actually contact ball in any significant way. And only played in two countries, oh dear.

Of course, there’s Australian rules football which, as you know, I am a bit of a fan of. Played in parts of one country, but at least boot hits ball fairly often. They have a strange hand-ball rule too but that shouldn’t rule out a claim to being called “football”. Still, not a strong candidate.

What else? Rugby league. This is the other Australian football, besides Australian rules. Or the other other Australian football if you count soccer (which as you may have gleaned already, I do). Anyway it’s played in England, Australia, NZ and France by those too dumb to get into a Rugby Union team. Oops, did I say that last bit out loud? Not widespread, and very little foot-ball contact unless you count their silly play-the-ball move, which I dont.

I don’t really think anyone still calls rugby union “football” but I suppose there must be some. Ironically the ball is kicked a lot more in union than in league, so if either of these is to be called football, it should be rugby union. Not as widespread as soccer, but then again what is? 20 nations competing at the world cup though, not too bad.

Gaelic football. It is the Irish version of Australian rules football. And its claim to being called football is just as weak.

So there you have it. And the winner is …

Soccer, obviously.

The ISO should now deprecate the term “soccer” as it is obviously redundant.

I will now listen to your proposals for new names for each of the other codes.

So I’m reading a published standards document. For various reasons I don’t want to say which one, but suffice it to say that it’s published by a reputable standards body and also ratified by ANSI. This particular document is dated 2006.

The document describes a binary message exchange protocol, which they rather confusingly call an API. In this document there are, from what I can see anyway, at least two major flaws which just leave me breathless.

Firstly, it specifies that character strings are to encoded as “8-bit ASCII”. Let’s leave aside the mild contradiction (ASCII is 7-bit) for now. Seriously: who really thinks ASCII is good enough for human-readable character strings any more? Anyone?

Note that this is a predominately binary protocol, and the use of ASCII strings is fairly limited. It’s not immediately obvious that the ASCII strings are intended for humans, except for the fact that, well, everything else is encoded in binary. And, from the context of this particular protocol, it’s pretty obvious that it is carrying human-readable content.

So again: why the caveman protocol? Maybe they never heard of this new-fangled thing called Unicode?

The second major flaw is even more flabbergasting. It’s about security.

There is none.

Again without going into too much detail, this is a protocol which performs a pretty crucial business function. The standard specifies a (IANA-assigned) TCP port to listen on, and how the respective hosts should initiate/terminate connections to/from this port. It goes into the handshake that is initiated after the transport layer connection is made, but says absolutely nothing about securing these connections. There is literally no authentication of either end, and like I said this is a pretty crucial business function.

Now in fairness this protocol is likely to be used only in fairly locked-down networks. But they sound like famous last words to me…

Take a look at this comparison of server operating systems from mon.itor.us. What does it tell you?

To me, this data is almost entirely useless.

First off, I’m annoyed by the use of the term “uptime” here. To me, uptime is a measure of time. Specifically, the length of time for which a given server is “up”. Wikipedia backs me up here. Netcraft measure uptime. What these folks seem to be measuring is availability: the percentage probability that the server will respond at any given instant.

So after getting over that, what to make of the information from mon.itor.us? Well they quite correctly acknowledge that the OS is only one of many factors determining uptime. However they haven’t isolated any of the other factors.

They have assumed that the quality of hosting ISP, and hence network connectivity, will be constant across all operating systems. However this is not at all obvious to me; instead I would imagine that different hosting companies will prefer one OS over another, hence the distribution will not be even.

A possibly more important factor in determining availability of the server as a whole is the web application itself. The simple static page sites are intrinsicly less complex, and hence more reliable than highly interactive database-driven web applications. Again it is assumed that the distribution of these different types of sites is constant for all operating systems, and again it is not obvious to me that this holds.

The primary conclusion they draw from this survey is that Linux is more reliable than Windows. This seems like a bit of a long bow to draw, especially given some significant WTFs in the data. 6.4% of the sites ran Minix? Really? This seems entirely counterintuitive to me. Not dissing Minix or anything, but is it really more prevalent out there than Solaris? Also, Minix really has a lower availability than Windows? How is this possible, given that the former is explicitly designed for resilience and reliability, and the latter is famous for instability?

In short, it looks like this data is worth what you paid for it, and it probably means whatever you want it to mean.

Question #24 in the otherwise quite reasonable C/C++ programming quiz at Cprogramming.com is as follows:

C is to C++ as 1 is to

a) What the heck?
b) 2
c) 10

I think I have a new favourite interview question.

Anyway, have a guess what they give as an answer.

That’s right, b).

Apparently they think C is almost a strict subset of C++, in exactly the same way that 1 is almost a strict subset of 2.

I read that the ICANN has yet again had to fend off an attempt to set up a .xxx gTLD.

As a parent I am keenly interested in protecting my children’s actions online and often discuss with my SO how to manage their access when they start to reach the age when they spend more time online. Although I am far more worried about them exposing their own identities, than about being exposed to others, the latter is still a concern. There are certainly sites out there that I cannot now un-see, however much I wish I could. No doubt these sites and others will cause confusion, anxiety, and harm to tender intellects.

Like a lot of parenting, I expect there will be a fair bit of playing by ear. So when the time comes I expect it will involve some combination of: close supervision; logging and blocking proxy servers; whitelisting and blacklisting; an implicit understanding of Bayes’ theorem and the potential for false positives and negatives; some serious conversations and constant reassurance; and lastly acceptance of the fact that I’m ultimately not going to be able to stop a determined and curious teenager from finding what they want online.

Exactly what criteria I use to categorise a given site as unsuitable is still undecided. I expect to outsource to some suitably liberal classification agency of some sort. All I want, at least initially, is to block the worst material from accidental discovery, and log any access to only mildly dodgy stuff.

Anyway I can tell you right now who I wont be outsourcing this stuff to, and that is the government. Either my own government, or the US government, I have no reason to believe they will provide classifications that are compatible with my wishes. The various proposals to set up a .xxx domain also fall into the category of government-based classification, even if it is through an unwilling ICANN.

The arguments against using the gTLDs as a classification scheme are eloquently set out in RFC 3675 and there’s not much more I can add, except to ponder why PICS has languished for so long. A .xxx gTLD would be a juggernaut of laws and regulations, and a magnet for protracted legal disputes. Why can’t we just save ourselves the effort and instead do whatever it takes to get PICS off the ground? Or at least look at the business case?

I don’t know whether the folks from ICM Registry — responsible for the most recent .xxx proposal — included in their submission an assessment of PICS. Given that a technical solution to the problem of site classification is available, one would have to wonder why it is apparently not suitable for ICM Registry? The onus is on them to explain why that technical solution is not appropriate, and this one is.

Because it seems to me that the .xxx domains are simply proposals to solve a small set classification requirements with a specific technical solution, where a different solution to a larger set of requirements already exists. From a systems engineering point of view at least, it makes no sense.

Not that stops folks like ICM Registry who stand to make a ton of money in the short term, registering all those new domains. Sorry guys, looks like you’ll have to try a different sales pitch.

Here are some pretty banal observations on the Hicks case that are probably best kept to myself, but I’ll inflict them upon you anyway.

Miranda Devine (yes, sorry) reckons that Hicks supporters thought he was innocent. Maybe some of them did. But the rest of us were just interested in the process of a fair trial. You know, justice and all that.

What if he had pleaded not guilty? Would that have made a difference? Of course not. Unlike us, Hicks is not is a position to take a stand against the kangaroo court that judges him. He has little choice but to enter a plea of some sort. Why a guilty plea then? Only he knows what his reasons where, but it seems to me like a decision based in pure pragmatism.

The point I want to make is that it is not up to the accused to legitimise the actions of the court. Either the process of law conforms to some accepted overarching legal principles, and is legitimate. Or it doesn’t, and it isn’t. The US Military Commissions fall into the latter category for many violations of basic legal principles.

Not enough has been made in the press of the fact that the charge of Providing Material Support for Terrorism didn’t exist prior to 2006 and yet is being applied retrospectively to Hicks’ actions in 2001.

Peter Vickery explains some of the sorry history of so-called ex post facto laws, noting particularly that our Prime Minister condemned them outright in 2004 (thanks Matt for the pointer).

It is frankly baffling to me why this fact would not be widely recognised. For starters it’s not a obscure legal principle like hearsay. Nor is this a principle that invites slippery-slope, shades-of-grey, ticking-time bomb analogies. It’s pretty clear to even a 4 year old that retrospective rules are fundamentally unjust.

Australians should also be reminded of another anti-terror case which was prosecuted on the basis of retrospective law. In 2004 Indonesia’s Constitutional Court, to its credit, found that such a law was being used to prosecute Abu Bakar Bashir for the 2002 Bali bombings, and promptly overturned his conviction.

Obviously the Hicks case is vastly different and I’m not suggesting that Hicks’ conviction would be overturned in similar circumstances.

However it does seem obvious from recent events that the constitutional protections against retrospective law in both the US and Indonesia have proven extremely important in recent times. And Wikipedia tells me that we already have had retrospective legislation applied in this country (though admittedly not for criminal law). So I say we should amend our constitution to prevent this kind of travesty interfering with our legal system. Who’s with me?

On a whim I logged into my Yahoo account today. I hardly ever use it any more, but I’m glad I did, because it told me there was 45 email messages waiting.

This is odd, because I had long ago told Yahoo to forward all my mail to Gmail. It had been working up until recently but I hadn’t noticed. Apparently Yahoo decided to disable this without telling me.

Disabling the mail forwarding might have coincided with the introduction of Yahoo’s new mail interface (is “client” the right word? probably not).

Anyway I click past the introductory flash movie, into the new mail interface, and click to the “POP and forwarding” options only to be told “you need to use the old interface for this setting!”

Fortunately there is an easy to find “switch back” link, but before switching back it asks “would you like to leave feedback?” I decide that, yes, I would like to tell Yahoo that silently disabling the mail forwarding option was annoying and bad.

The feedback links takes me to survey.mail.yahoo.com which, as of right now, cannot be resolved in DNS!

And that, as you may have guessed, took the whole experience over the bloggable threshold.

I want to like Yahoo, really I do. They have some good people, and good, innovative, services. From a brief play, the new Yahoo mail is actually quite nice. And competition is clearly good for everyone. But equally clearly Yahoo has some work to do in improving the experience for users when rolling out new features.

This article I wrote back in late 2001. At the time I was proto-blogging via email. I think it stands up pretty well, or at least meets the high usual standard of stuff I post around here. Enjoy.

Continue reading...