Jarrett House North

Change: new Pulitzer rules, bye-bye Baltimore Opera

Pulitzer Prizes in the 21st Century – Center for Citizen Media

Dan Gillmor’s memo to the Pulitzer committee, one of the things that resulted in opening up the award to online only publications.

(tags: journalism)
Baltimore Opera Co. to file for bankruptcy, cancels remainder of season (Baltimore Sun)

That ain’t good. Not so much the fat lady singing, more a canary in a coal mine.

(tags: economy opera meltdown)
Drede ye nought, sayd the aungell bryght (Soho the Dog)

Matthew Guerrieri’s annual Christmas carol, this time around a nice Annunciation carol with a 16th century text.

(tags: music christmas carol)

Grab bag: External links on NYTimes.com, and other signs of the apocalypse

The Legend of Lenny (The New Yorker)

Alex Ross capsule retrospective of Leonard Bernstein’s career, complete with anecdote of a National Cathedral performance of Mahler’s 2nd. Wonder who the chorus was for that one?

(tags: music classicalmusic leonardbernstein)
Smart Crowd, Harsh Reality (NYTimes.com)

The fire sale on private equity firms is more than a little scary.

(tags: economy meltdown)
NY Times evolves lungs and stubby legs (Joho the Blog)

NYTimes starts linking to other websites. The end of business as usual at the Gray Lady. Nice.

(tags: nytimes)
Thieves Winning Online War, Maybe Even in Your Computer – NYTimes.com

The model of using antivirus software to reactively identify and remove worms is badly broken. The security market has to shift its focus to hardening the applications (and increasingly it’s applications, not the OS) that enable the hacks.

(tags: security)

Grab bag: Cracks in Old South and Facebook

Large crack develops in landmark church (Boston Globe)

The T’s construction work has opened a crack in the wall of Old South Church. Grrrr.

(tags: oldsouth boston mbta)
Koobface Virus Details (McAfee)

If you have anything in c:program filestinyproxy and you’re running a service called Security Accounts Manager (SamSs), you’re infected.

(tags: security facebook)
‘Koobface’ Virus Attacks Facebook (Wired.com)

It would be interesting to see how the infection is spreading, but I think it’s likely just a conventional virus using Facebook as a vector, not exploiting a hole in Facebook’s security.

(tags: security facebook)
Movie review: “Cadillac Records” (Salon)

Another one to see in the theatres. If it’s anything like “Machers and Rockers” it’ll be a brilliant ride.

(tags: movies music)
Movie review: Stephanie Zacharek on “Frost/Nixon” (Salon)

One to see in the theatres?

(tags: movies)
Why the stories about Obama’s birth certificate will never die | Salon News

Here we go down the rabbit hole. This is what I was afraid of when I started getting these fringe conspiracy theories forwarded to me. How do you fix these broken minds?

(tags: obama conspiracytheory)
The composer in Cambridge: Carter looks back – The Boston Globe

Matthew Guerrieri gets an indepth interview with Elliott Carter reaching back to his student days.

(tags: elliottcarter bso)
Soho the Dog: <I>Tempo e tempi</I>

Overflow from Guerrieri’s Elliott Carter interview. Very nice stuff.

(tags: elliottcarter music bso)
macosxhints.com – Use simple URLs for some iTunes Store item links

Simple URL shortcuts like http://itunes.com/ArtistOrAppDeveloperName. Brilliant!

(tags: itunes)
How to improve cybersecurity: Ask hackers – Federal news, government operations, agency management, pay & benefits – FederalTimes.com

An intelligent approach to managing application security risk.

(tags: security)

Grab bag: UI is all around you

WordPress 2.7 arrives Thursday night | Webware – CNET

WordPress 2.7 drops tonight for all the guinea pigs, er, users on WordPress.com. Looking forward to trying it out when it hits GA.

(tags: wordpress)
Official Google Reader Blog: Square is the new round.

New Google Reader UI. The ability to turn off unread count is probably the best thing here. But is it better than Helvetireader?

(tags: google reader)
YouTube Embedded Player Parameters – YouTube APIs and Tools – Google Code

The API docs for the YouTube player document a parameter that turns off the new default Search bar that suddenly appeared on every embedded YouTube video today.

(tags: youtube google omgwtfbbq)
macosxhints.com – Control how iTunes 8 handles playback in Grid view

iTunes 8’s Grid View has more features than meets the eye, including some nice playback features.

(tags: itunes)

links for 2008-12-03

The Grid System

Interesting design resource for grid based design.

(tags: css webdesign typography)
Anti-Debugging Series – Part I

Tyler Shields begins an interesting series on practical development considerations for application security, starting with "anti-debugging"–methods used to hinder the reverse engineering of a process.

(tags: security)
PNG in Windows IE

Lightweight JavaScript solution for transparent PNGs in IE6.

(tags: webdesign png javascript)

Obscure HTML element of the day: dfn

I’ve had an opportunity to do a little static HTML + CSS work recently, and have had a few educational and reeducational moments about the joys of doing basic web development–all the stuff that a good CMS like WordPress hides from you.

Today’s educational moment was a question of footnote treatments. My application had footnotes at the very bottom of its page, with nothing beneath them, and did inpage links to the footnotes. But it was linking to the footnotes from a part of the text that was close to the bottom of the page, so the footnote was already visible. As a result, when a user clicked a link to get to the footnotes, nothing happened–the footnote was already there, and there was no more page to scroll up.

There are ways around this. Daring Fireball has a lot of empty space on its pages below its footnotes, meaning that the page can scroll to place the footnote at the top. But the bug got me thinking again about why I was doing the footnotes and how I could change the user experience. What if I moved the footnote text–which was generally some sort of quick definition–into a mouseover? I knew I could do it with acronym, but the text I was footnoting wasn’t an acronym so it wouldn’t have been semantically correct. Was there a semantic way to mark up the word or phrase being footnoted so that when moused over, a definition would show?

Enter dfn. See what that does? The dfn tag is basically tailor made for what I wanted to do, and is even reasonably well supported. FF3 and IE7 even automatically italicize the term.

I made one more change to my stylesheet to make it really explicit that more information was there for the mouseover, and applied the same rule that I had for abbreviations:

dfn {
   border-bottom: 1px dotted #333;
   cursor: help;
}

With that, the user got a dotted underline on the term, and a help cursor when they moused over.

I would probably make one more change if the application was expected to be printed, which would be to introduce some styles or JavaScript in the print stylesheet that would do an inline expansion of the definition. But for what I needed to do, dfn worked pretty well by itself. Yay obscure HTML elements!

Grab bag: Agile all the time

Google Calendar officially comes to Apple’s iCal | Webware – CNET

Supported integration between Google Calendar and Apple’s iCal. Hopefully the iPhone won’t be too far behind.

(tags: google ical caldav)
Getting Real About Agile Design (A List Apart)

Interesting perspective on the role of the designer in agile development.

(tags: design productmanagement agile)
CrunchGear » Archive » Actns/Swif.T virus affecting embedded YouTube vids?

More details on the YouTube virus.

(tags: youtube security)
Why it doesn’t matter where Product Manager lives in the organization | The Cranky Product Manager

Simple truth: Product managers can live in the marketing or development organization or report directly to the CEO and they’ll still be product managers.

(tags: productmanagement)
Big News Orgs Help Bush Whitewash History of Iraq War (TPM)

Setting the record straight about Bush’s “regret” for the failure of pre-war Iraq intelligence.

(tags: bush iraq)
An Open Transition

Sign the Open Government petition asking President-Elect Obama to publish transition materials in a barrier free way.

(tags: obama transition lessig copyright)
Fake YouTube pages spread virus – Technology – BrisbaneTimes

You know those YouTube links you get sent? Check and make sure they’re really pointing to YouTube.

(tags: security)
National Vulnerability Database (NVD)National Vulnerability Database (CVE-2008-5278)

Documentation of the RSS XSS vulnerability fixed by WordPress 2.6.5. Get out there and patch.

(tags: security wordpress xss)
Breaking the zero-day habit | Zero Day | ZDNet.com

Shifting from discovering new vulnerabilities to being more proactive about the defenses is good practice. I also think that finding your own vulnerabilities and fixing them before someone else finds them makes good business sense.

(tags: security)
So what’s in this for Hillary? | Salon News

Interesting analysis of Clinton’s new position in the Obama administration.

(tags: hillaryclinton obama)
Some Federal Workers Lose Bargaining Rights – NYTimes.com

It’s interesting how “national security” trumps every basic decency that has come to pass in the last hundred years in this country. Thanks for illustrating that so well, Mr. Bush.

(tags: bush labor)
BSO launches its own music download service – The Boston Globe

The new BSO download service gets a lengthy review. I’m very excited to see what repertoire becomes available. (Brahms Requiem 2008 and Gurreleider, please?)

(tags: bso tfc mp3)
Helvetireader

A much better look and feel for Google Reader.

(tags: googlereader greasemonkey)

Web birthday#8

This is my eighth birthday… since starting my blog in 2001.

Seems like it was an eternity ago. I didn’t even bother to blog on my birthday then–of course it was close to the end of my third semester of business school and I was going nuts. But then, I didn’t realize that I was starting a tradition.

I went back and looked at past birthday posts. 2001, as I mentioned before, wasn’t blogged. In 2002 I turned 30 and reflected on Bilbo Baggins’ birthday benediction (more on that in a minute). 2003 was gearing up for what turned out to be my last Microsoft Christmas party. 2004 was a reflection on over ten years of no one knowing you’re a dog on the Internet. 2005 was my quotation in Business Week over the Sony BMG boycott. 2006, a dinner with friends and reflection on mortality. And in 2007, turning Presidential and lining up my new iPhone.

This past year is definitely a year of change — new website, a shift to linkblogging, killer new job. But my birthday this year feels more like a homecoming. As my sister says, this is pretty much my first Facebook birthday, and the people I’ve reunited with over there are making it a very nice happy birthday indeed. In some ways, I think this is the first birthday in a long time where I’ve felt something like contentment. Probably a sign that vast upheaving changes are right around the corner.

Grab bag: BSO downloads

BSO launches download service – Exhibitionist – Boston.com

Brilliant new download service does classical music right: you can buy by the track, major work, or album, and it’s available as MP3s or high fidelity recordings (the latter, unfortunately, only available for PCs). The real news is that they’ll be releasing new performances, including the performance of Daphnis et Chloe that I was in in 2007.

(tags: bso mp3 boston)
A Handpicked Team for a Shift in Policy – NYTimes.com

HRC is officially on board. I think the dichotomy in NYT’s analysis of Obama’s policy (more diplomats or more soldiers, how can he afford both?) is disingenous and forgets where a lot of the defense budget is spent: on weapons system contracts that the Pentagon didn’t really want.

(tags: obama hillaryclinton)
‘Dumbing down’ the security profession (Zero Day | ZDNet.com)

The guest poster, Shyama Rose, is right on that tools aren’t as capable as security professionals in finding flaws. But her argument misses a critical point: the guild of security professionals isn’t large enough to find and identify one tenth of one percent of the critical security flaws that exist out there. We’re past the time when only manual analysis can keep us safe. That’s one of the reasons why the SAAS model at Veracode is an interesting solution–keep the security expertise on demand rather than trying to teach a developer how to use a tool to find security flaws.

(tags: security)
Computer Virus Hits U.S. Military Base in Afghanistan (US News and World Report)

Computer security issues have real world, national security, life and limb implications.

(tags: security afghanistan)
Google: More Ways to Hide Google SearchWiki Features

Annoyed by all the crud in your Google search results? A few tips on turning the SearchWiki features off.

(tags: google)
Classified: Analysis of user-generated metadata in the LibraryThing folksonomy

Master’s thesis looking at the performance of user generated tags in the context of LibraryThing.

(tags: folksonomy tags librarything)
Mile of London Tunnels for Sale, History Included (NYTimes)

Amazing piece of WWII history surfaces, for sale by BT.

(tags: architecture underground)
Hillary Clinton and the Action Bias (WaPo)

Why a bias to action might not be the best thing.

(tags: economy bailout)
Secret Geek A-Team Hacks Back, Defends Worldwide Web (Wired)

Dramatic retelling of the Kaminsky flaw discovery.

(tags: dns security)

Fundraising in the time of bailouts

NYT: Colleges Are Not Going Hungry,

How to ask for money for your alma mater.

(tags: uva)

Thanksgiving 2008: Big ass turkey

It’s time for the Thanksgiving menu, and not a moment too soon. I managed to get to Wilson Farms today in the nick of time to pick up my turkey, came home early, and boiled my customary Alton Brown brine (1 gallon vegetable broth, a cup of salt, a half-cup mixed brown and white sugar since we were low on brown, and peppercorns) and iced it down and put it on the porch to cool. After cooking a pre-Feast of the Beast (biftek a la Lyonnaise with a quick sauce Robert) and taking care of a few other odds and ends, I wrangled the turkey into the brine.

That’s not a small task. We have five adults and a small child at the dinner table this year, which means a slightly bigger turkey. Like, 19 pounds. This year I remembered to fish the neck and liver out of the cavity AND to get the paper bag with the other organs out of the neck cavity (very good progress!) before the turkey went into the cooler on a bag’s worth of ice, breast down; the brine went over the turkey; and another half bag of ice went on top. The cooler is now on the porch (mercifully, it’ll be between 30° and 34° tonight) and I’m catching my breath while I think about the rest of the menu.

My mother-in-law, mercifully, has already taken care of dessert—a homemade apple pie. That leaves us with:

Turkey
Cornbread stuffing AND traditional stuffing
Roasted Brussels sprouts with garlic and pancetta
Kale with garlic and anchovy a la Two Fat Ladies
Mashed potatoes and mashed sweet potatoes
Gravy du jour (meaning: I’m going to wing it)

What’s up with all the duplications? Well, I made the classic product manager error: I didn’t socialize my plans in advance and got blowback. We’ll see how it goes.

Grab bag: Pre-Thanksgiving light blogging

BlackBerry Storm Downgraded to a Depression (NYTimes.com)

Oh, there’s no end to the possible puns. My favorite is at the end: “Storm isn’t such a bad name for this phone. It’s dark, sodden, and unpredictable.”

(tags: iphone blackberry schadenfreude)
The Criterion Collection

The Criterion Collection folks are now doing online streaming. And their commenting features are letting a lot of spammers through, apparently.

(tags: movies)
Apple Sued Over iPhone Browser – PC World

The irony, as PC World points out, is that the iPhone DOES NOT translate HTML into an XML format and reformat the page for display on the phone’s browser. In fact, it’s one of the few mobile phones that doesn’t.

(tags: legal iphone patent)
The Open Source Force Behind the Obama Campaign | Linux Journal

Doc Searls sums up the role of open source thinking in the Obama campaign.

(tags: opensource obama)
The next President of the United States – The Big Picture – Boston.com

35 killer photos of Barack during the campaign (hat tip to Talking Points Memo).

(tags: obama)
Anatomy of a Meltdown (The New Yorker)

Detailed look at Bernanke’s handling of the meltdown.

(tags: economy meltdown bernanke)

Grab bag: Nogging your egg

WordPress › Blog » WordPress 2.6.5

New WordPress version, doesn’t fix the CSRF issue reported earlier but recommended anyway. A quick upgrade if you look at the changeset.

(tags: wordpress security)
Cisco to close shop for 4 days to save money | Business Tech – CNET News

OK, now this is starting to get scary.

(tags: economy meltdown cisco)
A Colbert Christmas : John Legend Wants To “Nut Your Egg”

I think the actual word was “nog your egg,” but I’ll never think of nutmeg the same way again.

(tags: christmas humor music johnlegend stephencolbert)
How do I precompile my ASP.NET 1.1 application?

Nonintuitive and hacky way to batch-compile an ASP.NET 1.1 app.

(tags: aspnet)
Displaying Related Category and Author Content in WordPress | Darren Hoyt Dot Com

How to do a “related posts” sidebar in WordPress.

(tags: wordpress)
Most Wanted WordPress Hacks: 11 New Requests (2) | Noupe

Interesting collection of WP hacks.

(tags: wordpress)
McCartney: Talks to get Beatles on iTunes stalled | Digital Media – CNET News

It would be really nice to see this move forward. Glad to hear that it’s not Apple or the surviving Beatles causing the problem, but EMI and the Beatles’ agents.

(tags: beatles itunes)

Release planning: How you prioritize matters

I hope I have the time to come back to this thought tomorrow (along with some overdue Thanksgiving blogging). But I had the opportunity to meet up with an old colleague for lunch today and to discuss, among other things, two different agile project cycles. One project cycle ships every four to five months, has seven or eight two-week iterations inside the release cycle, and uses MoSCoW-style prioritization (that is, Must, Should, Could, Won’t) for feature stories and for backlog. The other ships every six weeks, has one iteration inside the release cycle, and uses forced stack ranking for feature stories and backlog.

Which of the differences (iterations per release, release length, prioritization) is most important between the two projects? Which has the greatest impact on the release?

I’m going to give away the answer when I say I think there’s a stack rank of impact:

Prioritization method
Release length
Iteration frequency

Why is prioritization so important? And which method is better, forced stack ranking or must, should, could, won’t?

The problem with any bounded priority system, whether it’s MoSCoW, Very High/High/Medium/Low, or simply 1, 2, 3, 4, is that it leads to “priority inflation.” When I was selling ITIL compatible software, we had a feature in our system that used a two factor method and customizable business logic to set priority for customer IT incidents. It was necessary to go to that length because, left to their own devices, customers push everything inexorably to the highest priority. Why? Because they learn, over time, that that’s all that ever gets fixed.

It’s true in software development too. I can’t count the number of features that were ranked as “must haves” on the project that used MoSCoW. It was very difficult to defend phasing the work, because everything was a must.

The project that uses forced stack ranking doesn’t have the problem of too many “must haves” because there can be only one #1 priority, and only one #2, and so on. Developers can work down the list of priorities through a release. If there’s been an error in estimation and the team has overcommitted for the release, it’s the lower priority items that slip.

The forced stack ranking works with stakeholders outside engineering too, because it forces them to evaluate requirements against each other in a systematic way. Rather than saying “everything is a must,” stakeholders can give answers about whether requirement A or B is more important within the scope of the release.

Release length and iteration frequency matter, too, because they provide mechanisms for market-driven and internal-driven course correction. But from my experience, as long as the release length and iteration frequency aren’t too far out of whack, the right prioritization method is a crucial ingredient for successful delivery of software that meets stakeholder expectations and for defining feature lists that have a reasonable shot of getting completed within a single release.