Month: October 2008

Notebook lust: the new MacBooks

My first generation MacBook Pro, purchased back in 2006, is starting to look a little long in the teeth. The basic machine has been just fine, but I knew when I bought it that 80 GB wouldn’t be enough disk space, and the battery is coming perilously close to the end of its lifecycle; I now get maybe 30 minutes on a full battery.

More damningly, there’s a power cord issue (and if you’ve followed my Mac experience through three Apple laptops over the past eight years, this shouldn’t be a surprise). MagSafe eliminated the problem I had on old machines, where the cable would break or fray. Unfortunately, I found a whole new problem with the design: small beings can knock the laptop off the table or chair where it’s sitting, and if it falls on the side with the MagSafe connector, the case dents around the power cable and makes it much harder for the power connection to complete successfully.

All of which means that the new MacBook Pro looks pretty good right now. Killer graphics, more capacity, AND a case carved of solid aluminum that I would bet is much more dent resistant.

But you know? The new MacBooks are also solid aluminum cases, have more capacity than what I have today, and are about $700 cheaper than the MacBook Pro. And increasingly what I’m thinking is a lower end laptop and a dedicated home media computer (or appliance) is the way to go rather than trying to drive everything off one machine. Unfortunately, this is the wrong part of the stock market cycle to make that happen, but it’s a dream I can have.

Grab bag: Light reading

Scrape scrape paint paint

Pick up the scraper, paint bucket, caulk gun, ladder. Walk up the driveway. Caulk is quick: push out, drag down, wipe. Let it dry, move on to the window sills. Pick up scraper and start to knock the paint, loosened by rain from a leaking gutter, from the sill.

And I’m back at the farm. I’m about ten or twelve, with my dad and my Pop-pop. We’re doing a workday on the 1857 farmhouse. There’s a porch that needs painting, and fifteen or so cousins and grandkids are there to do it. Gotta get the old cracked paint off first. Scrape, scrape. And when it doesn’t come loose, the heat gun loosens it up. Too close at first: brown mark on 1857 wood. Then the layers come off and the paint can come on.

I’m four sills over and the paint comes loose easily. I prime, paint an already primed frame, then come back and start painting the newly primed wood. 

And I’m on the roof of my dad’s garage. I’m sixteen. It’s summer, probably 95° and so humid you could wring the air. The house is mostly brick but the upper part is white painted vertical boards. I’m working on a section between the garage roofline and the gable. The attic on the other side of the boards is cooled by a fan on a thermostat but still hotter than the outside air. I’ve never been up there. Now I’m on the hot asphalt shingles dripping sweat into my eyes painting, painting. Hard white granules embed themselves into my knees.

In Massachusetts. My hand is sore from holding the brush; I change my grip. The shingles on the siding are old, maybe dating back to 1941. They can last one more winter.

QTN™: American Oktoberfests

I’ve been tasting a variety of Oktoberfest beers, in name if not in style, this fall. The latest, from Avery Brewing Company, is the Kaiser Imperial Oktoberfest. And it’s a big beer. A barleywine, in all but name. But it’s not an Oktoberfest. It’s a great big quaffable (if not sessionable), very tasty, 10% beer. But it’s not an Oktoberfest. It’s not a märzen. If they served this at d’Wiesn, people would be screwing in the aisles and fighting with the oompah band. Or vice versa. But the choice of name seems like a cynical marketing choice.

Surprisingly, the same was true of the Oktoberfest from Otter Creek. While sessionable and tasty, the hops made it more of an American pale ale than an Oktoberfest beer. I haven’t done a side by side tasting, but the hops really felt more Cascadian than Bavarian.

This is when I start to wonder why it’s so hard to find a beer that tastes like it was brought in a one-liter mug by a busty barmaid to a table full of enthusiastically drunk German college students and hollering Australians. That’s when I remember the most authentic tasting Oktoberfest I’ve had–perhaps because of its freshness–from Berkshire Brewing Company. Mmm. Mmm. I feel sorry for those outside the limited distribution range, because this beer is right on.

Columbus Day: unaccustomed respite

I’m not used to having time to myself on Columbus Day, but for whatever reason, my company has the day off, and Lisa’s doesn’t. So a fairly leisurely morning, a luxury bagel, a little blogging, spend half my eMusic subscription for the month, and then get outside and caulk and paint some places where the house needs some help.

It’ll be in the mid-70s here, and while I surely don’t mind, that temperature is unaccustomed too. Weird is maybe a better way to describe it.

And it’s worth reflecting that, whatever Christopher Columbus’s faults, we’re here freaking out about the stock market and feeling cautious optimism about the presidential election and congratulating Paul Krugman because a Genovese navigator had an idea about a better route to the Indies. Sometimes it’s worth chasing those ideas.

Grab bag: Downloadable Forbidden City ftw

Grab bag: Power and money can buy a heckuva library too

Test driving Google Reader

One of the downsides of being an early adopter in some areas is that I’m a late adopter in many others. I was using a desktop RSS aggregator back in 2002 (Radio Userland, then NetNewsWire) and so came late to the web-based news aggregator market. When I did hop on board, I used Bloglines, one of the early web based aggregators, and so missed out on Google Reader. I’ve stuck with Bloglines because it works and because it works well on the iPhone.

Yesterday, Bloglines wasn’t working. I haven’t seen anything posted about this, but while the site’s UI was up I didn’t get any new results for any of my 175 feeds from about 11 AM on. So in the early afternoon I decided to give Google Reader a spin.

One of the nice things about feed readers is that it’s pretty easy to take all your feeds to a new reader, thanks to OPML (one of Dave Winer’s many innovations in this area). Most feed readers support exporting your feed list to OPML, a structured XML format, and support importing feed lists from OPML. So you can pack up your feeds and easily bring them to a new place–minimizing vendor lock-in. I did that with my Bloglines feeds and was up and running quickly in Google Reader.

One thing that struck me almost immediately was the poorer UI in Google Reader. While it uses the same left pane navigation–right pane reading metaphor as Bloglines, the left pane is cluttered with a bunch of stuff on the top–starred items, trends, shared items and notes, a big help pane, and THEN your list of feeds. Bloglines’ feed list takes up the whole left pane and is just your content–much easier to manage–while other information like your personal blog and “clippings” are in separate tabs. If you’re just interested in reading feeds, Bloglines’ navigation is easier and less cluttered.

The right pane UI is a little better too, imho. I find the separate drop-shadowed feed boxes in the expanded view (what NetNewsWire used to call “smash view”) distracting; Bloglines’ zebrastriped list is visually flatter and doesn’t get in the way of the content. And I can’t imagine a use for the list view for most of my RSS feeds; though perhaps the notification-only ones are better suited for this kind of presentation, I can’t imagine trying to read BoingBoing or even Krugman this way.

Google Reader does feel a little snappier–feeds update more frequently and quicker. But the reading experience is actually slower, because items don’t get marked as read on display, but only if you scroll them off the screen. That might be beneficial for some people, but I’m a quick scanner and like to run through the feed list quickly. And because Google Reader doesn’t fetch all the items in a folder at once, dynamically fetching items as the user scrolls, there’s no way to quickly scroll to the bottom and read everything all at once. You have to wait for the fetch to catch up, then scroll to the bottom again.

So this morning I was pleased to see Bloglines is back online. I’ll still test out the Google Reader iPhone experience, because there are things that don’t quite work for me in Bloglines’s. But I’ll be continuing to use Bloglines in my browser.

Grab bag: Stunningly awful

Nasty moments in Presidential debates

The commentariat are going to love this moment, because it sums up some things that the conventional wisdom has been saying about McCain — cranky, really angry, hotheaded — and surfaces some new memes. Like disrespectful. Like borderline racist. Like, can’t believe he’s losing to this guy.

I think this is McCain’s “heavy sigh” moment.

YouTube – McCain Calls Obama “That One”.

Grab bag: Ugliness abounds

Lost in the library: The New York Public Library Digital Gallery

A tip from Jonathan Hoefler led me to the NYPL Digital Gallery, now fully searchable and browsable, with low resolution images free for non-profit use (including personal blogs, though not Wikipedia). Some really fascinating stuff, including a number of University of Virginia related items: detailed close-up shots of the pediments of East Lawn, the post-1895 Rotunda, the serpentine walls, two different views of the famous pre-1895 engraving showing the Lawn from the West with the Rotunda annex, a view of the full map of Virginia from which the 1826 engraving of the Lawn is drawn and a separate close-up of that engraving, other early engravings likely not drawn from life (since they don’t show the terraces on the Lawn) but including the pediment around Pavilion X, the exterior and interior of Edgar Allan Poe’s room on West Range following one of the Raven Society restorations of the room, and my personal favorite, pictures from a visit that Gertrude Stein and Alice B. Toklas made to the University in 1935, including a shot with faculty and students, the pair in front of a pavilion, and this nifty shot of Stein in front of the Rotunda.

I’m pretty sure you could kill hours just looking through this site–for me, the old photos from Newport News are just about as fascinating as the UVA material.

What are they betting on?

My friend and undergrad classmate Erik Simpson has been following an interesting trend on Intrade, the prediction market that allows predictive “bets” on realworld events. Specifically, Intrade’s prediction results were diverging from other predictive models, specifically those of fivethirtyeight.com. More research dug up the interesting fact that Intrade doesn’t agree with other predictive markets either. Yesterday Erik followed up these posts with the logical question: why not simply arbitrage the difference? If Intrade and the Iowa Electronic Markets are really efficient markets, there should be no persistent price spread, but since there is a price spread there’s an opportunity to make risk free money by selling on IEM and buying on Intrade, then reversing the trades after the election, when the outcome is locked. (As of this writing, Intrade has a 70% probability of Obama winning, vs. a 74.9% chance on IEM.)

The persistent difference in value can be explained by one of two market frictions: either there are one or more irrational actors who are making trades based on something other than rational economic decisions, or there is information asymmetry: the trader knows something that we don’t about the outcome of the election. I’m inclined to think it’s the former. But I don’t rule out the latter, for the reason that the GOP and its followers are starting to scare the hell out of me (anyone else wonder why someone shouting “Kill him” at a GOP rally wasn’t immediately brought in for questioning by the Secret Service?).

It’s not hard to see why the GOP might be frustrated at this point. The Democrats have done a superb job of keeping their powder dry, waiting until McCain really stepped up the smears to point out that he has deep roots in banking and real estate corruption through his membership in the Keating Five. This campaign has refused to roll over and play dead while smears and attacks were directed at them, and while they’ve played hard in return, it’s been to point out how McCain and Palin have specific unsuitabilities to deal with the issues in front of the country right now.

The downside of this campaign–one of the few really well contested matches we’ve seen in recent years–is that it doesn’t leave much room for discourse on the issues. I’d love to see Obama clear enough of the smoke to start talking about how we get out of this mess, but I think he’s going to be facing enough crap for the next few weeks that we won’t hear substantive proposals for a while.

Grab bag: All election, all the time

Technical Debt part II: Security debt

I wrote previously about “technical debt,” the concept that the decision to defer necessary technical work (adopting an updated version of a new component, refactoring code to reduce cruft, etc.) accumulates across releases until it absorbs a project team’s entire capability to develop code. You “pay interest” on technical debt because it’s much harder and consumes many more resources to make a necessary technical change the further downstream you get from the point where the change becomes necessary.

It occured to me today that there’s a specific flavor of technical debt, security debt, that is both more insidious and much easier to see in operation, because we have so many prominent examples of it. It might not have cost the developers of Windows too much more to make the OS more secure at design time, but some of the decisions were deferred, until the point where you had whole features introduced to address security deficiencies in prior features, and the six month long security push that postponed Vista’s launch while the team took care of outstanding security issues in the already-shipped version of the OS.

What’s interesting about security debt to me is that it balloons over time. My once-favorite mix sharing site, Art of the Mix, is a good example. The guy who developed it didn’t really understand SQL injection or XSS, or at least didn’t code defensively against them, and it’s become a hive of malware as a result–and is now flagged as a “reported attack site” and blocked by Firefox 3. So, to carry the metaphor to its logical conclusion, the site’s security debt drove it into a kind of “bankruptcy” when it proved susceptible to drive-by SQL injection attacks.

So how do you avoid incurring security debt? Learning good development practices is a good start; keeping up on the prevalent attacks–the current risk space–is another. But there’s one key thing to remember about security debt: in many cases fixing the underlying flaw that permits exploitation is far far cheaper than getting hacked, or even putting bandaids like web application firewalls in place.