January 22, 2007
@ 09:44 PM

This morning I stumbled upon an interestingly titled post by Rick Jellife which piqued my interest entitled An interesting offer: get paid to contribute to Wikipedia where he writes

I’m not a Microsoft hater at all, its just that I’ve swum in a different stream. Readers of this blog will know that I have differing views on standards to some Microsoft people at least.
...
So I was a little surprised to receive email a couple of days ago from Microsoft saying they wanted to contract someone independent but friendly (me) for a couple of days to provide more balance on Wikipedia concerning ODF/OOXML. I am hardly the poster boy of Microsoft partisanship! Apparently they are frustrated at the amount of spin from some ODF stakeholders on Wikipedia and blogs.

I think I’ll accept it: FUD enrages me and MS certainly are not hiring me to add any pro-MS FUD, just to correct any errors I see.
...
Just scanning quickly the Wikipedia entry I see one example straight away:
The OOXML specification requires conforming implementations to accept and understand various legacy office applications . But the conformance section to the ISO standard (which is only about page four) specifies conformance in terms of being able to accept the grammar, use the standard semantics for the bits you implement, and document where you do something different. The bits you don’t implement are no-one’s business. So that entry is simply wrong. The same myth comes up in the form “You have to implement all 6000 pages or Microsoft will sue you.” Are we idiots?

Now I certainly think there are some good issues to consider with ODF versus OOXML, and it is good that they come out an get discussed. For example, the proposition that “ODF and OOXML are both office document formats: why should there be two standards?” is one that should be discussed. As I have mentioned before on this blog, I think OOXML has attributes that distinguish it: ODF has simply not been designed with the goal of being able to represent all the information possible in an MS Office document; this makes it poorer for archiving but paradoxically may make it better for level-playing-field, inter-organization document interchange. But the archiving community deserves support just as much as the document distribution community. And XHTML is better than both for simple documents. And PDF still has a role. And specific markup trumps all of them, where it is possible. So I think there are distinguishing features for OOXML, and one of the more political issues is do we want to encourage and reward MS for taking the step of opening up their file formats, at last?

I'm glad to hear that Rick Jellife is considering taking this contract. Protecting your brand on Wikipedia, especially against well-funded or organized detractors is unfortunately a full time job and one that really should be performed by an impartial party not a biased one. It's great to see that Microsoft isn't only savvy enough to realize that keeping an eye on Wikipedia entries about itself is important but also is seeking objective 3rd parties to do the policing.

It looks to me that online discussion around XML formats for business documents has significantly detoriorated. When I read posts like Rob Weir's A Foolish Inconsistency and The Vast Blue-Wing Conspiracy or Brian Jones's Passing the OpenXML standard over to ISO it seems clear that rational technical discussion is out the windows and the parties involved are in full mud slinging mode. It reminds me of watching TV during U.S. election years. I'm probably a biased party but I think the "why should we have two XML formats for business documents" line that is being thrown around by IBM is crap. The entire reason for XML's existence is so that we can build different formats that satisfy different needs. After all, no one asks them why the ODF folks had to invent their own format when PDF and [X]HTML already exist. The fact that ODF and OOXML exist yet have different goals is fine. What is important is that they both are non-proprietary, open standards which prevents customers from being locked-in which is what people really want.

And I thought the RSS vs. Atom wars were pointless.

PS: On the issue of Wikipedia now using nofollow links, I kinda prefer Shelley Powers's idea in her post Wikipedia and nofollow that search engines treat Wikipedia specially as an 'instant answer' (MSN speak) or OneBox result (Google speak) instead of including it in the organic search results page. It has earned its place on the Web and should be treated specially including the placement of disclaimers warning Web n00bs that it's information should be taken with a grain of salt.


 

Categories: XML

Danny Thorpe has a blog post entitled Windows Live Contacts Control Shows Online Presence where he writes

This month's rev of the Windows Live Contacts Control adds a new "tile" view that displays the photos of your Windows Live IM contacts in the control, and makes starting an IM session with them a simple one-click operation.  The top part of this screenshot shows the new tile view.  The bottom part is another instance of the contacts control in list view mode.

Windows Live Contacts Control tile and list views

This widget can be embedded on a page and used to enable Windows Live/MSN users to view or otherwise Windows Live Messenger buddies or Hotmail contacts. I've been following the development of this widget since the project started and it is definitely getting interesting.


 

Categories: Windows Live

We are now feature complete for the next release of RSS Bandit and it's time to get the final bits of user testing before we declare the bits golden. You can obtain the installer from RssBandit.1.5.0.5.Jubilee.RC.zip. We've fixed a number of major bugs that were discovered during the beta including crashes related to building the Lucene search index and podcasts being repeatedly downloaded after the first successful download attempt. I'd like to thank all the  people who tried out the beta and gave us feedback. Windows Vista users should be especially happy with this release since is the first version of RSS Bandit (ever) to work on that operating systems with no problems.

The major new features and bug fixes since the last official release (v.1.3.0.42) are listed below. There will be a comprehensive list of bug fixes and new features in the announcement for the final release. New features and bug fixes since the last beta are marked as .

New Features
Major Bug Fixes
 

Categories: RSS Bandit

January 18, 2007
@ 11:34 PM

I've always wondered how mixtape DJs can get away with selling CDs consisting of people rapping over hot beats from popular pop songs without a nod to the original artist or producer. According to the New York Time story With Arrest of DJ Drama, the Law Takes Aim at Mixtapes it looks like they won't be getting away with it anymore. Excerpt below

In the world of hip-hop few music executives have more influence than DJ Drama. His “Gangsta Grillz” compilations have helped define this decade’s Southern rap explosion. He has been instrumental in the careers of rappers like Young Jeezy and Lil Wayne. He appears on the cover of the March issue of the hip-hop magazine XXL, alongside his friend and business partner T.I., the top-selling rapper of 2006. And later this year DJ Drama is scheduled to make his Atlantic Records debut with “Gangsta Grillz: The Album.”
...
Mixtapes are, by definition, unregulated: DJs don’t get permission from record companies, and record companies have traditionally ignored and sometimes bankrolled mixtapes, reasoning that they serve as valuable promotional tools. And rappers have grown increasingly canny at using mixtapes to promote themselves. The career of 50 Cent has a lot to do with his mastery of the mixtape form, and now no serious rapper can afford to be absent from this market for too long.
...
DJ Drama’s mixtapes are often great. He has turned “Gangsta Grillz” into a prestige brand: each is a carefully compiled disc, full of exclusive tracks, devoted to a single rapper who is also the host. Rappers often seem proud to be considered good enough for a “Gangsta Grillz” mixtape. On “Dedication,” the first of his two excellent “Gangsta Grillz” mixtapes, Lil Wayne announces, “I hooked up with dude, now we ’bout to make history.” The compilation showed off Lil Wayne more effectively than his albums ever had, and “Dedication” helped revive his career.

This sucks. I love mixtapes and would hate for the RIAA to cause an end to mixtape series like Gangsta Grillz or G-Unit Radio. What I didn't expect was that Lil Wayne would start talking smack about DJ Drama after he helped resurrect his career though. From the VH1 article, 'Play The Game Fair': Lil Wayne Responds To DJ Drama's Mixtape Bust

"Smarten up," Lil Wayne advised mixtape DJs. "Smarten up."

For the past few years, Wayne has seen his entire career shift thanks to his performance on mixtapes. Street CDs such as his Gangsta Grillz classics The Dedication and The Dedication 2 have catapulted him to the lyrical elite in the minds of fans. Last year, he may have been the MC with the most material on the mixtape circuit.

"It's a bad thing," Wayne said of the Aphilliates' arrests, "but you gotta play the game fair. If you don't play fair, all kind of things can happen. You gotta watch people like DJ Clue, watch people like DJ Khaled. They do it right."

Wow. All I can say to that is Stop Snitching.


 

Categories: Music

January 18, 2007
@ 02:59 PM

I've been spending my free time putting the finishing touches on the next beta of the Jubilee release of RSS Bandit so I've been remiss at blogging and have accumulated a bunch of things to blog about which I never got around to posting. Here is an outpouring of links from my 'to blog' list

  • 20Q.net: The classic game of twenty questions powered by a neural network. It is uncanny how good this game was at guessing what I was thinking about. This is the closest to magic I've seen on the Web.

  • programming.reddit.com: If you are the kind of geek who find Jeff Atwood's blog to be a fun read then this is the meme tracker for you. Light on fluffy A-list geek wankery over the latest from Apple & Google and heavy on programming culture from the trenches.

  • The Story of XMLHTTP: The most complete account of the creation one of the cornerstones of AJAX, I've seen online. I 've actually worked with some of the people mentioned in the story.

  • Zeichick's Take: Remember CUA Compliance? Microsoft Doesn't: The most amusing rant about the new ribbon in Microsoft Office 2007 I've seen yet. My favorite quote, "Microsoft says that the problem was that users couldn't find and use the more obscure features of Word, Excel and the other Office tools. No, that wasn't the problem. The problem was that there were too many features". I guess his solution would have been for Microsoft to cut a bunch of features from Office instead of redesigning the UI. Yeah, right.

  • To DTD or not to DTD: It looks like Netscape is getting ready to break all of the RSS 0.91 feeds on the Web which reference their DTD which is practically all of them. I need to ensure that this doesn't cause problems in RSS Bandit. I like how the Netscape guy tries to blame RSS reader developers for using XML as designed. Another example of how XML schemas in general and DTDs in particular were one of the worst concepts foisted on XML. We should have been trying to make our programming languages as dynamic as XML not make XML as rigid as our programming languages. Maybe we'll have better luck in the JSON era.

PS: If you are an RSS Bandit user then check back this weekend for the final beta. We are now feature complete and should now work just fine on Windows Vista. However some of the podcast-related features had to be scaled back for this release.


 

January 16, 2007
@ 08:23 PM

By now it's common news that Google has been hit by what seems like half a dozen or more cross site scripting security flaws in the past month. If you missed the news, you can read blog posts like More Google security failures and Wow, more Google XSS problems which contain links to some of the stories of recent exploits. The bugs in those blog posts aren't exhaustive, I've seen some blog posts about exploits that don't seem to have hit the mainstream tech blogs such as the one mentioned in the blog post Pending Members - Google Groups XSS Bug [Part 2].

Anyway, the fact that Google is having problems with XSS issues isn't terribly interesting and should be an expected part of the growing pains as they go from a service that doesn't store any user data to one that aims to be the repository of all their user's data. That requires an entirely different approach to security. What I did find interesting was a blog post on the Google Blogoscoped blog entitled On Google Security which stated

Today, it almost seems as if every single product team in the Googleplex has the “power” to accidentally introduce a Google Account risk with an HTML injection hole, or another kind of cross-site scripting issue. An exotic Blogger bug was able to reveal your Google Docs, even if you’re not blogging with Blogger – an improbable Google Base bug was able to reveal your personalized homepage, even when you’ve never worked with Google Base**. I would argue: these things happen, individual developers and developer teams make errors. It’s impossible not to. There are ways to automatically test against HTML injections, but such tools too need to be handled by humans.

The real problem, and solution, might be on the higher level of the system architecture – the way Google integrates its services and handles cookie data. Right now, the Google Office product partly resembles a mighty convenient & long chain... a chain which is only as strong as its weakest link. Is this a trade-off we’ll just have to make with future web apps, or are there ways to improve on the situation... either by users, or those building browsers, or those developing web apps?

Those who ignore history are doomed to repeat it. None of the problems listed are unique to Google. Any portal that provides multiple services that require the user to login is vulnerable to these problems. This includes competing portals like Yahoo!, MSN and AOL. All of these services have had to encounter and protect users against the very same problems Google is having difficulty dealing with today.

It is likely that with time, Google will stumble upon the same set of best practices that are common knowledge amongst its portal competitors who have been in the game a lot longer. Thinking that this is a problem that affects "the future of Web apps" ignores the history of the Web. 

In the meantime, if you are a Web developer at Google, I'd suggest reading Chapter 12 of Writing Secure Code by Michael Howard. After that, take a look at You know about XSS. How about XSRF/CSRF? which happens to use a Google service as an example of Cross Site Request Forgery attack (XSRF).

That which doesn't kill us only makes us stronger. ;)


 

January 16, 2007
@ 05:57 PM

Danny Sullivan over at Search Engine Land has a post entitled comScore: Google Wins Again & IE7 Doesn't Stop Microsoft's Slide where he writes

It's that time again -- search popular stats for last month are coming out. Actually, Hitwise sent me their figures earlier this month but I'm diving in with the comScore figures that just came out. The main real news is despite the Internet Explorer 7 launch, Microsoft's Live continues to show a drop in usage.

What is puzzling to me is that people thought that the release of IE 7 would cause a increase in search share for Microsoft's search engine and a decline in competitors. The fact is that built-in search boxes within the browser encourage people to treat search as a feature of the browser instead of a site they visit. That means that the defaults built into the browser/operating system are important. But what exactly is the default search engine on most PCs running IE 7? I don't have any hard numbers but here's some data from my post about this entitled Competing with Google is Like the War in Iraq which stated

The combination of the proliferation of search toolbars and a new generation of Web browsers with built-in search boxes (e.g. IE 7 and Firefox) have reduced the need for users to actually go to websites to perform a search. This means that it is now very important to be the search engine that is used when a user enters a search directly from their browser. Guess which search engine is the one used by your browser if you
  1. Are you a user of the Firefox browser?
  2. Are you a user of the Opera browser?
  3. Are you a user of IE 7 and have installed Adobe Acrobat?
  4. Are you a user of IE 7 and have installed the Java runtime?
  5. Are you a user of IE 7 and have installed the WinZip archive utility?
  6. Are you using a newly purchased Dell computer?
  7. Are you a user of the Google Toolbar?
Yes, the answer is Google in every case. So even if you are an Internet n00b who hasn't made up their mind about which search engine to choose, there is a large chance that the default search engine you end up using thanks to recent innovations in IE 7 and Firefox will be Google.

If anything, browsers like Firefox and IE 7 make it harder for users to switch from Google not easier because it gets them away from the notion of visiting websites to perform searches and instead they just accept whatever default the browser provides.


 

There's an article in the NY Times entitled Want an iPhone? Beware the iHandcuffs which contains the following excerpt

Even if you are ready to pledge a lifetime commitment to the iPod as your only brand of portable music player or to the iPhone as your only cellphone once it is released, you may find that FairPlay copy protection will, sooner or later, cause you grief. You are always going to have to buy Apple stuff. Forever and ever. Because your iTunes will not play on anyone else’s hardware.

Unlike Apple, Microsoft has been willing to license its copy-protection software to third-party hardware vendors. But copy protection is copy protection: a headache only for the law-abiding.

Microsoft used to promote its PlaysForSure copy-protection standard, but there must have been some difficulty with the “for sure” because the company has dropped it in favor of an entirely new copy-protection standard for its new Zune player, which, incidentally, is incompatible with the old one.

Pity the overly trusting customers who invested earlier in music collections before the Zune arrived. Their music cannot be played on the new Zune because it is locked up by software enforcing the earlier copy-protection standard: PlaysFor(Pretty)Sure — ButNotTheNewStuff.

The name for the umbrella category for copy-protection software is itself an indefensible euphemism: Digital Rights Management. As consumers, the “rights” enjoyed are few. As some wags have said, the initials D.R.M. should really stand for “Digital Restrictions Management.”

It's weird to see the kind of anti-DRM screed that one typically associates with people like Cory Doctorow getting face time in the New York Times. DRM is bad for society and bad for consumers. It's that unfortunate that Microsoft is the company that has made one of the bogey men of anti-DRM activists a reality. As Mini-Microsoft wrote in his blog post The Good Manager, etc, etc, ...

In the meantime, I think a positive-because-it's-so-negative result of Zune is that it added fire to the DRM debate

No longer is it a theoretical problem that buying a lot of DRMed music from a vendor leaves you vulnerable if the DRM becomes unsupported or falls out of favor. Thanks to Zune and its lack of support for PlaysForSure. Now even the New York Times has joined the in the rally against DRM.

I have to agree with Mini-Microsoft, this is one of those things that is so bad that it is actually turns a 180 and will be good for all of us in the long run.


 

Categories: Technology

My sister is paying me a surprise visit this weekend and I decided to look on the Web for ideas for what we could do together this weekend. My initial thoughts were that we'd go to the movies and perhaps check out the Bodies: The Exhibition. I wouldn't to see if I could get a better suggestion on the Web.

My first instinct was to try Seattle - City Search but had to give up when I realized the only events listed for today were either announcements of what DJs would be at local clubs tonight or announcements sales at local stores. Another thing that bugged me is how few ratings there were for events or locations on City Search. This reminds me of a blog post on Search Engine Land entitled Local And The Paradox of Participation which came to a set of incorrect conclusions about a poll that claimed that people are equally likely to post a positive or negative review of an event or location. The incorrect conclusion was that it is a myth that few people are likely to post reviews. Given that locations and events that are attended by thousands of people tend to only have dozens of reviews on almost every review site I've ever seen seems to make this a fact not a myth. The poll only seems to imply that people are willing to share their opinion if prompted which is totally different from someone attending a nightclub or concert then feeling compelled to visit one of umpteen review sites to share their opinion. What is surprising to me is that there doesn't seem to even be a small community of die hard reviewers on City Search which is unlike most review sites I've seen. Just compare Amazon or IMDB which both seem to have a number of reviewers who are on top of certain categories of products.

Anyway, what does this have to do with Google? Well, I went to Rich Skrenta's much vaunted starting point of the Intenet and tried some queries such as "local events", "seattle events" and "events in seattle" with pathetic results. The only useful links in the search results page led me to a couple of event search engines (e.g. NWsource, Upcoming) that were pathetically underpopulated with event information. None of them even had a listing for Bodies: The Exhibition. Lame. 

I tried Google Local which turned out to be redirect to their mapping site. Shouldn't a local search engine be able to find events in my local area? Double lame.

Before you bother pointing it out, I realize that other search engines don't do a much better job either. This seems to point to an opportunity to add a lot of value in what must be a very lucrative search market. I'm surprised that Yahoo! hasn't figured out how to do more with their purchase of Upcoming.org. Then again Yahoo! hasn't figured what to do with any of the Web 2.0 startups they've purchased so maybe that is expecting too much. Maybe Google will purchase Eventful.com and fix this fairly big hole in their search offerings. Somehow I doubt it. .


 

I checked out the official Apple iPhone site especially the screencasts of the phone user interface and ipod capabilities set. As an iPod owner, $500 is worth it just to get my hands on this next generation iPod which makes my Video iPod look old and busted. On the other hand, although the text messaging UI is pretty sweet a cellphone without tactile feedback when pushing its buttons is a pain in the ass especially when the layout of the buttons continually changes. I wouldn't wish that on my worst enemy. Maybe I'm just unusual in the fact that I don't want to be required to look at the cellphone's screen when using it. I pull my phone out of my pocket, unlock it and call the last number dialed often without looking at the screen before putting it to my ear. It's hard to imagine that my muscle memory would ever get used to to doing that without tactile feedback from the phone when navigating its interface. It also hasn't been announced whether the phone will be able to sync with Microsoft Exchange or not. As someone who used his phone to keep on top of the goings on at work while at CES, this is another non-starter.

That said, I have to agree with a lot of the stuff said in the article Macworld: Ten Myths of the Apple iPhone. A lot of the complaints about the iPhone just seem like sour grapes. Me, I'm going to wait until I can get an unlocked iPhone so I don't have to replace my Cingular 3125 or until Apple ships a 6th generation iPod (aka iPhone sans phone features).


 

Categories: Technology