Monthly Archives: July 2009

My Flossing Mantra: Stop the Colonization!

Posted on by
4
Caterina Fake Flickr Photo with caption including Floss, people! So Appropriate.

Flickr Photo: Flickr Founder Caterina Fake. The photo's caption on Flickr includes "Floss, people!" So Appropriate for this.

Of course, everyone should floss every day. But it can be hard, right?

Recent studies are finding connections between the health of your mouth and other parts of your body, including your heart.

The medical community suspects a lot of disease starts in your mouth. Flossing is the most important activity to maintain a healthy mouth.

I have sensitive gums, so if I don’t floss every day, my gums quickly get inflamed and bleed when I then floss.

I consider myself pretty good about flossing, but in the last six months I became even more consistent by eliminated an opportunity to negotiate with myself and put off flossing till the next day.

At my last visit my dental hygienist explained that by flossing every day you stop the bacteria from colonizing. For some reason that speaks to me a lot better than “stop plague build up”. The former seems like enemies on my teeth while the later just some clean up I can post-pone if I have to. If I don’t floss today, then the enemy will have already done damage and will have fortified their position.

My flossing mantra has become “Stop the Colonization!”

I’ve also played with “Destroy the colony!” Both phrases appeal to enjoyment of 4x computer strategy games.

Do you have a flossing mantra or other health mantras?

PS. HowStuffWorks has some good flossing instructions if you want to work on your technique. Technique, technique, technique!

5% of Nothing

Posted on by
2
More than 5% of Nothing

"Sync Alert" Adding 1 Contact with iPhone OS 3.0 with Mac iTunes 8.2.1 (6)

Makes me laugh and cry a little.

This alert is likely meant to warn that a whole lot of data is being added, modified or deleted as part of a sync. It’s an “oh crap, likely either you are doing some wrong or the software is”.

I’m intrigued that UI Expert Aza Raskin (Humanized & Mozilla Lab) finds this alert the “The first good use of a warning I’ve seen!”

I’m not confident that it is generally helpful. Reading online, it does seem that Mac Sync has been quite buggy historically, so this would likely have been very helpful, but does make me nervous that this alert is a bandaid instead of the needed medicine. I would be interested to find out the use cases, and the scenarios where this has been needed.

Synchronization of data between two (or more) sources is a really hard problem. Well the hard problem is mostly related to conflicts when something is changed in two or more places. Daniel Jalkut once wrote, ‘Every developer faces the decision: “Do I want to be known as the jerk who won’t implement sync, or the jerk who can’t.”‘

I’m not actually syncing, because I don’t use Notes on the Mac (does it exist?). It’s really just doing a backup.

In this case, that is the “Sync Alert” of syncing an iPhone running iPhone OS 3.0 with my Mac over ethernet to iTunes 8.2.1 (6). I’m syncing 1 note.

Assuming that this behavior is generally useful, that I’m receiving a warning when 1 note is being added brings up the most obvious issue. There should be a minimum threshold before this exception behavior is triggered. It shouldn’t be 5% of nothing.

When you’re just starting to sync with your Mac, this could be a fairly high frequency alert. It depends on how quickly you add items; how quickly you get to more than 20 items in a category. You’ll also see this alert again when you start using a new feature (new type of item). This leads to the 2nd issue, the alert and warning language — I’m not seeing any yellow, but I’m sure feeling it. Because it is potentially high frequency, it should be presented and worded as a friendly confirmation.

The 3rd issue isn’t obvious from this screen shot. Another clue that it should be a confirmation is that sync does not continue until you have cleared this alert. This is actually problematic, because the alert is non-modal, meaning you can hide it or bury it under other windows. The worst part is iTunes with it’s animated progress bar makes it look like the sync is still progressing. This alert should at least stay on top of iTunes.

The 4th is I don’t think add, modify, and delete are equal. Adding an item is an easier event to undo then a modify or delete. I can just delete it. If something is modified or deleted, it may be hard to recover the lost information. The different events should have different weights. Adding an item should only trigger an alert if a lot are added.

How many is a lot? That brings me to the 5th and final issue that readily comes to mind. It likely shouldn’t be a percentage at all. How long would it take before 5% is a really big number? Probably not long at all. If I have 1000 business contacts, a sync would have to delete 50 of them for me to be notified. Again assuming this alert offers some protection, by using a percentage, even as low as 5% percentage you are penalizing your most passionate customers. Possibly, it could be a percentage that also factors in things like amount of time since last sync or what operations resulted in the changes, but that would likely get complex quick and I suspect the developers would more quickly find the sweet spot by using a constant number (possibly variable on a curve. I hesitate to recommend user defined variable).

Later in that discussion by Aza linked above, he does add “It could be laid out better, but I like the idea of “uhhhhh, that’s dangerous”. Of course, undo is always better :) ”. I don’t think undo would be the silver bullet. I definitely think there is value in confirming changing a large amount of data particularly when the change is destructive, and the need to undo might be overlooked. I just don’t think Apple has polished this implementation.

I feel a bit like I’m playing dirty writing this article now when the next version of Mac OS X, Snow Leopard is only a couple of months away. Still, I was hoping this would be resolved with the new iTunes for iPhone OS 3.0. I’m still hopeful that Snow Leopard with it’s attention to polish might surprise me here.

wp-content in Code is a Tell for Common WordPress Coding Mistakes

Posted on by
1

Regularly while reviewing themes and plugins, I’ll see URLs or paths that include ‘wp-content’. This is a often a hint of a WordPress coding mistake.

Consider this simple example:
<link rel="stylesheet" href="http://example.com/wp-content/themes/default/style-ie.css" type="text/css" media="screen" />

If as part of a migration or server change, WordPress ends up in a sub-directory this will break.

For file system based access, if I see ABSPATH . '/wp-content/ … things are likely OK, though if WP_CONTENT_DIR or similar are changed, this will also break.

I’m tempted to use the constant STYLESHEETPATH or is it TEMPLATEPATH? But, those are static variables initialized early in the WordPress run.

I’ve been meaning to write this article for a while. Serendipitously, when I went to write a first draft of it, Mark Jaquith‘s had just published “Force CSS changes to “go live” immediately“.

In the comments, demetris suggests using STYLESHEETPATH, but Will Norris quickly points out “sure, but you still have the same problem of bypassing any plugins that may be using the ’stylesheet_directory’ hook to pull the stylesheet from some place else entirely.”

Mark’s solution beautiful illustrates how to get the the URL location of the theme’s files and also directly the URL for the main stylesheet style.css:

<link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); echo '?' . filemtime( get_stylesheet_directory() . '/style.css'); ?>" type="text/css" media="screen, projection" />

What Will describes is exactly what WordPress.com depends on. We have a similar, but much more complex solution to deal with the CSS in the content delivery network (CDN) going stale on updates, and also some web browser’s with their funky caches not keeping up. Our solution is both for WordPress’s front end and dashboard (also dealing with the various ways CSS can be called or @imported).

I do have one niggle about Mark’s solution, and it’s the same with most WordPress code out there, the use of bloginfo(). Strings within strings within strings within strings give me headache, so to ease readability and make it more verbose replace:

bloginfo('stylesheet_url'); with
echo get_stylesheet_uri();

bloginfo('stylesheet_directory'); with
echo get_stylesheet_directory_uri();

If you look up in the codex get_stylesheet_directory() you’ll see that would be the file system path, which is confusing given the behavior of bloginfo('stylesheet_directory'); returning the URL. This presents another reason why I favor the consistency of always using the specific getter function calls. Also, when I’m using bloginfo() calls, I have a tendency to get in a mind set where I think I’m directly retrieving the option in the database (accessing directly the info shown in wp-admin/options.php). By using the specific getter function, I remember that there are hooks (actions, filters) that might be triggered.

Some of the other areas, I see wp-content is in CSS style sheets themselves. Relative paths are almost always the correct solution.

Far more painful for me are the plugins that assume where plugins are, because this can take quite a bit of debugging to unwind the assumptions.

That is a topic for me to postulate on another day. Will has written the very relevant “WordPress Plugin Pet Peeve #2: Direct Calls to Plugin Files“. Duane Storey has taken a crack at a “WordPress Plugin Checker“  for these and other common problems (which I’m certain he would enjoy feedback on).

Mac OS X Snow Leopard, a Major Bug Fix Release

Posted on by
3

I’m looking forward to the release of the next version of Mac OS X, version 10.6 Snow Leopard this September. As a Software Quality Assurance (QA) practitioner, I find it particularly interesting that this major release is basically a bug fix release — “lots of refinements” and upgrades to the architecture.

The Apple press release from last June includes:

… Rather than focusing primarily on new features, Snow Leopard will enhance the performance of OS X, set a new standard for quality and lay the foundation for future OS X innovation. …

“We have delivered more than a thousand new features to OS X in just seven years and Snow Leopard lays the foundation for thousands more,” said Bertrand Serlet, Apple’s senior vice president of Software Engineering. “In our continued effort to deliver the best user experience, we hit the pause button on new features to focus on perfecting the world’s most advanced operating system.”

Although QA people love this attention to what we are passionate about, conventional wisdom in the software world is that a major release with few new features is suicide, but there are factors working in Apple’s favor.

I don’t find the current version (no snow) Leopard v10.5 to be unstable or buggy, but I know other people have problems with it. There are a lot of user interface (UI) inconsistencies in Leopard among the various Apple applications. I’m interested to see if Snow Leopard sports a more consistent and usable experience.

Apple is selling this upgrade for only $29 US, when their major releases normally sell for $129 US. At $29 Apple customers won’t be looking for much to think they have got a good deal.

Apple’s main competitor Microsoft has created this opportunity. Microsoft Windows costs close to $300. And although Mac OS X only runs on Apple hardware, people’s frustration with Vista’s bugginess and instability has led people to specifically look for a computing experience that address this.

People are hopeful for Windows 7, but it won’t be available until at least a month after Snow Leopard ships. We can expect Windows 7 to have a lot of customer untested technology compared to Mac OS X which looks to be is a very incremental release.

Performance (and polish) is a feature. “Ultimately that feeling of control translates to happiness in everyone. In order to increase the happiness in the world, we all have to keep working on this. Ultimately that feeling of control translates to happiness in everyone. In order to increase the happiness in the world, we all have to keep working on this.”, my boss Matt Mullenweg, Velocity 09 Conference Presentation.

Because Apple builds both the software and the hardware, they can release their next generation of computers to immediately take advantage of the upgraded 64-bit stack, OpenCL for graphic card processing, and GCD multi-core processing throughout Mac OS X.

If Snow Leopard is well executed and well received, it will help people be more confident on computers and expect more from their software. It will be a good day for QA geeks.

Gmail’s Opportunity to Help Protect Against Tagged.com Mistake, Spam, and Phishing

Posted on by
4

Now for the part of the Tagged.com story, I really wanted to tell. As I mentioned in “Tagged.com Spam? Phishing? Nice Guys? My Personal Story” I try to look at situations and problems from different angles.

There is a clear opportunity for online email providers and social networking sites to limit the damage of phishing and email spam by giving customers tools to regulate the flow of data.

Yesterday, before New York Attorney General Andrew Cuomo suing Tagged.com story broke, I cold emailed a member of the Gmail team:

Gmail could help web security a lot by providing:
1. Authentication (OAuth) to Gmail address book making it clear that you were not providing your Gmail passsword to a 3rd party web site.
2. Default level of access only provided names and salted hashes of email addresses from address book (possibly 3rd party web site part of salt)
3. Allow only a limited number of actual email addresses to be requested in a time period. I’m guessing ~30 would be a sweet spot.

That would seem to be one possible solution. If this is not a good solution, I think it’s important for your team to look to tackle the problem described below in another way.

EXPLANATION

[Background information described in my "Tagged.com Spam? Phishing? Nice Guys? My Personal Story"]

I’ve seen similar UI at othe web services, where everyone in your address book is selected by default. I think there is an awesome opportunity for your team to create an experience that works well for your partners and protects your customers from the type of mistake described above and more importantly from malicious sites.

Some of the problems that I think Gmail and other online email address book and social networking sites should at least take partial ownership by:

  • Not allowing 3rd party sites to embed login forms. They should use OAuth or a similar approach. (Even on AppEngine — train us well).
  • Having a really clear experience about what data you are giving access to (how pissed your friends might be), and a way to provide only limited data.
  • Providing salted hashes instead of email addresses, so that a person can find their friends on a 3rd party service without having to hand over the actual email addresses of their friends.

I don’t think I read the Google Chrome Operating System announcement until after I sent that email. When I did read the announcement, I thought about how empowering and freeing it will be for our computing to be in the cloud, but I also thought about problems like this one, and how many scary things can happen when you are no longer hold the container(the harddrive in your PC) for your information and data.  There is a lot of design still to be done to create a safe and friendly experience.

Tagged.com Spam? Phishing? Nice Guys? My Personal Story

Posted on by
5

Today, the story broke about the New York Attorney General Andrew Cuomo suing Tagged.com . This situation has a personal element.

Brad Stone‘s New York Time (NYT) article today “New York Attorney General Sues Tagged.com” begins:

“Turns out our recent article on the spammy social network Tagged.com …”

Rafat Ali‘s paidcontent.org article today “Social Net Tagged Getting Tagged…Er…Sued By NY AG” begins:

“High time someone asked harder questions: Tagged …”

Laura Northrup‘s The Consumerist article today “NY Attorney General Unfriends Tagged.com, Files Lawsuit“:

“… social networking contact-spamming site Tagged.com. …”

As you can see by how those stories start, there is a lot of bad will for Tagged.com. Some weeks ago I was researching this very topic, but did not find the recent Alina Tugend NYT “Typing In an E-Mail Address, and Giving Up Your Friends’ as Well” article about Tagged.com nor did I find Tagged CEO Greg Tseng response on their blog. In my web searches these were buried by years of complaints about Tagged.com phishing and spamming.

I guess, I should go back to the beginning. June 6th, I receive a Tagged.com invite from a dear older family friend,

“[redacted] sent you photos on Tagged Want to see the photos? Please respond or [redacted] may think you said no :(

Clicking the link did not take me to photos, but instead to a registration form. The registration did not allow proceeding without providing my login to Gmail, and every person in my address book was selected by default to invite before proceeding. ((Another email account, that I don’t use publicly also received the email invite, and since then — coincidentally I hope — has now received it’s first spam email.))

Oh no! I immediately let the family friend know that they signed up for what seemed to be a phishing and spam site and that it was important to change her passwords. The friend was really upset and explained that she received the invite from a professional friend of hers, and was worried for everyone else that might have received it from her.

I didn’t think of it much again until some weeks later, when she described still being bothered by it, how embarrassing it was, and that she didn’t feel confident using the web any more. She had removed all her photos from Flickr. So, I decided to take another look at Tagged.com and that takes us to all the complaints I described finding above.

I checked the Tagged.com’s site, and was surprised to find the board of directors included Reid Hoffman, Founder & CEO of LinkedIn, and two members of the Mayfield Fund: Raj Kapoor and Allen Morgan. All people I deeply respect.

I scratched my head and tried to look at the situation from different angles. I discovered that Tagged.com has rave reviews from a young audience. That the pushy, in your face Tagged.com experience works for this young audience. I guessed that Tagged.com might be tacky enjoyable like MySpace is to many young people.

So, I decided to reach out to CEO Greg Tseng through a mutual connection on LinkedIn. The email took about a week to get to him, and July 7th I received a thoughtful and apologetic response.

The timing of the lawsuit seems really unfortunately for Tagged.com as it seems like they were already in the process of cleaning up their act. I fear that there is a lot of circumstantial evidence against them, and any lawsuit won’t go well.

Update: Read my next article “Gmail’s Opportunity to Help Protect Against Tagged.com Mistake, Spam, and Phishing“. I think it’s at least as interesting part of the story.

Misplaced Faith in the Power of Inventions

Posted on by
2
By Alejandro Mufarrege

By Alejandro Mufarrege (Claudio.Ar on Flickr)

From “Why our ‘amazing’ science fiction future fizzled” by John Blake (emphasis mine):

Even then [19th-century], people had a misplaced faith in the power of inventions to make life easier, Corn [Joseph Corn, co-author of "Yesterday's Tomorrows: Past Visions of the American Future] says.

For example, the typical 19th-century American city was crowded and smelly. The problem was horses. They created traffic jams, filled the streets with their droppings and, when they died, their carcasses.

But around the turn of the 20th century, Americans were predicting that another miraculous invention would deliver them from the burden of the horse and hurried urban life — the automobile, Corn says.

“There were a lot of predictions associated with early automobiles,” Corn says. “They would help eliminate congestion in the city and the messy, unsanitary streets of the city.”

Corn says Americans’ faith in the power of technology to reshape the future is due in part to their history. Americans have never accepted a radical political transformation that would change their future. They prefer technology, not radical politics, to propel social change.

Technology has been seen by many Americans as a way to get a better tomorrow without having to deal with revolutionary change,” Corn says.

As someone who is always looking to hack my world to solve my problems and to increase my productivity and comfort, the above gives me something to ponder.

GPL Isn’t a Good License for Proprietary Software

Posted on by
5

Yesterday, I wrote about the clarification regarding WordPress Themes and the GPL (v2). Daniel Jalkut, who I featured as a personal WordPress Hero earlier this year, wrote one of the most interesting responses to “[WordPress] Themes are GPL, too“. Written on Thursday and temporarily taken offline by the fireball, Daniel’s “Getting Pretty Lonely” article laments that WordPress is GPL, and that any open source software that uses a GPL license discourages developer community participation.

At first this article left me very upset, maybe because I found it quite persuasive, but then I reflected that for anyone developing and selling proprietary software, Daniel’s is the only position to believe in and promote.

Commercial WordPress Themes’s PHP Code is GPL 2 Too

Posted on by
29

I’m hoping that my boss Matt Mullenweg sharing the legal opinion on “Themes are GPL, too” will put the issue to rest for the majority of the community (emphasis mime):

PHP in WordPress themes must be GPL, artwork and CSS may be but are not required.

Even though graphics and CSS aren’t required to be GPL legally, the lack thereof is pretty limiting. Can you imagine WordPress without any CSS or JavaScript? So as before, we will only promote and host things on WordPress.org that are 100% GPL or compatible. To celebrate a few folks creating 100% GPL themes and providing support and other services around them, we have a new page listing GPL commercially supported themes.”

The legal opinion was provided by Software Freedom Law Center. Council James Vasile provided the findings and blogs at hackervisions.org . James also has posted about this on his own blog in the article “CMS Themes and the GPL“. As I commented there, my fear is:

“people read what they want to get out of it, and case law is the only thing that moves them.”

The legal finding and unchanged policy  are consistent with the intentions of the WordPress developer community and what has been promoted for the four years I’ve been involved.

Talking about licensing really is the suck. Matt’s article became necessary lately as some commercial theme developers have been very aggressive to WordPress community members, who have shared theme code as allowed by WordPress’s viral GPL v2 license.

It frustrates me when I read commercial theme developers complaining about people “stealing” their themes after the thousands of hours they have worked. They make no mention of the hundreds of thousands of hours others have worked on WordPress (counting on the  GPL protecting their freedoms ).

The incredibly exciting news is seeing the various commercially developed and supported themes embrace the GPL in the last 9 months. Theme collections like ThemeShaper (Thematic FrameWork), StudioPress (previously Revolution 2),  and WooThemes are all 100% GPL — those are just the ones I’m familar with, be sure to check out the theme offerings of the other commercially supported GPL themes.