Earlier this week, Tim Bray wrote a blog post entitled On Linking where he pointed out that it has become quite common place for him to link to the Wikipedia entry for a subject even if there is an official site. He also realizes this is a problem when he writes

Why Not Wikipedia? · But this makes me nervous. I feel like I’m breaking the rules; being able to link to original content, without benefit of intermediaries, is one of the things that defines the Web. More practically, when I and a lot of other people start linking to Wikipedia by default, we boost its search-engine mojo and thus drive a positive-feedback loop, to some extent creating a single point of failure; another of the things that the Web isn’t supposed to have.

I’d be astonished if the Wikipedia suddenly went away. But I wouldn’t be very surprised if it went off the rails somehow: Commercial rapacity, legal issues, or (especially) bad community dynamics, we’ve seen that happen to a whole bunch of once-wonderful Internet resources. If and when it did, all those Wikipedia links I’ve used (396 so far, starting in June 2004) become part of a big problem.

As if on cue, a little bit of hubbub broke out on the Web after Rick Jellife blogged that he'd been approached by Microsoft to help keep some articles about its technology neutral. Lots of folks in the press have jumped all over this and called it an attempt by Microsoft to "astroturf" Wikipedia from the usual suspects on Slashdot to more mainstream news sources like USA Today.

Let's dig a little deeper into the issue and look at the facts as opposed to the sensational headlines. Mike Arrington over at TechCrunch has a good collection of links to the relevant online occurences in his post entitled Battleground Wikipedia which contains the following excerpts

Doug Mahugh at Microsoft freely admitted to doing this in a comment to a Slashdot article on the matter. According to another source, a Microsoft spokesperson also chimed in, saying that they believed the article were heavily written by people at IBM, a rival standard supporter, and that Microsoft had gotten nowhere flagging mistakes to Wikipedia’s volunteer editors. However, the discussion area of the Wikipedia page in question does not show any Microsoft involvement.

Microsoft clearly didn’t feel comfortable making direct changes to article about their technology, and frankly they can’t really be blamed for that. Editing an article about yourself is considered a conflict of interest by many in the Wikipedia community, and people are routinely trashed for doing so.
...
In the words of Deep Jive Interests “if you’re going to astroturf [Wikipedia], do it right!”

I'm trying to figure out how we go from Microsoft having problems flagging mistakes to Wikipedia editors and trying to get the relevant entry updated while not violating Wikipedia's conflict of interest rules to Microsoft is trying to astroturf Wikipedia.

Given that the Wikipedia entry is the first or second result on Google searches for "ooxml" and Office Open XML yet has contained misinformation and outright fabrications about the technology, shouldn't Microsoft be trying to get the article corrected while staying within the rules of Wikipedia?

As an experiment I've updated the Wikipedia entry for TechCrunch with a mention of some of the claims about Mike Arrington's conflicts of interest on the site and references to negative  blog posts but no link to his side of the story. TechCrunch is big enough for Mike not to care about this but what should be his course of action? According to Jimmy Wales and the pundits it seems (i) he can't edit the entry  himself nor (ii) can he solicit others to do so. Instead he needs to write a white paper about his position on conflicts of AND then link to it from the talkback page for his entry.Yeah, I'm sure that's going to get read as much as the Wikipedia entry.

It's sad that if Microsoft had just done what other companies do and had a bunch of employees policing its brand on Wikipedia (see the Forbes article Shillipedia), this would never have made the news. It's unfortunate that this is the reward Microsoft gets for being transparent and open instead of taking the low road. 

 

In response to my recent post entitled ODF vs. OOXML on Wikipedia one of my readers pointed out

Well, many of Weir's points are not about OOXML being a "second", and therefore unnecessary, standard. Many of them, I think, are about how crappy the standard actually is.

Since I don't regularly read Rob Weir's blog this was interesting to me. I wondered why someone who identifies himself as working for IBM on various ODF technical topics would be spending a lot of his time attacking a related standard as opposed to talking about the technology he worked. I assumed my reader was mistaken and decided to subscribe to his feed and see how many of his recent posts were about OOXML. Below is a screenshot of what his feed looks like when I subscribed to it in RSS Bandit a few minutes ago

Of his 24 most recent posts, 16 of them are explicitly about OOXML while 7 of them are about ODF.

Interesting. I wonder why a senior technical guy at IBM is spending more time attacking a technology whose proponents have claimed is not competitive with it instead of talking about the technology he works on? Reading the blogs of Microsoft folks like Raymond Chen, Jensen Harris or Brian Jones you don't see them dedicating two thirds of their blog postings to bash rival products or technologies.

From my perspective as an outsider in this debate it seems to me that OOXML is an overspecified description of an open XML document format that is backwards compatible with the billions of documents produced in Microsoft Office formats over the past decade. On the other hand, ODF is an open XML document format that aims to be a generic format for storing business documents that isn't tied to any one product which still needs some work to do in beefing up the specification in certain areas if interoperability is key.

In an ideal world both of these efforts would be trying to learn from each other. However it seems that for whatever reasons IBM has decided that it would rather that Microsoft failed at its attempt to open up the XML formats behind the most popular office productivity software in the world. How this is a good thing for Microsoft's customers or IBM's is lost on me.

Having a family member who is in politics, I've learned that whenever you see what seems like a religious fundamentalism there usually is a quest for money and/or power behind it. Reading articles such as Reader Beware as ODF News Coverage Increases it seems clear that IBM has a lot of money riding on being first to market with ODF-enabled products while simultaneously encouraging governments to only mandate ODF. The fly in the ointment is that the requirement of most governments is that the document format is open, not that it is ODF. Which explains IBM's unfortunate FUD campaign. 

Usually, I wouldn't care about something like this since this is Big Business and Politics 101, but there was something that Rick Jellife wrote in his post An interesting offer: get paid to contribute to Wikipedia which is excerpted below

So I think there are distinguishing features for OOXML, and one of the more political issues is do we want to encourage and reward MS for taking the step of opening up their file formats, at last?

The last thing I'd personally hate is for this experience to have soured Microsoft from opening up its technologies so I thought I'd throw my hat in the ring at least this once.

PS: It's pretty impressive that a Google search for "ooxml" pulls up a bunch of negative blog posts and the wikipedia article as the first couple of hits. It seems the folks on the Microsoft Office team need to do some SEO to fix that pronto.

 

From the blog post entitled Use Live Search and We'll Donate to Team Seattle and Ninemillion.org on the Live Search team's blog we learn

The Live Search team recently launched two new programs to help children in need, and we would love you to help us out. The good news is that all you have to do to help us is try Live Search on one of our “click for the cause” sites, and each search you do will add more money to Microsoft’s donation.

The two organizations we are working with in these programs are  ninemillion.org and Team Seattle. Ninemillion.org is a United Nations led campaign providing education and sports programs for nine million refugee youth around the world

...

Ninemillion.org - click4thecause.live.com

Live Search is a global business, so we wanted a way to help kids all over the world who are in need. Supporting Ninemillion.org and their mission to help 9 million refugees really stood out as a great way to make a impact.  Each search at click4thecause.live.com results in a financial donation from Microsoft to provide help with education programs to the refugee kids around the globe. More info on ninemillion.org’s work with these youth can be found at their Windows Live Spaces blog.

In addition to the money raised from the searches, Microsoft is also donating online advertising and editorial space across MSN and microsoft.com to raise awareness of the relief effort.

I'm not one to ask my readers to use our services but in this case I'm making an exception. Please check out http://click4thecause.live.com to learn more about ninemillion.org and perform some searches.

Thanks for your time.

 

Apple's tech support is a real clusterfuck. What is amazing to me is that I know how bad their tech support is yet their products have been so much better than the competition's that I keep buying Apple devices. Yesterday I was at the Genius Bar at the Apple Store in Tukwila to report a problem with my video iPod. For some reason, my iPod no longer plays sound out of the right side of any headphones plugged into it.

Before complaining about the experience, I should probably point out the one positive thing about the experience was that I could make an appointment online instead of waiting around in the store for a "genius" to become available. I got there a little early and got to marvel at the all-in-one design of the iMacs which blew my mind as someone who spends all his time on Dell PCs and laptops. Now that I can run Windows on a Mac, I may end up buying one of these the next time I have to buy a computer. 

Anyway, back to my tech support woes. When my turn came up, I told the "genius" my problem and he gave me two options.

1. I can get a used refurbished iPod as a replacement from Apple which would either cost me $200 or $0 (if mine was still under warranty)
2. I could go online and try an iPod repair sites like iPodResQ which aren't affiliated with Apple at all.

Since my iPod was no longer under warranty and I didn't feel like paying $200 for a used iPod, I decided to go with iPodResQ . While the iPod "genius" was helping me I noticed that the Mac "genius" was also answering some questions from a customer about Apple Boot Camp. The Mac "genius" told the customer to go to Google and search for "Apple Boot Camp" to get information about it.

At this point it seemed to me that Apple Inc. can save itself a lot of money and its customers a lot of time by replacing its Genius Bars with the following FAQ

Q: I have a question about ...
A: Go to Google and type your question.

Q: I have a problem with my iPod
A: Go to iPodResQ

Q: I have a problem with my iMac/Mac Pro/Mac Mini/MacBook
A: Go to MacResQ

It's really a sad testament to the PC industry that despite these negative tech support experiences with Apple products I'd still get a 20-inch iMac in a heartbeat.

 

This morning I stumbled upon an interestingly titled post by Rick Jellife which piqued my interest entitled An interesting offer: get paid to contribute to Wikipedia where he writes

I’m not a Microsoft hater at all, its just that I’ve swum in a different stream. Readers of this blog will know that I have differing views on standards to some Microsoft people at least.
...
So I was a little surprised to receive email a couple of days ago from Microsoft saying they wanted to contract someone independent but friendly (me) for a couple of days to provide more balance on Wikipedia concerning ODF/OOXML. I am hardly the poster boy of Microsoft partisanship! Apparently they are frustrated at the amount of spin from some ODF stakeholders on Wikipedia and blogs.

I think I’ll accept it: FUD enrages me and MS certainly are not hiring me to add any pro-MS FUD, just to correct any errors I see.
...
Just scanning quickly the Wikipedia entry I see one example straight away: The OOXML specification requires conforming implementations to accept and understand various legacy office applications . But the conformance section to the ISO standard (which is only about page four) specifies conformance in terms of being able to accept the grammar, use the standard semantics for the bits you implement, and document where you do something different. The bits you don’t implement are no-one’s business. So that entry is simply wrong. The same myth comes up in the form “You have to implement all 6000 pages or Microsoft will sue you.” Are we idiots?

Now I certainly think there are some good issues to consider with ODF versus OOXML, and it is good that they come out an get discussed. For example, the proposition that “ODF and OOXML are both office document formats: why should there be two standards?” is one that should be discussed. As I have mentioned before on this blog, I think OOXML has attributes that distinguish it: ODF has simply not been designed with the goal of being able to represent all the information possible in an MS Office document; this makes it poorer for archiving but paradoxically may make it better for level-playing-field, inter-organization document interchange. But the archiving community deserves support just as much as the document distribution community. And XHTML is better than both for simple documents. And PDF still has a role. And specific markup trumps all of them, where it is possible. So I think there are distinguishing features for OOXML, and one of the more political issues is do we want to encourage and reward MS for taking the step of opening up their file formats, at last?

I'm glad to hear that Rick Jellife is considering taking this contract. Protecting your brand on Wikipedia, especially against well-funded or organized detractors is unfortunately a full time job and one that really should be performed by an impartial party not a biased one. It's great to see that Microsoft isn't only savvy enough to realize that keeping an eye on Wikipedia entries about itself is important but also is seeking objective 3rd parties to do the policing.

It looks to me that online discussion around XML formats for business documents has significantly detoriorated. When I read posts like Rob Weir's A Foolish Inconsistency and The Vast Blue-Wing Conspiracy or Brian Jones's Passing the OpenXML standard over to ISO it seems clear that rational technical discussion is out the windows and the parties involved are in full mud slinging mode. It reminds me of watching TV during U.S. election years. I'm probably a biased party but I think the "why should we have two XML formats for business documents" line that is being thrown around by IBM is crap. The entire reason for XML's existence is so that we can build different formats that satisfy different needs. After all, no one asks them why the ODF folks had to invent their own format when PDF and [X]HTML already exist. The fact that ODF and OOXML exist yet have different goals is fine. What is important is that they both are non-proprietary, open standards which prevents customers from being locked-in which is what people really want.

And I thought the RSS vs. Atom wars were pointless.

PS: On the issue of Wikipedia now using nofollow links, I kinda prefer Shelley Powers's idea in her post Wikipedia and nofollow that search engines treat Wikipedia specially as an 'instant answer' (MSN speak) or OneBox result (Google speak) instead of including it in the organic search results page. It has earned its place on the Web and should be treated specially including the placement of disclaimers warning Web n00bs that it's information should be taken with a grain of salt.

 

Danny Thorpe has a blog post entitled Windows Live Contacts Control Shows Online Presence where he writes

This month's rev of the Windows Live Contacts Control adds a new "tile" view that displays the photos of your Windows Live IM contacts in the control, and makes starting an IM session with them a simple one-click operation.  The top part of this screenshot shows the new tile view.  The bottom part is another instance of the contacts control in list view mode.

This widget can be embedded on a page and used to enable Windows Live/MSN users to view or otherwise Windows Live Messenger buddies or Hotmail contacts. I've been following the development of this widget since the project started and it is definitely getting interesting.

 

We are now feature complete for the next release of RSS Bandit and it's time to get the final bits of user testing before we declare the bits golden. You can obtain the installer from RssBandit.1.5.0.5.Jubilee.RC.zip. We've fixed a number of major bugs that were discovered during the beta including crashes related to building the Lucene search index and podcasts being repeatedly downloaded after the first successful download attempt. I'd like to thank all the  people who tried out the beta and gave us feedback. Windows Vista users should be especially happy with this release since is the first version of RSS Bandit (ever) to work on that operating systems with no problems.

The major new features and bug fixes since the last official release (v.1.3.0.42) are listed below. There will be a comprehensive list of bug fixes and new features in the announcement for the final release. New features and bug fixes since the last beta are marked as .

New Features

• Comment Watching
• Items marked as read when viewed in the Newspaper
• Date-based grouping in the list view
• Options for opening tabs in the background
• Favicons
• Enclosures treated as attachments
• Certain user defined enclosures treated as podcasts including adding to playlists in iTunes and Windows media player
• Remembering application state on restart - This will work similar to the Session Saver extension in Firefox in that open tabs and the tree view state will be remembered on restart
• Revamping the search feature - We've moved the implementation of feed search to Lucene.Net from our custom feed search implementation which should make searches faster and provide richer search options. The syntax for performing Lucene search queries is available at http://lucene.apache.org/java/docs/queryparsersyntax.html.
  
• Support for Atom Threading Extensions
• Easily configurable keyboard shortcuts - Just right-click when hovering over the toolbar menu and choose "Customize". This feature came as a freebie from switching to Infragistics NetAdvantage for some of our UI components.

Major Bug Fixes

• Feed items appear in wrong feed folders - we now apply a set of heuristics to prevent this problem from surfacing ever again. I'm pretty sure this problem is due to bugs in HTTP Pipelining. However it is unclear whether the bugs are in the .NET Frameworks HTTP library, proxy servers that RSS Bandit is passing through or the Web servers that the application is fetching feeds from.
• Relative Links in Atom 1.0 feeds appear incorrectly - now that this is fixed the links Tim Bray and Sam Ruby's feeds now work correctly
• Atom feeds from the Blogger beta site show no posts when viewed in RSS Bandit - this was just a dumb bug on my part.
• Sites with malformed cookies cause feeds not to be fetched - Specifically, fetching cookies from sites such as Windows Live Spaces results in the "An error has occurred when parsing Cookie header". Now we just ignore the error and soldier on.
• RSS Bandit needs administrator privileges on first run - the fix for this was so esoteric it boggles my mind. 
• RSS Bandit stops downloading feeds after a while - This was actually two bugs. The first was that the application stopped automatically downloading feeds if any of them timed out while being fetched. The other was that feeds with whitespace in the URLs were not being updated.
• Application doesn't work in Windows Vista - this has been tracked down to our use of old versions of the Divelement controls. Although these issues have been fixed in newer versions of the Divelement controls we have decided to move to NetAdvantage for Windows Forms controls for unrelated reasons. The new controls should work fine in Windows Vista.
• Application crashes with NullReferenceException during Web browsing - this is another issue which should be fixed with our move to the NetAdvantage for Windows Forms controls.

 

I've always wondered how mixtape DJs can get away with selling CDs consisting of people rapping over hot beats from popular pop songs without a nod to the original artist or producer. According to the New York Time story With Arrest of DJ Drama, the Law Takes Aim at Mixtapes it looks like they won't be getting away with it anymore. Excerpt below

In the world of hip-hop few music executives have more influence than DJ Drama. His “Gangsta Grillz” compilations have helped define this decade’s Southern rap explosion. He has been instrumental in the careers of rappers like Young Jeezy and Lil Wayne. He appears on the cover of the March issue of the hip-hop magazine XXL, alongside his friend and business partner T.I., the top-selling rapper of 2006. And later this year DJ Drama is scheduled to make his Atlantic Records debut with “Gangsta Grillz: The Album.”
...
Mixtapes are, by definition, unregulated: DJs don’t get permission from record companies, and record companies have traditionally ignored and sometimes bankrolled mixtapes, reasoning that they serve as valuable promotional tools. And rappers have grown increasingly canny at using mixtapes to promote themselves. The career of 50 Cent has a lot to do with his mastery of the mixtape form, and now no serious rapper can afford to be absent from this market for too long.
...
DJ Drama’s mixtapes are often great. He has turned “Gangsta Grillz” into a prestige brand: each is a carefully compiled disc, full of exclusive tracks, devoted to a single rapper who is also the host. Rappers often seem proud to be considered good enough for a “Gangsta Grillz” mixtape. On “Dedication,” the first of his two excellent “Gangsta Grillz” mixtapes, Lil Wayne announces, “I hooked up with dude, now we ’bout to make history.” The compilation showed off Lil Wayne more effectively than his albums ever had, and “Dedication” helped revive his career.

This sucks. I love mixtapes and would hate for the RIAA to cause an end to mixtape series like Gangsta Grillz or G-Unit Radio. What I didn't expect was that Lil Wayne would start talking smack about DJ Drama after he helped resurrect his career though. From the VH1 article, 'Play The Game Fair': Lil Wayne Responds To DJ Drama's Mixtape Bust

"Smarten up," Lil Wayne advised mixtape DJs. "Smarten up."

For the past few years, Wayne has seen his entire career shift thanks to his performance on mixtapes. Street CDs such as his Gangsta Grillz classics The Dedication and The Dedication 2 have catapulted him to the lyrical elite in the minds of fans. Last year, he may have been the MC with the most material on the mixtape circuit.

"It's a bad thing," Wayne said of the Aphilliates' arrests, "but you gotta play the game fair. If you don't play fair, all kind of things can happen. You gotta watch people like DJ Clue, watch people like DJ Khaled. They do it right."

Wow. All I can say to that is Stop Snitching.

 

I've been spending my free time putting the finishing touches on the next beta of the Jubilee release of RSS Bandit so I've been remiss at blogging and have accumulated a bunch of things to blog about which I never got around to posting. Here is an outpouring of links from my 'to blog' list

• 20Q.net: The classic game of twenty questions powered by a neural network. It is uncanny how good this game was at guessing what I was thinking about. This is the closest to magic I've seen on the Web.

• programming.reddit.com: If you are the kind of geek who find Jeff Atwood's blog to be a fun read then this is the meme tracker for you. Light on fluffy A-list geek wankery over the latest from Apple & Google and heavy on programming culture from the trenches.

• The Story of XMLHTTP: The most complete account of the creation one of the cornerstones of AJAX, I've seen online. I 've actually worked with some of the people mentioned in the story.

• Zeichick's Take: Remember CUA Compliance? Microsoft Doesn't: The most amusing rant about the new ribbon in Microsoft Office 2007 I've seen yet. My favorite quote, "Microsoft says that the problem was that users couldn't find and use the more obscure features of Word, Excel and the other Office tools. No, that wasn't the problem. The problem was that there were too many features". I guess his solution would have been for Microsoft to cut a bunch of features from Office instead of redesigning the UI. Yeah, right.
  

• To DTD or not to DTD: It looks like Netscape is getting ready to break all of the RSS 0.91 feeds on the Web which reference their DTD which is practically all of them. I need to ensure that this doesn't cause problems in RSS Bandit. I like how the Netscape guy tries to blame RSS reader developers for using XML as designed. Another example of how XML schemas in general and DTDs in particular were one of the worst concepts foisted on XML. We should have been trying to make our programming languages as dynamic as XML not make XML as rigid as our programming languages. Maybe we'll have better luck in the JSON era.

PS: If you are an RSS Bandit user then check back this weekend for the final beta. We are now feature complete and should now work just fine on Windows Vista. However some of the podcast-related features had to be scaled back for this release.

 

By now it's common news that Google has been hit by what seems like half a dozen or more cross site scripting security flaws in the past month. If you missed the news, you can read blog posts like More Google security failures and Wow, more Google XSS problems which contain links to some of the stories of recent exploits. The bugs in those blog posts aren't exhaustive, I've seen some blog posts about exploits that don't seem to have hit the mainstream tech blogs such as the one mentioned in the blog post Pending Members - Google Groups XSS Bug [Part 2].

Anyway, the fact that Google is having problems with XSS issues isn't terribly interesting and should be an expected part of the growing pains as they go from a service that doesn't store any user data to one that aims to be the repository of all their user's data. That requires an entirely different approach to security. What I did find interesting was a blog post on the Google Blogoscoped blog entitled On Google Security which stated

Today, it almost seems as if every single product team in the Googleplex has the “power” to accidentally introduce a Google Account risk with an HTML injection hole, or another kind of cross-site scripting issue. An exotic Blogger bug was able to reveal your Google Docs, even if you’re not blogging with Blogger – an improbable Google Base bug was able to reveal your personalized homepage, even when you’ve never worked with Google Base**. I would argue: these things happen, individual developers and developer teams make errors. It’s impossible not to. There are ways to automatically test against HTML injections, but such tools too need to be handled by humans.

The real problem, and solution, might be on the higher level of the system architecture – the way Google integrates its services and handles cookie data. Right now, the Google Office product partly resembles a mighty convenient & long chain... a chain which is only as strong as its weakest link. Is this a trade-off we’ll just have to make with future web apps, or are there ways to improve on the situation... either by users, or those building browsers, or those developing web apps?

Those who ignore history are doomed to repeat it. None of the problems listed are unique to Google. Any portal that provides multiple services that require the user to login is vulnerable to these problems. This includes competing portals like Yahoo!, MSN and AOL. All of these services have had to encounter and protect users against the very same problems Google is having difficulty dealing with today.

It is likely that with time, Google will stumble upon the same set of best practices that are common knowledge amongst its portal competitors who have been in the game a lot longer. Thinking that this is a problem that affects "the future of Web apps" ignores the history of the Web. 

In the meantime, if you are a Web developer at Google, I'd suggest reading Chapter 12 of Writing Secure Code by Michael Howard. After that, take a look at You know about XSS. How about XSRF/CSRF? which happens to use a Google service as an example of Cross Site Request Forgery attack (XSRF).

That which doesn't kill us only makes us stronger. ;)