Punderings

Ben Laurie blathers about how a large corporation like Microsoft can take a nice, clean, single-bit specification of evil, and turn it into a variety of issues that don’t offer any notable improvement, and uses 21 bytes to store roughly the same data.

I love computer geek humor. You have to read to the end of the specification of evil to get to the funniest part:

   This document defines the behavior of security elements for the 0x0   and 0x1 values of this bit.  Behavior for other values of the bit may   be defined only by IETF consensus [RFC2434].

Of course, that fits, since a truly evil specification forces you to read the whole thing to get to the best part. Luckily, this isn’t a very long specification, unlike others that are antically discussed in the news these days.

Alternately, the funniest part of the evil specification story may be the occasional reader who fails to carefully read the whole specification, including the header metadata…

Y’all really want to stress me out, don’t you? Waiting until the traditional last minute to submit papers, right before the deadline this coming Thursday, 3-April? Especially since we can’t really extend the deadline, since we need to organize the papers before the planning meeting at the conference. Sigh.

To stimulate your CFP writing, I will present a few kudos about current CFP trivia:

• Total number of US CFPs: Following the usual curve, which means not enough yet
• First US CFP Submitter: Christian Wenz – Thanks!
• Top US CFP Submitter: Rich Bowen. Wait, he doesn’t count.
• Top US CFP Submitter not including Rich: Paul King

We have plenty of space coming up in New Orleans, and we’ll have a few new ideas for programming things like Fast Feather and Community Spaces, so get in all your ideas for CFPs. Don’t forget that our US audience and European audience often have different perspectives, and considerably different sets of attendees.

Thanks!

A couple of musings I figured I’d just ask the question, and see what the answers are.

• Why shouldn’t I just run my blog and website over https? I have a real https cert setup on my domain name – courtesy of lovely 1and1 – so everything should be happy for all my readers. Is there any drawback to either 1) linking to my main site on https, or 2) link just to my blog on https? I suppose serving static content isn’t very exciting that way, but it might be nice to have the blog there. Is it really going to slow anything down?
• iPhones in Europe. Tips? I suppose I’ll turn off data and just leave it on for incoming calls, which I’ll keep short to avoid the over-dollar-a-minute charges. Heck, I’ll be online (on a laptop) most of the time I’m not physically walking, eating, or sleeping anyway.
• Cooking is wonderful. Amy brought home leftover fajita earlier in the week (when I was sick), so I just had to have it myself. Did quite a creditable job of it, if I do say so myself – interesting spices on the chicken that even Roxanne liked.
• Why do I hardly ever get any comments? I suppose that I blog for myself first, and not my audience, which is a great sin according to some blogging guides out there. But still, it’s a bit odd that the post that continues to aggregate comments at orders of magnitude beyond any other post is one about an obscure TV personality that 98% of you probably have never heard of.
• Why shouldn’t I post that I’m selling my BMW and am looking to buy a new E36? I won’t be ready to sell until at least Patriot’s day, but still…
• Why do I have so little graphics-fu? I do have a sense – perhaps a quite, ahem, unique one – of visual design. But I really can’t do graphics worth a damn. Sigh.
• Why shouldn’t I buy a real copy of American Typewriter font, which I love, especially lowercase? Oh, wait: no graphics-fu, that’s right.

For those attending ApacheCon, here are a few updates:

• If you are interested in BOFs at ApacheCon EU, then update the wiki page now! Preliminary schedules will be printed soon. (Updates and changes can happen later, obviously, but it’s best to get publicity out early).
• If you’d like to speak at ApacheCon US, send in your CFP now! We’re following the usual trend of everyone somehow waiting until the last minute to submit. NOTE: The CFP period is MORE THAN HALF OVER. There are a lot of you who haven’t submitted yet, and I’m watching.
• If you’re interested in meeting any of our galaxy of talent, come see our ApacheCon EU Crowdvine site. We’ll be using this as a social networking hub, and I’ve heard that some nifty new CrowdVine features will be coming out, possibly during ApacheCon.
• Speakers at ApacheCon EU should remember to register themselves, and everyone should ensure they have hotel rooms booked, since the Mövenpick Amsterdam is booked up for some nights.

With thanks once again to the sun to coming back to us here in the northern hemisphere, bringing with it (in the Boston area at least) lovely if occasionally very wet weather. Happy and healthy travel to all those celebrating spring holidays this week and the next!

You heard them here first. Well, maybe not, since I haven’t been an iPhone watcher since forever, but still, I think they’re new ideas.

• Next/Back songs in iPod by simply quickly shaking the iPhone forward or back (relative to the current screen orientation). This would be a great demo: just tip the iPhone to the right, and get the next song.
• Better use of the motion sense-y stuff overall. C’mon, why don’t all the native apps support all 4 directions. Upsidedown should be easy too. And hey, the You Tube app really needs to support both right- and left- handed orientation – especially since sound quality varies with the integral bottom speaker, depending on where you’re sitting.
• Please, please, please, put the Emergency Call button somewhere not immediately next to the PIN entry pad. I know it makes it look pretty and lets your screensaver picture show better, but it leads to endless screwups when you’re doing it without looking.
• A zoom lens for the camera. Oh, wait, that’s not very realistic.
• An engineering version of the calculator. I know, adding in the integral and Fourier code actually takes a little bit of space, but what gadget geek wouldn’t want to use RPN to input calculations on such a shiny consumer device?
• Actually useful stock lookup links. The stock app is fine; just when I click for details on a ticker symbol I want an actually useful iPhone formatted screen about the company instead of the ad-laden and not very useful screen I get from Yahoo now. When I’m looking up stocks, I want to go to a detail page with just links to the core financials and latest finance-related news. Links to everything else can be somewhere else.

Who’s downloaded 1.1.4? How do you like it?
Who’s planning on writing an iPhone app? What is it?

Jon has more iPhone ideas, even if his blog title is somewhat… painful.

Sir Arthur C. Clarke has passed away: sad news, truly. HT to JimJag.

Apologies to recent readers; it appears that my WordPress install had been hacked earlier, due to a security bug in WordPress itself that I had not patched quickly enough.

Unfortunately, due to events in early winter, I was rather distracted for a couple of months. WordPress released some updates, which I neglected to apply. My best guess is that a hacker used a WP vulnerability to break into my WP control panel, whereupon they then added some spammy/googlebait links to my footer.php file. Sigh.

As best I can determine, after talking to my ISP and eyeballing various html directories, nothing else appears to have been touched. I’m fairly certain that only a WP vulnerability allowed access to the admin functions, which allow editing certain WP files directly from the admin web interface. It does not appear that my shell account or any other ISP features were accessed.

In any case, you’re now reading a completely fresh WP install, and I’ve either wiped & replaced or inspected all other HTML content on my website. I’ve also changed all passwords relating to this account, duh.

Security tips appreciated -at least ones more advanced than “have a good password”. I’ve also updated the WP blog settings to make the default address use https, which although it will load down the poor server a bit more, hopefully will keep my admin logins nice and secure from now on out.

Question: Given that I have a dedicated SSL cert for my domain name, why do I need the WP-Admin plugin? Can’t I just do everything over https directly? (I suppose this does require me to remember to use https, but I can do that).