October 21, 2005
@ 03:35 PM

As I mentioned in my previous post on Understanding Web 2.0 the "web 2.0" meme isn't about technology or people, it's about money and hype primarily geared at VCs and big companies looking for small companies to buy so they look hip. The recently launched Flock web browser is one of example of a "Web 2.0" product which looks like it's creators just played a game of buzzword bingo when deciding what to do with their millions in VC funding. It is built on Firefox (bing), integrates with del.icio.us (bing) and Flickr (bing), plus it comes with blog posting (bing!) and RSS reading features (bingo!).

I have to agree with Joel Spolsky's claim that the Architecture Astronauts Are Back when he wrote

I'm starting to see a new round of pure architecture astronautics : meaningless stringing-together of new economy buzzwords in an attempt to sound erudite.

When I wrote my original complaint about architecture astronauts more than four years ago, it was P2P this and messaging that.

"That's one sure tip-off to the fact that you're being assaulted by an Architecture Astronaut: the incredible amount of bombast; the heroic, utopian grandiloquence; the boastfulness; the complete lack of reality. And people buy it! The business press goes wild!"

Now it's tagging and folksonomies and syndication, and we're all supposed to fall in line with the theory that cool new stuff like Google Maps, Wikipedia, and Del.icio.us are somehow bigger than the sum of their parts. The Long Tail! Attention Economy! Creative Commons! Peer production! Web 2.0!

The term Web 2.0 particularly bugs me. It's not a real concept. It has no meaning. It's a big, vague, nebulous cloud of pure architectural nothingness. When people use the term Web 2.0, I always feel a little bit stupider for the rest of the day.
Not only that, the very 2.0 in Web 2.0 seems carefully crafted as a way to denegrate the clueless "Web 1.0" idiots, poor children, in the same way the first round of teenagers starting dotcoms in 1999 dissed their elders with the decade's mantra, "They just don't get it!"

I'll do my part. I hereby pledge never again to use the term "Web 2.0" on this blog, or to link to any article that mentions it. You're welcome.

I feel the same way. I am interested in discussions on the Web as a platform and even folksonomies (not tagging) but the marketplace of ideas has been polluted by all this "Web 2.0" garbage. Once again, I've flipped the bozo bit on Web 2.0. Like Joel, you won't see any use of the term on my blog or in items I link to from now on. 


Categories: Web Development

It seems some folks at TheServerSide.com have started bashing AJAX because they see it as a threat to Java. This has led to fairly ridiculous posts such as this one entitled But most of all samy is my hero which states

The story is, a myspace user named samy wanted to be popular. He wanted to make his page do things that others couldn’t and in the process devised a cross system scripting (XSS) attack that managed to add his profile to more then a million other users of the system. To do this he used a combination of AJAX and JavaScript.

It is not the intention to make samy even more famous but he has exposed a serious weakness in the AJAX security model. All samy did was figure out how to upload some JavaScript into his profile and this was despite myspace’s best efforts to limit this type of activity.

With respect to security, the web is already a hostile environment. Will a move to use AJAX and JavaScript further enlarge the security holes that already exist? Could myspace have done more to prevent this type of attack and still afford their users the flexibility to manage their pages as they do now?

Even though I haven't looked at the code of the exploit, I think it is fair to say that this issue has little to do with "the AJAX security model" as implied by the author of the post. Any system that accept user input has to worry about how they scrub the data due to malicious users. Not properly scrubbing input data leads to all sorts of security problems including buffer overflows and cross site scripting attacks.

I'd suggest that some of the folks on TheServerSide need to read up on some of the FAQs on cross site scripting attacks before blaming AJAX for problems that have nothing to do with it.


Categories: Web Development

October 20, 2005
@ 02:55 PM

A couple of recent stories in the news remind me that there still a ways to go for race relations in America.

From the story A Polling Free-Fall Among Blacks in the Washington Post

In what may turn out to be one of the biggest free-falls in the history of presidential polling, President Bush's job-approval rating among African Americans has dropped to 2 percent, according to a new NBC/Wall Street Journal poll.

The drop among blacks drove Bush's overall job approval ratings to an all-time low of 39 percent in this poll. By comparison, 45 percent of whites and 36 percent of Hispanics approve of the job Bush is doing.

Thanks to Jonathan Marsh for that link. This reminds me of a skit on the Dave Chappelle show where a game show host asks a black guy, "Why didn't black people trust Ronald Reagan?" and he responded "I didn't know we were supposed to trust him in the first place". Of course, it was the right answer.

From the story NBA's dress code blasted in the Miami Herald

The NBA has announced that a dress code will go into effect at the start of the season. Players will be required to wear business-casual attire when involved in team or league business. They can't wear visible chains, pendants or medallions over their clothes.

Jackson, who is black, said the NBA's new rule about jewelry targets young black males because chains are associated with hip-hop culture, and he said the league is afraid of becoming ''too hip-hop.'' In protest, he wore four chains to the Pacers' exhibition game against San Antonio on Tuesday.

Philadelphia's Allen Iverson also was critical of the new rule, which the NBA enacted Monday.

''I feel like if they want us to dress a certain way, they should pay for our clothes,'' he said. "It's just tough, man, knowing that all of a sudden you have to have a dress code out of nowhere.''

Boston Celtics star Paul Pierce agreed that the new rule targeted young, black players.

''When I saw the part about chains, hip hop and throwback jerseys, I think that's part of our culture,'' Pierce said. "The NBA is young black males.''

I guess it's OK for the NBA rosters to be dominated by blacks as long as they don't dress or act "too black". 

It's been over a month since we shipped the alpha version of the Nightcrawler release of RSS Bandit. Since then we've fixed a number of annoying bugs and polished a number of our features. An example of the kind of polish we've added since the alpha is shown in the screenshot below.

There are three main classes of subscriptions we now support in RSS Bandit; feeds (Atom or RSS), newsgroups (NNTP) and search results. We made search results a first class subscription type because I suspect that subscribing to search results especially on various blog search engines is only going to increase in popularity. The process for adding a new search engine is still too "techie-focused" for my liking. I'd love it if our users would just be able to add the URL of their search engine of choice and then we check if it supports Amazon OpenSearch, if so then we add it as one of the choices for the Search Results subscription wizard. The current process for adding a search engine whose results can be subscribed to involves users adding a URL showing the query string format of the engine (e.g. http://search.msn.com/results.aspx?q={0}&format=rss where {0} is a place holder that shows where the query string should be inserted).  

I should investigate how many search engines provide an OpenSearch description documents file. If enough of them do, it may be worth the while for our users if we went ahead and supported it. That way they can just add 'http://search.msn.com' to their favorite search engine list and we autodiscover the rest.

The Newsgator API has been a source of mild frustration for me since I added support for it. The existing synchronization features in RSS Bandit involve uploading/downloading a single file containing the state of the application. The Newsgator API assumes that any application using it for synchronization is also using it as a source for RSS feeds. From my perspective this seems to be a very big assumption to make but is understandable when one considers that the original purpose of the API was for their in-house applications. This assumption manifests itself by requiring that to synchronize the state of a feed I'm subscribed to, I need to fetch its feed from Newsgator online. This means that if I'm subscribed to 100 feeds in RSS Bandit, then I might need to download up to 100 feeds from Newsgator Online as part of the synchronization process each time I sync. This makes the synchronization process a lot slower than I expected. I'm now wondering whether we should rethink the user flow for our synchronization step since currently we lock the UI while syncing to prevent users making changes while we are syncing. With synchronization to Newsgator this could take several minutes as opposed to a minute or less with our other synchronization methods. I did make some performance improvements since we shipped the alpha but it still does take a while longer than I like. :(

The winner of the RSS Bandit New Logo design contest has been announced. Congrats to Eric Winchester.

Old Logo:

New Logo:

I'd like to thank all the folks who took the time to submit entries and those who voted for their favorite logos. We greatly appreciate your support.

It is quite likely that Torsten and I will ship a 'refresh' of the alpha installer this weekend. The reason it isn't a beta is that we are not yet feature complete. The code for downloading enclosure/podcasts still isn't all there and I haven't started on my idea for 'watching' posts for new comments. With any luck we should have all this done in the next few weeks.

After the beta, we'll focus primarily on performance issues. We've already fixed a number of issues that were causing lots of CPU usage but our memory consumption still higher than I prefer. I expect that the final version of Nightcrawler will ship during the holiday season.


Categories: RSS Bandit

A recent comment on the Groklaw blog entitled Which Binary Key? claims that one needs a "binary key" to consume XML produced by Microsoft Office 2003. Specifically the post claims
No_Axe speaks as if MS Office 12 had already been released and everyone was using it. He assumes everyone knows the binary key is gone. Yet Microsoft is saying that MS Office 12 is more or less a year away from release. So who really knows when and if the binary key has been dropped? All i know is that MSXML 12 is not available today. And that MSXML 2003 has a binary key in the header of every file.
So let me close with this last comment on the fabled “binary key”. In March of 2005, when phase II of the ODF TC work was complete, and the specification had been prepared for both OASIS and ISO ratification, the ODF TC took up the issue of “compliance and conformance” testing. Specifically, we decided to start work on a compliance testing suite that would be useful for developers and application providers to perfect their implementations of ODF. Guess who's XML file format was the first test target? Right. And guess what the problem is with MSXML? Right. It's the binary key. We can't do even a simple transformation between MSXML and ODF!

As someone who's used the XML features of Excel and Word, I know for a fact that you don't need a "binary key" to process the files using traditional XML tools. Brian Jones, who works on a number of the XML features in Office, has a post entitled The myth of the Binary Key where he mentions various parts of the Office XML formats that may confuse one into thinking they are some sort of "binary key" such as namespace URIs, processing instructions and Base64 encoded binary data. All of these are standard aspects of XML which one may typically doesn't see in simple uses of the technology such as in RSS feeds.

Being that I used to work on the XML team there is one thing I want to add the Brian's list which often confuses people trying to process XML; the unicode byte order mark (BOM). This is often at the beginning of documents saved in UTF-16 or UTF-8 encoding on Windows. However as the Wikipedia entry on BOM's states

In UTF-16, a BOM is expressed as the two-byte sequence FE FF at the beginning of the encoded string, to indicate that the encoded characters that follow it use big-endian byte order; or it is expressed as the byte sequence FF FE to indicate little-endian order.

Whilst UTF-8 does not have byte order issues, a BOM encoded in UTF-8 may be used to mark text as UTF-8. Quite a lot of Windows software (including Windows Notepad) adds one to UTF-8 files. However in Unix-like systems (which make heavy use of text files for configuration) this practice is not recommended, as it will interfere with correct processing of important codes such as the hash-bang at the start of an interpreted script. It may also interfere with source for programming languages that don't recognise it. For example, gcc reports stray characters at the beginning of a source file, and in PHP, if output buffering is disabled, it has the subtle effect of causing the page to start being sent to the browser, preventing custom headers from being specified by the PHP script. The UTF-8 representation of the BOM is the byte sequence EF BB BF, which appears as the ISO-8859-1 characters "" in most text editors and web browsers not prepared to handle UTF-8.

I wouldn't be surprised if the alleged "binary key" was just a byte order mark which caused problems when trying to process the XML file using non-Unicode savvy tools. I suspect some of the ODF folks who had problems with the XML file would get some use out of Sam Ruby's Just Use XML talk at this year's XML 2005 conference. 


Categories: XML

I've been using MSN Virtual Earth for a while now and like it quite a lot. However there is definitely room for improvement and I'm glad to see that the team is soliciting feedback from users on what features they consider most important for the next release. In the post Suggestions for Virtual Earth Release 2? they write

The VE team is rolling on the next release and is interested in your feature requests. Lets make it interesting - You have 10 bucks to spend on features. How would you spend 'em? Post your comments here. My shopping list might look like this -
4  Street maps for Italy
3  Driving directions integrated in the application and not linked off to maps.msn.com
3  improved WiFi coverage for the Locate me feature in rural areas.
You get the idea. Go ahead, buy your features. Just remember to stay within your budget :-)

If you use VE and have some features you'd like to see in the next release, go ahead and post a comment with your requests. Here's how I'd spend my $10 on features; $2 to expand the Virtual Earth API to include conversions from physical addresses to latitudes & longitudes (aka geocoding), $3 to integrate driving directions into VE as opposed to being linked to http://maps.msn.com as is done today, $4 to add the ability to store my favorite locations in VE, and $1 to add maps of Canada to the service.

So how would you spend your dollars on VE features?


Categories: MSN

October 17, 2005
@ 04:51 PM

Every week or so I get a complaint from someone using Safari on Mac OS X complaining about the fact that my blog looked wacky in their browser. I finally got around to fixing the templates used by my blog and now it should look fine in Safari.

The following sites were helpful in showing me what my site looked like in Safari; http://www.danvine.com/icapture/ and http://www.fundisom.com/g5/. Thanks to Martin Dittus for pointing me out to these sites without which I wouldn't have been able to confirm my changes.


Categories: Ramblings

Dave Sifry, the CEO of Technorati, has a regular series of posts called The State of the Blogosphere where provides various statistics about the number of blogs Technorati is tracking. In State of the Blogosphere, October 2005 Part 1: On Blogosphere Growth he writes

About 70,000 new weblogs are tracked every day, which is about a new weblog created each second, somewhere in the world. It also appears that blogging is taking off around the world, and not just in English. Some of the significant increases we've seen over the past 3 months have been due to a proliferation of chinese-speaking weblogs, both on MSN Spaces as well as on Chinese sites like blogcn.com .

The growth of the Chinese blogosphere on MSN Spaces is a trend those of us working on Spaces have seen first hand. I wouldn't be surprised if we are one of the biggest blog hosting services for Chinese bloggers. An interesting side effect of this growth is that an increasing number of blogs in the Technorati Top 100 are blogs that are popular with Chinese users of MSN Spaces.

Below is a list of the MSN Spaces on today's version of the top 100 list 

27. spaces.msn.com/members/princesscecicastle
11,999 links from 3,455 sites. View All »

30. Hack MSN Spaces
­Spaces Customization at its Best™
By Devdutt Parikh
12,540 links from 3,329 sites. View All »

41. spaces.msn.com/members/slim
By slim
8,569 links from 2,771 sites. View All »

47. Herramientas para Blogs
Herramientas para spaces. Un blog sobre personalización de los spaces
By mmadrigal madrigal
7,309 links from 2,578 sites. View All »

49. Scott's "SiteExperts" Place
Web developers, Web developers, Web developers! MSN Client architect who shares his thoughts on DHTML, AJAX, Client Frameworks, etc., and how we are engineering MSN properties.
By Scott Isaacs
7,103 links from 2,509 sites. View All »

66. spaces.msn.com/members/flowersummer
6,405 links from 2,118 sites. View All »

71. spaces.msn.com/members/locker2man
By locker2man
5,358 links from 2,026 sites. View All »

74. spaces.msn.com/members/hcy521
6,640 links from 2,007 sites. View All »

It is interesting to note that every space on the Technorati Top 100 list is either Chinese or is about customizing/hacking the MSN Spaces user interface which is popular among our Chinese users. I'd never have guessed that these would be the most popular spaces when we launched the service last year.


Categories: MSN

A comment to my post Some Thoughts on the Mini-Microsoft blog struck me as so good that it was worth sharing. So I'm reposting it here so others get to see it

The Lessons of Longhorn
I’ve worked at MS for many, many years in the product groups. I love the company, and have prospered with it. I’m not some disgruntled flunky. I manage a big group, and am committed to doing everything I can to make my group a great place to be and build really compelling products that lots of customers will want to buy. We were and still are a great company in many ways. But we could be even greater.

The Longhorn saga highlights some stark lessons about why employees are pissed off and frustrated with the very top handful of execs. We are all held to very high standards. We write annual commitments, and work very hard to achieve them. If we don’t achieve them, we know we will not be rewarded. We want to do great work, make great products, and be rewarded for it, personally and financially. We don’t shirk from this challenge, we are up to it! But, we expect these rules to apply to everyone, evenly and openly. All the way to the top.

Longhorn will be a good product when it ships, but it will ship two years later than it should have. That extra two years represents what, maybe 8,000 man years of work? At a fully burdened cost of say $150k/head/year that’s $1.2Billion in direct costs of our resources flushed down the toilet. But far worse than those direct costs are the lost opportunity costs of not having the product in market two years earlier and getting started on Vnext.

Who is to blame for this debacle? First BillG himself, for pushing the Windows group to take on huge, extremely difficult technical projects that destabilize all the core parts of the OS, and hold shipping hostage. Even worse, in some cases these efforts seem to be little more than ‘pet’ ideas of Bill’s, with little clear customer value, at least to my understanding. Second, the very top handful of execs in the Windows group are to blame, for placating Bill and not applying the most basic good judgment on engineering and project management. From my perspective, it was clear to nearly every engineer in every product group at MS that Longhorn was badly screwed up, for far too long. But no one at the top would admit it or come to grips with it for far too long. For top product execs as MS, there is a long history of a culture that Bill is right, do what he says, always stay in his good graces no matter what. If you do that, you will likely make a huge fortune. If you don’t, your career at MS is over. I understand the pressure on execs to behave that way and always say ‘Yes’ to Bill. But that’s not the leadership we need. We are not helping anyone with this game, neither customers nor ourselves.

All of us know that if we screwed up like this, we would likely be forced out of our groups, with our reputations as product people shot, and for good reason. But when Bill and Jim et al screw up, nothing happens.

I really want Bill to be man enough to stand up and say, “I made a big mistake. This is what we’ve learned, and this is how we are going to do even better.” Bill is a tremendous thinker, but he is human too, and sometimes can make mistakes. We can’t have a culture that holds he is semi-divine. We need leaders who really lead, pragmatically and effectively, who hold themselves openly to the same standards that we are all held to. That is how we can become an even better company and reach more of our still great potential.


Categories: Life in the B0rg Cube

In his post Betty Dylan, Railroad Tavern, Sunday 8PM Jon Udell writes

I wondered why online services like upcoming.org hadn't yet gone viral, and I made a few suggestions, which were well received. But to be honest, the Keene, NH metro in Upcoming is no more lively now -- a day after Yahoo acquired Upcoming -- than it was six months ago.

Case in point: the Betty Dylan band is coming to Keene on Sunday and Monday. I know this because a friend organized the event. But neither of the venues' websites -- Railroad Tavern and Keene State College -- has the information. Nor does the Keene Sentinel. What's more, none of these three websites makes calendar information available as RSS feeds.

Yahoo's acquisition of Upcoming will certainly help move things along. As will the growing visibility of other such services, notably EVDBEventful. But since I expect no single one of these to dominate, or to supplant the existing calendars maintained by newspapers, colleges, and other venues, we have to think in terms of syndication and federation.

RSS is a big part of the story. Calendar publishers need to learn that information made available in RSS format will flow to all the event sites as well as to individual subscribers.

I think, like me, Jon Udell is grabbing a hold on things from the wrong end of the stick. When I first started working on the platform behind MSN Spaces, one of my pet scenarios was making it easier to create blog posts about events then syndicating them easily. One of the things I slowly realized is that unlike blogging which has killer apps for consuming syndicated content (RSS readers) there really isn't anything similiar for calendar events nor is there likely to be anything compelling in that space in the near future. The average home user doesn't utilize calendaring software nor is there incentive to start using such software. Even if every eventing website creates RSS feeds of events, the fact is that my girlfriend, my mom and even me don't maintain calendars which would benefit from being able to consume this data.

The corporate user is easier since calendaring software is part of communications clients like Outlook and Lotus Notes. However those aren't really the targets of sites like Upcoming or Eventful, however I suspect those are their best bets for potential users in the near term.