September 2008

« August 2008 | Main Index | Archives | October 2008 »

23
Sep

Hey Charles, check out the newest actions we've added to SuperPoke!! Now you can throw a spaghetti cat at, do a walk of shame or get a fake tan with your friends!

(Previously and apropos of)

Bonus content: Everything that is wrong with Facebook advertisements in one screenshot

Click me and I'll show you a good time in Australia

Spring is Sprung

  • 11:05 AM

The news today, 190 days before April 1st, is that SpringSource has changed their policy for distributing patch releases. From now on, they will only be making patch releases available to non-paying customers up to three months after the release of the major version being patched.

  • Three months after the release of a major version of Spring, it will no longer have patch releases made available publicly
  • All fixes will continue to be committed to the public source repository and
  • paying customers will have access to later point-releases, but
  • those releases will not be tagged publicly

On the face of things, this seems more than a little petty. The most common reason for having an End of Life policy is to save money supporting old versions, but given these releases are being made anyway, how much time and money are you saving by not tagging something in CVS?

It makes more sense when you consider that the reasoning is not to save money but to make it. This decision is aimed at people like us1. People who who through the necessity of having to ship software can't keep up with the bleeding edge, and certainly can't afford to upgrade a major component of our application every three months, but at the same time haven't felt the need to buy enterprise-level support.

You can't begrudge people their right to make a bit of cash, especially when your pay-cheque comes from selling software built on top of their library. Still, it doesn't feel entirely right either.

I think the problem is that "professional open source" changes the language of open source software.

To a young open source project, downloads are king. You proudly proclaim on your website “Downloaded over 100,000 times this month.” People who use your software are your community, the reason for your project existing in the first place. And you know that some admittedly small percentage of those users will answer a few questions on the forums, or suggest a cool new feature, or even contribute a patch. Then when you quit your day job to run the project, the size of the community is what gives you a market into which to sell your support and consulting.

Then the language changes, often around the time the outside investors show up. The people who are downloading and using your software are no longer your community, they're the ones who are taking your code without giving anything back. They're the free-loaders. Or, to quote Rod Johnson in the Server Side thread:

SpringSource continues to expose our open source code, which costs us millions of dollars annually to develop. This policy does affect users who think that open source is a way for them to get extended maintenance of high quality enterprise software for free, without them lifting a finger.

You are doing work, and you deserve to get paid for that work especially if someone else is making a profit off your back. It's a perfectly valid point of view. It's the point of view behind every commercial software release. But it's the language of a commercial vendor talking about piracy, or a shareware author about why so few people register. It's a π radian turn from the reason you originally chose the Apache or BSD license for your project rather than, say, dual-licensing under the GPL.

The obvious response is a semi-fork. The source is still there and still Apache-licensed, so if the community is interested they can maintain an alt-spring vendor branch and tag off new releases themselves every so often. If demand for patch releases is high enough this will happen almost inevitably, so long as SpringSource keep their promise to keep everything in public CVS.

1 I do not speak for Atlassian.

If I was going to write a political thriller, chapter two would go something like this:

“Gentlemen…”

All present look up at the man standing at the head of the large boardroom table, their conversations trailing off. One looks to his neighbour and rolls his eyes, silently mouthing “Oh God. A speech.” Another coughs pointedly.

“…and lady.” the speaker continues smoothly. “To say that we stand at a turning-point in history would be a cliché, but nonetheless it would be true. We can all see the signs. Dark days are ahead but we all stand in a perfect position to weather the storm and see our way out the other side.”

“…from our new headquarters in Dubai.”

“Don’t you mean Beijing?”

The speaker winces at the interruptions.

“Maybe. Perhaps the American Empire has had its day, but its spirit will live on. For what is more the essence of the American Way than American Capitalism, wherever in the world it might take seed?

“The last decade has been very good for us.” He glances around the table, picking out the eyes of his audience. “You got the deregulation you wanted. You got to write the energy policy for the world’s biggest consumer of oil. You got immunity from prosecution. You got your no-bid contracts, and the few billion we lost behind the couch cushions in Iraq. We all got tax breaks. And we came so close on Social Security. You could almost taste…”

A collective sigh of muttered regret ripples around the table.

“…all that money could have been in our hands…”

“…we could have taken any risk we liked with it because…”

“…because no politician would let poor old Mom and Pop lose their retirement.”

Again, the speaker waits for the conversation to die down.

“To that end I would like to propose a toast. To a man who sadly couldn’t be here today, but through whom we were able to advance ourselves in ways even we never would have dreamed we could get away with a mere decade ago. Ladies and gentlemen, I give you the forty-third President of the United States.”

“Hear hear.” Glasses clink.

“And there lies our dilemma, my friends. In an ideal world we could choose a successor cut from the same cloth. In an ideal world we would be able to choose a new President who understands the value of appointing friends to high places. Who understands that executive power is there to be exercised without restriction. Who believes in a pragmatic approach to civil rights and the constitution. Who believes that giving us the keys to the economy isn’t the best option, it’s the only option. Who isn’t afraid to use our country’s military to our advantage. Who can do the folksy thing with the people. Someone who is happy with distractions like abortion and gay marriage, while leaving the important decisions to us.”

“Maybe someone who could make better speeches, though?”

“Well yes, that would help. Still, we realised over a year ago that with the popularity of the current President there was no way we could push a worthy successor through the nomination process. So what are we left with now? A Mormon, an egomaniac and”, his mouth curls with disgust. “a reformer. Up to now we’ve been pushing Mister Ego as the best of a bad bunch, but who here feels confident that we can even get the guy elected, let alone be sure he’ll do what he’s told afterwards?”

The table responds with murmurs and shaking heads.

“Well, my friends, I think we have found a solution. Brian?”

A young man steps forward. Smartly dressed. Hungry. Probably on the books as a ‘campaign consultant’. He drops a thick stack of manila folders onto the table, the thud resonating through the thick wood.

“These are Senator McCain’s medical records. Before you ask, you don’t want to know how I got them or how I am going to make the important parts disappear before the end of the week. All you need to know is on the one-sheet that my assistant is handing out.”

No sound at the table but the rustling of paper, a silence broken by a loud southern accent.

“Jesus Christ. Why is this boy even running?”

“What does any man, any ambitious man really want when faced with that kind of news? Immortality. A justification for decades of public service. The Forty-Fourth Presidency of the United States of America.” They can hear the string of capital letters in the young man’s voice. “He’s been stewing ever since we screwed him out of the nomination in 2000. At this point, he’d do anything for that one last moment of glory.”

“Do you think he’ll play ball?”

“He already is. We give him the nomination, we deliver him the election. He’ll do what we say during the campaign, and…”

The southern drawl completes his sentence “…and we get to pick the Vice President.”

I don't get the chance to play many computer games. I still buy and enjoy them, but the combination of me (a) having to make a significant effort to single-task on a game for any length of time (b) being incredibly bad at them, leaves me to keep gaming as an expensive and somewhat wasteful hobby.

Still, this year I had the pleasure of experiencing one of the coolest moments I can recall playing a game, one that actually left me wandering through the house saying "that was so fucking cool", and confusing my girlfriend whose taste in games runs more to beating the crap out of me in Soul Calibur. I'm not going to drop any spoilers here, but suffice to say if you've played at least three quarters of the way through Bioshock, you know exactly the scene I'm talking about.

Bugger it, I'm going to go with the spoilers. At least a little bit. It's hard to make my point any other way.

After long hours of play in this game, you discover that you've been played all along, that you're a puppet with no free will. Perhaps to make the point more emphatically, you discover this in a cut-scene during which you have no control over your character. The big irony, however, comes when your avatar has supposedly regained his free will but you (the player) are still following the pre-ordained plot on a wire right through to the choice of three scripted endings which differ only based on whether you chose to be a full-time, occasional, or abstinent baby-killer.

The grand achievement of the game is that this doesn't matter. The writers have hung a gigantic lampshade on the rigid plots of games that offer only the illusion of free will, but the story is so well told that you don't care, and instead develop a healthy fear of golf clubs and objectivist philosophy.

Telling a compelling story is hard. Telling a compelling interactive story is harder, because for every choice you give the player that's now two compelling stories you have to tell, each of them carefully balanced so neither decision damages the gameplay (having a viable alternative path is called replay value in reviews).

Dare Obasanjo on the hacking of Sarah Palin's Yahoo! account via the "forgot my password" feature.

The fundamental flaw of pretty much every password recovery feature I've found online is that what they consider "secret" information actually isn't thanks to social networking, blogs and even Wikipedia. Yahoo! Mail password recovery relies on asking you your date of birth, zip code and country of residence as a proof of identity. Considering that this is the kind of information that is on the average Facebook profile or MySpace page, it seems ludicrous that this is all that stops someone from stealing your identity online.

I've always wondered how this became accepted practice. For decades we've warned people not to use easily guessable passwords—dates of birth, names of children or pets—but somehow this is acceptable for password recovery?

The fundamental paradox of password recovery is that the recovery channel must be at least as secure as the original password, because ultimately that's what it is: an alternative to your password. And since you'll be using the recovery far less often than you might use the password, your chance of remembering any secret with even password-grade security when you finally get around to needing it has to be pretty slim.

(For the record, I always leave recovery questions blank, or if forced I come up with something random then immediately forget it.)

I wrote a guide to password recovery back in 2002 that might still be worth a read.

mattbootry: you could sell oil to the arabs with an ad like that; frilloz4: the arabs are the ones with the oil stupid

(source)

Meanwhile, the world is looking on with quiet bemusement on Microsoft’s Seinfeld advertisements.

Most advertising falls into two categories. Either I want to tell the world something it doesn’t don't know yet, or I just want to associate my brand with some kind of memorable, positive image and hope that next time people walk into a store they think “Ooh, I couldn’t half do with a Coke”.

For a company like Microsoft with no new product to announce, the second path would seem to be the way to go. But Microsoft is not like any other company, at least not like any that feels the need to advertise. Tomorrow, nine out of ten computer users will sit down in front of a Microsoft product. To most of those people Windows is the computer, IE is the web, and if the years I spent doing desktop support is still a good reflection of the real world, that metal and plastic box with the on-off switch on it is the “hard drive”1.

Any advertising Microsoft does has to compete with their own crushing ubiquity. Any positive image they associate with their brand during the evening news is going to be a tiny blip compared to the six hours that same viewer will spend using Word on XP the next day. That amount of familiarity breeds a good deal of contempt. How do make a monopoly palatable? Nobody really knows, so Microsoft veers between feel-good “our software helped Little Johnny become a classical pianist”, clumsy dinosaur metaphors, and 90’s stand-up comedians.

The last time Microsoft successfully marketed itself was over a decade ago, but they did so when all the ducks were lined up for them. There was nothing special about the pedestrian and obvious ‘Start’ campaign, but Windows ’95 was an undeniably compelling advance over its predecessor, Apple was lost at sea, and Linux was still only to be contemplated by nerds like me.

Nowadays, Microsoft is looking to advertising because their brand is taking a beating from every front, and a clever advertising campaign is what you're supposed to do when you need to shore up your position. But Microsoft's biggest enemy is its own boring unavoidable self. If their products spoke for themselves, Microsoft could just get away with buying another Rolling Stones song.

1 Whenever you feel your opinion on software productivity, DRM, Mac vs PC vs Linux… or pretty much anything regularly discussed on the Internet has any chance of being meaningfully debated in the wider world, it helps to point at your computer and say to yourself: “the rest of the world calls that the hard drive”

LinkedIn

  • 4:37 PM

If your experience with LinkedIn is anything like mine, your first-degree friends contain a lot of people you currently work with. If you were actually looking to use your social network to find a new job, wouldn't your LinkedIn friends be the last group you'd want to find out?

It's pretty common, when reading discussion of Apple's “I’m a Mac, I’m a PC” ads, to come across the comment:

Sure, they're great ads but they don't work. John Hodgeman’s PC is far more likeable than Justin Long’s smug hipster Mac.

This is missing the point. To illustrate, here are director Chuck Jones’ rules for writing Road Runner cartoons, copied from Wikipedia:

  1. Road Runner cannot harm the Coyote except by going “beep, beep”.
  2. No outside force can harm the Coyote—only his own ineptitude or the failure of Acme products.
  3. The Coyote could stop anytime—if he was not a fanatic. (Repeat: “A fanatic is one who redoubles his effort when he has forgotten his aim.” —George Santayana).
  4. No dialogue ever, except “beep, beep”.
  5. Road Runner must stay on the road—for no other reason than that he's a roadrunner.
  6. All action must be confined to the natural environment of the two characters—the southwest American desert.
  7. All tools, weapons, or mechanical conveniences must be obtained from the Acme Corporation.
  8. Whenever possible, make gravity the Coyote's greatest enemy.
  9. The Coyote is always more humiliated than harmed by his failures.
  10. The audience's sympathy must remain with the Coyote.

Substitute Microsoft for Acme, software failures for gravity, a plain white background for the desert… well, you get my drift.

If Apple had gone the traditional route of portraying Microsoft as a gigantic monopolistic borg, great at crushing competition through market pressure but capable of developing only mediocre products, the ads would have been boring. More accurate, perhaps, but boring. They'd have been the 30 Seconds Hate, and that’s just so last century. Instead Apple portray the PC as mostly well-meaning, likeable, goofy… but completely ineffectual.

I suspect that Google’s new web browser, Chrome, is going to have a difficult time gaining significant market share. Which is a pity because the main differentiator of the browser—the process-per-tab model—really deserves to be adopted more widely.

Firefox got where it is today on the three-pronged attack of tabbed browsing, security and standards compliance, on the back of Microsoft's five year hiatus in developing Internet Explorer. Even with that compelling story to tell, eking even a low double-digit market share was a huge accomplishment. What is Chrome's story?

Firstly: if you introduce a beta that is largely interesting to nerds, releasing it only for Windows is a mistake. I know I subscribe to a preponderance of blogs by Mac or Linux users, but even I was surprised by the number of Chrome reviews that mentioned having to run it in a virtual machine, or on the old discarded Windows box in the corner.

Looking down the list of features there are some cool ideas, but none of the user-visible ones seem particularly revolutionary. The dynamic content for newly opened tabs looks great, but it wouldn't be a stretch for that feature to be added to any existing browser. Similarly Omnibox, Google's take on the location bar, is an evolutionary progression from Firefox’s AwesomeBar and David Watanabe’s Inquisitor.

From the Chromium Project’s User Experience documentation:

In the long term, we think of Chromium as a tabbed window manager or shell for the web rather than a browser application. We avoid putting things into our UI in the same way you would hope that Apple and Microsoft would avoid putting things into the standard window frames of applications on their operating systems.

This goal of having the web browser just get out of your way makes a lot of sense. It makes even more sense when you realise that Google would be far more comfortable writing web apps that interface with Chrome in interesting ways than it would adding features to the browser. Google already has Google Bookmarks and Google Web History web applications, why waste space on them in the browser code itself?

(More cynically, divesting regular browser functions to the web gives Google the chance to keep more of your data, and serve you more contextual ads.)

Google has an impressive team on its V8 Javascript VM:

The V8 development team has multiple members of the original Animorphic team; it is headed by Lars Bak, who was the technical lead for both Strongtalk and the HotSpot Java VM (as well as a huge contributor to the original Self VM). I think that you will find that V8 has a lot of the creamy goodness of the Strongtalk and Self VMs, with many big architectural improvements. _(David Griswold on the Strongtalk mailing list, via James Robertson)_

Still, V8 would have been more impressive, perhaps, if it had been made public before the back-to-back introductions of Squirrelfish for WebKit and Tamarin for Firefox. What would have been a breakthrough six months ago today looks more like a dose of Not Invented Here syndrome. That said, Google are releasing V8 as open source, and one assumes any advances it contains will spread to the other free browsers.

Google's stated aim in developing V8 was to provide better performance for today's script-heavy web applications, but also to make possible even more complex Javascript applications in the future. The elephant in the room, as always, is Microsoft. Unless they can improve Internet Explorer far more rapidly than they have so far proved able to, web applications will still have to be developed down to the 80% of web users on that platform for the foreseeable future1

(A more vindictive part of me relishes a growing population of websites that provide a cut-down interface for IE users as revenge against all the “your browser is not supported” pages I've seen in the last ten years.)

Which brings us to the architectural choice that apparently underlies Google's decision to rewrite the web browser from scratch: having an isolated process per tab. The good news is that it's exactly the right design for the problem at hand. The bad news is that the only people who will really care are the engineers. Unless an application is horrendously unstable, offering an alternative that crashes less (or at least crashes less hard) has not historically been an effective way to convincing the masses to switch. For most people, a browser that remembers which tabs you had open before a crash is sufficient; the crash itself is just an excuse to go make a cup of coffee.

1 On the Internet, the foreseeable future tops out at about five years.

I'm trying to track down whether I can claim credit for the meme that maven “downloads the Internet”. After an admittedly short search, I couldn't find any reference on the public web prior to my December 2007 blog post. If you have a link to anything earlier—web page, mailing-list post, commit message—let me know in the comments. Otherwise I'm claiming it as my contribution to society.

(Sorry, published references only. I am also aware that "download the Internet" has a pedigree that predates maven.)