Subscribe: 90% Crud
Added By: Feedage Forager Feedage Grade B rated
Language: English
blog  bug  calculation  code  detroit  don  game  header  inkling  jabber  make  microsoft  new  openid  people  price  sony  time 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: 90% Crud

90% Crud

Sure, 90% of weblogs are crud. That's because 90% of everything is crud.

Published: 2008-03-31T13:30:31-05:00


Why is Apache sending a "X-Pad" header?


Apache sometimes sends an HTTP header "X-Pad: avoid browser bug" for reasons that aren't entirely clear. There isn't a lot of searchable information about this header, so my coworker Matt dug into the source code and found out what's going on.

The header was added to deal with a bug Netscape versions 2 through 4.0b2. The bug was that Netscape would hang if a linefeed character was sent as the 256 or 257 byte. Apache checks to see if it's about to hit the bug and, if so, sends this header to pad the output.

The fix is from April of 1997. If they had waited a few months to report it, they might have earned $1,000 with Netscape's Bug Bounty.

Hopefully this blog post will make the X-Pad header show up in Google and save future people from wondering what it is.

The code change that provided the fix can be viewed on Apache's site. I've reproduced the comments from the code below for anyone curious.

Navigator versions 2.x, 3.x and 4.0 betas up to and including 4.0b2 have a header parsing bug. If the terminating \r\n occur starting at the 256th or 257th byte of output then it will not properly parse the headers. Curiously it doesn't exhibit this problem at 512, 513. We are guessing that this is because their initial read of a new request uses a 256 byte buffer, and subsequent reads use a larger buffer. So the problem might exist at different offsets as well.

This should also work on keepalive connections assuming they use the same small buffer for the first read of each new request.

At any rate, we check the bytes written so far and, if we are about to tickle the bug, we instead insert a bogus padding header. Since the bug manifests as a broken image in Navigator, users blame the
server. :( It is more expensive to check the User-Agent than it is to just add the bytes, so we haven't used the BrowserMatch feature here.


Real RSS Spam


(image) The spammers keep getting cleverer and cleverer. A blog that will remain nameless let its domain name expire. A black-hat SEO spammer bought up the domain, which is pretty common. What surprised me was what happened next.

The spammer must have realized that there was a blog previously at that URL. So they installed a special version of WordPress for SEO spammers (I won't link it here, get in touch if you're really curious) and even published a feed at the exact same URL as the previous RSS feed. When I opened up Google Reader, the long-dormant RSS feed sprang to life with 10 new posts.

I was excited that the blog was back until I read the first one. Once I realized what was going on, I was impressed by the spammer's ingenuity and pissed off that they've found yet another way to intrude on me. I'm so sick of spammers, I wish I could someone could tell me how to get a green card to somewhere they didn't exist.

DRYer than thou


At work we have a project (launching Monday, w00t!) that has a lot of cool things happening on the browser side. You know kids these days, what with their jQueries and Web 2.0s, they need whiz bang special effects in their websites. In my day, we only had one type of input field in our forms, and we liked it! Don't know how lucky they are… but I digress. One problem we ran into was that we needed to do the same calculation on the server side and the client side. Let's say for the sake of example that we need to calculate Michigan's 6% sales tax or California's 7.25% sales tax. The real calculation was only slightly more complex. One thing to note is that the calculation would need to be very responsive because it would be running a lot and affecting user input, so speed is a concern. I came up with two options. The first is to write the same calculation in PHP for the server side and JavaScript for the client side. I didn't love this because it isn't DRY. If we had two calculations in two different files then when someone was updating the code they would likely miss the other one. The other option I came up with was to put the calculation on the server side only and use AJAX to run it on the client side. This seemed overly complex, which will sound funny when you see what we decided on. We had avoided AJAX on the site because it wasn't really needed; adding it for this seemed like a bad value/complexity trade off. I was also worried that server lag could cause a bad user experience, as I pointed out above the calculation needed to be fast. So I was talking it over with my coworker Matt and he made a joke and we both laughed it off. Then we thought about it, and realized there there were fewer downsides to his approach than my two, so I started coding.Matt's solution was a Polyglot, code that runs in multiple programming languages. It sounded plausible because the calculation is so simple and both JavaScript and PHP use similar syntax for things like conditionals and arithmetic. Here's an approximation of what I came up with (I'm not sharing the original code, just coding the same solution from scratch):

"Up and running"


Xbox Live has a funny definition of "Up and running." As of 7:00pm on Dec 29, 2007 their status message read:

Status: Up and running

Users may experience issues performing transactions dependent on Windows Live ID availability including but not limited to Xbox 360 and Zune account creation, renewal, recovery, all DMP transactions, and logging into or creating Windows Live ID accounts. Users will experience intermittent issues including but not limited to: Tournaments, Storage Downloads, Gamer Tile, Statistics through Arbitration, Match Making, and Messaging. Additionally, Halo 3 and Call of Duty 4 users may experience issues joining matches or posting statistics. Customer Support may also experience issues referencing customer data. We are aware of the issue and are currently working to resolve it. We apologize for any inconvenience.

My Xbox 360's dashboard isn't coming up and I can't get into Halo 3 matchmaking, so the only entertainment I'm left with is pedantically reviewing Microsoft error messages.


Hopefully this will end Ron Paul Diggspam


Ron Paul doesn't believe in evolution:

(object) (embed)

I think its a theory, theory of evolution, and I don't accept it.

How will Diggers and Redditers reconcile their love of Ron Paul with their hate for creationists? (via)


Best Xmas Present


Sometimes when you go a long time without blogging you don't want to post because you feel like you need to say something important on your return.

Luckily I have something not only worthy of breaking blog silence, but worth overly large text and even the blink tag:

She said yes! We're getting married! I love you Jenny!

Apple's DRM Announcement


Eliminate DRM!
Originally uploaded by nim.

Apple announced that they'll be offering DRM-free music in the iTunes Music Store! I don't have much to add to the announcement, I'm just ecstatic that Apple is following up on Steve Job's open letter. Beyond just offering DRM-free music, Apple even addressed Cory Doctorow's lock-in argument by offering upgrades to existing downloads.

There were people who thought that the letter was a cynical attempt to avoid EU regulation by playing DRM off as a chain imposed by the record companies. I admit that I was leaning that way, it's not the first time I was wrong about Apple and probably not the last. Like other doubters, I'm glad I was wrong.

I don't really have much to add to the conversation, I'm just excited to download more music from iTunes in May (and this time I plan to keep it).


Detroit Roundup


Houses cheaper than cars in Detroit
"At least 16 Detroit houses up for sale on Sunday sold for $30,000 or less.

A boarded-up bungalow on the city's west side brought $1,300. A four-bedroom house near the original Motown recording studio sold for $7,000."

Even better is the MetaFilter discussion about that link (and others): Will The Last Person To Leave Detroit Please Turn Out The Lights?
Congressman: Parts Of Iraq Are As Safe As Detroit
What's great about this is that the analogy is arguing that 80% of Iraq and Detroit are "reasonably under control" which means the guy is using Detroit as a point somewhere on the line between IEDs and Broadway musicals. I think he meant it as a sign of progress in Iraq but the Detroiters aren't too happy with where they are on that line.
Man Accused Of Drunken Driving On Golf Cart
The golf cart had a winch and plow secured to the front, bicycle lights used as headlights and brake lights, and plastic curtains that hung on the sides and the front as a windscreen, Local 4 reported.

A butane heater and CD player were turned on inside the golf cart.

According to the police report, Vanbuskirk replied to a question about who can legally drive a golf cart on the road, saying, "Gov. Granholm."
Top 10 Best / Worst Cities For Software Developer Pay
When you adjust for cost of living expenses, software developers in Detroit (I assume the metro area) make better money than those in Silicon Valley or New York:
Metro Salary Cost of Living Adjusted Salary
New York $89,370 177 $50,492
San Jose $99,250 192 $51,693
San Francisco $92,570 206 $44,937
Detroit $75,250 95 $79,211


inkling Markets 1 Week Later


The inkling markets I started last week have been making progress. While I can't speak authoritatively about why the participants are investing the way they are, I can always make some wild-assed-guesses. In the OpenID market, the biggest gainers are Wikipedia and Yahoo!. Wikipedia announced that they're working on OpenID, which sounds like it's a lock. But you'll notice that talk was given at the end of April 2006, and since they haven't done it yet, it's possible that they won't make the August 26th deadline of the market. Another big winner is Yahoo!. They have been pretty aggressive about opening things up lately, they are offering lots of APIs to web developers and I think the feeling is that OpenID is right up their alley. Note that doesn't count as a "win" for Yahoo! since the market is looking at these web sites consuming OpenID. One stock that surprised me was that has the lowest stock price of the bunch. I realize that Microsoft has cultivated the exact opposite appearance as Yahoo! in that people believe that Microsoft refuses to interoperate with anyone else, which is probably driving the stock price down. It's still surprising to me because Microsoft has announced that they will be supporting OpenID. I wonder if the stock price is so low because of the perception of Microsoft as closed or if people believe that Microsoft will be pushing OpenID as an enterprisey technology but not something for consumers. The Jabber market has some things that surprised me as well. While Yahoo! is doing well and MSN is not–which I attribute to the same things as their performance in OpenID–Skype is currently the highest price stock. That's surprising to me because Skype has not been very open. Of the 5 IM networks in the market, only Skype doesn't work with Adium. In August 2005 Skype announced SkypeNet API which sounds like it might allow Jabber interoperability, but apparently it's been abandoned. I wonder if the SkypeNet API is driving up the stock price or if it's just wishful thinking. My final observation is that AIM and ICQ (both of which are owned by AOL and interoperable) haven't moved very much at all. This is notable because AOL and Google Talk (which runs on Jabber) announced interoperability in December 2005 but nothing has come from it yet. Since Google Talk runs on Jabber the path of least resistance for interoperability would be for AOL to support it as well, even if they only federate with Google at the start. Tags: inkling openid jabber wikipedia yahoo! microsoft msn skype aol [...]

SXSW Interactive 2007


I'm registered, have my plane tickets, and my conference schedule picked out. I'm going to SXSW Interactive!

I've wanted to go for years, but it was only recently that the planets aligned and it became feasible for me to make it to Austin. The first order of business is to let everyone know so that I can finally meet a bunch of the people I only know online.

I've also never been to a conference of this sort (I went to some Def Cons in the late 90's, but I imagine this is a bit different) so I'm looking for advice. I have a couple friends who have offered me a floor to sleep on, so the fact that there are 0 hotel rooms available isn't that disconcerting (although additional offers would be gladly welcomed so I don't overstay my welcome). What panels should I make sure to attend? What should a first timer know?


inkling predictions for OpenId and Jabber


I got the inkling bug. inkling is a site for prediction markets; basically you buy and sell stocks with funny money based on what you think will happen. Wisdom of the crowds, power of many, all that jazz. First Ed Vielmetti got bit, then Brian Kerr started trading, and now I'm doing it.

The two questions I'm trying to answer both relate to technology adoption. I want to know if Jabber and OpenID will make it big in the next six months. So I created these two markets:

I like this over O'reilly's Buzz Game since, as Ed pointed out, with inkling anyone can ask a question. Of course, the more people who participate in inkling the more accurate the predictions, so go sign up and put your money where your mouth is.


Sony making the same mistakes again


There a 3 big problems with the Playstation 3 (ignoring smaller problems like the UI). The first is availability, with all sorts of stories of people getting shot with BBs or trying not to give birth or abusing the trust placed in them just to get a PS3. That can be fixed with time. The second is game selection, because Resistance: Fall of Man looks great, it doesn't look great enough to justify the hassle of getting a PS3. That too can be fixed with time. The third big problem with the PS3 is the price tag. Can that be fixed with time? Some company named iSuppli thinks that the $600 60 GB PS3 costs Sony $840.35. It seems unlikely that Sony can lower the price any more, since they've already decided how much of a hit they can take on each PS3. The PS3 clocks in at $200 more than the high trim Xbox 360. Incidentally, analyst Michael Goodman estimates that "Blu-ray is adding $150 to $200 to the product." Ah, so there's the price problem, Sony threw in an expensive Blu-Ray disc drive. It's an attempt to make their horse, Blu-Ray, the next VHS and Microsoft's horse, HD-DVD, the next Betamax (incidentally a Sony product). But because they're so focused on the format battle, they might lose the whole war. It wouldn't be the first time that Sony's corporate goals screwed its consumer electronics division. Up until the past 5 years, the first thing you thought of for portable audio was the Sony Walkman. What happened? Was Apple just that adept at making killer consumer electronics? Well, yeah, that's part of it (see Zune). But Sony also refused to give consumers what they want - a hard drive MP3 player - because Sony Entertainment is dictating what Sony Electronics is allowed to produce. We're seeing the downfall of the Walkman again, with the entertainment division dictating that Blu-Ray must be rammed down consumer's throats and the Playstation team being hobbled by their business requirements. The saddest part of it all is that the format war between Blu-Ray and HD-DVD is like a format war between horse carriage hitches in the 1930's. The next big format isn't either of those, it's downloading! Hopefully either Sony will realize that and release a reasonably priced PS3.5 or exclusive titles like Resistance will get ported to a viable platform. Tags: bluray sony walkman [...]

"But Government Isn't a Game"


Press Gaggle by Tony Fratto:

Q It's been reported that in some of these meetings the President doesn't want people to talk about the prospect of planning in the event that the Democrats take over Congress. Is that correct?

MR. FRATTO: I think the President has been very clear that he's preparing for a Congress that has Republican leadership, and that's the way we'll continue to proceed. It's the only way to proceed.

Q You said that it's the only way to proceed, to prepare for a Republican-controlled Congress. With such a close election, and with both parties recognizing how close it's going to be, why not at least consider both alternatives?

MR. FRATTO: We're still in the game, and -- if you're in the game, you're in it to win.

Q But you don't know the outcome of the game any more than I do, and --

MR. FRATTO: We feel confident about the outcome, and that's the way we're going to proceed.

Q Continuing the analogy, but government isn't a game, and you are governing, and so your responsibility is to prepare for how to govern regardless of how it turns out. So it may be a game in the political sense, but it's really not a game to Americans who want their government to be ready to do what needs to be done.

MR. FRATTO: He'll be ready.

Q That means you're preparing for the other outcome?

MR. FRATTO: We are ready. We are ready for -- we're ready for a -- we're ready to work with a Republican Congress. Nice try, Jennifer.

Q That would suggest not ready for a Democratic Congress.

MR. FRATTO: Questions? Anything else? Thank you.

I don't have anything to add, that pretty much speaks for itself.


Firefox 2's great new feature with a horrible UI


Firefox 2 (which is officially released today) has a great new bookmarking feature: Microsummaries.

These are short bits of information in bookmarks' titles that update from time to time. Imagine bookmarking an eBay auction and seeing the current price in your bookmarks bar, or bookmarking your webmail and seeing your unread messages count, or bookmarking this blog and seeing the latest blog post title. Well with the last one, you can. Here's how:

First, install Firefox 2.0 if you haven't already. Bask in the integrated spellchecker, marvel at the extension upgrade process, yadda yadda yadda. Got it? OK.

Go to my blog and bookmark it by either going to the "Bookmarks" menu then "Bookmark This Page..." or using the Cmd-D keyboard shortcut (Ctrl-D on Windows/Linux).

Wait a couple seconds for the "Name:" field to become a dropdown. Finally, choose the one under "Live Titles" and your bookmark will update periodically whenever I make a new post.


That's it! Thanks to Brian for cluing me in to this, he's got it working on WordPress with WP-Microsummary. I rolled my own solution for Movable Type, but I'll leave that for another day.

Hopefully the Firefox team improves the usability of this feature, it's kind of sad that there's no way to spot microsummary-enabled sites out of the box. I suspect that extensions and Greasemonkey scripts will fill in some of the gap.

Also, I'm just scratching the surface of microsummaries. It's even possible to add microsummaries for sites that don't support them (including the eBay example from above), but now that you know about them you can go find out more on your own.

[Update: OK, the UI isn't as awful as I thought, I originally thought the only way to get the Microsummary was to bookmark and then to right-click on it and choose properties. I've updated the post to reflect the fact that Microsummaries are also available with the "Bookmark this page..." dialog.]


CitizenSpeak featured in new book


(image) It turns out that CitizenSpeak is really making the rounds right now. The latest news is that it's included in a new book: Momentum: Igniting Social Change in the Connected Age by Allison Fine.

The book includes a description of how a Philadelphia organization used CitizenSpeak and other online organizing tools to rally their community around their cause. You can read more on CitizenSpeak's blog or by using Amazon's Online Reader.