yowkee essential

Reading Summary

Sleep deprivation has some impact on me. I am trying to be an early riser starting last week. It’s nice to wake up early everyday, but the keep popping-up night activities didn’t do a help on the need of sleep. Coffee keeps me awake, I probably need one of this. Out of juice to write anything, here’s the stuff I am reading-on:

• Mark Pilgrim takes a hard look at the recently released Photocast of Apple iPhoto 6 — which spikes critics from the RSS community, and wondering does Apple do understand the standard?

To sum up, the “photocasting” feature centers around a single
undocumented extension element in a namespace that doesn’t need to be
declared. iPhoto 6 doesn’t understand the first thing about HTTP, the
first thing about XML, or the first thing about RSS. It ignores
features of HTTP that Netscape 4 supported in 1996, and mis-implements
features of XML that Microsoft got right in 1997. It ignores 95% of
RSS and Atom and gets most of the remaining 5% wrong.

• On the other hand, this shows a good rectification of UI improvement on disabling the annoyed MiniStore on iTunes 6.0.2 — the MiniStore is turned on by default, displaying at the bottom panel of your music library.
• Paul Graham: How To Do What You Love. I hit some bottleneck in works lately and been pondering for what I actually want to do. Definitely a must read for me.
• Charles Petzold’s talk at NYC .NET developer group: Does Visual Studio Rot the Mind?
• Code as Design: Three Essays by Jack W. Reeves

Snakes and Rubies Talk

Adrian and David have a talk about Django Framework and RubyOnRails on Dec 3rd 2005, the video and audio is available now.

I spent a good 3 hours watching and listening to the talk and both parties presented well of their web development framework. Django seem generally suitable for quick setting up of a content-rich websites and come with a awesome admin interface by default. And RubyOnRails is pretty much more towards building up a web application from scratch — where it saves you lots of hassle on initial setup of infrastructure. David has a excellent presentation with the display of stream of Ruby/Rails code.

One interesting common scenario is, both django and rails created out of the hate/tireness/bored with the messy of PHP programming experience they both went through. The argument is PHP really getting developer more tempting to hijack the html code, web flow with tons of PHP code. One would know if you are disclipline enough, you could get the application developed in a certain design with any language. But programming language has its own characteristic, with one having loose syntac and offering much freedom’s language, you get to see many ugly code. Python and Ruby are 2 examples that created with cleaner and higher abstraction syntax in mind. The other common mindset behind the two frameworks are: time is restrict, the framework is developed with the target to shorten development time as possible as it could.

Framework is kind of tool having strong opinion. If you are going to lay your hand on any framework, you have to prepare to adapt the philosophy behind it, breath and swim with it. With that I found Rails is well thought out to get developers fit and get used to the world it provided. Should start to invest more time with this RubyOnRails hype.

Symantec

Reading 2 news regarding Symantec:

1. If you use Symantec (Norton) AntiVirus, beware that it was found having buffer overflow while decomposing RAR file. A properly drafted rar file could attack your antivirus and open your machine for remote access. What’s the work around right now? Avoid it, filtering out rar files for scanning, until they have the fix.
2. Symantec wouldn’t sell or support its product LC5 (a.k.a L0phtCrack, a NT password hash cracker — well, in security point of view, it was named password auditing and recovery tool) outside of US, due to US Government export policy . It’s been years I have never heard news of security-related algorithm export regulartion of US. Wow, it ain’t disappear yet!

Weekend Tech-and-reading activities

I was so stressed out in works lately. Get some software to play around and surfing for good reading is my usual style of releasing stress — it’s just too easy to dive into the web over too many hours…

Over weekend I found some goodies for my Mac experience and some URL/text for reading:

• Mac OS X
  
  • GrApple : this theme extension made Firefox for Mac OS X looks more Mac-like, just like a Safari without brushed metal.
    
  • Firefoxy : Firefoxy is an application instructing Firefox how it should draw those graphical widgets (text input area, radio buttons, submit buttons…etc). Now my Firefox on Mac looks brilliant. Those buttons and text boxes not feeling a bit too big now.
    
  • RubyOnRails on Mac OS X : Building Ruby, Rails, LightTPD, and MySQL on Tiger by Dan Benjamin. It get all the source code and built up from scratch. Check out RailsOnOSX on rails wiki too. And Locomotive, a one-click solution to get you a Ruby On Rails development platform on Tiger, its default database binding is SQLite. But MySQL and PostgreSQL is ready too.
    
• Palm : I dig out a old Palm m505 from store room, and thinking of a good use of it. At least for light e-books reading.
  
  • Plucker : an offline website reader, used to be famous in the old days. Not sure has it catched up with the RSS reading?
    
  • Speaking of RSS reader on Palm, Quick News looks pretty good. AvantGo used to be the first choice when it come to channel subscribing, headline news reading or offline web reading. But I don’t like its server site channel subscribing kind of setting. I’d like all my RSS list and offline reading all happen just between my desktop environment and the Palm.
    
  • Of course, all the basic and fun Palm app I could recall: SilverScreen, iSilo, Palm Reader, Adobe Reader. There’s no mp3 playing capability in m505, what a waste. May be I should consider the upgrading if PDA is once again get me good life experience.
• Links
  
  • Collection of Lisp Books
    
  • CxxTest User Guide : CxxTest is a JUnit/xUnit/CppUnit like C++ Unit Test framework
    
  • A List Apart, 208, published 28/Nov/05
    
  • Mark Cuban wrote a series of posts of his story: Success & Motivation - Redux
    
  • Jeff Ooi - Screenshooter : The path of Jeff Ooi as the most prominent news blogger in Malaysia. It’s understandable that Jeff is disappointed with Malaysian blogland — where his effort didn’t inspire more bloggers as his kind, where ideally we have Internet as the alternative media — to free more thought, to get government or authorities be accountable. That isn’t what’s happening now, as some M’sian bloggers are either used to treat blogging as their opened diary, or don’t own good writing skills, or simply don’t care too much on news. But that’s why Jeff is so unique, none of others could have his consitency, coverage to achieve what he’s doing in his blog.

Well, enough. I should back to work.

Sourceforge's new user interface

Sourceforge has re-designed its user interface into a cleaner and easier navigating manner. A good move, especially on the download list of the available version to users — less choice is better.

However, on the application’s project main page, I was always confused with the green bar “Download xxx” — it doesn’t look like a link to me. There’s 4 out of 5 times when I intend to download an application from its main page, I clicked the links under “Latest News” instead of the green Download bar.

Well, I don’t know about others, probably I just need time to get used to it.

OS Programming

• OS Development Tutorials get you started on every basic aspects of OS programming: boot sector, boot processing, kernels, interrupts, memory management…etc
• 16 papers on real-time and embedded Linux

Nowadays I am getting used to trust more on server-based storage. It means I stored the emails at Gmail, have my bookmarks at delicious, post my thought on my blog, have the code at some SVN/CVS servers.

Why would I still have posted the links here? Is it because I am not organized enough? At times when I got some ideas I do simply wrote and send email to myself, and at times I surf through some good URL — I bookmarked at Firefox. That’s probably kind of die hard work habit. But I realized it’s more because I think my blog belongs to mine, but del.icio.us isn’t.

Error 404 page

I only realized I didn’t yet have a proper 404 Error page, when I saw the link the article The Perfect 404 at digg. It’s an article in A List Apart, published in January 2004 issue.

It’s thorough introduction to guide you to create the error page for your site. Why bother? Because people come to the wrong URL links at your sites/blogs mainly because:

• wrongly typed URL
• faulty referral from other websites
• out-dated links from other websites, or search engine
• moved or deleted pages (moved pages have to return with code 301 — moved permenantly)

You aren’t going to let them just leave away, are you? So it’s better to have some guide on your 404 page.

I didn’t actually following the guide, but just simply create a page to advice the visitors to:

1. Do a site search for what they original come for
2. Go to Home page
3. My English blog or Chinese blog

Think that’s good enough for this little personal website.

An Example

How Sony could notify most of its DRM CD users

Ben Edelman has an excellent idea to help Sony cleaning up its DRM mess. Sony has announced an exchange program to call for free replacement of customers’ XCP-affected CDs.

So, how could it effectively notify most of its customers, who most of them probably didn’t go online and not notified of the heat event?

When a Sony customer play his/her XCP player, it would send message to Sony’s connected.sonymusic.com — which reply a null message with a reference to nobanner.xml (http://www.sonymusic.com/access/banners/nobanner.xml). Ben’s idea is to replace this nobanner.xml with a proper notification message to show on its player — hence alerting its customers. Read the details here.

read more | digg story

How to get developers to contribute to your open source project

titus has some nice says about how to really get developers/users to your open source project. Think about the source control system you choose, think about the web page, mailing list’s accessibility. Well, sort of marketing for open source project.

read more | digg story

Encyclopedia in your PC

Now you could download the whole WikiPedia in XML format. download.wikimedia.org providing the database dump of Wikipedia for current pages, titles only and full pages to be dowloaded. How big could it be? It’s more than 14GB.

So it’s Encyclopedia in your PC if you know how to setup up mediawiki and load the dump file. Or you might want to print it out (who would want to do that?). Or if you are creative enough, there’re lots of things you could experiment with the XML files. Have fun.

diggdot.us

If you would just like to follow up with all the heat news and the buzz, especially on the technical side, just stay on Diggdot.us.

Diggdot.us is Digg, Slashdot and del.icio.us/popular/. It browse through the 3 famous web channels constantly, cycle after cycle, and shows up the news list in unified format.

Sony's DRM rootkit: The Real Story

I am following the story started here. And wishing some one would have summarized it in a way covering most critical aspects.

Well, here’s it. Bruce Schneier’s complete overview of the whole Sony rootkit saga. He sum it up well, excellent article. Go read it!

Some highlights:

Sony claimed the rootkit didn’t phone home when it did. On Nov. 4, Thomas Hesse, Sony BMG’s president of global digital business, demonstrated the company’s disdain for its customers when he said, “Most people don’t even know what a rootkit is, so why should they care about it?” in an NPR interview. Even Sony’s apology only admits that its rootkit “includes a feature that may make a user’s computer susceptible to a virus written specifically to target the software.”

This drama is also about incompetence. Sony’s latest rootkit-removal tool actually leaves a gaping vulnerability. And Sony’s rootkit — designed to stop copyright infringement — itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library’s license agreement. But even that is not the real story.

read more | digg story

Dig? gg..? Digg

Digg was formed by Kevin Rose, who was known as one of the TechTV guy in The Screen Saver. Digg is frequently taken to compare to Slashdot lately, mostly for the style of similarity. Here’s what’s digg about:

• User submitted story (geek stuff)
• User decided what to be show on home page
• Cleaner style of comments (some might not agree)
• One click post to your blog

Well, I couldn’t really describe it clearly why Digg stand out of Slashdot. Probably it’s the digg feature, the users place their vote on the article they valued or liked. It’s always the minor feature that keep the users stay with the software, you click here and there, seeing the number changed, articles floating upper.….then you are satisfied, you feel cool, and then you like it!

Further reading:

• Digg Just Might Bury Slashdot
• Digg Gets Kiss From a Rose
• Digg temporarily downed by ‘success’
• Digg Secures $2.8 Million fund
• Tagging the news you want to use
• del.icio.us/tag/digg

Why do people still use plaintext network protocols with networks

While at Supercomputing 2005 I came across a plasma screen with the sniffings of people’s passwords they are transporting over the network in cleartext! Why do people still do this?! The link leads to a realtime update of the passwords being sniffed

read more | digg story

HOWTO links

• Setup the SSH server to use keys for authenticationSetup the SSH server to use keys for authentication
  Great, so with proper public/private key-pair then I don’t have to type the password everytime.
  
• How to getting start with Ruby
  
• Personal Fedora Core 4 Installation Guide
  
• Fedora Core 4 tips and tricks
  Well, something you got to do each time you install the Fedora Core. It looks like it’s better to install the kernel-module-ntfs via rpm instead of yum, especially after upgrading the Linux kernel, then have to repeat finding the exact matched version of ntfs kernel module.
  

Microsoft AntiSpyware Beta --> Windows Defender

Last week, Anti-Malware Engineering Team at Microsoft announced that they have figured out a name Windows Defender as the the final product for their anti-malware product, that current known as Microsoft Windows AntiSpyware and released as a beta version.

On the path of this rebranding from AntiSpyware to Defender, the army of Microsoft lawyer team has done their job on clearing any legal obstacle. Adam Lyttle, a 22-year-old developer from Australia, who developed a program under same name which prevent any website changed your PC setting un-noticely, was contacted by the lawyer that his product was infringing on the Windows trademark. He signed the agreement after thought and returned. Two weeks later, he learned that the product name he was ever used, was now a official brand name of the AntiSpyware Beta.

From this article New name flap for Microsoft — but this time its legal right is clear

Lyttle received no money under the agreement, and he said in an interview Monday that he would have given the name to Microsoft just the same had he known the company wanted to use it. But he said he would have preferred the company to have been more straightforward.

and

If Lyttle had asked whether Microsoft planned to use the name, the law firm would have been obligated to refrain from deceiving him, said intellectual-property lawyer Thomas Hoffmann, a lawyer with DLA Piper Rudnick Gray Cary in Seattle. Otherwise, Microsoft and its lawyers were under no legal or ethical obligation to volunteer the information.

Well, lawyer has their way of doing thing and it’s their job to ensure the clearance of any possible legal threat anyway. From their point of view, not everyone would be so kind like Adam when it come to money. But sure that it isn’t that comfortable if you at Adam’s position — wondering if himself has fallen into any kind of set up.

A buiness lesson to learn.

AJAX

AJAX, acronym for Asynchronous JavaScript and XML, is a hot topic/technology in web development field. Ever since many web application going towards this approach (e.g. Gmail, Yahoo! Mail beta and other new application like Basecamp), it has been widely known and picked up by many web developers.

So, where did it start from? Ajax: A New Approach to Web Applications — this is the first article named the acronym AJAX for using the combination of asynchronous JavaScript and exchange of data via XMLHttpRequest doing web development. The data being exchanged in between client and server not necessary has to be in XML format, but that’s the common approach most developers practice.

Why AJAX? In layman term, the web developers wish to achieve and providing a quick response and easy-to-use desktop like environment to web interface (that’s the web browser we stared at everyday). Traditional websites or any sort of web application would fully show its page as per requested once it loaded enough data from remote web server. That could mean a untolerable waiting while network is too slow. And it also cause some problem on the case where you’d some data verification from the server side — but it’d never get done until you fill up all the required data on one page. With AJAX, in between this page and the next page (well, also mean before you click the submit button), it already sending portion of data over to the server and did the necessary query or verification —- and even better, it shows the returned data on the spot!! So and so, this is more getting closer to the desktop application experience where the users familiar with.

AJAX is sure brought to be compared with technology also trying to achieve the same effect, like Macromedia Flash. One advantage it has over Flash is, there’s nothing new — it use the plain old JavaScript and XML, developers are familiar with it and search engine friendly. Of course, this isn’t a technie to replace what Flash could provide for the multimedia side of the effect. On the bad side of AJAX, sometimes it’d bring users believe they are using some sort of real desktop application and expecting a faster response. And it might break what the Back button do or slow down its effect.

In conclusion, AJAX looks like an exciting new technology/skill worth to invest to learn. So I went over to Amazon, it showed 4 books of my search result:

• Dave Crane’s AJAX in Action
• Foundations of Ajax from Apress
• Professional Ajax
• Ajax Patterns and Best Practices

The 3rd and 4th book would only be available in 2006. So right now we are only left with AJAX in Action and Foundations of AJAX if we tend to learn things from reading book.

Note: I joined Amazon Affiliate Program, if you interested, below is the books link.

Linker on .NET issue

Joel Spolsky: Please Sir May I Have a Linker? and Jason Zander’s comments on it.

Basically I felt asking for a linker for .NET to link statically your application, is just kind of conflict fundamentally with what .NET is for. But without that option, it’s painful to ISV: you got a superb development environment/tools and you love it, however, to have the convenience it means your users suffering from the downloading (and potentially go away).

Jason said security is the real kicker. I was puzzled with that. Isn’t that Microsoft’s attitude is like: “Hey, if your application isn’t certified by us, it’s none of our issue!”. So if CLR has a bug got to be fixed and your standalone app is statically linked, would that be a concern to MS??

PDF Usability

Jakob Nielsen has a rant of PDF usability on his latest AlertBox. These are the very true problems quoted from his article:

• Linear exposition. PDF files are typically converted from documents that were intended for print, so the authors wouldn’t have followed the guidelines for Web writing. The result? A long text that takes up many screens and is unpleasant and boring to read.
  
• Jarring user experience. PDF lives in its own environment with different commands and menus. Even simple things like printing or saving documents are difficult because standard browser commands don’t work.
  
• Crashes and software problems. While not as bad as in the past, you’re still more likely to crash users’ browsers or computers if you serve them a PDF file rather than an HTML page.
  
• Breaks flow. You have to wait for the special reader to start before you can see the content. Also, PDF files often take longer time to download because they tend to be stuffed with more fluff than plain Web pages.
  
• Orphaned location. Because the PDF file is not a Web page, it doesn’t show your standard navigation bars. Typically, users can’t even find a simple way to return to your site’s homepage.
  
• Content blob. Most PDF files are immense content chunks with no internal navigation. They also lack a decent search, aside from the extremely primitive ability to jump to a text string’s next literal match. If the user’s question is answered on page 75, there’s close to zero probability that he or she will locate it.
  
• Text fits the printed page, not a computer screen. PDF layouts are often optimized for a sheet of paper, which rarely matches the size of the user’s browser window. Bye-bye smooth scrolling. Hello tiny fonts.
  

I hate to view PDF file in a browser window. It’s slow to launch the reader, the navigate bar is confusing, and it’s crash-prone. Always remember to right click on the PDF link and save it, or configure your browser to save it instead of open it with Acrobat Reader. The other annoying thing is, everytime you open a PDF file, you got to adjust the font size if you gonna view it on screen, because it’s designed for PRINTING.

If PDF files are typically converted from documents that were intended for print, why there’re still a lot of publishers use PDF for ebooks in attached CDROM? Aren’t they encourage printing of the ebooks when readers already hold the dead-tree copy? I would prefer CHM, for the indexing and search (chm format got the font issue too.

Be friendly to Googlebot

[via Simon Willison] Scribbling.net’s useful tips on:

• Help the Googlebot understand your web site
• Nine things you can do to make your web site better

This is something less known:

Webloggers: use the meta tags to help the Googlebot index only your permalinks, not your constantly changing front page. To do this, use

<meta name=”robots” content=”noindex,follow” >

on your front page and

<meta name=”robots” content=”index,follow” >

on your posts’ permanent locations.

In fact, most weblogs didn’t use frame, flash or DHTML (major blog tools don’t use these stuff by default); and most bloggers maintain meaningful title of pages and links. If you start your blog with blogging tool like MT, your blog has been friendly to Googlebot. Scribbling.net has more tips to be more understandable by Googlebot, a recommended read.

Related Google information:

• Webmaster Guidelines
• How does Google rank pages?
• Google Facts & Fiction
• Search Engine Optimizers
• Eight Search Engine ‘C’ Changes