dsandler.org/wp

Archive for March, 2006

Trac spam.

Saturday, March 18th, 2006

Someone out there has developed a crawler that attacks Trac wiki pages. Once it’s found a Trac installation, it posts an update to the WikiStart and TracIni pages. The new version appends a number of links, hidden from view using Trac’s syntax to allow arbitrary HTML:

{{{
#!html
<u style="display:none">
...nasty links...
</u>
}}}

I’ve been hit over at the FeedTree trac a few times; it’s infrequent enough that periodic checking of the timeline view is sufficient to spot and clean out the crud.

(I guess you know your software has “made it” when someone else writes a piece of software specifically to attack it.)

Posted in Notebook | No Comments »

FeedTree misconceptions.

Tuesday, March 14th, 2006

Elsewhere on the Interthing there’s some concern that because FeedTree moves feeds away from a polling architecture to one of on-demand notification, it takes away control from the user:

Mm, one last things. Several people have noted how happy they are that FeedTree can turn RSS from a push to a pull mechansim. I don’t like that concept. I like RSS for its meta-data, and for the control I’m afforded because I have complete control over it. “Push” the content and you take that away from me. Want push? Just get email updates. Setup your filters to organzie and categorize your emails. Ta da, instant, existing, pretty dang easy push system. :/

I assume that the “control” the author’s worried about losing is control over unsubscription, and if so, this is a very legitimate concern—even for email.

The fundamental problem with push-by-email is that your email address acts like a capability: by giving out your address, you offer someone the irrevocable ability to spam you. You must trust that the other side will never share your address, and will honor any unsubscription request. (As an aside, this is one of many reasons that email is becoming less popular as an interpersonal communication medium; the signal-noise ratio is so low—thanks to spam, mailing lists, and email update services—that many are abandoning it in favor of IM and SMS. Unfortunately, these services suffer most of the same capability-related access control weaknesses, and so it’s only a matter of time before these channels also become polluted.) Throwaway email addresses are one simple way to address the irrevocable-capability problem with email, but they’re hardly user-friendly and are not available to all users.

Feeds, on the other hand, solve this problem by retaining control over subscription locally, rather than deferring that control to outside parties. You can always unsubscribe to a feed: just stop polling it. It’s crucial to observe that FeedTree works exactly the same way. You can always unsubscribe to any feed whose updates are pushed via FeedTree; your local client will cease to receive updates via the Scribe multicast system. (Even if a malicious entity attempts to assault you with updates after you’ve unsubscribed, or updates for a topic which you’ve never been interested in, the Scribe framework will ignore these uninteresting messages.) In short, FeedTree’s “push” service model does nothing to reduce your control over which feeds you see.

The author has other harsh words for the FeedTree research project—most of which are, in my opinion, undeserved. His chief complaint is that all Web feed bandwidth issues are 100% solved by conditional HTTP GET (ETag/If-None-Match and If-Modified-Since). Conditional GET is hugely important for polling clients, but it’s hardly sufficient: if a feed changes frequently (many popular ones do), or has any dynamic content (read: advertisements, becoming increasingly common), this protocol breaks down and the entire feed is always transferred.

There are other aspects of the article which I disagree with, but these are the key areas in which I feel the author misunderstands both the architectural problems inherent in RSS and the way FeedTree intends to address them. As with all academic research projects in the field computer systems, FeedTree is a part of a larger discussion about how technology can be made more efficient, more powerful, and more usable. I welcome the debate.

Posted in Notebook | 2 Comments »

My kind of town

Saturday, March 11th, 2006

…for the weekend, at least. E and I will be in Chicago for a couple of days, seeing friends and trying to snag a last little bit of winter.

Posted in Notebook | No Comments »

S5 fullscreen on OS X?

Wednesday, March 8th, 2006

Dear MacLazyWeb: anyone successfully used the S5 presentation system on a Mac, such that all toolbars and menu bars are entirely hidden? (I’ve tried most of the obvious things—none of the Firefox extensions seems to clear the menu bar, and webXkiosk is pretty clumsy (e.g. the URL it browses is hardcoded in the .plist, and there’s no drag-and-drop support, and once you remove the toolbar, there’s no way to alter the URL anymore, etc. Update: And now it crashes on launch, so, it’s right out). And Saft is not free.

Posted in Notebook | 2 Comments »

Commentary.

Wednesday, March 8th, 2006

The purpose of Trackback and Pingback is simple: Find out when people are talking about you without a lot of heavy lifting (e.g. manually posting a comment or dropping an email) on either side. And yet here’s John Gruber, discovering the comments of venerable Web designer and personality Derek Powazek, by skimming Derek’s del.icio.us bookmarks. (Actually, JG was probably skimming all del.icio.us bookmarks for his own story.) This is a pretty fragile thread to try to follow. How many places do I need to look to see if someone’s commenting on something I wrote? Will Technorati be enough? Do I have to go back to obsessing over my referrer logs?

Posted in Notebook | No Comments »

A sip of Chardonnay.

Wednesday, March 8th, 2006

Lots to look at in these Leopard/Chardonnay (OS X 10.5) Finder patent snapshots. Looks like Spotlight is finally moving into the, uh, well, never mind. Detail pages: Spotlight, Smart Folders redux, and indexing of detected text in analog data (images, audio). Steals a page (my very favorite page) from MS OneNote.

A nit:

It’s odd they would use photoshop to design the interface- why not something like interface builder?

Well, if you’re trying to design interface that doesn’t yet exist in the OS, by definition Interface Builder wouldn’t know about it.

Posted in Notebook | 1 Comment »

On moderation.

Tuesday, March 7th, 2006

This reddit.com thread has enlightened me to the simple effectiveness of the Slashdot comment moderation system. For all its troubles, it’s still the best out there, and here’s why: Moderations are all positive, except for inappropriate or abuse flags, like troll/spam/offtopic/redundant. This tends to discourage downmodding comments which are on-topic but with which you disagree. Contrast Digg and Reddit: people seem to use the -1 button (down-arrow in Reddit, thumbs-down in Digg) to bury comments they disagree with.

The way I see it, if you can cause others’ arguments to disappear from conversations just by the vehemence of your disapproval, you ruin any chance at meaningful discourse. Because Digg and Reddit allow you to mod down for any reason, users feel freer to mod down for the wrong reasons.

(I’m still not entirely sure where I fall on the whole “everyone gets mod powers” vs. “only the karmic get mod points, and then only sparingly” debate. Thoughts?)

Posted in Notebook | 1 Comment »