• Commentary,  Security

    Why Unicode Won’t Work

    The SlashDot article on Spoofing with Unicode linked to this provocative essay about the inherent flaws in Unicode, especially in terms of supporting Asian languages. There’s some good background info there as well.

    Buy me a Coffee! If you find this post or this site interesting, and would like to see more, buy me a coffee. While I may actually buy coffee, I’ll probably buy books to review.

  • Security

    Spoofing URLs with Unicode

    Over at SlashDot there’s a discussion about an article in Scientific American describing

    how a pair of students at the Technion-Israel Institute of Technology registered “microsoft.com” with Verisign, using the Russian Cyrillic letters “c” and “o”. Even though it is a completely different domain, the two display identically (the article uses the term ‘homograph’).

    Because the letters look very similar, a user will blithely click on a “spoofed” URL, and instead of going to the “safe” site they expect, experience any number of Nasty Things.

  • Software

    Radio is Complicated

    I’m beginning to get the hang of Radio, I think. I wanted to move my IT blog to Radio from BloggerPro, not because I don’t like Blogger (I do like it, very much, and am still using Blogger for my Digital Medievalist blog), but because Radio has some intriguing features.

    The Categories option in Radio in particular appealed to me. It strikes me as useful for readers interested in reading about a particular subject, or find resources they knew they read about at some point.

    I’ve found the help written by other users to be invaluable, since there’s no help, or decent documentation from Userland, the Radio developer. I’ve used user help in tandem with the Radio documentation, but I’ve especially appreciated the helpful tutorials written by Jenny, the Shifted Librarian. Her Radio tutorials are here. The UserLand documentation, and invisible (or rather, hostile) user support are pretty awful, so I’ve been grateful for other users’ help.

  • Software

    Moving from Blogger to Radio

    Thanks to Lawrence Lee, Robert Occhialini and Aaron Cope, there are instructions and a script to download and run that allows you to import xml formatted blog entries from Movable Type and Blogger into Radio. You can read all about it here.

    I had to import the xml file three times before the imported entries worked correctly, and even then there were some problems, but I think they are resolvable. It’s very very important that your system data and time, and the time and date setting in Blgger (or BloggerPro) are exactly as described MMDDYYYYHHMMSS. In my case that meant changing my Mac to use leading zeros. When I tried to import the xml file without the leading zeros setting, the dates were bizarre, ranging from 1904, to 2052.

    Then, after getting the imported entries dates to display properly, and after telling Radio to republish the entire site, some of the past entries didn’t show from the public Home page; users got an error.

    I was able to get most of the past entries to display by hand editing and republishing them—I wanted to use Radio’s Categories anyway, so I didn’t mind. But some entries are still not displaying properly. By now, I know it’s too much to hope for support directly from Userland.

  • Commentary,  Productivity,  Software,  Writing

    Commenting Code

    There’s an interesting thread on SlashDot about when and how to comment code.

    Lots of programmers seem to think that comments are a waste of time, but when I interview a programmer I always ask about how and when the programmer comments. I’ve been known to ask a programmer to walk through commented code, explaining what it does. If you really know what you’re doing, and your code, you should be able to explain it to someone who knows the basic concepts of programming and understands the task at hand.

    I think comments are important, not only for future maintainers, but as a help to the coder who writes them. You will forget what you meant a particularly brilliant bit of code to do when you come back to it six months later, or even the next morning after an all nighter. Comments will help you remember. Make them descriptive, and specific, and you’ll find that thinking about what the code does will often help you stream line as you discover flaws in your “narrative strategy.”

    Yeah, I know, code doesn’t have a narrative strategy, but are you sure? Think about it. There’s an order in which steps must happen, a process, with a defined beginning, middle and end. Use comments to gloss the process. User short descriptive variable names, not, please, Polish variable names, as one programmer I worked with did, unless of course, you’re coding in Poland. I’m not a programmer, but I’ve looked at a lot of code, and worked in a few scripting languages. I usually write some comments first, outlining the basic parts of the routine, to help me organize my thoughts. I learned that from the person who taught me to use my first scripting language, and it does help.

  • Culture and Society

    The Smart Way to Create Standards

    I’ve been working, off and on, in between writing about the Mabinogi, on some pieces about standards. This morning I saw one of the smartest things I’ve ever read about working with a group, on standards or, frankly, just about any collaborative project.

    Dave Winer writes:

    Idea #1 — Yield to others

    First, everyone involved, hopefully not too many people, must agree to the following statement.

    If possible I’m going to do it the way you want to do it.p/>Look at how the words I and you are juxtaposed.

    This is the inverse of how most mail list workgroups work, where people fight and dig in on having it their way. Instead of adopting the me-first approach, I’ll adopt the you-first approach. This is how you reach closure quickly and get the best ideas into the spec, and cull out the weak ones.

    This makes a lot of sense to me. I’m definitely going to remember it. It’s generally the way I work (compromise is one of my best things) but I think a deliberate effort from everyone is an even better idea.

    Now go read the whole thing. And yeah, I know, it would be nice if people practiced what they preached, but they don’t. That doesn’t mean you and I can’t though.

  • Apple,  Commentary,  Hardware

    Apple’s X-Serve

    Today Apple announced their new high end industrial strength priced to sell (starting at $2999) X-Serve rack-mounted servers (I’m going to call them Rack Macs). For you hardware fanatics, the specs are here, but you’ve got lots of storage, and space to grow. Plus, the hardware is designed so you can use it headless, with built in security features, including locks, and status lights, and remote monitoring (including the necessary software).

    But as nifty (see what they are saying at SlashDot) as these boxes are, I’m more excited about the software.

    X-Serve boxes come with OS X server 10.x, so that means they’re Unix with a super GUI as well as command line access and SSH2, IP filtering, firewall, DHCP, LDAP, NetInfo. They have multi-platform support for file services and the usual FTP. But OS X is Unix, so you also have Apache, Mail (SMTP, POP, IMAP), WebDAV, SSL, PHP, MySQL, JavaServer Pages, Java Servlets, Perl, Mac CGI, and all the usual Unix and high end server stuff, as well as Apple’s own Web Objects deployment, and QuickTime Streaming server.

    This strikes me as a great server for Higher Ed users and developers, either as a web server or a streaming server. But looking at what it ships with, and keeping in mind Apple’s support for standards like CUPS, the Common Unix Printing System WebDav and Web Services, to the point that XML as a core service even via QuickTime XML import and XML event-based parsing and Apple Script XML-RPC and SOAP requests, not to mention Carbon instructions for making an XML-RPC call, I can’t help but think this is a great deployment platform for instructional support. I’m especially intrigued by the possibilities of WebObjects, with open source technologies, and of course, blogging.

  • Apple,  Commentary

    Copy Protected CDs not Supported by Apple

    Remember the Celine Dion CD that not only wouldn’t play on a Mac, but wouldn’t eject and could even damage your Mac? Well there are others, and Apple has published a Knowledge Base article about the problem.

    The gist is that these CDs are known not to work:

    • Shakira: “Laundry Service”


    • Jennifer Lopez: “J To Tha L-O!”


    • Celine Dion: “A New Day Has Come”


    Apple adds “The audio discs are technically and legally not Compact Discs (CD format), and the CD logo has been removed from the disc. In the logo’s former place is the printed message:

    ‘Will not play on PC/Mac'”.

    The article offers a few suggestions about methods of ejecting the disc, but you may have to send the Mac in for repair. Apple makes it very clear that this repair is not covered by warrantees or AppleCare.

    Obviously, some people do violate copyright. However, they are in the minority, and copy protection schemes don’t work, and some damage hardware. Sony’s scheme has already been cracked—via a magic marker, or a post it note. The method is explained here as well. They have deliberately violated the CD Audio specifications by not starting the data at the specified location, and storing data where it isn’t supposed to be stored. Because such CDs do not follow the specifications co-created by Sony and Philips, Philips, like Apple, says such copy protected CDs are not Audio CDs, and will not allow their cases to display the Compact Disc logo.

  • Apple,  Commentary,  Software

    Apple’s OS X Address Book

    Dave Winer writes regarding the “Jaguar” release of the Mac OS X address book:

    There’s some concern that Apple is not allowing the chat client vendors to access the system address book. If so, this is a repeat of the Sidhu mistake. It will end badly for the developers, but it will also end badly for Apple.

    I think there’s no need to worry and that Apple wants to provide access to the revised Address Book. I notice that at the just-concluded WWDC apple had a session on Friday May 10 at 2:30 on the “Address Book Framework.” The description of the session reads:

    012 – Address Book Framework
    This session provides an overview of the Mac OS X Address Book APIs and details how to take advantage of them to handle contacts for your application. Learn how to leverage this framework within your application to save substantial development effort and time and deliver a more consistent user experience across Mac OS X.

    That sounds to me like there are just the sorts of APIs that Dave is talking about.