comments edit

My weekends just seem to get better and better every week. Since going independent and then starting a company with a friend, my work weeks have been much more enjoyable. Fortunately, my weekends have kept up as well.

This past Saturday we went to the Decompression LA party. Decompression is a big party held by various Burning Man regional groups. I hear the best (and biggest) one is the one held in San Francisco.

dsc00715

The idea behind it is that it serves as decompression from returning to our normal pressure filled lives after the bliss that is Burning Man. It’s a way to bring a bit of that Burning Man spirit to the city. For those that have been curious about Burning Man, Decompression is a once a year party that is very much like a mini-Burning Man, but without all the annoying Playa dust and everyone is clean.

It’s billed as a 12 hour street fair (noon to midnight) with performers, art, art cars, and of course, everyone in their Playa wear. Oh, and I shouldn’t forget to mention the three city blocks of thumping music.

Unfortunately, my camera ran out of batteries, so I didn’t take many pics. But here’s one of something I really wanted to see someone operate. At the party we met up with Bruce and Kelly, two people we met at the Playa. We also met up with Dane, Mark, and Erika, the crew I went with.

The rest of my weekend consisted of the usual, Soccer games, working on Subtext, working on an article, relaxing.

comments edit

It’s happened to all of us. You are happily coding along (in Visual Studio .NET 1.x), minding your own business when you decide to switch from the code view to the designer and back to the code view. That’s when you experience…The Woe.

Now to prevent the woe, this post has some great tips.

However, I discovered something quite by accident, and I’m not sure if it works in all cases. But I was working on an ASPX page and switched to design mode and then switched back and noticed that the HTML was completely messed up. Various tags had been upper-cased (for god knows what reason) and my indenting was kicked in the nuts.

So I hit CTRL+Z twice.

It appears that VS.NET took two steps to fubar my code, but both steps were still in the command stack. So undoing twice restored my ASPX markup to its beautiful pristine state.

comments edit

UPDATE: If you are using Windows Server 2008, the switch is /admin not /console. See this post for details.

We use Remote Desktop (Terminal Services) to remotely manage a Windows 2003 server that is not part of our domain. Recently we ran into the two user limit for remote desktop connections, which barred anyone from connecting.

Jon discovered a neat little trick that got us in. He ran the following command from the command line:

mstsc -console

It turns out that mstsc.exe is the remote desktop connection application. The -console flag specifies that we want to connect to the console session of a server. Since we generally launch Remote Desktop from the icon, we almost always leave this console session free. Nice!

When I got back in the server, I used the Terminal Services Managertool to reset the disconnected and idle sessions. I then used Terminal Services Configuration tool to set a timeout for disconnected sessions. Finally, I remembered to logout rather than simply close the remote desktop window. Simply closing remote desktop doesn’t reset the session.

comments edit

There’s an interesting discussion in the comments on the Coding Horror blog in which Jeff suggests that

Your password alone should be enough information for the computer to know who you are.

And I definitely agree assuming a couple constraints

  • You’re on a home computer or a system with a small number of users.
  • You enforce pass-phrases rather than passwords.

A while ago I referenced an article on the insecurity of passwords as compared to pass-phrases. The article discusses how dictionary attacks and their ilk (brute-force, pre-computation, etc…) are becoming more and more successful at breaking into systems because people generally choose poor passwords.

However, in a sufficiently large system, a pass-phrase alone is no substitute for a username, pass-phrase combination during authentication. The reason is not that a 30+ character pass-phrase is theoretically statistically insecure. One commenter in Jeff’s post mentioned:

I honestly don’t care how improbable it would be, I want it to be impossible.

Sorry, no system is unhackable.\ Impossible? The only system impossible to hack is one that does not allow logins. Perhaps a lump of rock would be more to your taste? Even with a username and password combination, it is not impossible to guess a usernamen and password combination by pure accident . I might by pure chance in haste mistype my credentials in such a way that I inadvertently type in the username and password of another user. That’s possible.

That’s probably within the same range of probability (and I’m hand waving here) as guessing a 30+ character cryptographically generated pass-phrase.

But there’s just one problem. Humans are not cryptographically strong generators.

True Story\ When I was giving a presentation in college about random number sequences, I asked my classmates to “generate” two random sequences of ones and zeroes, each fifty numbers long. I stepped out of the room and they generated the first sequence by just writing ones and zeroes on the board as they saw fit, attempting to generate a random sequence. For the second sequence, they flipped a coin fifty times and wrote those numbers on the board.

They then summoned me into the classroom. I took a look at the two sequences and quickly discerned which was generated by coin toss and which was generated by consensus.

It turns out that we have a tendency, in an attempt to be random, to assume that there will not be very long strings of the same number. So in the sequence generated by hand, the longest sequence of the same character was only three or four long. But in the random sequence of 50 coin tosses, I expected at least one sequence of the same number to be around 5 or 6 characters long.

Psychology of secrets\ So back to the point. The problem in a system with a large number of users is that psychology comes into play. You just know one or two people are going to choose the phrase “Who let the dogs out?” If you didn’t require a username and pass-phrase combo when authenticating, a person could inadverdently access another user’s account. Instead of attempting to guess one user’s account at a time, a hacker could be guessing at ALL user’s accounts at the same time.

Now there are some potential ideas that could make this work, assuming the benefit is worth it. One is to require that the pass phrase contain a number and a punctuation mark. Another option is to also require that the pass-phrase contain the username. So instead of the earlier pass-phrase I mentioned, my pass-phrase might be “Who let the dogs out Mr. Haacked?”

comments edit

I want to teach a friend everything I know about HTML Production work (which won’t take long). By production work, I mean the process of receiving a Photoshop file, cutting it up, and producing nice clean semantic (X)HTML and CSS.

I’m not a master of such things (though I am pretty handy with CSS these days), but I do know there’s a difference in producing HTML for a static web page verse producing HTML for a dynamically rendered page such as an ASP.NET page. It’s those details that I feel I can teach her well that you don’t learn at many design shops.

However, in preparation, I have a few books and websites I want her to check out. Let me know what you think of this list and if you’d make any additions, deletions, etc…

Books

Websites

  • QuirksMode\ This is a great site for learning CSS and Javascript tips and how to deal with browser compatibility issues.
  • A List Apart\ This site sports insightful articles on web design and CSS. Looking at the code behind the site itself is quite educational.
  • Listamatic\ This is more of a reference and tutorial on how you can use CSS and the unordered list <ul> element to produce all sorts of lists, navbars, menus, etc….
  • 20 CSS Tips and Tricks\ Tips and tricks for achieving common tasks using CSS.   

Also, I asked some friends what applications they use to cut a photoshop file and one mentioned Macromedia Fireworks while another just uses Photoshop. Any tips?

Also, after learning the basics, the following links are important for understanding the box model problem between Firefox and IE.

Box Model Hacking

  • The IE Box Model and Doctype Modes\ Explains the Box Model problem and how the Doctype affects it.
  • BoxModelHack\ Explains some hacks to get around the Box Model problem.
  • Box Model Tweaking\ Discusses an upcoming CSS3 declaration that allows the browser to change its box model. This (and variants) are supported by some browsers already perhaps making it possible have them use the IE box model.

comments edit

Every now and then on various blogs (including mine), you’ll notice a little snippet at the bottom of a post that looks something like…

[Listening to: Never Forget - Paul Van Dyk - Reflections (5:26)]

This is usually inserted by a plug-in to some media player (in my case iTunes) that allows the blogger to easily insert information about what is currently playing.

So in the comments of my last post, Jeff Atwood asks the pertinent question (and I’m paraphrasing here).

Why the hell do I care what you were listening to when you wrote that post?

I attempted some bullshit answer about how writing is art and music influences art. Blah blah blah.

However, in an attempt at introspection and honesty, the real answer is:

Because I’m an egomaniacal Bandwagon jumper!

Yeah, that’s right! I saw some others do it, so I started doing it. I jumped on the bandwagon.

The egomaniacal aspect relates to the belief that someday, I am going to be so freaking famous that everyone will scour my trash to discover what brand of floss I use. Even more, they’ll want to know what music I listened to when I wrote. They’ll have college courses where they deconstruct my writings in the context of the music I was listening to at the time. They’ll even write alternative histories such as…

How would the texture of the article on the Poor Management Epidemic have changed were he listening to Rage Against The Machine when he wrote it as opposed to Röyksopp?

Oh yes, it will happen. Oh yes. Just you watch Jeff.

comments edit

The Yes Man

This video answers the question, “Just who is on the the other side of the call?”

It’s abso-freakin-hilarious! Watch the whole thing.

DISCLAIMER: Some foul language, so keep the speakers low at work.

[Listening to: Manga - Timo Maas - Loud (6:24)]

comments edit

I’ve noticed a bit of talk lately about poor management such as this piece from Dare and this one from Mini-Microsoft.

While they focus on poor management at Microsoft, Microsoft does not have a monopoly on poor management. Indeed, it is rampant in the industry.

In general, I see one two main afflictions that affects corporate thinking in America. It is from these two items that all other problems seem to sprout from.

  • Placing short-sighted goals above all strategic and long-term planning.
  • Making decisions based on hopes rather than analysis and objective data.

A typical scenario might look like this. A company is starting a software project and ask their tech team (or consultants), “Hey, how long will it take to build this?” A reasonable question, but surprisingly difficult to answer because as we know, business types often don’t really know what they want.

After spending some time gathering requirements, the whole time being pressured by the business team, the tech team delivers a rushed estimate. Unfortunately for the tech team, the business types have already promised delivery of the product in half the time of the estimate.

So what happens now? Perhaps the company offers some token incentive and a pep talk about pulling together and taking one for the team by entering crunch mode from the start. Maybe they’ll even hire a few more developers attempting to prove that nine women can indeed have a baby in one month.

Perhaps the tech team understands the principle of the project triangle.

There are three goals of every project: Good, Fast, Cheap. You can pick two.

But try telling that to management. You ask them if they will prioritize features, and they come back with a list where every feature is priority #1.

At this point, the company is managing by hopes and fairy tales. They hoped the time they promised was reasonable. They hope the tech team can complete the project done in time. The tech team wants to put in place a longer design and planning phase, but management want them to get coding because they hope there won’t be any coding problems. The management team does’t keep a list of risks because they hope nothing bad will happen.

Invariably, by putting these shortsighted goals above the long term success of the project, they manage to make the project progress even slower than had they allocated the correct amount of time. Certainly it is possible they will get a deliverable on time. But a deliverable that is very much a house of cards.

To see the epidemic nature of this scenario, you only need to read the paper. The recent classic example is the Virtual Case File project. After more than three years and $170 million spent, the entire project was scrapped. That is $170 million in taxpayer money down the drain because of complete ineptitude, poor management by both the client (the FBI) and their vendor.

We can probably create a hughe catalog of business failures due to short sightedness and management through hopes.

UPDATE: Jon Galloway turned me on to Johanna Rothman’s blog. She has a great example of how managers can be “penny-wise and pound-foolish”. Just another example of being short-sighted.

[Listening to: Circuit Breaker - Röyksopp - The Understanding (5:25)]

comments edit

\ sherriffs.jpg \ Originally uploaded by soymlk. It’s pics like these that really capture the spirit of Burning Man. I love the juxtaposition of cultures in this particular photo. It displays the extent to which the Burning Man organizers work with the local communities and law enforcement to ensure a peaceful and cooperative environment. \

comments edit

Hey you! Yeah I’m talking to you. The one there who has been staring at the screen for several hours straight. Do NOT forget to blink often.

Studies show that staring at a computer monitor causes people to decrease their blink rate. Not only that, but those who stare at a CRT monitor develop a layer of dust on their eyeballs (not sure how much this occurs on LCD monitors). Notice how your screen is always dusty? Think about that grime on your pupils. So definitely blink often.

Also, staring at a single object directly in front of you for a long uninterrupted period of time can cause eye strain. Your eyes need to be worked out. So make sure you take a break to focus on something far away periodically. Seriously. Just stare at something far away. I don’t care if it’s the bum of Sheila (or Stan) in marketing, just do it. Tell them you’re not staring, just working out your eyes and preventing eye strain.

This has been a public service announcement from your friends at Haacked.com. Pass it on.

comments edit

When it was released, I was quite critical of Community Server. I felt it was a rush job and shouldn’t have even been graced with a “beta” next to its name. That, along with other reasons, spurred me to start the Subtext project.

Today I took a quick look at the early bits for Community Server 1.2 that Jayson Knight put up, and I have to admit that I am impressed with the direction they are heading.

Obviously this is pre-beta software and I did run into some bugs (friendly error page though). But what I noticed is they are paying much more attention to the admin interface and usability. One of the big problems with .TEXT in the past is that editing an old post was a big pain because you had to find the post in the admin interface.

In Subtext, I solved that in a manner similar to DotNetNuke. If you are logged in and viewing your own blog, you see a pencil icon next to a blog post. Click on it and you are taken to the admin section where you can edit your blog.

Community Server 1.2 improves on this approach with a mighty jump forward. When you are logged in as an admin, and viewing your blog, moving the mouse cursor over the post highlights the entire post. Clicking on the post then brings up a web-based modal dialog to edit the post. Very slick and very easy to use.

If Telligent can improve on the installation story over the sticky mess from past versions, they will have a very compelling blog platform on their hands. Big ups to them for improving the usability and focusing on nailing down some key problems.

So does this mean that I am going to stop working on Subtext? Hardly, as I think there’s still room for a open source hobbyist blog engine. But I have to admit, the thought did occur to me to migrate my blog to CS 1.2 when it is released. Not having time to work on Subtext has left it languishing. But I will resist that temptation and focus on dogfooding Subtext.

comments edit

Man this would have saved me from tearing out a lot of hair in the past. An excerpt from the announcement:

We spent 20 minutes writing this entry, and then the browser crashed. Good thing there’s auto-save. It saves. Automatically.

comments edit

The Shining Since when was The Shining a feel good movie? Since somebody creatively edited footage to make this promo.

After watching this, consider whether you’re really getting the “reality” in Reality shows. If they want Omarosa to be a bitch, oh yes, she’ll be a BITCH. If they want someone to be a hero, they can make it happen.

Behold the power of film editors!

comments edit

My wife can be a real bookworm at times. She took Twiggy to the local Starbucks in the downtown area of Culver City to have a drink and read her Spanish book outside in the beautiful weather. As she studied, she could overhear two guys behind her loudly engaged in annoying guy talk about some hot coworker of theirs and how some other guy got to her first.

Twiggy walks over to the guys and one of them asks if she’s a whippet. Quickly glancing over, she answers , “No, she’s an Italian Greyhound” and returns to her book. The other guy continues to pet Twiggy and remarks, “Wow, she’s beautiful.”

After a bit, the two fellas leave, giving Akumi some peace and quiet, but not before she overheard two other guys sitting together remark to each other, “Hey, that was Ashton Kutcher.” So in her annoyance at being disturbed, my wife didn’t notice Ashton petting Twiggy.

After hearing the story, I joked with my wife that we missed our opportunity to get Twiggy a job in the movies. We always quip that we want her to start earning her keep, since the rest of the family works.

So Ashton, if you happen to find this blog during a vanity Google search, Twiggy is available for your next movie and/or television show. Just have your people call hers and we can supply face shots.

comments edit

Saw this on the Snopes site about a Coke ad that Coca Cola released and then had to recall because of a hidden risqué image. Pretty damn funny. It just shows that companies shouldn’t skimp on QA.

Here’s a small version of the ad. See if you can find the offending image. Then click on the image to see the closeup.

Dirty Coke
Ad

comments edit

Just to put housing prices in Los Angeles in perspective, we bought our small 1000 sq foot town house condo a year and a half ago. I just found out this week that our neighbors sold their comparable unit for 30% more than we paid for ours. It boggles my mind.

Of course, the urge is to cash in on the place, but then what? We love it in Los Angeles so we’re not ready to leave to cheaper pastures. Even with the equity we have, we still wouldn’t be able to afford a nicer place than we have unless we move out to the boondocks. Not to mention that rent on a unit like ours is more than we are paying in monthly mortgage fees. Instead, we plan to continue riding the housing wave and hope that if the bubble bursts (which I hope it doesn’t), it won’t burst 30%.

comments edit

Ian Griffiths takes an in-depth look at C# 3.0 Extension methods and the potential problems with it. Of particular note is his philosophy, which directly follows from the idea that code should be written for humans, which he summarizes whe he say…

I’m a big fan of code that does what it looks like it does.

Amen brother!

As an example, he highlights the ToUpper method on a System.String instance, which often misleads new developers. He would prefer the more honest and less misleading static method on the String class that would be called like so:

String.ToUpper(input);

I agree wholeheartedly that ToUpper (which sort of follows the Java convention I guess) is misnamed, but (and this really is a minor niggle) I probably would prefer that it still be an instance method, but renamed GetUpperCase. I think that would do a good enough job of being honest and being discoverable.

In any case, if you’re interested in C# 3.0, be sure to read Ian’s take on extension methods.