I’ve mentioned the One Laptop Per Child (OLPC) project before. It’s very interesting to me.
Originally the project set out to create a $100 laptop (that may have even been the original name of the project?). They did manage to create a functional laptop with quite impressive educational software, but the cost for the laptop remains $200. Recently the founder of the project, Nicholas Negroponte, announced plans for a $75 tablet computer with a 9″ touch screen. The touch screen would also be a dual-mode display, which can function like the Amazon Kindle and use little power in well-lit environments, or can be backlit like traditional LCD screens. Not only that, Negroponte hopes that the screen will be constructed of some sort of ultra-durable plastic rather than glass.
My question: Is this guy crazy? Granted OLPC paved the way for our current netbook market. But I don’t think the touch screen he describes has been done before. That’s a lot of features to pack into an inexpensive device… I don’t know, I don’t think it’s going to happen. Not at $75, anyway.
This reminds me of a few years ago when Negroponte made an effort to use Windows on the XO instead of Linux. Many of the developers behind the project disagreed with him. There is a great summary of the events (and the OLPC and Sugar projects) here. Negroponte may be a driving force behind the project, but he doesn’t seem to be 100% grounded in reality.
Posted in All, Computers
|
The last few days have been busy!
- Thursday – Work then Conan O’Brien in San Francisco
- Friday – Work then climbing at the gym
- Saturday – Biking then Muir Beach for Ben’s birthday party
- Sunday – Running then Rivers of Chocolate then cleaned my car, cleaned the floors of our apartment, and took out the trash and recycling
On Monday Meebo announced something called XAuth (not to be confused with the X Windows authorization program). What is it? It’s a small JavaScript library intended to be used by website developers to tailor a web page to a specific user, with the end goal of creating a better user experience.
One of the stronger use cases in my mind is:
- You’re logged into Facebook, but you never use Twitter
- You read a news article on newsobserver.com
- The News & Observer website could intelligently decide to show you a “share this on Facebook” button (because you use Facebook), and could decide not to show you a “Tweet This” button (because you don’t use Twitter)
The specification allows more flexibility than that. Website operators decide what information to share, and users are able to opt-out entirely.
More information:
Press:
Posted in All, Computers
|
When I started working on Pidgin eight years ago (eight years‽ holy crap!) my main focus was the code used to connect to AIM and ICQ. The protocol is called ‘OSCAR,’ and it is a proprietary protocol created by AOL.
As IM protocols go, OSCAR is actually quite decent. Flexible, extensible, reasonably concise. Could maybe be simpler.
Background
AOL’s history with public access to their IM network has had its ups and downs.
- In 1998 a few AOL employees released a GPLv2-licensed IM program called ‘TiK.’
- Sometime in 1999 this project was abandoned by the AOL employees. Some non-AOL employees created a TiK project on SourceForge and continued development.
- Things were good.
- In 2001 AOL made changes to their protocol in an attempt to block unofficial clients. Some people believe these changes were made to block Jabber<–>AIM transports, and that Pidgin (named ‘Gaim’ at the time) got caught in the crossfire. Pidgin developers were able to keep the program working for the most part, and AOL relaxed their efforts to block unofficial clients.
- Things were good again.
- In 2008 AOL announced Open AIM. Open AIM was a lot of things: A set of SDKs for interfacing with AIM and the AIM servers. Documentation for the OSCAR protocol. A forum for users to ask questions.
- Things were great… for a time.
Recent Changes
Sometime in January, February or March of this year AOL decided to shut down the Open AIM program. No more SDKs, no more protocol documentation, and no more developer outreach.
More specifically, the OSCAR documentation provided by AOL described a method of authentication (using a “startOSCARSession” API request) that required the use of a developer application key. The current Open AIM website implies that new keys cannot be created.
Now What?
Does this mean the use of startOSCARSession is deprecated? If so, what auth scheme should we use, instead? Should we go back to BUCP, the authentication scheme used by AIM 5.9? Should we try to reverse engineer the authentication scheme used by current version of AIM? Should we go back to masquerading as the official AIM client and stop politely identifying ourselves as ‘Pidgin’?
To quote the great Yoda, “the shroud of the dark side has fallen.”
(This is probably old news for anyone who stays abreast of tech news, but for everyone else…)
A while ago I complained about China’s draconian censorship laws.
In 2006 Google launched google.cn, a China-based google.cn search page with censored results. According to wikipedia, “results were filtered so as not to bring up any results concerning the Tiananmen Square protests of 1989, sites supporting the independence movements of Tibet and Taiwan, the Falun Gong movement, and other information perceived to be harmful to the People’s Republic of China (PRC).”
People had mixed reactions to this decision. The core question: Is it better for Chinese citizens to have access to censored Google, or not have access at all?
In January of this year Google announced their intent to stop censoring search results in China. And on Tuesday morning they turned off the China-based google.cn site and are redirecting users to uncensored servers hosted in Hong Kong. They also set up an incredible status page.
Thank you Google! For having a spine, and for creating a status page that will make it easier for the rest of the world to chide China, should they block anything further.
Posted in All, Computers
|
Two years ago I posted a list of movies involving Tim Burton, Danny Elfman, Johnny Depp and Belena Bonham Carter. Here’s a revised list with the new Alice In Wonderland included.
|
Tim Burton |
Danny Elfman |
Johnny Depp |
Helena Bonham Carter |
| Pee-wee’s Big Adventure |
✔ |
✔ |
|
|
| Beetle Juice |
✔ |
✔ |
|
|
| Batman |
✔ |
✔ |
|
|
| Edward Scissorhands |
✔ |
✔ |
✔ |
|
| The Nightmare Before Christmas |
✔ |
✔ |
|
|
| Ed Wood |
✔ |
|
✔ |
|
| Mars Attacks! |
✔ |
✔ |
|
|
| Sleepy Hollow |
✔ |
✔ |
✔ |
|
| Planet of the Apes |
✔ |
✔ |
|
✔ |
| Big Fish |
✔ |
✔ |
|
✔ |
| Charlie and the Chocolate Factory |
✔ |
✔ |
✔ |
✔ |
| Corpse Bride |
✔ |
✔ |
✔ |
✔ |
| Sweeney Todd |
✔ |
|
✔ |
✔ |
| Alice In Wonderland |
✔ |
✔ |
✔ |
✔ |
I don’t like this whole business about “sign a contract for two years and we’ll give you a subsidized phone” (I touched on this a few months ago). It means the wireless carrier recoups the cost of your phone through your monthly fee, which means your monthly fee is higher.
However, when your contract ends you continue to pay the same price. Which means that, as a consumer, if you don’t upgrade your phone as soon as your contract ends then you’re effectively paying for something you’re not getting.
I would much rather pay full price for a phone up front, and have a monthly fee that reflects only the cost of the service and not the cost of the phone. And then consumers can choose to upgrade their phone whenever they wish. Be it after 1 year or after 4.
I recently learned that T-Mobile actually does this. Their service plans are $10 less per month if you don’t have a contract/subsidized phone. If you’re looking at buying a new phone and wondering if you should sign a new 2 year contract, you can look at the price of the phone with and without the contract. If you would pay less than $240 more for a non-subsidized phone, then in the long run you’re probably better off not signing the contract.
And T-Mobile is already cheaper than AT&T and Verizon. While I pay $60 a month for 300 minutes+400 SMS+unlimited data, Emily pays $75 for 450 minutes+200 SMS+unlimited data. And if we both continue to use the same phone after our contracts expire, mine will go down by $10 and hers will stay the same.
Thank you, T-Mobile!
I recently wrote a series of blog posts about how we handle users’ passwords at Meebo: post 1, post 2 and post 3. Here’s a collection of that same information, distilled into a set of do’s and dont’s written specifically for developers of websites.
- When accepting a user’s password on a web page, DO use https to serve all files that make up the page where the user will enter his password.
- When accepting a user’s password on a web page, DO use a POST request to an https destination.
- When using a password to authenticate a user, DON’T store the password in persistent storage in plaintext or any reversable format.
- When using a password to authenticate a user, DO store a cryptographically secure hash of the password. NIST publishes a recommended list of hashing algorithms, with the SHA-2 family of hash functions being recommended for all new applications and protocols.
- When storing the hash of a password, DO add a salt to the password before hasing. This salt prevents a hacker from using a rainbow table to reverse password hashes. More information.
- When comparing two passwords for equality, DO use a comparison function with a fixed runtime to avoid timing attacks.
- When forced to store confidential user information (such as passwords for logging into another service), DO encrypt the passwords using information not stored in persistent storage if at all possible. For example, encrypt the confidential information using the user’s password as the key.
Posted in All, Computers
|
I moved my personal web log from LiveJournal to a self-hosted WordPress. I don’t have any major problems with LiveJournal, they have served me well over the years. My reasons for switching:
- Could not have multiple saved drafts
- Did not have an RSS feed of a tag or category
- Appearance was not customizable enough
- Wanted my stuff to be less scattered across the web
- LiveJournal is for some reason associated with emo middle schoolers
Let me just say that WordPress is incredible. Everything works perfectly. I was able to import all my posts and comments from LiveJournal with just a few clicks of their importer–and it was even fast! Installing themes, plugins and updates is amazingly easy. Even setting up pretty permalinks is totally automatic.
Well done, WordPress developers and contributors!
I also decided to overhaul the rest of kingant.net while I was at it. Mostly I deleted stuff that was old and silly, including my self-written content management system.
Posted in All, Computers
|
This really is a perfect idea: “Wireless carriers should define the early termination fee as whatever the difference is between the no-contract price and the subsidized two-year contract price, and prorate that cost over the 24 months of the contract.” (from this article)
Last weekend Google hosted their 3rd annual mentor summit, following the end of their 4th annual summer of code. The mentor summit is when a few hundred mentors gather together and participate in an unconference style conference. I went for the Pidgin project, along with Gary Kramlich and Ethan Blanton.
The conference was super cool. I got to be humbled by talking to a whole bunch of really smart open source people. Here are my notes:
On One Laptop Per Child (“OLPC”)
I’ve been wondering for a while whether the OLPC program could actually make a difference. One session, led by Bryan Berry of Sugar Labs, makes me think that it can and already has. Bryan is the co-founder and CTO of OLE Nepal, an organization helping deploy OLPC in Nepal, and creator of Karma, a framework for creating interactive activities for the Sugar environment using javascript and html5.
Seeing demos of the exercises they’ve created and hearing his first hand stories was pretty incredible. At least some schools in Nepal teach by having the teacher recite something (e.g. “one plus two is three”), and all the students repeat it and memorize. But this often fails to teach the students why one plus two is three. In one example a student was asked “what is one plus two” and they replied with “three.” But the same student was not able to answer “what is two plus one.”
Children in third world countries generally want to learn–more so than children in the US. They realize that education can help them achieve something greater in life. And computers are interesting to them. Combine students, computers, and engaging lesson plans about math, geography, etc. and the students will have a more varied education and will learn better.
On Forking Open Source Projects
- Forking helps keep people motivated. It increases competition, keeps developers on their toes.
- A fork could be like a “research and development” branch. People work on crazy fun new features in the forked project, and the good stuff gets merged back into the original.
- The smaller the project, the more willing the maintainer should be to give people access. There is a natural inclination to be protective of your project–it’s your code, your baby. But you must be willing to give up control for there to be forward progress. This reminds me of dictator governments like Cuba/Fidel Castro and North Korea/Kim Jong-Il. The dictator is afraid to relinquish control for fear of what might happen.
- Benefits of a fork? Developers have more freedom to do what they want, which allows for innovation. The best project will survive–if developers want their project to survive then they must make decisions that benefit the community at large.
- Downsides of a fork? Development effort is divided. Users might not know which project to use. Distributors may not know which package to distribute; distributing both means more work.
Miscellaneous
- STUN – A protocol used to determine your public IP by asking a server on the “outside” Internet
- TURN – A protocol used to proxy traffic through an intermediate server. Written with SIP in mind. Increases the likelihood of being able to establish a connection to another party, but it also introduces an additional hop, which leads to lagginess, which is bad for voice/video communication.
- ICE – A protocol that describes a method for establishing a direct connection with another peer. Written with SIP in mind. It uses an exhaustive algorithm to try every possible IP address for yourself in the hopes that one will work. You construct a list of your host’s IP addresses plus your public IP address determined by using STUN. This information, along with a fallback TURN server, is sent to the other party, who begins attempting to connect.
- OpenAFS is under active development, and is used by some very large organizations
- I should change my alias for grep to enable the color option
- I should read Zen and the Art of Motorcycle Maintenance
On Trolling (this session was half intended as a joke)
- I should read the UNIX-HATERS Handbook
- I should read the Sokal paper
- “Linus==troll”
- “Version con-trolling”
- “We had this problem where people had to download our software and type ‘make’” –Marty Connor
- Adding support for the old school Unix talk command to Pidgin could be a fun April Fools joke
Mark’s Theorem 1: If you’re trying to do something and not making any progress, do something else.
Mark’s Theorem 2: If you’re trying to do something and making lots of progress, keep doing it.
The SDK for the next version of the Android operating system, 1.6 aka “Donut,” was released last week. The SDK is the set of packaged files that developers use to create applications for version 1.6. Wireless carriers generally push the updated version to devices within a month or two of the SDK release.
I was pretty blown away by a few of the additions:
- Battery usage indicator that shows which applications are consuming your device’s battery, out of a percentage of 100
- Support for four varieties of VPNs: L2TP/IPSEC pre-shared key, L2TP/IPsec certificate, L2TP only, and PPTP only (see screenshots of configuration)
- Device-wide search. Applications can provide search results. So if you search for a friend’s name, the Meebo IM application could return that buddy as a search result, and clicking the buddy could open an IM conversation with them.
- Built-in text-to-speech APIs for applications. For example, the Meebo IM application could speak your incoming IMs if your device’s screen is not active.
- Support for CDMA
- Gestures
I’ve also noticed what appears to be a system wide password safe/keychain/credential store. Here’s a screenshot of some new options from the bottom of Settings –> Security & Location:
This should theoretically allow applications to store sensitive information in a secure way. However, this wasn’t mentioned in the release notes and the API documentation is “hidden,” meaning developers aren’t intended to use the classes yet. The classes are android.security.CertTool android.security.KeyTool android.security.Reply and android.security.ServiceCommand. These classes seem to only used by the Settings application for storing Wifi and VPN credentials.
I tested out the password store with the VPN and it seems to work well–I tried to import a .p12 file and it prompted me to enter the password to unlock my credential storage. I’m not sure if the authorization eventually times out.
I think Android needs a system-wide password storage facility pretty badly, and I really hope they publicize this API in the future. There exists an open source password safe called OI Safe which works well, but this really needs to be a part of the operating system so that applications can depend on it.
In this web log entry I complained about National Water and Power, but then I realized I have already complained about them.
As an addendum, if you forget your password they email it to you. Emailing someone their password is not secure, please never do it ever. This means they store everyone’s password on their servers effectively in plain text. What is it about utility companies that makes them suck so bad?
Edit: Here, check this out (click for full-size version). I’m supposed to read their Terms of Use freaking 8 words at a time. Thanks guys. All that extra space on the page and you couldn’t have made this box any bigger?
Comcast has started doing that thing where opening a totally bogus URL in a web browser will send you to a crappy search results page. More information here.
I hate this. Partially because it has the potential to break stuff and I’m the kind of guy who feels that standards exist for a reason. But also because it’s slow. I would rather see either an immediate error page or a Google Search, both of which are faster.
I’ve been working on instant messaging software for seven years, so I’ve been exposed to a lot of IM protocols. The “protocol” is the structure of bytes that gets sent back and forth between your computer and the IM service.
The major IM protocols (AIM, MSN, Yahoo, etc) are fairly well thought out and logical. But sometimes things go horribly wrong. An example that I recently learned about, and the impetus for this post, is the format used for Yahoo IMs. Here’s a handy pocket reference:
-
Mixture of ANSI escape sequences and HTML
Bold, italic, underline and font color are specified using ANSI escape sequences, but font size and font face are specified using the <font> HTML tag.
-
HTML tags aren’t closed
Subsequent tags just override the value of the previous tags. Message formatting is more linear than hierarchical. For example, “<font face=’Georgia’>test1<font face=’Courier’>test2.”
-
HTML font tag size attribute is in points
For example, “<font size=’14′>test.” Normally the size given in the font tag is a relative value between 1 and 7, with 1 being “small” and 7 being “large.”
-
Special HTML entities aren’t escaped
For example, if an IM contains a less than sign it is sent as “alien < predator.” Normally < > and & are written as < > & in HTML documents so that programs can accurately determine if a < is the start of an HTML tag or is a literal less than sign.
Why does this matter? It means the user cannot send this IM, because it is interpreted as a font tag instead of plain text: “<font size=’32′>Huge text.” This generally isn’t a problem for normal users, but can be a nuisance for web developers, who may want to IM that text to a friend and have it appear the way they typed it.
Posted in All, Computers
|
Tagged Computers
|
I recently changed my address for my Health Savings Account with Wells Fargo. They mailed a letter to me at my new address that says, “If you did not request these changes or have any questions, please contact our Customer Service Center.”
Seems kind of useless. Maybe they should have mailed this to my old address?
From: Yours Truly
To: Haynes Automotive Repair Manual for Honda Civic 1996-1998 and Acura Integra 1994-1998
Dear Chapter 11 Section 25,
I believe your step #5 to be somewhat misleading. It reads, “Remove the lower screws securing the sound insulator panel to the lower steering cover, then remove the steering column cover retaining screws (see illustration)” The first half of this step is accurate, and is correctly reflected in the picture. However, I have found that in a 1998 Acura Integra the steering column cover retaining screws do not need to be removed.
Also, your instructions should probably mention that there is a third screw behind the coin tray, and that the coin tray can be removed by depressing the two buttons on the top side of the coin pocket and folding it down all the way, then using a flat piece of metal such as a flat head screw driver to carefully but firmly lever the bottom left corner of the body panel away from the coin tray so that it pops out.
Thank you,
Mark Doliner
is attacking the evil 
, and he’s like flipping all over the place with his 
and jumping around like crazy? 
is just like that, but with a 
instead of a lightsaber.
