Monday, March 28, 2011

You glibc maintainers have been educated evil!

The Time Cube strikes again:

You glibc maintainers have been educated evil! You deny the simultaneous
4-cornered 64-bit Flash Cube! We must not let this flashlessness stand! Your
ignorance of the Harmonic Flash is demonic!

64-bit Cubic Flash debunks 32-bit AS WITCHCRAFT!

Hejibits - The Waiting Game

From Hejibits - The Waiting Game:
If you think about it, the latter panel could take place after Armageddon, which is just a year away!

This is sort of the reason why I still don't have a Sony PS3. There are only three "awesome" games that I can get for the PS3 but not the 360, and three lousy games is not enough excuse for me to justify picking up a new console. Make that two, if I buy a PS3 and PJ sees it, he'll take it over so I would need to buy TWO of them.

Monday, March 21, 2011

HTTPS is more secure, so why isn't the Web using it?

Verisign tokenImage via WikipediaHTTPS is more secure, so why isn't the Web using it?


  1. SSL certificates cost money.
  2. Free SSL certificates usually trigger a browser warning that 99% of the people won't understand. There are ways around this, of course, but there is no way for a brand new retail channel machine to accept one of these certificates with 100% reliability.
  3. Not all hosts support it.
  4. Not all hosts need it. 
A little more detail:

SSL certificates cost money

The cheapest Verisign certificate I could find (at their site) in 30 seconds is $399. I found one at Thawte for $149, but I am 99.99% sure the two products are not equivalent. I don't sell certificates at anymore, but it looks like I was selling these Thawte certificates for $45 for the first year, and yes, that includes a hefty markup. Basically these certificates are a license to print money, they cost whatever the market will bear.

Worse, if you take two of these certificates at the same encryption level, they are both identical. Your provider gives you additional services (think about buying gas, everyone sells you the same gas but with different additives) which is what makes it so hard to compare certificates between companies. In reality the certificate is just a little bit of text that costs close to nothing to maintain in a database. Even if you want to cloud the living shit out of the infrastructure, you are still spending maybe a buck, the rest is pure profit for the providers.

Free Certificates

Anyone can generate a certificate that can provide industrial-grade protection to a network connection. The problem is that there is a trust system and by default devices only trust a few centralized certification authorities. If you are within a company, you can setup your own certification authority (which you trust because YOU set it up), and set up internal clients to trust your CA implicitly. This doesn't work outside of a company because each user would need changes at the local machine to have it trust these certificates implicitly. And worse: this CA arrangement is much needed, otherwise anyone could issue certificates for any domain and use these to perform man in the middle attacks.

So yes, you can get them for free, but this is not a good feature for the general public. 

Not all hosts support it.

In order to use a certificate, you need to have fixed IP addresses as part of the mechanism. Shared web hosting does not allow you to tie up one IP address by default, so almost every commercial host out there will charge you a little more just to have the IP address so you can assign the certificate. 

Not all hosts need it.

Yup, not all hosts need SSL. I wouldn't lose sleep over blogs and SSL unless you want to authenticate sign up for authoring or comment posting purposes. If the information is not critical (by this I mean that the information does not have security or privacy connotations), and you are only reading, SSL is probably not needed. On top of that, there is a performance toll since SSL requires more overhead. 


What about privacy? Even if not all of your usual destinations are protected, you don't want anyone in the middle to know what you are looking at. There is a simple fix for that: get a secure proxy/VPN. You can get one of these for under $10, and that will encrypt all of your traffic up until its end point. Anyone that tries to back track you will only make it as far as the proxy, there is no (easy) way to trace these all the way back to the end user. I have tried two of these in the past, and all of my work traffic goes over a VPN, but the problem with the commercial services is performance: they are simply too damn slow.

If paranoia is a concern, I would still recommend the VPN/secure proxy route even if it means slower connection speeds. You could use the anonymous modes in most modern browsers (these are universally referred to as "porn mode") but Chrome calls it "Incognito" and IE9 calls it "InPrivate browsing" which will not collect tracking information. Remember that if you use these, don't log into any sites or you will be defeating the purpose (this is not obvious when you use these).

Oh, and in case you missed it, RSA got hacked.

Netflix Original Content Is Much More Than A Strategy Shift — It Could Shift An Industry

Image representing Netflix as depicted in Crun...Image via CrunchBaseNetflix Original Content Is Much More Than A Strategy Shift — It Could Shift An Industry

This is very true. What Netflix is doing is moving around without the encumbrance of having to carry hundreds of channels of shit like every cable operator in this country does. I have even seen ads from satellite providers saying "nobody can give you the channels that you want, so we just (insert lame excuse here)."

Either you can or you can't.

With Netflix paying for NEW content, they prove it is possible to make money giving people JUST the content that they want, when they want it. Who the hell wants to pay $100 (like I do) for a few hundred channels worth of shit when I can pay $8 to Netfix, $8 to Hulu and $7 to Amazon for a better variety than what I get right now? My $100 tier with Comcast is shit, all I watch is the local FOX and CW affiliates, Ivette only watches Investigation Discovery, and PJ watches PBS Kids and WETA Kids. That's a lot of money for access to ONE channel that isn't available OTA.

And yes, Comcast's On Demand is shit too. You can't possibly compare their On Demand catalog to Netflix, Hulu Plus or Amazon Video On Demand. Not only the catalog is shit, but the user experience is horrible and the UI simply sucks.

It is only a matter of time before Discovery and others make a deal with the streaming providers, it is the only way they can keep viewers as cable continues to lose subscribers. Once Discovery makes their move, HBO and Showtime won't have a choice in the matter, either evolve or die, since there is no way in hell Comcast and others are going to allow us to pay only for the channels that we want.

And please don't feed me a line of bullshit on the technical constraints of allowing each cable box to have a custom list of channels. All cable providers in this country have this feature, otherwise they would not be able to lock you out of premium channels unless you pay for them. This is a software feature, and is available in every cable box and every cable card device in this country. If they can do it for HBO, Showtime and porn, they can do it for normal channels.

Sunday, March 20, 2011

Message With A Bottle, The 50 Best Messages With A Bottle

Message With A Bottle, The 50 Best Messages With A Bottle

How Pee Helps Us Understand Social Media

How Pee Helps Us Understand Social Media

The biggest problem I am having with this whole social media freakout is companies freaking out about it. People, on the other hand, are doing exactly what was expected with these new technologies.

The problem with the companies is that they are too willing to shell out money to snake oil peddlers calling themselves social media experts, who are then tasked with shaping their "social media strategy."

99% of the time this means adding a Facebook group, a Twitter account, buttons to follow twitter and friend on Facebook on the corporate site, and telling everyone in the company to sign up for a LinkedIn account.

When you go to their website, there's a link that says that they are on Facebook. When you visit their Facebook page, it is empty except for links back to the site, and a bunch of useless drivel, wall posts, like messages, etc.

When you go to their Twitter, all you see is a bunch of regurgitated content from elsewhere, nothing original. Only 1 in 100 companies I have run into on Twitter use it for real micro-blogging. This is really sad because Twitter is extremely handy for things like outage reports or emergency releases. 

Saturday, March 19, 2011

The "HDR" Moon Photo

This is being passed as an HDR photo of the moon, in reality it is a composite from 15 photos. The original article is at APOD: 2006 September 7 - Colorful Moon Mosaic

xkcd explains radiation doses

This is NOT a joke, the full sources for his numbers are here. Click the chart for a full-size version.

Cosmonaut Crashed Into Earth 'Crying In Rage'

Cosmonaut Crashed Into Earth 'Crying In Rage'

Vladimir Komarov's remains in an open casket

Vladimir Komarov's remains in an open casket (photo by RIA Novosti Photo Researchers Inc.)
This is one hell of a read, especially for those of us children of the Cold War.

Sunday, March 13, 2011

Reality bites back at White Whiners… - White Whine - A Collection of First-World Problems

Reality bites back at White Whiners… - White Whine - A Collection of First-World Problems

What about decaf (not that I give a shit), does it require its own dedicated grinder?

Riyad's Technical Blog: Don't Waste Your Time Commenting Source Code

Riyad's Technical Blog: Don't Waste Your Time Commenting Source Code: "Sometimes you just need to leave a note..."

How many of you wish you had run into a comments block like this one:

// Dear maintainer:
// Once you are done trying to 'optimize' this routine,
// and have realized what a terrible mistake that was,
// please increment the following counter as a warning
// to the next guy:
// total_hours_wasted_here = 39

Roku HD Player

Image representing Netflix as depicted in Crun...Image via CrunchBaseI have been struggling for months with performance issues whenever I try to play NetFlix HD streams on my laptop. It doesn't matter which version of Silverlight, or browser, or even using Media Center, it will always choke the machine. Replacing the GPU is of course is out of the question, and the machine is just a year old, I need to get at least two more years of work out of it before I can justify picking up a new one.

The sad part is that if you don't take into account the HD streaming issue, the machine is pretty damn good. Even better if you take into account the SSD and that most data that used to sit in USB2 drives is now in an external SATA drive. 

Do I need the streaming at all? The way I work I need a constant source of background noise. Music doesn't work because it is predictable, which makes it distracting. What really works for me is things like daytime court shows, trash talk shows, or movies. I have a dual monitor setup (company paid for one of the monitors, I paid for the second one). The company-issued monitor is where I do 99% of my work, and the personal monitor is either showing my cable TV feed or as an extended desktop, playing streaming video.

A coworker accidentally reminded me to check out the Roku devices, which I had not seen since my AppleTV days. I was pleasantly surprised to learn that the 720p version of the Roku HD is only $70 through Amazon ($10 cheaper before shipping if you order direct). In theory, it should not make a difference to me as the user between watching Netflix in a browser window and just switching the input and watching it through the Roku HD as HDMI.

In reality, there are three benefits:
  1. The laptop is no longer taking a performance toll for playing the videos.
  2. The Roku HD also has Amazon Video on Demand, and I am a Prime customer so I get the "free" streaming. 
  3. The Roku HD also has Hulu Plus.
After a few days it is obvious that the investment is going to work. Is it perfect? Of course not, but it beats watching these videos through a browser window. In terms of picture quality, I am yet to have trouble with any of the HD streams. The Netflix application crashes about once per day, but restarting the Roku box is less of a hassle than rebooting the damn laptop. The Hulu Plus application is not really good, but it does the job, and once the video is playing the experience is extremely smooth. The Amazon Video on Demand application has really stupid UI issues but again, once you get the video, everything is smooth.

As it stands right now I'll probably hand this one to Ivette and I'll pick up one of the slightly more expensive units that have a USB port, since as far as I can tell there is no "free" way to stream media from the laptop to the Roku. Again, for the $70 I paid for it, I got one hell of a value.