Archive for the 'blather' Category


clarity in communication

Monday, September 10th, 2001

Hey, Chris Locke, you’ve got some great things to say, but drop the damn subway graffitti lettering crap. It runs entirely counter to your proselytizing on reducing the layers of unnecessary obfuscation in communication between reasonable humans.


don’t bring a knife to a gunfight

Sunday, September 9th, 2001

Rick pointed out that the crux of the Verizon problem was guessable session IDs, not cookies directly.

True, the guessable session ID is the final culprit, but it wouldn’t be an issue if they weren’t avoiding cookies.

I’m assuming the reason the session ID is being exposed to the user (and therefore the hacker too) by being passed around in the URL is that they are using a cookie-less session mechanism because they want to cater to users who turn off cookies.

Bah, humbug, I say. No cookies, no service. You wanna drive around shirtless, you gotta put one on before getting served at the lunch counter. If you’re really paranoid about cookies, learn what they are and how to delete them regularly.

While I’m at it, no DOM browser, no fancy DHTML application. You’re not gonna get real high fidelity stereo on that crystal radio no matter what tricks I use, so consume my services with a tool that’s up to the task, or go get one – they’re giving them away free.

The longer we continue to jump through hoops accomodating throwbacks and paranoia, the longer it will be before we can truly move forward. As for those accomodations that ARE necessary, they’ll be much more manageable with newer tools.


babies and bathwater

Saturday, September 8th, 2001

This is what happens when you try to avoid using cookies. Verizon’s
URL-based sessionID avoids using cookies for people who are worried about security and privacy implications and ends up opening up a much worse security and privacy hole for everyone.

True Story:

It was one of those questions from my wife that I just can’t supply an answer to without getting myself in trouble.

“Look, here it says this local bar is having a ‘Thong Contest’. Do you think I should enter?”

Gack. Think Think Think….

“Don’t be thilly, you couldn’t thing to thave your life.”


dot hot

Wednesday, September 5th, 2001

Although I’m less and less enamoured of Microsoft’s greedy business shenanigans, their technology continues to seriously impress me.  Have a look at Charles Carroll’s ASPNG site to see how damned powerful, comprehensive, and once learned, easy to use this ASP.NET stuff is.

Chris observed yesterday about the world-famousness of things.  I have often wondered just exactly where it is that you go to check the Global Registry of Chinese Buffet Dimensions in order to make sure your local restaurant has indeed got the World’s Largest Chinese Buffet.

Tim Morgan: “Live by the expando: die by the expando.”


managing chaos

Wednesday, August 29th, 2001

One of the great lessons in life is that chaos is inevitable. Once you learn that there is no face lost in abandoning all hope of completely avoiding chaos, you can much more comfortably get down to the task of managing how to decide which bits of it are worthy of your attention, and more importantly, which are not.

Many people come to this epiphany when they have their second child. All the angst spent worrying about potential crises with the first child turns into considered risk management. With the first one it’s “Oh my God – keep him away from that – it’s got dirt on it!!”, and panic sets in. With the second one it’s “Well, it’s only dirt”, and serenity flows.

The trick is continually to assess issues on the amount of influence you have in determining their outcome. If you have no
influence, your worrying isn’t going to help it, so don’t worry.
If you have a moderate amount, do what you can and be satisfied that you’ve done your best. If you have great influence, then set it as a priority and influence away. No time to worry.

In order to reduce the amount of issues coming at you, preventive medicine is a Good Thing (TM). In the development sphere, I can think of a few ways to manage complexity.

  • Endeavour to keep things predictable. Use a staged development environment (Dev/Test/Prod). Implement change control and stick to it.
  • Implement a source control / concurrent versioning system. Conflicts are reduced, rollback/forward, archiving are all automatic.
  • Share and reuse knowledge. Newsgroups, forums, blogs, bookshelves, magazine collections, FAQs, knowledge bases, code repositories, links
  • Keep your eyes open for other tools and processes which help you to manage complexity


Tuesday, August 28th, 2001

Reading old notes to self:

  • always buy the groovy extra warranty on laptops
  • copy stuff from laptop to server a lot
  • don’t keep any critical stuff on laptop only
  • have a spare laptop just in case

It’s a good thing I read my notes to myself. They came in handy today.

Another helpless victim swooped.

“The full weight of the owl came down on my head,” swooping victim Barbara Baird told the daily. “I had no time to react at all.”

I think it’s about time we banded together to fight swooping in all its pernicious forms. Maybe a PBS telethon to raise research money to help rehabilitate those afflicted by this terrible trauma.



Wednesday, August 22nd, 2001

Eric Norlin streams consciousness about amateurism. I could go on for hours, but for now, I’ll just say:

“What he said.”


xml-rpc grooviness

Tuesday, August 21st, 2001

scottandrew has made a cool Javascript XML-RPC packaging library which he uses with JSRS to communicate to a server-side XML-RPC proxy.

Wow. Neat. Keen.