ExpanDrive

Don’t get me wrong, Foursquare is a fun little social network and beautifully adapted to the iPhone platform. But their points system incentivizes some activities that I think are detrimental to the environment as a whole.

So in the interests of making things more awesome, I’ve designed some Foursquare Badges intended to shame users into more appropriate behaviors:

A must-have if the Boston Top 10 is any indication.

You’re checking into the venue “Phone Booth in front of Whole Foods” from your cell phone?

Obviously, Foursquare would have to add a relationship status for this to work.

For the Mayor of your local “Starbucsk Coffee”.

Make friends with Cosmo on Foursquare and buy some shirts or mugs featuring these sweet badges.

This is rich. I got an email today from Facebook, a startup company which has taken $714M in funding and is still losing money, letting me know they intend to spend $9.5M found a non-profit that will “that will identify and fund projects and initiatives that promote the cause of online privacy, safety, and security.”

Facebook is sending you this notice of a proposed class action settlement that may affect your legal rights as a Facebook member who may have used the Beacon program. This summary notice is being sent to you by Court Order so that you may understand your rights and remedies before the Court considers final approval of the proposed settlement on February 26, 2010.

This is not an advertisement or attorney solicitation.

This is not a settlement in which class members file claims to receive compensation. Under the proposed settlement, Facebook will terminate the Beacon program. In addition, Facebook will provide $9.5 million to establish an independent non-profit foundation that will identify and fund projects and initiatives that promote the cause of online privacy, safety, and security.

For full details on the settlement and further instructions on what to do to opt out of, object to, or otherwise comment upon the proposed settlement, please go to http://www.BeaconClassSettlement.com.

I’m not approaching this post with anything other than a high-level observation that a money-losing startup with $714M of funding is investing $9.5M to found a non-profit. I find it hilarious.

Jeff posted about the SSL vulnerability described at Black Hat this year. And he’s right: It is scary.

But rather than calling this an SSL bug, even though it sort of is, I would call this another new application of the same persistent and recurring security problems that exist in most low-level libraries and applications, due to reliance on the C language and its standard libraries. The assumption that anything string-like can be treated as a zero-terminated array of characters is pervasive not just because it’s simple, but because C is more or less the only language environment that is universally supported on every platform, from 8-bit microcontrollers up to highly-concurrent multiprocessor systems, and it supports only three basic data types (four, if you squint).

This bug, like most of the other important security threats of the past thirty years, boils down to that: Lacking a strong and expressive type system, C not only permits but encourages its programmers to sacrifice correctness, safety, robustness, testability, and maintainability in favor of some highly underdeveloped and ill-measured ideas about “performance”. Much of the infrastructure of the Internet is built out of this garbage. Robert T. Morris, Jr.’s SMTP worm in 1988 was only the first in a long series of large-scale exploits, yet even today, the same practices that made that worm possible are being deployed in new software.

It is absolutely possible to write correct, safe, robust, testable, maintainable, and high-performance code in C. But to do so requires an enormous amount of discipline and attention to detail on the part of programmers, and most of us (myself included) simply do not have the discipline, the knowledge, or the attention to detail that it requires. As a result, most of the C code you encounter in the wild is unmentionable dreck. The fact that it compiles at all is more a testament to the inhuman patience of compiler writers, than to its status as working or worthwhile code. And, to paraphrase an old saying, anybody who considers C for high-level application development at this point in history, is in a grievous state of sin.

In a sense, C is a kind of technological land mine: Easy to deploy, very powerful, and highly effective for solving certain kinds of problems. However, once it’s buried in the ground underneath your project, it can be very dangerous to those who walk in your footsteps. There’s a good reason the United Nations has a convention banning land mines; perhaps it’s time software developers considered a similar approach.

For many people two numbers is a reality. And while some people might be okay with one number which serves both for work and personal – I am not. Up until Google Voice, this basically meant two handsets. Two handsets suck unless you’re one of those goofballs toating around a man-purse. Even then it sucks.

Google Voice on the iPhone, with an application that lets you dial – like GV Mobile by Sean Kovaks, lets you accomplish the impossible: you can stop carrying both a personal cell phone and a work cell phone. It’s now possible to have one GSM phone with two numbers, two voice mailboxes and the ability to dial out or text from either number.

About 8 months ago I transitioned my business number over to a Google Voice account. Google Voice includes an important feature which lets you choose if the caller id sent to your handset is your Google Voice number or that of the caller.

now all incoming calls on the Google Voice account ring as “ExpanDrive – mobile” on my iPhone.

This allows me to filter calls based on availability – but perhaps more importantly, answer with the appropriate greeting. It’s lame to always answer with a business greeting for any unknown number – and you can’t just answer a work number with “Hello?” Additionally, Google Voice gives you the luxury of two voice mailboxes. When you don’t pick up, calls that came in on your Google Voice number go to your Google Voice inbox – and your personal to your AT&T inbox.

What really makes this a feasible solution for fulltime use is a dialing application. Without this the ability to dial out on either number, you always dial from your personal number. You can receive calls on your business number, but you can’t make them. Customers or partners with whom you’re trying to develop a relationship will always have your personal number. That is a recipe for disaster.

GV Mobile lets you dial from Google Voice number directly from your handset. If you’re not familiar – it goes like this. You open GV Mobile and thumb through your contacts or enter a number – hit call. GV Mobile initiates a Google Voice call – which rings your handset – you pick up. As you pick up it dials the other party, showing them your Google Voice number on their caller ID. It is awesome.

As you might imagine, I’m fairly dismayed that Apple is pulling all Google Voice apps out of the app store. While I am sure that somebody, if not Google, will create a web-based dialer that serves the same purpose, it is quite unsettling that Apple is pulling all of these apps off the market – because they mean a lot to guys like me.

Normally, I try to keep a strict “do not feed the trolls” policy, but I’m not above a good Internet fight now and again. And let me tell you, TUAW’s “Road Test” of an OS X hacked Dell Mini 9 is certainly bad enough to risk a few punches over.

“My first real work with the mini 9 began in November, when I decided to acclimate myself to its diminutive keyboard by using it during NaNoWriMo (National Novel Writing Month) to work on a novel.”

Fantastic test case for a computer designed for mobility and web access—a monumental, offline task involving hours of ass-in-chair typing. The reason people still fetishize the heavy, zero-connectivity Smith-Corona for this task is because it’s nearly perfect for it.

And yes, I have written a novel, so I would know.

“Sure, it worked for a little bit, and then began to irritate me when the gestures would fail. I decided to use a cheap micro-mouse instead, which meant that two of the USB ports were now filled — one with the cable for the mouse, and the other for the Sprint wireless broadband dongle that I use when I’m on the road.”

So wait—that’s three USB ports, which is one more than any but the most expensive Apple-branded laptop. The laptop I own only Mac laptop I can afford has only two, and since I’m stuck with the early 2006 model, other than two-fingered scroll, none of the mouse gestures work, either.

“My fingers felt like they were tripping over each other when I was typing, to the point that I found that I was actually taking longer to type emails on the mini 9 than it took me to tap them in on an iPhone!”

The choadiness and inaccuracy of my fingers is a matter of record. I’m typing this on a Mini 9, right now. Not suffering. Quotation marks are a pain. They are infinitely worse on the iPhone—the author could at least learn to lie plausibly.

“16GB is not enough capacity to load an OS, a complete office suite, and actually do some work.”

I’m sorry if this guy couldn’t run the Mail Merge Wizard, but no one I know wants a netbook so they can use Office. If you’re seriously writing blog posts in Word or coding pages in Dreamweaver, there are tons of fast, light, and awesome text editors, writing programs, and blogging tools out there for OS X. Can’t store all your music? Put it on a server and mount it with ExpanDrive. Even Photoshop has lighter alternatives.

Once the OS is on (and it fits on 8GB machines), hard drive space should be a non-issue. If not, you’re doing it wrong.

“Next, the limited screen resolution (1024 x 600) of the mini 9 made it virtually impossible to use some Mac apps that have default minimized screen sizes that are larger than that. Those apps simply had to be removed from the device, and I was stuck with a somewhat crippled hackb00k that didn’t have the software tools I normally use.”

What tools? The author is completely non-specific in what he could and couldn’t do, which is infuriating behavior for a reviewer. It’s not like he’s just avoiding brand names—aside from basic text entry, he fails to name even the tasks he attempted to carry out. How is this supposed to be helpful to anyone?

Some solutions do exist to keep peace in the battle between windows and screen space. That having been said, a netbook is “somewhat crippled” by definition. Anyone conisdering a Mini 9 needs to take careful stock of what exactly they intend to do. For broswer, mail, text editing, writing, blogging, and IM, I’ve got no beefs.

I don’t mean to belittle the author of this piece, but even his solutions are ridiculous. The 25,000 iPhone apps he cites are nothing even close to what a netbook brings you. Terminal, real SSH, multitasking, a little thing called root access, and gobs of other critical real-world features are all still only available on jailbroken phones—and I wouldn’t expect Apple to change that anytime soon. Let’s not even mention the AppStore’s strict and largely arbitrary acceptance protocol.

The sort of hybrid touch device he suggests is similarly inapplicable to this situation. It would cost far more than regular laptop, and be at least as large and cumbersome. When low cost and small size are the only reasons anyone would ever buy a netbook, I can’t see how this product would fill a similar niche.

The OS X hackbook appeals to hardscrabble, substance-over-style users who value stripped-down, efficient tools. The author of this post owns a MacBook Air, which, with its ludicrous debut price and limited features, is the epitome of all we hate about Apple. Working with a Mini 9 doesn’t live up the Jobsian Ideal, but for those of us who can manage sleeping on a bed with fewer than four pillows, it’s a Mac by any other name.

OS X is a phenomenal work environment. I’d never chose to use anything else. But for way too long, it’s been chained to machines that are, if not overpriced, certainly a financial hardship. The ability to elude this monetary burden, combined with optimized portability, is a fantastic thing—and you shouldn’t need to be the World’s Toughest Writer to appreciate that.

Some well-respected and some not-so-well-respected weblogs are linking to predictions about Apple’s iPhone OS announcement tomorrow. These predictions are sourced by the same person who said this about the original iPhone:

It’ll be coming out in January …All phone providers… Small as shit… Two batteries… Slide keyboard… Touch screen on the “outside”.

Predictions are valued asymmetrically. If you predict correctly you will treated as prophetic. On the other hand, if you predict incorrectly you will not be held accountable, regardless of how wrong you are.

I resolve to make more public predictions.

A friend of mine writes about unemployment insurance (which Canadians call “Employment Insurance”, or “the pogey”) in Newfoundland:

Out of curiosity, I wandered into an employment assistance office one day, and began asking a friendly lady who worked there about the specifics of their EI [Employment Insurance] program. She told me unabashedly, but in a quiet voice, “Everybody around here collects in the winter, and then goes and works on top of it. I mean everybody. I even used to collect and then work part-time here in the office. It’s just part of life, how we get by. But don’t tell my boss, I’m not sure if she does that.” In Newfoundland, it seems that pogey is in bed with fishing, and that seems to be fine.

via Will Wilkinson

the WSJ has an incredible piece (Titled Just Say No to Detroit) on the amount of money GM and Ford have lost in the past 25 years. Nearly half a trillion dollars has evaporated.

Over the past decade, the capital destruction by GM has been breathtaking, on a greater scale than documented by Mr. Jensen for the 1980s. GM has invested $310 billion in its business between 1998 and 2007. The total depreciation of GM’s physical plant during this period was $128 billion, meaning that a net $182 billion of society’s capital has been pumped into GM over the past decade — a waste of about $1.5 billion per month of national savings. The story at Ford has not been as adverse but is still disheartening, as Ford has invested $155 billion and consumed $8 billion net of depreciation since 1998.

As a society, we have very little to show for this $465 billion. At the end of 1998, GM’s market capitalization was $46 billion and Ford’s was $71 billion. Today both firms have negligible value, with share prices in the low single digits. Both are facing imminent bankruptcy and delisting from the major stock exchanges. Along with management, the companies’ unions and even their regulators in Washington may have their own culpability, a topic that merits its own separate discussion. Yet one can only imagine how the $465 billion could have been used better — for instance, GM and Ford could have closed their own facilities and acquired all of the shares of Honda, Toyota, Nissan and Volkswagen.

Deploying an application using mod_rails (Phusion Passenger) is like magic.

$ gem install passenger
$ passenger-install-apache2-module

Install the gem, load the Apache module – everything “just works”. It’s ridiculously easy.

I want to fall in love with mod_rails. I’m ecstatic somebody is helping novices configure Apache and trying to make everyone else’s life slightly easier. Too many man months have been spent reading up on deploying a mongrel cluster with proxy_balancer. Passenger tries to make everyone’s life much much easier, but it goes too far. If you’re doing anything with your Apache instance that isn’t purely confined to your Rails sandbox, save yourself some time and heartache and don’t even bother with Passenger. It’ll let you down.

Rails succeeds in achieving a nice balance between Magic and Pragmatic. Rails allows an enterprising developer to peek behind the curtains and make something “custom” happen. Passenger doesn’t. For instance: the inability to get well defined behavior with mod_rewrite or mod_alias is infuriating. Equally annoying is the inability to turn off mod_rails for a given virtual host. Want to run a piece of PHP on your site or have a sub-uri host your PHP based forum? Good luck. Have a low traffic app on your domain that you’d like to use Passenger for while serving your main site with mongrel. Good luck.

Rails developers might not be the most hardcore bunch out there, but they are characteristically willing to look outside their sandbox in order to get something Better done more Quickly. Denying them the ability to adequately configure their application using ‘legacy’ methods isn’t going to get you very far. I’ve tried to deploy Passenger twice now in the past 3 months, and have officially thrown in the towel.

Update 6/29/09: These concerns are now moot. mod_rails plays nice with mod_rewrite with the high performance option. Long live mod_rails!

OpenSolaris is both great and horrible. Horrible in the sense that it is nearly impossible to get anything other than a basic LAMP stack to install/compile without 30 minutes of Googling around and 20 minutes of tweaking environment variable, shared libraries, or make files. After endless [weeks] of banging my head against the desk, Jon came about this solution:

$ pkg set-authority -O http://pkg.sunfreeware.com:9000 sunfreeware
$ pkg refresh

This sets the default pkg authority to the SunFreeware site – full of pre-compiled binaries that are to actually INSTALL and WORK on OpenSolaris/Solaris 10. How novel?

Test it out by installing sudo

$ pkg install -v IPSFWsudo

I’m tagging this post with as many keywords as possible in hopes that people come across this post via Google. I want to love OpenSolaris, but it is such a nightmare to use with open source software. You’d think that out of Sun’s 34,909 employees they could construct a team of 20-30 people whose sole job was to make OpenSolaris usable and competitive with Linux for those trying to host websites.