The Fishbowl

Recently in the news, a Commodore 64 emulator with a bunch of legally licensed games was rejected from the iPhone App Store. Normally this would be a simple case of “didn’t you read the license agreement?” except that apparently they had previously run the idea past Apple Europe to positive response.

I was chatting to a developer from a competing phone company at JavaOne, and he was telling me how annoying the competition found Apple's ability to turn the negatives of their platforms into positives.

The example he gave me was security. Other phone manufacturers have to go to great lengths to sandbox third-party applications, building a complex security model to defend against malware. Apple instead said ‘screw that’ and moved the security model up a level into the app store. I'm sure it's possible to get a malicious app approved, but it would involve registering as a developer and writing a potentially commercially viable app that would pass Apple's quality control, and Apple could throw the kill switch on it the moment they discovered it was malware.

This is the root of the ‘no emulators’ provision. Apple needs to control the code running on the iPhone. Emulators open the door to unapproved code. Hence emulators can not be approved.

It is likely a C64 emulator would itself protect the iPhone from malicious apps, since emulated apps already run in the sandbox of emulated hardware. Sure, Apple wants to control the content on the phone, but given the new capabilities of iPhone 3.0, how are downloadable games different from any other kind of in-app purchasable content pack? This is what happens to rules once they are written down and removed from the reasoning behind them.

Certainly, Apple could go the extra mile and build a better application sandbox for the iPhone. But this just turns into the classic software development scheduling problem: ‘Sure, we can do that. We can do anything you want. Just tell me which three features I should cut from the next release to get it done.’

Interestingly enough on the same trip I ran into a developer who was dipping his toe in Android development. He told me his second biggest frustration¹ was the hardware. He was developing some cool graphical/physics demos, but even being sure that they could run smoothly on arbitrary Android phones, or even run without crashing, was turning out to be far too much work.

Once more, it's turning a weakness into a strength. Apple controls the iPhone hardware and the software that runs on it, against all the ‘hey, didn’t the open PC platform win?’ logic of the industry. Turns out that's the same logic that attracts games developers to the predictable hardware and software of consoles, despite the license hassles and limited hardware, over trying to tame the beast of PC gaming.

Originally a reddit comment

¹ The first, apparently, being the primitive implementation of the Java Virtual Machine. These performance tips read like the sort of advice you'd give a 1990’s era Java developer, which makes sense once you discover the VM lacks a JIT compiler.

I spent most of last week at Apple’s Worldwide Developers Conference. WWDC one of those things I do every couple of years and the first question I always get when I mention this is ‘Why?’ As a Java developer whose only Mac coding is spare-time hobbyist playing around, what's the value to me of going to an Apple developer conference?¹

The obvious answer is ‘because I learn stuff’. I can't tell you exactly what because of the blanket NDA that covers everything after the Keynote address, but I can give some idea of where I'm coming from. I've always felt that attending was valuable to my education as a general purpose nerd, but I think the reason only really became clear to me in the [Redacted] session when Bertrand Serlet described how Apple [Redacted].

I'm not going to mention any particular companies or products here, but one thing that seems to happen far too often at major keynote tech conferences is The New Direction. Some great new programming language, environment or set of APIs are unveiled as the great new way that you are going to write software in the future, but it quickly becomes obvious that the people selling you this technology simply aren't using it themselves for anything important.

One of the cool things about WWDC is that for the most part, the libraries and APIs that are unveiled to developers are the stuff that Apple has been using to develop the software that runs, and runs on the next version of Mac OS X, and now feels are mature enough to make available to third party developers. The talks are littered with examples of how a new API allowed some team to delete this much boilerplate code, or allowed them to implement one of the new features showcased in the keynote this much faster.

It makes a refreshing change. It's far more interesting for me to sit in a session about Grand Central Dispatch and learn how it has already made some application I use every day substantially more efficient, than it is to learn that some new API is conceptually better, works really well in this demo, but the vendor haven’t themselves written any shipping code that makes use of it.

So one thing WWDC provides me is a showcase of ways in which a company that controls a suite of applications, the OS those applications run on and the developer tools used to develop those applications solves some pretty substantial engineering problems, and how it turns those solutions into publicly consumable APIs.

Which, I think, is pretty damned useful.

¹ Beyond simple fanboyism, which I must admit still plays a non-trivial part in my decision to attend, and the fact that I seem to be in San Francisco at around that time on other business anyway.

I guess it could just be another case of “Thanks for coming in today” vs. “HTFU”.

A recent comment on an internal Atlassian blog sums up the subtle social dynamics involved in maintaining offices in San Francisco and Sydney.

What is swine flu?

According to the Center for Disease Control, swine influenza A (H1N1) is a flu virus that normally infects pigs. Occasionally the virus mutates so that it can infect humans, and since the human immune system is not properly equipped to deal with the virus it can be quite a serious infection.

Is swine flu dangerous?

The exact danger is not known. On one hand, existing flu vaccinations are unlikely to protect against swine flu. On the other, so far it seems that swine flu can be treated with common retroviral medication. In the USA, the CDC has released a quarter of its stockpile of these drugs to treat the current outbreak.

What are the symptoms of swine flu?

At first the virus presents with normal flu symptoms: a cough, fever, sore throat, body aches, chills and fatigue. As the disease advances sufferers may experience diarrhea or vomiting. Once the disease reaches its final stages, sufferers will experience hair loss, gradual pinkening of the skin, facial swelling that causes the patient's nose to widen and flatten, and an intense urge to roll in mud.

Are there other variants of swine flu?

Most, if not all of the fatal cases related to swine flu have been in Mexico, but it is not yet known if these deaths were caused by a more dangerous strain of the flu, or just because of differences in available medical treatment. In addition, some cases of swine flu outside of the USA have been reported to be thicker and less crispy than the American counterparts. (This variant has been named “Canadian Swine Flu”).

How did H1N1 pass from pigs to humans?

The CDC are performing an in-depth study to attempt to trace the flu back to its original source. So far they have been unsuccessful, but they have come up with the following composite drawing of “Patient 0”. Anyone who knows someone who fits this description who may have recently visited Mexico should immediately contact the authorities.

…is not like the other.

I never used Geocities, but I can't help agreeing that even if Yahoo! is going to discontinue the service, they shouldn't let all that content just drop into the bit bucket of history.

It’s cute and pithy to say “Well, good fucking riddance to Geocities”.… Many pages are amateurish. A lot have broken links, even internally. The content is tiny on a given page. And there are many sites which have been dead for over a decade. But please recall, if you will, that for hundreds of thousands of people, this was their first website. This was where you went to get the chance to publish your ideas to the largest audience you might ever have dreamed of having.… In a world where we get pissed because the little GIF throbber stays for 4 seconds instead of the usual 1, this is all quaint. But it’s history. It’s culture. It’s something I want to save for future generations. – Jason Scott

To recap.

First Ashton and Demi were like, OMG Twitter! and then Larry and Ashton were like, OMG, Twitter! and then Oprah was like, OMG Twitter and then Twitter was like, OMG Oprah!.

Or, to put it another way:

There are legitimate reasons to fear sudden popularity. A site where users collaborate on a shared resource, say a Wikipedia or a Reddit (not to mention Usenet) have good reason to fear an influx of new users who “don't understand” the site, and might change its character.

Twitter's not like that, though. It's like the web itself: a loosely connected accumulation of linked communities. You only ever have to see the people you want to see. So if Oprah brings all her viewers on to Twitter, you never have to see a single one of them if you don't want to. The community that you are a part of changes not one jot.

So the only real reason to care you were #herebeforeoprah would be the same reason you liked that indie band before they were featured in an iPod advertisement.

I hate to break it to you, but Twitter was never that cool.

(On the other hand, Twitter seems to be revisiting its old habits as far as uptime goes, but pretty much every popular Internet service has experienced those kind of growing pains. They either reach a point where the growth curve flattens out and settle down, or they collapse under their own weight and are replaced by something that can handle the load.)

You know you have a problem when Twitter is down, so you try to tweet that Twitter is down, but you can’t tweet that Twitter is down because Twitter is down.

The DiggBar from the point of view of Digg:

The DiggBar from the point of view of a website owner:

(For background information, start with this Daring Fireball article, then if you're still vaguely interested the next two days of link archives, and possibly my article about how to many people, URLs are an opaque browser feature, and possibly my rant about how it's Google's job to map the web, it isn't the web's job to design itself around how Google happens to map it today.)

Sydney, as seen from my balcony five minutes before ‘lights out’ in Earth Hour 2009, with the camera set up to take what it believed was a +0EV shot:

Exact same exposure, aperture, ISO and perspective (except for somebody nudging the tripod) as previous shot, after all the lights that were going to go out had gone out:

Half an hour after the lights came back on:

(Note for keen observers: on top of the bridge there are two flags. The one on the right is a special “Earth Hour” promotional flag. This flag remained illuminated throughout.)

For those who aren't up to speed, Pwn2Own is a competition held at CanSecWest for the last two years. The first contestant who can hack into one of a couple of laptops prepared for the competition wins a cash prize, and gets to keep the laptop. Both years the winner was a security researcher named Charlie Miller (no relation), leading to occasional amusing instances of mistaken identity.

I have nothing against my namesake, but I must say I find the premise of the competition annoying.

It is incredibly hard to believe that any security researcher is going to find a new exploit against a given operating system and set of applications over the course of a few hours of competition. It is far more likely, and has been the case so far, that competitors show up with exploits already prepared. This year's competition came down purely to a roll of the dice: which researcher would get the chance to pull their “here’s one I prepared earlier” from the oven first?¹

Or to put it more bluntly, Pwn2Own provides a cash incentive for security researchers to keep vulnerabilities secret in the hope they will remain unpatched until competition day.

¹ The cynic in me wonders how random the process was that selected the most headline-friendly result: “Last year’s winner hacks Safari again!”

Twitter needs an “ignore this person for the next hour” button. What is it about going to conferences that makes normally interesting people think a bombardment of the minutiae of whatever panel they are currently attending is what their followers desperately want to read? I'd far, far rather read a paragraph of thoughtful, retrospective comment on someone's blog than have an ongoing stream of verbatim quotes clog up my phone.

To change the subject slightly, Merlin Mann: (via John Gruber)

Bullshit or no, good conferences attract good people for one reason; they know other good people will be there. You don’t go to act like a hero; you go to meet the people who are heroes to you. And, to me, there are 100-year opportunities for awesome in the hallways and bars and hotel rooms and even at the horseshit parties where loud music and free liquor turn a lot of people who should know better into retards and mooks.

For what it's worth, I'm going to be at the Atlassian Summit. I'm looking forward to meeting a lot of cool people doing cool shit with our software who I've only previously encountered over the Internet.

I'd just appreciate it if you didn't live-tweet the panels.

These days it's easy to forget how in the 1980s nuclear annihilation felt so inevitable, even imminent. Back in 1986 when Alan Moore was writing Watchmen (which I have never read), I was at school being taught that the world's superpowers had nuclear arsenals sufficient to destroy the planet a hundred times over, and there was a good chance they would do so before I was old enough to buy beer. On my more cynical days I suspect this is why my generation is so lazy in the face of global warming: we grew up with this nuclear spectre only to have the entire problem go away seemingly by itself, overnight.

The story of Watchmen is rooted in this tale of nuclear superpowers and imminent armageddon. To me this is the movie's greatest flaw. In sticking to the original story so closely it fails to acknowledge that the human race did find a way to survive, and even the conceit of an alternate history doesn't protect the plot from being constantly informed by the fact the whole audience knows we made it through in the end, on our own, without any glowing blue men to help us.

Still, that said, the movie has a lot to recommend it. It is ambitiously nuanced, telling the stories of a group of masked vigilantes coaxed out of retirement, as they might exist outside of the convention that a costume and a mask will either turn you into a force for good or a villain intent on ruling the earth. Refreshingly it is not shaped like a traditional movie plot, allowing the stories of its characters to unfold through the course of the film. It is not a superhero movie as much as a collection of character studies spotted with occasional ultra-violence.

And ultra-violence there is. I am not particularly squeamish, but there were a few occasions during the movie where even I was wondering if perhaps some particular mutilation might have better been implied than shown. Once again, we can marvel at the amount of media attention Dr Manhattan's oft-seen large blue penis is receiving, with no mention at all of the relentless, graphic depiction of a man having his hands cut off with a circular saw.

The direction is occasionally inspired, giving a complicated plot that is obviously not built for the motion picture format room to tell its story, but more often trips over itself looking for the most obvious shot, slow-motion sequence or musical accompaniment to drive home its point.

I'd give Watchmen a reasonably solid A−. I was entertained, it made me think, I was inspired to one day get around to reading the comic books, and I'll watch it again when it comes out on Blu-Ray.

Video taken during the innings break of the Twenty20 match between New Zealand and Australia at the SCG.

Addendum: from here, a rambling path took me to Wikipedia, for today’s ‘least encyclopædic Wikipedia quote of the day’:

It should be noted… especially in Australia that the practice of drinking light, low carb or low alcohol beer in drinking games is seen as "piss weak".^{[citation needed]}

From Slate, a rather silly article: Jurassic Web, the unrecognizable Internet of 1996.

It’s 1996, and you’re bored. What do you do? If you’re one of the lucky people with an AOL account, you probably do the same thing you’d do in 2009: Go online. Crank up your modem, wait 20 seconds as you log in, and there you are…

I started thinking about the Web of yesteryear after I got an e-mail from an idly curious Slate colleague: What did people do online back when Slate launched, he wondered? After plunging into the Internet Archive and talking to several people who were watching the Web closely back then, I've got an answer: not very much.

Yes, it's true. Back in 1996 the Web was new and everyone used AOL. Therefore there was nothing to do on the Internet.

From my perspective, the annoying thing about the modern Internet is how a combination of the web and proprietary protocol land-grabs has killed, or at least stunted further development of potentially better solutions. For example, the constant refrain around the Atlassian office is that no RSS client is even remotely as useful as a decade-old Usenet newsreader.

Oh, and get off my lawn you damn kids.

Maybe targeted web advertising would be more successful if it chose its targets more wisely: (From A Modern-Day Ada Lovelace)

It never works. No matter how much mainstream, ad-targetable, genderblind information I provide, more than half of the targeted ads I see are for weight loss (usually in terms of dress sizes or low calorie stereotypical craving snacks), snake oil anti-aging secrets and stretch mark removal. Today, facebook tried to give me a $10 off coupon at diapers.com and “acne care in a chocolate”.

I see a very simple solution to avoid the ire of increasing numbers of folks online, a very simple option M or F or ‘I’m not telling’ or ‘don’t use this information for ad-targeting’ and the same on ages. But the traditional sales force doesn’t want that, I’m sure. It would break everything they know in marketing, to think we want to be approached as people.

One of the more annoying things about being a Java developer is the stigma the language developed far too early in its existence from being “that Applet language”. You'd mention Java and the first thing that popped into anyone's head was those annoying, out-of-place and usually worthless applications that dotted websites before everyone gave up on Java and turned to Flash for their annoying out-of-place and usually worthless applications. It was unfair¹, and I would spend far too much of my time pointing out that when you took Java out of the web browser, it was actually pretty useful.

As such I feel I owe Javascript an apology as, if only through laziness, I have been committing the same sin in its name. When recommending JQuery to co-workers, friends, random passers-by and the occasional hobo (as I have been wont to do recently) I have tended to summarize its merit as “it makes Javascript not suck.” Which is rubbish. Javascript has always been perfectly cromulent. What JQuery does is make the DOM API not suck.

The Document Object Model is a platform- and language-neutral interface that will allow programs and scripts to dynamically access and update the content, structure and style of documents. The document can be further processed and the results of that processing can be incorporated back into the presented page. — W3C

The fatal words here are “language-neutral”. And the particular definition of language-neutral that the W3C uses here is “Java and Javascript”.

The W3C only defines normative bindings for Java and ECMAScript, however we also reference known non-W3C DOM Bindings for languages other than Java or ECMAScript. — ibid.

This is a problem. Java is a strongly and statically typed language with a Smalltalk-style object model. Javascript is a loosely and dynamically typed language with a prototype-based object model. Force them to share an apartment and you've got an instant sitcom. Try to write an API common to both languages and you'll end up having to pick the lowest common denominator.

Which is why DOM manipulation looks like a Java API. Java developers, bless our hearts, are used to the kind of API that requires five lines of code just to populate an array. What JQuery and its ilk do is provide a way of manipulating the DOM that is idiomatic Javascript rather than a strange transplant from another language.

I guess the fact that there is starting to be such a thing as idiomatic Javascript demonstrates if not a maturity of the language, then at least a promising late-adolescence.

¹ Java has since accrued more deserved stigmas, but that is a story for another day.

We were interviewing tech lead candidates last week, and on a whim I decided to print out the Scientology “Whole Track” Security Check as an amusing prop. The check is a list of questions that are supposed to encompass all your past lives, and includes such gems as:

• Did you come to Earth for evil purposes?
• Have you ever enslaved a population?
• Have you ever made a planet, or nation, radioactive?

The idea was that I would leave the printout in a prominent position next to all my other papers in case the candidate got a little too curious. During the course of the interview, though, this question caught my eye:

Have you ever done anything which you hoped would be wiped out by the passage of time?

So I asked it¹.

Unfortunately, I think the shock value of the question (and the fact the other interviewers laughed when I asked it) made it less than useful, but for the record here are the answers I gave when later the question was turned around and directed at me.

Don’t Try This at Home, Kids

Somewhere deep in Confluence there is a block of code that, through reflection, messes with the private internal state of a core Java library class, amongst other things causing it to disobey an IETF RFC. Above, there is a comment that still gets me in trouble with my co-workers: “This is a truly egregious hack. Please don't do anything like this in your own code.”

AbstractPage

The initial cut of the blogging code in Confluence was developed in a rush. 1.0 was approaching fast and one of our early adopters had flatly said they weren't buying the final release if it didn't have blogging in it. As a result, I made one of the classic mistakes of object oriented programming and used inheritance where I should have used delegation. The tendrils of this mistake still creep through a large portion of the product's content-handling code, and make it a lot harder to add features in that area than it really should be.

oh_my_god_thats_some_funky_stats()

Once upon a time, I was asked to write some software to help manage an Internet café. It was actually pretty neat: a CGI script (written in Perl) that used a Unix named pipe to talk to a daemon process (also written in Perl) that would add and remove firewall rules to enable and disable the various computers in the cafe. There were also a few rudimentary accounting functions, and some nifty ASCII-art graphs of desktop utilisation over time.

The problems arose from the fact that I was (1) young, (2) underpaid and (3) firmly believed I was getting a new job soon and would thus never have to maintain this script. As a result, I committed some egregious and entirely deliberate crimes against maintainability:

• I decided this was a great opportunity to teach myself OO Perl, despite not really understanding OO (or Perl, for that matter)
• One method required five local variables, occasionally swapping their values. I called them $binky, $banky, $bonky, $bunky and $benky
• Many functions were named after the song I was listening to at the time (see above).

Three months later, of course, I was still working at the same job and we got word from the café that they wanted to change from pre-paid access to billing people once they were done. So really, the joke was on me.

¹ …with the immediate qualification that I was only asking in a professional context.

I was tagged with yet another of those ‘tell me a list of things I don't know about you’ memes, this time on Facebook. So for those of you who care, here is another random collection of facts about Yours Truly.

1. I cannot fall asleep without the sound of Donna Summer's "Back in Love Again" playing in the background.
2. Halfway through my first ever driving lesson, the instructor informed me that you do not, in fact, have to make the "brmmm brmmm!" noises yourself.
3. At seven years of age, I met Chuck Norris. I still have a small scar just next to my left eye.
4. I find it difficult to keep friends for very long. As an attempt to remedy this, I've taken to fitting their ankles with radio receivers so I can track them as they migrate.
5. My favourite dance is the Lambada, the forbidden dance.

Read the rest of this entry…

Read the rest of this entry…