Category: not-code

Moving Day

by Jason on

Moving Day 3…

While wordpress has been nice all these years, it’s time to move back to a static site.

GitLab pages ftw.

Ratings are Bullshit

by Jason on

I have become bullshit, destroyer of words I have become bullshit, destroyer of words

I recently purchased and read the science-fiction series [Redacted] (books 1-4) by [Author Redacted]. I emphasize purchased because in an age of Amazon Prime, Amazon Unlimited and free giveaways a purchase indicates confidence in selection. At this point I will malign the books, not because they’re bad (though I think they are) but because of the reviews and the reviewers.

Before I get to the ratings I’ll explain why I didn’t enjoy these books. If I were forced to give a rating on the standard scale I’d give these one out of a possible five stars and my rationale would be that they were legible and contained relatively few obvious errors. Things did improve by book 4 so I might possibly stray as high as a 2.

There is nothing terrible in these books however there is also very little of anything else within. Immediately after I began the first book in the series a small coal of loathing alighted on soul. By the 2nd book the warm loathing had grown into a mild hatred and I plodded through more out of a duty to my wallet than for enjoyment. In fairness, with these books it is appropriate to say that each was better than the last.

Normally, at this point after a bad read, I’d chalk it up to just an unfortunate purchase but I believe this series is indicative of a problem. Ratings on practically everything have become bullshit. The ratings for this series on Amazon and Goodreads are simply ridiculously off-kilter with the quality of the works. Perhaps readers were interested, as I was, by the author’s ideas. (They are decent and sometimes original.) However the death of these books is in the pacing and structure.

For illustration purposes I have provided a plot synopsis from any one of these books: (no spoilers…)

That thing happened you were kinda interested in and then something else happened and then something else and then something else and then Jason Statham jumped out and shot a few guys and then that thing you were kinda interested in was referenced again and then someone kissed somebody. The End.

All fire, no smoke.

As I’ve said, for me, 1-2 out of 5. For hundreds of other people however, this is, apparently, fantastic. A significant number of people give these books 4 and 5 stars.

I believe it is safe to assume the 5 star people do the same thing I do with books I believe are of that quality: Buy a physical copy to go along with my digital read; give them out as presents; think back fondly and often on them; consider what the book says about me and about you; try to bring it up in conversation so I can recommend it to others; consider placing closer on a shelf in my office just so I can see it every once in awhile, even if I don’t have time to read it right then; if I’m in a used book store: look for signed copies; etc and etc…

I’ve re-read some of these reviews, worrying that maybe these books were actually parodies of something I wasn’t aware of or perhaps I should be reading them as an acrostic and there’s an entirely different story I could reveal hiding just below the milquetoast surface. Maybe I’m just too shallow to “get” it? I don’t think that’s the case. Here’s an example 5 star review:

5/5 - It lived up to my expectations of it.
– Some guy on Goodreads
Aha! Perhaps I’m far too judgmental!

When I read House of Leaves I was enthralled by the winding storytelling. I was deeply uncomfortable while at the same time being enraptured by the process of reading it. In every aspect it defied my expectations. When I read The Road the characterization was so real that for two years after the movie adaptation came out I argued with Cynthia that I had already seen it. It remains that vivid in my memory. Trying to compile a list of my 5 star books would be practically impossible: A Confederacy of Dunces, Dune, Snowcrash, The Shining, Ubik, Hell House, Slaughterhouse Five, Neuromancer, Shame, IT, The Magic Mountain, A Stranger in a Strange Land … (Going back to childhood: Watership Down **, Bunnicula, Indian in the Cupboard, an endless list of wonder … )

How, in a world where a 5 is “lived up to my expectations”, is it possible to rate these, some of my favorite books?

It’s not entirely fair to pick on this single 5 star rating and use it for illustrative purposes. I’m sure there are many other reasons to rate a book 5/5. For me to rate a book a 5 (since this is the highest possible praise I can heap on it) means that this book has attained a permanent place in my life. I know that my 5 is not your 5 and there’s nothing wrong with that. But I believe there is something deeply wrong with a 5, or even a 4, being expected for the overwhelming majority of books. (Or something deeply wrong about a 4 or 5 being “met expectations.”)

Of course, I haven’t officially rated the aforementioned sci-fi series anywhere and I won’t. I understand that the process of gaining positive reviews is currently the gateway to financial success for self-published authors and whom am I to stand in the way? (I appreciate that trashing them publicly is probably mean, but I doubt it’s financially impactful, who reads this blog anyway? I also recognize that I’m part of the problem by not giving these books a bad review on Amazon but I’ll get to why I’m more than just that part of the problem in a minute.)

For me the issue with these was pacing and structure. As I’ve said: all fire, no smoke. Tension, character development, world building, all practically non-existent. If someone wants their novels and novellas just crammed with action, written at an easy reading level and short enough to get through in an evening, whom am I to say their taste is lacking?

Recently I was fortunate to sit in on a talk by splatter-core author Tim Miller and someone asked why his books were relatively short compared to standard novel formats (30k-40k words as opposed to 50k-70k.) And he mentioned that as a reader he enjoyed action. I believe he said something like this: (I didn’t take notes, so my apologies if I’m quoting you incorrectly Tim):

I want to know what happens next. I don’t want to know that they went home and made a sandwich, what kind of sandwich it was etc.
– Poorly remembered Tim Miller quote
… And right then I knew I probably wouldn’t enjoy his books. (Sorry again Tim! However I will purchase one since I name checked you.)

See, I’m the kind of reader that wants to know what sandwich was made and why. I want to know that the heroine used mayonnaise. When she was growing up all her father would buy was mustard because when the power was turned off the mustard never went bad. No matter how she was sometimes nostalgic for her father’s bologna, American cheese and French’s mustard sandwiches she just can no longer tolerate the vinegary smell and the memories of poverty they evoke. It’s not that she preferred mayonnaise. (It’s nothing as casual as a preference.) She was of mayo, she lived it.

So, for me, a book that lacks the “middle” parts between action simply cannot attain a 5. In fiction I can’t connect with a series of events on the same level I can with a character that participates in the events. And I can’t connect with that same character if I’m just provided a few short facts about them.

I began thinking about this due to the combination of listening to Mr. Miller and reading the, now, much maligned sci-fi series. If I remember correctly this post was originally titled something I thought witty about action, action, action etc. It grew into a rant about ratings as I reflected why I purchased those books in the first place.

You see I decided to check out some of my public ratings and reviews. I won’t link them out of shame but you can find them easily enough. As an example: I gave Hugh Howey’s Wool a 5. I really liked Wool when I read it but it’s not a 5. At best it’s a 3 and the series is, perhaps, a 4. Wool is imaginative and fun but it is a bonsai in a forest of redwoods compared to many of my favorite books.

Cynthia and I joke about my Netflix ratings the same way. Officially the 5 stars on Netflix mean the following:

  1. Hated it.
  2. Didn’t like it.
  3. Liked it.
  4. Really liked it.
  5. Loved it.
In practice my star ratings on Netflix mean the following:

  1. It was absolute garbage. There’s no 0 or I would rate this 0.
  2. They tried really hard. It was on film and everything! (Their mom did a great job as the casting director.)
  3. This was a complete waste of time but had professional actors doing their thing.
  4. Pretty decent!
  5. This changed my life! It should be on your bucket-list.
Here is the crux of the problem: I lie. I lie to myself and to the small stars. I inflate everything. It’s as if I know the guy who starred in it is out of work and would be super sad if I rated this craptastic independent docu-drama 1 star so I give it 2, maybe 3 stars.

With books it’s exponentially worse and much more personal. With a book there is a singular author. Not a huge film crew and group of actors, but a real, flesh and blood, individual who has dedicated a huge gulf of their life to this work. When I start to rate the book unless it is riddled with spelling and grammatical errors I start at a 2. Then I think: hey this book was free (+1), didn’t I see somewhere that his kid has lupus? (+1) and I didn’t fall asleep immediately while reading (+1).

Bam: 5 out of 5 stars. I’m a monster. I am ruining literature one rating at a time.

An original version of this post listed a particular sci-fi series and I felt bad about the guy’s lupus kid** so I removed these references. Hint: It’s about nano technology, artificial intelligence, spaaaaaaaaaace, and freakin laser-beams.

* I read this as an adult and loved* it.

* This is a joke.

It's Alive!

by Jason on

Image by ToM (ThaQeLa)Resurrected after nearly 6 months, hopefully some new posts will be forthcoming…


by Jason on

The above is the best and most thorough berating of PHP that I’ve seen. Worth reading before considering using it for a project.

There was a time not so long ago when there were few alternatives for development with low entry cost and relatively few deployment barriers. Thankfully that time is at an end.

This is not the same. PHP is not merely awkward to use, or ill-suited for what I want, or suboptimal, or against my religion. I can tell you all manner of good things about languages I avoid, and all manner of bad things about languages I enjoy. Go on, ask! It makes for interesting conversation. PHP is the lone exception. Virtually every feature in PHP is broken somehow. The language, the framework, the ecosystem, are all just bad. And I can’t even point out any single damning thing, because the damage is so systemic. Every time I try to compile a list of PHP gripes, I get stuck in this depth-first search discovering more and more appalling trivia. (Hence, fractal.)

Yay, new web service!

by Jason on

Since I’ve had so much time on my hands lately, I’ve decided to launch a new company. There’s are many competitors in this sphere but they are so expensive to use and don’t necessarily leverage the web as well as they should. is a web based attendance, registration and management tool for day cares, gymnastics studios, dance studios, adult respite care and more. (You can learn about at least some of it’s features and pricing here). I’ll have a lot more to say about Twixsy soon hopefully. Website: Blog: Facebook: Twitter:  

All of this is gone in some way or another. We’ll use this name for something but not the service advertised here.

Moving Day

by Jason on

Since I acquired, it’s time to start using it. The .me links should still work fine.

Marketing Pollution

by Jason on

Sometime last year I got a free subscription to Bloomberg Businessweek. I don’t remember what prompted it at the time but it’s been fun receiving these magazines every week. They stack up and sometimes I even read one if I have a stray moment (I am obviously not a target demographic.) For what it’s worth I’ve never even been to the website for this (or most) print publications because there’s a tangible quality, almost an ornateness, to the amount of effort put into the magazine itself that skipping through advertisements on a website rarely achieves. It was for this reason I really liked “The September Issue” when Cynth pulled it up on Netflix. I wasn’t very interested in the personalities or conflicts (shocker: people that run a multi-million dollar publishing empire are driven, care deeply about their work and are sometimes snarky.) The process itself, from concept to the final product and all steps in between, is fascinating.

To get back to the original magazine: Bloomberg. One of the benefits of having it come weekly is that I get to see the evolution of the advertisements (at least on the back cover). Recently Microsoft has been cloud centric with everything (we see this on their TV commercials too.) It’s mostly been various advertisements about Microsoft’s cloud initiatives swinging wildly between a numeral “1” surrounded by clouds to the latest which is an older woman who is “elastic and fantastic“ because she has “cloud power.” This latest one really drove home two points for me: tech advertisements have little of the “quality” evinced in the actual magazine content and tech advertisements have no issue with complete abrogation of fact.

In marketing speak “cloud” seems to be synonymous with “internet” or “web based app” but that could hardly be farther from the truth. Unlike “Web 2.0” and “Web 3.0” (which have no meaning or merit on their own), cloud computing at some point in the past actually meant something specific. Consider the instance of a lowly programmer deciding to make a simple shopping list application. Before cloud computing came along if she wanted to be sure her shopping list website or app would be consistently available she would have to evaluate the resources required for the app, purchase adequate server space and bandwidth and hope that the original estimates were correct. If her app became very popular or the original estimates were incorrect (perhaps the simple app required a lot more bandwidth or more processor availability) she would go out and either rent more servers, rent more bandwidth, or rent/build a clustered server environment. Now, when beginning that same application, if she chooses one of the rapidly growing cloud services as her infrastructure, she pays for what she wants and the resources required (processor cores, data storage and bandwidth) will scale as necessary (within her allocated budget.) This, for many developers, actually is a revolution as they now have access to resources that were beyond their previous availability.

The anonymous programmer above’s predicament is a far different scenario than when a franchise manager (I’ll call him Mike) wants to make sure his documents and information are easily accessible and safe online. Mike probably doesn’t care too much about the “cloud.” His business, managing the local Widgets-R-Us, has very little to do with internet technology other than he wants whatever solution he has chosen to “just work.” Lucky for Mike he has many alternatives to how to store and access his documents online. Whether it’s DropBox, a product like we make, some large enterprise solution from Microsoft, simple Google Docs, or literally hundreds of other competitors in the sphere, Mike is set and ready to make his decision based on his two criteria: safe and easily accessible.

Hundreds of competitors? Maybe thousands. So how is a product going to differentiate itself? Obviously, since most large players will not compete based on their applications being easily accessible or safe (hypothetical Mike’s two main concerns), it’s time to start slinging around marketing speak like “Web 2.0.” That will muddle Mike’s buying process, if he can be convinced it actually means something, and lean his decision towards one of the players using that phrase. However “Web 2.0/3.0” (thankfully) has lost almost all it’s meaning and people (hopefully) are seeing through the hype. So it’s time to latch onto a new word and the new word is “cloud.” In a technical sense this can mean quite a lot. In a marketing sense it can be so broad as to mean next to nothing.

Does the average user care about Microsoft’s, Zoho’s or Rackspace’s infrastructure as long as their documents are safe and easily accessible? Probably not, however that is what we’re actually being sold. Sure, you could argue that the infrastructure makes documents “safe,” however many non “cloudy” apps have a just as safe, if a bit more specifically tailored, infrastructure. Ironically you could make a perfectly valid argument that the “cloud” is less safe as it relies on a generic infrastructure supported by a corporation whose livelihood is not (currently) much affected by the infrastructure’s success.

This kind of marketing is only destined to backfire. To the buying public, “cloud” will become synonymous with web based applications. Maybe it will even become synonymous with redundancy, I’d kinda like that. In the end however I believe it will end up meaning nothing. Fine by me, I just hope no one buys into all the malarkey in the meantime.

Moving Day

by Jason on

Moving this over from and hope to create a bit more here.

Firefox and username vulnerability followup

by Jason on

Due to the inherent ambiguities in form-based logins, there’s an unavoidable tradeoff here between making the password manager work on lots of sites, and having it match the behavior of the old FF2 password manager (which checked field names). We’ve chosen to go with better functionality in the new password manager.

This is kinda funny actually. The vast majority of sites field names for username and password do not change, or only change when there is a redesign. This thought process assumes that sites might constantly switch field names or form names or other basic tag attributes to confuse just who now?

Love Firefox but this decision (RESOLVED WONTFIX) irks me. Now I’ll have to turn autocomplete off on any plain text field followed by a password type field just to cater to Firefox’s overzealous credential remembering scheme.

Need to file a new feature request: Please let FF3 alert me when it’s using stored credentials (infobar type thing maybe) because maybe the user can’t see the field that’s now submitting my username and password to the world.

On another note, this seems like an easy way to gain login credentials of people using sites that allow for code import / widget creation, ugh.

Worst Firefox feature implementation ever?

by Jason on

A word to the wise: don’t allow Firefox to store your usernames and passwords. This “feature” is incredibly ill conceived and can result in your username and password for various sites being exposed. Frankly unless you’re careful, it will result in this depending on the sites you use.

We’ve been struggling with this on one of our sites for some time, believing (incorrectly) that our code was defaulting the username and password into certain incorrect fields. After doing a thorough review we learned that the behavior was only happening to Firefox users (3.0+ specifically for us, but had no 2.0 users to validate against). Turns out their implementation of cached usernames and passwords is craptastic at best, negligent at worst. Firefox “remembers” your username and password and then attempts to store it into every page that has a “password” type input field that is preceeded by a plain “text” type input field. This means that if a website you visit happens to have multiple fields (for whatever reason) that are of the type “password” Firefox will store your password in it and your username in the field before it (if you are allowing usernames and passwords to be remembered by firefox.)

Here’s a bug report over at bugzilla:

This bug has been around awhile, but for us only recently reared it’s ugly head.

Why this sucks in the real world: One of our products has an Account Number field that we use to allow the user to store some information that they might want to shield from prying eyes / neighbors. As such it’s of the type “password”. This field is not required and exists on a secondary html element “tab”. Firefox’s stored password “feature” could have caused serious exposure of people’s usernames and passwords had we not been alerted to it and advised users of what was going on. Now we’re faced with a dilemma, code to “blank out” these fields when it’s indeed empty and Firefox has stored info in it, use “autocomplete=off” attribute on those fields (even though it’s super handy to auto complete those fields in other browsers), or switch to plain text fields.

We love Firefox, so much so that we push it on our users at every turn to help them be more productive and, most importantly, more secure. This terrible implementation is a perfect example of how developers can overlook a simple feature while implementing better security and leave their users completely exposed.

Remember though, for whatever it’s flaws, it’s still quite great compared to IE.

Just Read: "Best Kept Secrets of Peer Code Review"

by Jason on

One of our business partners picked up this book at the door64 tech fair in Austin recently and tossed it off to me.

I wanted to mention that I thoroughly enjoyed the book. An easy read (I started and finished it while watching some TV Monday night), the main focus is on lightweight code reviews. For those of us in small development shops it can be hard to justify to management why time on code reviews (personal or peer based) needs to be spent and how it directly saves money for the business. When it comes to books on peer code review there just aren’t that many so I was psyched when this dropped in my lap but a little hesitant as it looked to be basically adware. Luckily I proven wrong.

I’d recommend this short primer to anyone who is struggling with the “code -> test -> deploy” process practiced at a lot of development shops or wants to justify to management the need for peer (or personal) code reviews. When dealing with management it’s often difficult to justify why programmers want to follow process X or process Y and this book is lightweight enough to pass onto any layman.

Above all the best section in this book, for me, deals with how to conduct a personal code review. In a smaller development shop you may be the only one to work on a single product or in a particular language or focus. (For instance in many past ventures I have been the only developer for various products.) This can be a severe disadvantage at times, for while the lone developer has almost complete leeway, they do not always know “is this right” or even “is this going to work.” When coding solo, my process was to to code, personally test, send to testing peeps (if available), patch if necessary and publish. This has sucked beyond all measure at times due to bugs getting to customers and past testing. Occasionally you just need someone to give you a push in the right direction and in my case this book shoved me towards individual checklists to run through when reviewing your own code as well as helping establish the proper amount of time to set aside to do a thorough personal review. While that may sound minor, sometimes even the most minor thing can help push you in a better direction. If formalizing the personal review process helps you catch even 10% more bugs that would be customer facing, then this book was a worthwhile read. Beyond that, keeping a checklist of personal common mistakes and ensuring that you aren’t continually making them will make you a better programmer.

A few caveats: the book isn’t a “how to conduct peer code reviews” however it does arm you with enough knowledge that you can track down the process that would work for your team. They also promote their review software “Code Collaborator” a lot, however that’s ok, everyone has to make a living.

The only drawback (unless you’re one of those that hate advertising in any degree) is that this book is a bit too lightweight. I hope that at some point Cohen expands on the concept with a lot more details, in depth case studies, real world examples and general content. At that point I would probably take this from the “personal reading” stack and shuffle it over to required reading.

Update: Click the image above to order from Amazon or click here to get a free copy from SmartBear

Fearmongering and FUD about Adobe AIR

by Jason on

Lots of people (1,2 and many others) are trumpeting the idea that Adobe AIR is somehow not secure when compared to other deployable applications. I think it’s time we laid this one to rest. Adobe has done absolutely nothing to assure end users and in fact, by their ridiculous “badge” installer warnings, they have made this worse.

Nothing that you download and install on your computer can be considered “Secure”. If a user installs a program they are providing a level of trust to that application. If anything, Adobe is providing a level of warning above and beyond that of a typical .Net or java executeable. (At least it’s a requirement that AIR applications be signed to be deployable).

Lets compare a .NET executable on your system vs an Adobe AIR executable (windows used as an example).

.Net (VB / C# etc)

  • Warnings on “security” within the installer – Little to none depending on installer used
  • Must use a certificate – No (Of course it can and should)
  • Has Registry access – Yes
  • Can silently install other applications – Yes
  • Can silently install BHOs and malicious software – Yes
  • Can add itself to startup – Yes
  • Can monitor network activity – Yes
  • Can sniff network activity – Yes
  • Can affect device drivers – Yes
  • Has complete system access – Yes (If running from an Admin user)
Adobe AIR

  • Warnings on “security” within the installer – Ridiculous over the top warnings are the norm
  • Must use a certificate – Yes (Self Signed certs are avail, but will display as “Unknown” publisher)
  • Has Registry access – No (Not without significant hacks like the Java bridge)
  • Can silently install other applications – No (It can’t even install other AIR apps w/o user interaction)
  • Can silently install BHOs and malicious software – No (AIR in theory could deploy into a directory but could not load into the reg)
  • Can add itself to startup – Yes (However, startup appears in user’s “Startup” Program Files menu)
  • Can monitor network activity – Yes (included class only monitors whether connection is present or not)
  • Can sniff network activity – No
  • Can affect device drivers – No
  • Has complete system access – No (However like almost all executeables it has access to the same areas of the filesystem that the “run as” user has)
RIA platforms are no more “dangerous” than any other platform. In fact Adobe has gone above and beyond (in my opinion hampering creativity and developer happiness) to ensure that AIR applications are at least crippled when it comes to their ability to deploy malicious payloads.

I do believe AIR could be used as a bit of a trojan to deliver malicious exe’s that are bundled in the AIR installer file. That said, that’s hardly a “security” flaw w/ AIR as that same “flaw” is built into the nature of software packaging.

Fear… Uncertaintainty… Doubt, thy name is Adobe AIR.

For no particular reason . . .

by Jason on

I haven’t blogged for over a year… Of course it was blogger’s fault and not my lack of inspiration. So on to wordpress and perhaps we’ll see some posts soon.