layout hack
layout hackMain Pagelayout hack
layout hack
RSS Feed RSS Feed Main page
layout hack
layout hack
layout hackAbout Melayout hack
layout hack
Software I wrote
Resume
Friends of mine
Pictures
Musicianship
Stuff I have for sale
layout hack
layout hack
layout hackPersonal Newslayout hack
layout hack
2010:
March, April.
2009:
January, March, August.
2008:
Jan, Feb, Apr, May, July, August, September, October.
2007:
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2006:
Jan, Feb, Mar, Apr, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2005:
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2004:
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2003:
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2002:
Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2001:
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2000:
Jan, Feb, Apr, May, Jun, Jul, Aug, Oct, Nov, Dec.
1999:
Jan, Feb, Jun, Oct, Dec.
1998:
Jul, Aug, Sep, Nov.
layout hack
layout hack
layout hackGeek Stuff (computer related)layout hack
layout hack
Digital Music
Java
Why LiveWire Sucks
Why ASP Sucks (a bit)
Linux
MacOS
Unix
Oracle
Perl
Emacs
O'Reilly
layout hack
layout hack
layout hack(some of) My Interestslayout hack
layout hack
Humor
Sony Playstation
Cars
layout hack
layout hack
layout hackSearchlayout hack
layout hack

layout hack
layout hackAdslayout hack
layout hack



Valid HTML 4.01!

spacer
November 27, 2005: A plague of gremlins, pt. 2

Yesterday's techie ordeals weren't enough for you? Okay, here are some more gremlins that have attacked me lately.

My iPod decided to corrupt its hard disk a few weeks ago. Basically I plugged it in one day and iTunes said that it was hosed and needed to have the hard disk reset to its original empty state with the iTunes Updater. "What the? Bwah ha ha, silly iTunes, you don't know that I have all sorts of disk recovery tools. Bam! Um, wait... none of them help. Oh, crap."

Fortunately I'm paranoid about data loss and have used iPod.iTunes several times to back up my iPod. All of the stuff on my iPod is also on my home file server, and most importantly the metadata is backed up too. The value I've put into this metadata is worth about a week of my time; some of it consists of corrected song information (album, artist, and name) but I've also rated thousands of songs. I wasn't really sure how I was going to reload all of the albums, because even though iPod.iTunes also backs up playlists, not every song is in every playlist, and I had had problems with songs copying onto the iPod twice if I dragged them there twice. There just didn't seem to be an easy way to do this that would'nt result in partial albums (I'm very album oriented as a listener so that's bad) and many duplicate songs. Then I found iTunes Publisher which lets you dump playlist data into text files. I just dumped the album names sorted by album name from my "4-5 Star" playlist, sorted by album name, ran it through uniq, and had a list of stuff that should be on my iPod. I made a new playlist called "to be reloaded" and put all those albums into it. It took about 10 or 15 minutes to remove the ones that were already on the iPod (added by me shortly after the iPod barfed), select and drag them all but it was pretty easy. I dragged the playlist onto the iPod and it took about and hour and a half to copy. Bingo! After all that copying the iPod was pretty warm; I guess in normal use it loads the songs into memory and spins down the hard disk. But now it appears to be all restored and happy.

Following my cable problem yesterday, I found out that some applications like to hang when they depend on your hostname or IP address being constant. I had noticed this with Excel and I couldn't figure out what was doing it; whenever I unplugged my laptop and went wireless, launching Excel or opening a document caused an immediate freeze in that application. Rebooting fixed it. Yesterday it happened again, so I decided to try lsof | grep Excel and it showed that some printer stuff seemed to be open, with my wired hostname in the path. I ran Printer Setup Manager and that hung too. Later I tried to start Logic Express but it hung too. Rebooting fixed that but I rebooting is for losers. Oh well. I haven't fixed this problem yet but since I won't own a cable long enough to plug my laptop into my Ethernet hub until Wednesday or so, I won't really have to solve it for a while.

I've also noticed that my Linksys WRT54G base station enjoys dropping the connection for no apparent reason. I've used MacStumbler to see if there are any other people on my channel, and I switched around a few times just in case there's a 2.4GHz cordless phone screwing things up, but apparently lots of people have this problem. I don't feel like trying out anybody else's firmware right now but I may try that later. It's really not cool that my laptop, which is about 8 feet from the base station with only air in between them, tells MacStumbler that the signal strength is only about 45-50 out of 100. Just out of curiosity I held my laptop's lid (which is where the wireless antennae are) directly against the base station's antenna and it said signal strength was 70%. Lame. Maybe it's time to toss this thing and buy a D-Link or Netgear replacement? By the way, this is not a new problem; this has happened all along but only recently have I been using wireless continuously so I used to just think that it was the distance or somebody's microwave oven or something. Now I'm pretty sure that there's no excuse for this problem. I'd blame a phone or microwave but the dropouts tend to last about five seconds, and for some reason my laptop configuration doesn't include automatic reconnection (so it stays disconnected until I pick my network explicitly).

It's kind of annoying that Linksys has kept the product name exactly the same while just changing the model number, without telling you how to identify the model number. Well, OK, they say to look for the label on the bottom. Mine has no label. What model is that? DSLReports tells me that my serial number means it's model 1. Why couldn't Linksys tell me that? If I were less cautious I could very easily install incompatible firmware and ruin the thing. Thanks!

Finally, Pine on Debian complains about directory permissions: "Folder vulnerable - directory /var/spool/mail/ must have 1777 protection". This is because the Pine people disagree with the Debian people on how to access a mail spool. The Debian people don't care because Pine isn't actually open source, so you have to go out of your way to install it anyway. The workaround is cd /var; chmod o+wt mail. That makes Pine shut up and it doesn't let users delete, read, or modify each other's mail spools unless their permissions were already screwed up at a per-file permissions level.

Back in the days of CGI, there was the WWW Security FAQ which, among other things, told you not to put your cgi-bin directory under the htdocs directory, so that if something went wrong with your web server configuration, the CGIs would become unavailable instead of being readable like plain old text files. That matters because quite often, file paths and email addresses and hostnames and passwords are embedded in the source code, and you don't want people to see that. The advent of ASP and PHP caused people to forget about this, because you're encouraged to mix in your PHP pages with your other content. You can still just include the passwords from a different directory that's outside of the document root, or in the clever case of Cold Fusion, you configure the database stuff in an admin tool and refer to a database by a name that has nothing to do with the hostname or database username or password. System administrators and web developers both have to understand this stuff. Vendors are generally doing the right things to encourage people to do things sanely, such as setting default directory layouts safely and including security practices in their documentation. But that seems to have been forgotten by people jumping on the Ruby on Rails bandwagon. Lookie: production database passwords in cleartext under the document root. Brilliant! Meet the new boss, same as the old boss.


November 27, 2005: A plague of gremlins

Over the last few months I've had some computer problems and plain old computer maintenance todos, and I've been putting them off because I've had many better things to do on my master todo list. Now that I'm more or less stuck at home with a broken ankle and a cold, I've been attacking them one by one.

The big project has been migrating everything off of my old Linux box (a Pentium III 500Mhz desktop PC I bought for $100 five years ago, running a very patched installation of Red Hat Linux 7.3) and onto the Linux box I bought and built last summer (an Athlon64 3500+ desktop PC running Debian GNU/Linux "etch"). The main motivations are performance (due to much better hardware and software) and maintainability. Debian's package management system is nothing short of awesome. The reason it works so well is that there's a carefully managed central repository of free packages on the internet, so that you can just say "apt-get install firefox" and it figures out everything that package needs and installs it first for you. RPM could do this but in the Red Hat 7.x and 8.x days there were competing Linux vendors whose RPM package names and versions weren't in sync, so when Red Hat decided to stop making packages for Red Hat 7.3 users and told you to upgrade to 8.0, that was your only choice. You couldn't install newer packages from somebody else's distribution of Linux just because they also used RPM. Given that everybody said that Red Hat Linux 8.0 was a buggy mess, I held off, and basically got left behind. The upgrade path was essentially to reinstall, or upgrade if you dare (which I didn't). Debian and apt-get are a lot more gradual and continuous and I really like how careful it is about not trashing your local customizations and configuration tweaks.

Even with that, there are some hurdles. I decided to get all fancy with my disk layout for recoverability reasons, and that has made what would otherwise be automatic into something of an ordeal. Periodically, a new Linux kernel comes out and new packages are compiled to depend on the new kernel version, usually because of a bug fix. That ordinarily would mean that the kernel package that Debian gives you will make all the changes to install the new kernel, and you just reboot and say "yay!". For my setup that won't work. I have two 80GB hard disks mirrored so that a hardware failure of one of them won't kill my server. That requires a little bit of tweaking to a config file, but that's not the troublesome bit. The troublesome bit is that I'm using the Logical Volume Manager which lets you resize partitions on the fly, which I've never done because I'm a coward, er, I mean I'm conservative when it comes to system administration. But, the standard Debian kernel package can't boot a system that has the root partition on an LVM volume, so I have to do kernel updates and then do a couple of extra steps after that.

For about a year now I've been stuck on an old kernel release because I didn't have those extra steps right. I tried to update the kernel, rebooted, and got a kernel panic (which is the name for the OS going Tango Uniform under Linux). So after a few hours of googling, hacking, and failing to fix it, I gave up. Recently (due to my newfound reduced mobility) I decided to attack it again and succeeded. I've already forgotten what the issue was but I took notes this time so it shouldn't be a problem anymore. Oh yeah, my notes say that I was invoking mkinitrd wrong and including the old kernel's modules. Duh. Now that I understand how it all works it seems stupid but there are so many reasons why a kernel might not want to boot that there are just hundreds and hundreds of mailing list threads and help pages that have absolutely nothing to do with my problem. But, I finally figured it out. Now I've updated that server to the latest 'testing' release of Debian, along with all the packages I had installed. I also cleaned out a bunch of little things I had installed on my first gleeful pass through the massive Debian package list, which I've never used and which take up space and make upgrades take longer. 'Testing' sounds scary but the Debian folks are pretty conservative about what they call 'stable'. 'Stable' means it's rock solid and isn't going to be updated except in case of critical fixes. No cool new features for you. So, I'm on 'testing' and it's fine.

I moved over file server duties to the new server last year and it's great at that. It's crazy fast, partly because of the screaming fast Athlon64 CPU and partly because of the insanely fast ReiserFS filesystem. I just moved e-mail service over last week. I'm still using Postfix (coulda used Exim but I already have Postfix configuration figured out; they seem to both be very good). I switched from AMaViS to amavisd-new which is supposedly faster. It was supposed to have built-in integration with SpamAssassin but even though I followed the docs and put it in debug mode and saw SpamAssassin loading, it never actually scanned or marked my messages, so I punted and just kept my old configuration files that called /usr/bin/spamassassin from .procmailrc and changed that to use spamc and set up the spamd daemon. It all works now. I also switched from H+BEDV AntiVir PersonalEdition Classic (which costs $0 but is closed source and requires re-registration every year in order to keep getting virus updates) to ClamAV. Finally, to top it all off I replaced the awful UW-IMAP (which came with Red Hat 7.3) with Dovecot which is really nice. I didn't have to change a thing on the configuration side; I just copied over all the huge ugly mbox-format mail files, put them in ~/mail, and Dovecot found them and indexed them. Now, clicking around in a giant bloated mail folder is super fast. At some point I'll switch over to maildir format, but right now there's no problem to be solved by doing that so I'm just going to leave it alone.

Doing all of this was really pretty straightforward, once I had done battle with mkinitrd and finally resolved that kernel panic problem. That took about a day, maybe more, and the rest of the updates and mail changes probably took another day and a half or so. That's a long time, but now my mail is lightning fast, both to read and in terms of latency between somebody out there sending it and the virus and spam scanning lag.

Emboldened by this, and interested in new programming languages such as Python or Ruby which have real OO features but aren't as bogged down by BigCo bullshit as Ho Hum Java which is mainly what I've been doing professionally for the past ten years, with some exceptions. Neither Ruby nor Python was originally designed to have a GUI all the time, so naturally it's a total pain in the butt to take an otherwise perfectly simple cross platform program and put a GUI on it that works on several platforms. GUIs are designed and owned by the OS vendors, after which some folks try to put a layer of abstraction over them that makes it possible to program once and run everywhere. Some of these, such as wxWidgets, Qt, and FOX just try to give you a GUI layer that you can program to that will then hook into the OS's native GUI when you run your program on various different computers. Others such as Java (possibly with SWT, possibly not), the Mozilla project's XULRunner, and Mono try to provide an entire portable application environment that insulates you from the operating system your application happens to be running on. Most of the portable GUI frameworks are written in C++, so to get to them from another language you need that language's runtime, plus the GUI framework, plus an adapter from that language to the GUI framework's C++ API. Worse, you may need to run your application under X11 if you want it to work on the Mac, which means that the look and feel including fonts and mouse and keyboard behavior is completely different from any other Mac app. This is true for TK, Mono and FOX, but not for XULRunner, wxWidgets, or Java. XULRunner and Java force you to use a specific programming language, whereas wxWidgets doesn't. For some bizarre reason, the wxWidgets people would prefer that you compile wxWidgets yourself instead of just downloading a binary, because that way it's tremendously more complicated and requires that you install all sorts of horrible C++ developer tools first and troubleshoot the compilation process. Yay! They can't deliver it as a .pkg file because...?

Enter Fink. Fink is a project that tries to duplicate the Debian apt-get magic for Mac OS X. It fails utterly because the community is so small that you can't just assume that a working, current version of any given software will be in the great repository in the sky. It also fails because apparently they don't care about making upgrades from one Fink version to another work well, and the mirror servers don't actually have the software you need to get yourself from one version to another. I figured this out yesterday which was my Fink Hell Day. I had an old version of Fink from Mac OS X 10.3 ("Panther") which I had installed in order to get MySQL working since that's the database we're using at work. Hey, that wasn't my decision; I hate MySQL because of all of its gotchas, especially this one which means that unless you're very careful and annoy the hell out of your sysadmin asking if it's really and truly built and configured right, you'll experience mysterious data loss because MySQL on MyISAM doesn't do that ACID compliant stuff that keeps a database from screwing up your data as soon as your application scales to two simultaneous users.

Anyway, Fink was angry because I went and upgraded to Mac OS X 10.4 and had never gotten around to updating Fink and all of the packages that it installs that were compiled to work with 10.3. Fair enough, 'sudo fink selfupdate' is designed to fix this. Except it didn't work. hack, try, google for hints, blah blah blah. Utter failure, lots of obscure error messages about bzip2 not being able to clear its lock file when compiling from source (even though I told Fink never to compile from source if it has a binary package, which it should since bzip2 is considered a core part of Fink and Fink runs on 10.4). I finally figured out that Fink needs some stuff from the Developer Tools for Mac OS X which are called XCode. I downloaded this 833MB behemoth disk image and tried to install the relevant parts of it but that didn't work so I ended up installing the whole damn thing, which I guess wasn't all of 833MB of compressed files landing on my hard disk because it was upgrading the 10.3 version of XCode. Still no dice. I got pissed off at this point and tried to reinstall Fink, which then scolded me for not just using 'sudo fink selfupdate' which was the only supported way to do an upgrade. Gee thanks guys, except your supported method doesn't work, and I haven't changed my Fink configuration since I installed it except to update it with 'sudo fink selfupdate' a few times. I ended up moving my /sw directory (which is where Fink puts everything) out of the way and starting over with a fresh install. That finally worked. As far as I can tell, the mirror servers that have all the Fink software have changed, and the old mirror servers are still online but haven't got the Fink stuff for 10.4, so you just can't upgrade no matter what. I suspect that I'm doing something wrong that some tiny tweak to a little config file somewhere might fix, but really, is that my job? Why doesn't 'fink selfupdate' fix that? Why are the files missing from the mirror servers? Screw this, I have better things to do. So I just reinstalled.

After all that work, which basically took half of the day yesterday, FOX and wxWidgets won't install. I've tried to figure out how to get Fink to notice that they are there but they're in an "unstable" distribution which I can't figure out how to enable. I updated FinkCommander and told it to use unstable packages but it doesn't know of any 'fox1' or 'wxmac'. I could probably beat this problem to death but I'm just sick of all this right now and I have very little faith that the darn thing will work if I ever do get it downloaded. I may end up just sticking with Java for cross platform GUI apps simply because it actually works at all, whereas FOX and wxWidgets via Fink are a royal pain to get going for a developer and would probably be out of the question for a mere mortal to install.

I hate computers so much. It's probably because people are so willing to pick a home team and then build giant walls of incompatibility and switching costs between them. It's still damn hard to write a program that will run on Windows, Mac, and Linux without either needing hundreds of megabytes of scaffolding, or needing lots and lots of customization for each platform, or both, and it still ends up having a crappy UI on at least one platform because of least-common-denominator issues. There are so many languages and GUI frameworks and OSs and they're all broken in some huge way that people can't seem to get around to fixing, because they're all busy starting over with something new that's almost completely useless because it's so new that it hardly does anything right yet. The solution to 'siloed' technologies is not to build yet another silo...

Standards are an excellent thing, but we still lack a decent cross platform GUI API standard. X11 blows, and really it's just a siloed standard that happens to be able to run within other GUIs. The world is starting to figure out that maybe Unix was pretty cool, and TCP/IP is pretty cool, and text files are a pretty good way of storing configuration. We're still struggling to get a damn window on the screen.

Maybe I'll just write stuff in Java for a while longer. :)

So, I got really sick of fiddling with low level computer nerd stuff and decided to write some music and do my homework for piano class and Music of the World's Peoples. Huh? Why is my network connection not working? No email (oh no! I broke it after all!), no IM, no ping... OK wait. The cable is plugged in and the happy green light is on in the hub, but I'm not getting a DHCP lease. The server is sending the lease, but my laptop isn't getting it. Aha. The old, very worn 50 foot Ethernet cable I've been using finally died. It's been giving me trouble lately; every time I unplug my laptop and go roaming, plugging it in takes some wiggling and jiggling before it's happy. Well, now it's dead. It's working well enough to confuse the happy green light but not well enough to carry network traffic. Into the trash it goes because it's too worn all along the length of it to just snip the ends off and put new plugs on it (which is usually a pretty good way to save money on Ethernet cables that die, BTW). There are all sorts of scary places where the blue outer insulator is split open and the wires inside are exposed, and even those are worn to the point of having exposed copper. Okay, so this maybe shoulda been replaced earlier, but if it ain't broke don't fix it, y'know? It sure is broken now.

Luckily I have a laptop with built in wireless networking so I can fall back on that, even though I don't want to because WEP security sucks so much. Some folks say it's better now but so are the attacks. Now WEP is crackable in some cases within a couple of minutes, or even with just one captured encrypted packet using a dictionary attack (if your password is simple enough). Bad. Some folks have tried a bit of "defense in depth" but usually they do something that is also pretty dumb. WEP is bad and should be avoided and you can't fix it by tacking on other ineffective security measures. Any script kiddie who has the easily-available tools to crack WEP at all will be able to overcome all of these things.

Fortunately, the wireless LAN vendors have replaced WEP with WPA which is much much better. WPA essentially fixes all of the individual weaknesses in WEP without requiring you to buy new hardware. You can just download a firmware update for your wireless base station, update your OS so that it supports WPA, and use 'WPA Personal' security. Now you're as secure as you thought you were gonna be under WEP in the first place, which is to say that you now need to choose a good password. WPA2 is even better, though experts say WPA is still very good; you'll need a more recent device to support WPA2, but you might have one already. I did; my 802.11g device had WPA2 support built in. I was just ignorant and assumed that it was a lost cause and that I'd have to use all sorts of yucky VPN and SSH tunneling stuff which I have used with varying diligence. It's not a lost cause. Just switch from WEP to WPA (or WPA2) and pick a suitably long and random password. I found compatibility articles for Windows here and MacOS X here. You've probably already got gear that supports this; just turn it on. I wish I had noticed WPA a couple of years ago when it actually became possible for me to use it. Oh well. At least this worked for me immediately. Now I can wait patiently for my new Ethernet cable to arrive instead of hobbling out to the computer store (or sending Kim) in a rush for fear of using WEP and being hacked.


November 24, 2005

Happy Thanksgiving. Try to focus on the giving thanks part and not the historical part because the historical part is only charming from one side.

In my Music of the World's Peoples class a few weeks ago, around Columbus day, the professor performed along with two students and two college professors who are also musicians (one who also teaches at SFSU and one who teaches elsewhere). They discussed relevant ethnomusicological topics, as you might expect. What really stood out was some of the comments they made about the history of the upcoming holidays. John-Carlos Perea pointed out that for Native Americans, the period between Columbus Day and Thanksgiving isn't a period of celebration at all. Columbus Day is for them a celebration by genocidal invaders of the beginning of their conquest and eventual near eradication of an entire race of people. Thanksgiving for them is a celebration of backstabbing, in that they helped us survive and we didn't exactly repay their kindness. Royal Hartigan used the term "colonial holocaust" several times, which struck me as sensationalist at first, but given the numbers and persistence with which the natives of this continent were exterminated, maybe it's not. If Hitler had succeeded in wiping Jews off the face of the earth entirely, would much thought be given to it 350 years later?

That was a long time ago and I don't accept personal responsibility for actions that happened so long ago any more than I accept the concept of original sin. "We" isn't even the right word, because no one alive had anything to do with that. And yet, that suggests that maybe there's a statute of limitations on consequences for atrocities. Is it at death? Do you get away with anything just because it wasn't you, but rather your grandfather who did it? Nor am I advocating a cycle of retribution; that's the opposite extreme which is even worse. How far do you go in correcting false histories and prejudices? Are there financial reparations? It's not an easy question to answer but it's worth pondering.


fiid: I sprained my ankle really badly a few years ago in australia
fiid: they called it a "drunk and fall over"

After about, um, five or six years of 3G wireless hype, you can actually buy Verizon wireless broadband. I don't happen to need it, and at that price ($60/mo plus a PCMCIA card that my laptop has no slot for) it's not interesting enough to do just for random airport use, but maybe in another five or six years this will be a relatively cheap option available on phones that cost less than a lease payment on a Benz. It'd be nice to just add $10-$20/mo to my phone bill (which is what pokey wireless web access costs now from Sprint) in exchange for placing my future Bluetooth (or whatever) phone next to my laptop and surfing at DSL-like speeds. They'll probably screw around for a few years trying to be a movie studio or a cable TV network instead of a phone company but I hope that eventually they'll just calm down and sell the stupid communications services that people wanted from them in the first place. Or maybe they'll just have animated DRM protected ringtones and get blindsided by terrestrial broadband + WiMax. Who knows.

Fiid mentions Google Video and the "It Just Works" concept. I think he forgets that for quite a while, there was no "it just works" technology out there. (Or perhaps he's advocating the idea of just hiding complexity from the user even if it's really hard, which I totally agree with.) We had to pick our target browser and JavaScript + cookies + plugins level, or maybe two or three, and code everything three times. Only recently has stuff started working cross platform, mostly because Firefox doesn't suck as much as Netscape 4.x and early Mozilla versions did, and there are common technologies that work on Firefox and IE virtually untouched. Also, Google has an ad-based business model, which most proponents of DRM can't really fall back on. So the nonsense of putting a rootkit on your customer's system to keep them from seeing or uninstalling your DRM crap on their own computer makes sense in some crazy way when the goal is to keep people from seeing something unless they paid for it. Google doesn't care. When you look at Google, you don't have to pay.

It's interesting also that Google chose to use Flash for Google Video. MPEG "just works" too, as does MP3, and downloadable installers. In fact, Flash video is probably less widely accepted than plain old MPEG. I'm not really sure why they chose to use it, unless maybe they figured that the 99% (or whatever) of people who do have Flash would have a uniform experience vs. MPEG which would result in an unpredictable end user experience. Maybe "it just works" isn't specific enough; they implemented "it just works exactly the same way for everybody" which is much harder to pull off. Also, Google Video didn't Just Work for Macs initially; they had to do an update.

Really, though, Google's business model is a straight dot-com rehash: ad banners + investor money = giving stuff that costs money away for free to millions of users. Yeah, they sell the search appliances but I've never seen one in a data center (and I was just in a big one a couple of weeks ago) nor heard of one being used by anybody, so I assume they aren't selling well. They're not literally sending people cash in exchange for viewing ads, but they are giving stuff away for free in exchange for ads. Do they really have that much revenue from ads, and is that sustainable or are advertisers getting fed up with poor results? Massive influxes of cash through the back door can mask all sorts of shenanigans happening to the bottom line.

I'm particularly interested in the increasing value being placed into totally free audio and video podcasts. People who used to work in radio and TV are now joining the early adopter nerds. They're all buying brand new prosumer AV equipment (think $250 instead of $25,000 for a videocamera, since podcast quality expectations are so much lower than broadcast TV quality expectation) and making content and just giving it away. They're learning the hard lessons about how to do things cheaply (such as having guests phone in via Skype instead of flying them into a big expensive studio), how to work with advertisers, and how to manage bandwidth (BitTorrent instead of plain old bulk HTTP) and endpoints (PCs, PSPs, iPods, TiVOs, etc.) to minimize costs and maximize the size of their audience. I'm convinced that this stuff is going to compete seriously with TV in the near future, simply because of the "long tail" benefit (infinite channels) and the fact that people will just deal with commercials if they're short enough. Let's face it: the History Channel and the Discovery Channel mostly suck, as do most cable channels, simply because you have to either fill up a 24/7 programming schedule, or have no channel at all. What about one show a month? Or sixty? Either way that's much cheaper to make and less demanding of filler than a dedicated channel, and probably much more targeted to a special interest audience as a result. What's interesting is that a lot of the current content is being made as a labor of love, for the hell of it, with maybe a little bit of advertising (hey, worked for broadcast TV, which is utterly untraceable and untargeted). Apple is entering the market right on time because in another year or so it'll be impossible to try and force any kind of uber-DRM system into a market that's already spoiled by free content in the viewer's own favorite format. As soon as BitTorrent distribution becomes mainstream, HD content will be realistic and we'll see some really interesting stuff.


November 20, 2005

We saw Harry Potter and the Goblet of Fire this morning. It's very good. I'm not sure that it was worth the estimated $308,000,000 it cost to make, but it is good. A lot of details had to be cut between the rather thick book and the two and a half hour movie, so I wonder how easy the movie would be to follow for those who hadn't read the book prior to watching the movie.

I'm listening to a podcast right now. When I heard about podcasting initially, there were basically no interesting podcasts and I wasn't interested in jumping through the technical hoops required to get the content out of a web browser and into my iPod. With the podcast support that's now in iTunes, that's all gone. I think Apple still has some work to do on the usability, though; there are some annoyances in practical use. For instance:

  • I want to listen to podcasts in chronological order. They're listed in reverse chronological order because they're published in blog form. That doesn't make sense in podcasts, because references to past podcasts don't come with links into the past audio segment so you can find out what the speaker is talking about.
  • I want to listen to podcasts continuously until they run out. If I remember correctly, when one ends the iPod just goes back to the list of episodes of that podcast and stops playing.
  • There's no indication on the iPod as to which podcasts you've heard some of, all of, or none of so far.
  • When I've heard it I want it to go away. Right now you have to remember which podcasts you've listened to and select "Clear" to delete them. Also, "Clear" is the wrong word. It's "Delete" or "Remove". You don't "Clear" a file.
  • The bandwidth assault when you start downloading podcasts is silly. Podcasts are all about patient downloading of stuff to listen to at a later time. There's no need to hog my broadband connection. There should be some kind of automatic throttling built into iTunes that uses, say, half the bandwidth that Quicktime has already determined that I have. Whatever the technical details, it shouldn't nuke my DSL connection every time there's a new podcast to download.

Still, podcasting in general is good enough for normal people now, and there are some shows worth listening to. They're mostly pretty nerdy fare but there are some mainstream news sources as well. Right now I'm subscribed to dl.tv, Security Now!, and This Week In Tech. I tried The NewsHour with Jim Lehrer too, but politics just annoy the hell out of me lately (and I already hear about most of these stories through other sources) so I'm not really listening to it at all. It's just taking up space and I'm meaning to get around to listening to thrilling podcasts such as "Medicare Launches Prescription Plans" any day now.

The spam was starting to pile up, and inspired by the This Week in Tech podcast featuring John Dvorak's I GET NO SPAM!! claim, I decided to make sure I was up to date with my anti-spam app, which is called SpamAssassin. Nope, I wasn't. Now I am. I went on a thrilling wild goose chase for software updates in RPM form for my mail server which is running a very painfully patched version of Red Hat Linux 7.3. The pain comes from the fact that nobody releases RPM packages for Red Hat 7.3 anymore. So, when there's a security vulnerability, I have to download the source code and build it myself which defeats the purpose of having a nice package manager on my server in the first place. Ugh. Fortunately this time ATRPMs rescued me and I was able to install the optional SpamAssassin helper, Pyzor, which itself depends on about two dozen things that ATRPMs also provides. So now when a spam shows up it is compared to a central global database of messages that might be spam, and if it's been seen a million times or more, my server kills it. (There's some foo in Pyzor that helps with ever so slightly tweaked messages trying to avoid this kind of technique and so far it seems to work.) Now I'm back down to about 2-4 spam messages per day, most of which end up in my Spam folder (since they're marked as probable spam), and about one false positive every other day.

I'm so sick of Sourceforge's stupid mirror server selection page. It's the absolute worst feature of Sourceforge, except for all the other ones. They need to steal some ideas from CPAN's multiplexer or get a real IP based geographic lookup database and end this silliness now. When I click the download link, the file should start streaming from the closest, least busy server. It's really not that complicated.

Funny: Are You Dumb? New use for WD-40 lube spray: the war on drugs. Serenity makes a cameo in the new Battlestar Galactica.


November 16, 2005

Yesterday, after class, I was running full speed to catch the streetcar to go home. After crossing the crosswalk to the streetcar island in the middle of the road, I turned left and twisted my ankle badly. Hobble hobble, time to go sit down. "Aw man," I thought, "I guess I'll need to ice this and go easy on it." So, I took the streetcar to my stop, limped carefully for a few blocks to get home, and elevated and iced my ankle immediately. After about 45 minutes of on/off icing the swelling was severe and so I decided to call a podiatrist and get checked out. I'm glad I did because as it turns out, I actually broke my ankle a bit. It's a small skittle-sized chip off the back of an ankle bone (not directly in the path of weight bearing bones, but an important bone anyway), and he said I have some serious ligament tearing as well. 4-6 weeks on crutches with a cast, except the doctor said that if I was really good and made sure not to walk on it, I could use this air walker thing instead of a plaster cast. So that's what I've got.

In case there was any doubt in your mind, crutches totally suck. Whoever invented them should be beaten about the head with a blunt object, such as, hmm let's see, how about a crutch? I've been on them for one day and my armpits, upper ribs, and the palms of my hands all ache, a lot. I've learned to do that stupid shrug when swinging them forward (or the outward swing) to keep from dragging the crutches on the ground when swinging them forward, which would of course result in a really hilarious face-plant since I'd lose my balance and fall forward. But it's still just plain hard, not only on the armpits but also on the abdominal muscles since crutching is totally different from walking. Swinging your working leg forward consists of pushing off with that foot, which gets you about halfway, but the rest is all abs. Every step is a leg lift, basically.

I've found some alternative crutch options and I'll blog about them if I actually get one. For now I'm just taking cabs door to door and taking little breaks every 50 or 60 feet because I totally don't want to make this take any longer to heal than necessary, and I definitely want it to heal 100%. I grew up with someone who didn't take care of his own dislocated shoulder in high school and it never healed properly and was a serious problem from then on. That won't be me. I wanna ski, dammit! Maybe this season I don't get to ski, or maybe I have to wait until February, but definitely I want to ski again. Oh yeah, and walking, and biking, and maybe some rock climbing and hiking and aikido would be good too. So, despite my natural impatience and stubbornness, I'm taking care of it.


November 11, 2005

I got Shadow of the Colossus (PS2) a couple of weeks ago (when we were still sick and lying around groaning in achy despair) and took out a few colossi. It's an odd game, very un-twitchy and un-greedy, since there are no powerups or weapons or items to pick up, no mazes to explore, and no hordes of enemies swarming toward you that need hailstorms of lead and spent uranium or pulse lasers or deft swordplay to overcome. There're just these colossi that need their asses kicked by you with the same bow and sword you start out with. The trick is to get to them, not get clobbered by them, and to climb up on them and stab them in the right places quite a few times. It's hard, but fun. The gamer cartoon folks have picked up on it now: Ctrl+Alt+Del, Penny Arcade.

Ricola has a clever ad campaign: the cougher. Someone, somewhere, male or female, is in a public place coughing. If you offer them some Ricola cough drops then you could win a big pile of money. So you have to offer everybody everywhere Ricola and carry it with you at all times in order to play.

Following yesterday's theme of hoaxes, there's laser acupuncture now that supposedly cures smoking. Example. Lasers are just the latest twist added by quacks to prop up the acupuncture sham. This amazing research (PDF) that demonstrates that smoking cravings can be sorta kinda stopped by laser zaps to your skin involved 36 people and lasted 2 weeks. C'mon. A vacation or a new relationship can make you stop smoking for two weeks. My favorite part: "Follow up at 3 months was not carried out so it is not clear if this was sustained. Due to the lack of counselling and the continuance of the participants to smoke some cigarettes it is likely the groups would have equalized." In other words, we didn't bother checking up after 3 months and we assume they're all smoking again. Wow, how much does that amazing laser therapy cost? This study (PDF) didn't have a placebo group and involved people already hospitalized for cardiovascular, respirator, or diabetic disorders, and were 40-80 years old. Just over half of them quit. Now, that sample group almost certainly also had stern doctor advice telling them to quit smoking or else they'd die very soon. I wonder how effective that therapy is in getting people to quit smoking? Probably just over half. But there's no way to know that from the study because they didn't bother with a control group. So, that study is worthless. It just goes on and on: small groups, no control group, no placebo, short trials, etc. etc. They prove nothing, and even a high school science student knows how to run more useful experiments than these. These studies are almost as bad as "I knew this guy once who did [whatever] and he said it worked for him, therefore it's medically valid."


November 10, 2005

An actual scientific study has proven that a particular ginseng extract helps to prevent colds. As in, a randomized, double-blind, placebo-controlled study. Holy crap, an herbal remedy that actually does something? Time to throw out the recently-debunked echinacea and the utterly bogus Oscillococcinum (if you actually had any, that is; I didn't) and stock up on Cold-fX, I guess.

Oh yay! We're on the fast track to replacing the Soviet Union as the scary police state superpower. When I was a kid I remember being told that they were an evil and horrible society, partly because citizens were encouraged to rat each other out to the KGB and that if the government didn't like you they'd disappear you to Siberia where you would never be heard from again. Apparently the Bush administration admires these tactics, because we're disappearing people to former Soviet prisons now, among other places, such as Gitmo. (Colonel Janis Karpinski says that the folks running Guantanamo Bay told her they have no intention of ever trying or releasing anyone held there. They were simply picked up and immediately sentenced to life in prison by the military without chance of due process of law.) See if you can follow the logic: guilty until proven innocent, except there will never be a trial, nor a laywer, judge, nor even an admission that we are holding that person. Instead of covering Justice's exposed breast Ashcroft-style, I think we should have her hang her head and cover her face with her hand in shame.

Before the Bushies decided that we ought to be more like the Soviets (except Christian and capitalist), the CIA deliberately supplied flawed code to the Soviets in order to sabotage their natural gas pipeline and cripple their economy. (It's an old story but interesting anyway.) "The result was the most monumental non-nuclear explosion and fire ever seen from space." Clever! For a moment I was reminded of the Tunguska event but that was 74 years earlier.

Not at all surprising: Former Powell aide links Cheney's office to abuse directives.

Surprising: Evolution Slate Outpolls Rivals: "All eight members up for re-election to the Pennsylvania school board that had been sued for introducing the teaching of intelligent design as an alternative to evolution in biology class were swept out of office yesterday by a slate of challengers who campaigned against the intelligent design policy."

But, of course Kansas is once again confusing science with politics and creationist lobbying. Here's a fun question: if life on Earth was too complex to evolve without guidance from a designer, who designed our designer? Who designed our designer's designer? Clearly the designer of our designer must be even smarter than our designer. How many steps does it take before the existence of life on Earth is proven to be impossible because it would have taken an infinitely intelligent designer an infinite amount of time to create us?

Funny: TiPaint, Who Would Buy That?, Body hanging from tree mistaken for Halloween decoration, Gals with tape measures, binoculars spy on guys taking care of business.