Archive for the ‘Post’ category

The sifr.fla file included in sIFR 2.0.7 could not be opened by CS4. This has now been resolved, thanks to Andrew Crowe who managed to open it in CS3 and re-save the file in a different format. Many thanks to Andrew, and also Nathan Strong, Todd O’Connor, Chris Peters and Lenny de Rooy for reporting the issue and testing a solution.

You can download the updated file from the sIFR 2.0.7 page.

(I would have done this myself, were it not for the fact that I’m still using Flash 8! Any help in getting CS4 would be much appreciated.)

It’s a grey day, and I’m sitting in the Xopus office in The Hague, Netherlands. I’ve been here since last week, having taken the train down from Copenhagen to Enschede for Elmine’s birthday and unconference. A great time was had, with many insights I hope to describe in a blog post soon.

This afternoon I’m headed for Brighton for the dConstruct conference on Friday, and perhaps also Barcamp Brighton. The fantastic Jerome Ribot has graciously made available his couch (I guess) for crashing, and I’m very much looking forward to the trip.

Come next Monday, I’ll be back in Copenhagen for only a few days. I’ll be in Amsterdam Sept 19th – 27th for the Mediamatic Social RFID Hackers Camp @ Picnic 08.

In business news, I’ve joined up with Toothless Tiger, Henriette’s up and coming web freelance agency. I’ll be blogging on the Toothless Tiger blog about businesses and the web.

I’ve also been setting up my own freelance business in Copenhagen, under the moniker Supercollider. That’s high energy, particle accelerated collisions, resulting in new insights and different matter. In other words, if I can collaborate with you, we’re going to make for some creative collisions! I’m moving my web application musings to the Supercollider blog, with the first blog post being about Method Chaining.

I’ve been busy with a few other projects during the summer as well, about which more later. For now, this should break the 41 day blogging lull over here

Quick pointer to tomorrow’s hackmeetup in Malmö: http://upcoming.yahoo.com/event/921335/. Yours truly will be doing a very speedy version of my sIFR talk at Singularity, hopefully combined with some weird JavaScript hacks.

For those of you who can’t read: I don’t break into computers, I just build cool stuff.

Well hello! Within a few months I’ll be graduating from Twente University with my Bachelors degree in Computer Science. I’ve decided not to take a Masters, but to venture out into the world. More specifically, I’d like to venture out to Copenhagen. And since I’m not keen on moving to Copenhagen while still working for Xopus, I need a new job!

I just updated the colophon page to explain what kind of person I am, and what I believe in. I’m quoting a part of it here, because it highlights what I want to do next. Of course, you’re encouraged to read the whole thing:

I love the web. I love it for its creative destruction, for bringing people together and empowering them. For unleashing a new generation of creative people no longer simply consuming but interacting and creating. I sincerely believe the web can dramatically change the world – for the better. I want to be a part of this change.

I want to work with smart, creative people who want to change the world for the better.

And really, that’s all it boils down to. If you are a company changing the world, and you’re looking for a sharp web hacker, please get in touch. By the way, if you’re not from Copenhagen, please do get in touch anyway. Just realize I think Copenhagen is really, really great.

Og jo, jeg vil meget gerne lære dansk.

Last Saturday I participated in the Federating Social Networks workshop organized by the fine peeps of Mediamatic (Lab), most especially Ralph. Reduced to its essence, the goal of FSN is to enable websites (“social networks”) to stream data to each other. Rather than pulling data in via feeds and API calls, websites can push data out over an XMPP stream.

One reason social networks may start federating is that feeds don’t scale. Some examples:

• Blaine Cook of Twitter, who flew over from SF to participate in the workshop, noted that Twitter is getting hundreds of millions of requests through the RSS feed. Apps like Twitterific are limited to one request per client per minute, which is not enough for them to live up to their potential. For Twitter to be able to push tweets to apps such as Twitterific would save them a lot of server load.

• Jaiku has been blocked a number of times for hitting sites like Last.fm too hard, just to pull in songs. Since Jaiku tries to aggregate a lot of feeds into a lifestream, it’s hitting sites such as Last.fm, Flickr and Twitter constantly. Reversing the aggregation by having Flickr notify Jaiku when a new photo is posted would a) enable Jaiku to display the photo instantly, and b) save Flickr from unnecessary polling.

Of course, federating will have its effect on the business models of these sites as well. For Twitter, one upside of federating is that there’ll be more development around it. Twitterific will be real-time, and will be able to provide many more features. Jaiku will be able to display tweets as if they were jaikus. This may mean that more people start using Twitter, without having to lose their contacts on Jaiku. But, if Jaiku also starts federating, Twitter will be able to display jaikus as if they were tweets. More people may start to use Jaiku rather than Twitter!

What this really means is that boundaries between services start to dissolve. The services will have to be more open, and without lock-in will have to do a better job than its competition. Which, of course, is only good for the end user. And not opening up will only make the services more vulnerable to being out-opened by upstarts.

The protocols to achieve federation are already here today, and Mediamatic is committed to actually get it working. In fact, Mediamatic is in a rather special position where they run several social networks which could greatly benefit from federating, and have obtained a government grant to build a federating system. With Twitter and SixApart also involved – David Recordon of SixApart also flew over from SF – federated social networks have a pretty good chance at becoming reality.

We live in interesting times!

Last month Peter-Paul Koch wrote about a Dutch Guild of Front-End Programmers he is starting. Its purpose is to further professionalise the front-end programming discipline within the Netherlands and improve web design education. The primary means of doing this is by forming a certification body which will certify individual front-end programmers in the fields of HTML, CSS, JavaScript and possibly Flash. Clients can hire certified developers, which will then improve the quality of their websites.

I believe this is misguided certification is the wrong way of achieving this goal.

In the software field, certifications are typically provided by technology vendors, such as Microsoft and Sun. These certifications are a proof of your skills as an individual engineer, for a particular technology. As Microsoft puts it:

The practical expertise that is gained through the certification process provides individuals with the kind of know-how that gets recognized—on the job, among peers, and by future employers.

(Emphasis mine)

Key here is future employers. Like a formal CS education, a Microsoft-issued certificate helps you land a job. It’s the employers looking for the certification, not the employers’ clients. The certification process acts as an early filter for potential hires. I believe the same will happen to the Guild’s certification process.

Peter-Paul wrote in his introduction to the Guild:

(…) Dutch government recently decided that all national ministry sites will have to comply with the Web Guidelines before the end of 2010. Although they have no requirement to do so, quite a few Dutch governmental bodies on all levels have decided or will decide in the near future to comply with the Guidelines.

They have one huge problem: finding standards-aware front-end programmers.

During an April meeting in The Hague, with various stakeholders of the Web Guidelines present, I heard this complaint not once but three times—and every time most attendees nodded wisely bud sadly. I saw this problem coming back in September 2004, so I wasn’t particularly surprised. In fact, I started to see a possible solution: certification.

There are some very knowledgeable and standards-aware groups within branches of the Dutch government (…) Now suppose that these people would, quite unofficially, advise government branches who want to implement the Guidelines to work only with certified front-end programmers? That would give a certificate considerable value.

In fact, if this strategy succeeds it might mean that web companies that work for the government will employ only certified web developers in three or four years time. Government sites would be created only by people who actually know the web standards. Wouldn’t that be interesting?

When you read the above citations closely, you’ll note that a) the government branches are expected to hire web companies who employ certified programmers, and b) that Peter-Paul expects an underground pressure on these branches to only work with such companies. As the French might put it, coup d’etat.

Of course, government websites will eventually have to comply with the guidelines. They will have to work with web companies that can build compliant sites, and these sites themselves will have to be certified with regards to the guidelines. Hiring a Guild-certified programmer, or more precisely the company which employs the programmer, is no guarantee. When I asked him about this at last Thursday’s Guild meeting, Peter-Paul admitted as much.

The advantage of obtaining the certificate for individuals is better chances at employement. For the employer there is easier filtering of job applicants and a marginal advantage in project pitches. Certification does not increase the quality of Dutch web design education, nor does it necessarily improve the quality of websites. Unlike vendor driven certification programmes, the programme that Peter-Paul is proposing requires membership of an organisation. And since there is no certification in the use of a vendor’s technologies, but in open standards whose proper use is continually under debate, the objectiveness of the certification is unclear.

I do believe there’s a need for a professional web designer’s organisation. Pressure needs to be excerted, and a helping hand extended, to improve the quality of (Dutch) web design and education systems. For the reasons outlined above, I do not believe certification should be part of this.

As Peter-Paul wrote, last October:

The main problem with any kind of Web development certification (as well as Web education) is that the industry is moving too fast for official institutions (with their unavoidable bureaucracy) to keep up. Suppose that today we’d set up certification criteria that all experts would agree to be good; before they’re actually implemented by an official body they’d already be outdated. Even if the official body would somehow move with lightning speed, our certification criteria would still be outdated within a year or so.

I wonder what made him change his mind.

I’m going to be in San Francisco July 21st – 28th, and Vancouver July 28th – August 4th. While in San Francisco I’m speaking at the Ajax Experience. If you’re based in SF or YVR or are attending the conference let me know, cause I’d love to meet up.

For a university project we researched location-based services and how they can improve social interaction. As part of the research we conducted a survey under 23 Plazes users, all contacts of mine. The results are from March 12th, 2007.

In short, Plazes is a web service which tracks the location of their users via software applications those users run on their machines, a mobile phone application and SMS “check-ins”. A location is called a Plaze, a location history a Traze. The software application uses the identity of the network router as an identifier for the Plaze.

Here are the questions asked and the results.

1. How long have you been using Plazes? (Check one)
   (A) 3 years (39%)
   (B) 2 years (30%)
   (C) 1 year (17%)
   (D) Less than 1 year (13%)

2. What Plazer services do you use? (Check at least one)
   (*) The Plazer application (91%)
   (*) The Phone application (13%)
   (*) SMS (26%)
   (*) None (8%)

3. How many Plazes did you discover? (Check one)
   (A) 0 – 10 (39%)
   (B) 11 – 20 (4%)
   (C) 21 – 30 (17%)
   (D) 31 – 40 (0%)
   (E) 41 – 50 (13%)
   (F) 51 or more (26%)

4. How many contacts do you have? (Check one)
   (A) 0 – 10 (21%)
   (B) 11 – 20 (30%)
   (C) 21 – 30 (13%)
   (D) 31 – 40 (13%)
   (E) 41 – 50 (4%)
   (F) 51 or more (17%)

5. In what situations do you use Plazes? (Check at least one)
   (*) At conferences and other events (17%)
   (*) At home (8%)
   (*) At work (8%)
   (*) Wherever I am (26%)
   (*) I don’t actually use it (17%)

6. Is your Traze public? (Check one)
   (*) Yes (69%)
   (*) No (31%)

7. Let’s say you’re visiting a company, and that visit needs to remain a secret. Would you remember to disable the Plazer application before you go online at that location? (Check one)
   (A) Yes, absolutely (40%)
   (B) Most likely (30%)
   (C) No (30%)

8. Did you consider how your location information could be of benefit to those with malicious intent? E.g. burglars who’ll know when you’re not at home? (Check one)
   (*) Yes (78%)
   (*) No (22%)

9. Are you concerned about goverment / police access to and use of your location information? (Check one)
   (*) Yes (57%)
   (*) No (43%)

10. Plazes has placed its servers in Switzerland because of stricter privacy laws. Do you care? (Check one)
    (*) Yes (69%)
    (*) No (31%)

11. Have you been able to use Plazes to hook up with people? (Check one)
    (A) No, not at all. (26%)
    (B) Yes, but rarely. (69%)
    (C) Yes, all the time. (4%)

12. Have you ever been approached through Plazes by someone whose intentions you’d consider questionable? (Check one)
    (A) Yes (9%)
    (B) No, why would this happen? (22%)
    (C) No, but I’m aware this could happen (69%)

13. Would this (question 12) affect your future use of Plazes? (Check one)
    (A) Yes (13%)
    (B) No (48%)
    (C) Not sure (39%)

14. When you balance privacy issues with the benefits of using Plazes, do you think it’s a good trade-off? (Check one)
    (*) Yes (79%)
    (*) No (21%)

15. Would you mind advertising targeted at you because of your current location and/or frequent hangouts? (Check one)
    (A) No, as long as it’s relevant (56%)
    (B) No, I don’t care if it’s relevant either (0%)
    (C) Yes, my location information belongs to me and should not be used for marketing (35%)
    (D) Yes, I dislike all advertising (9%)

16. If you’d decide to stop using Plazes, would you remove your location history? (Check one)
    (*) Yes (52%)
    (*) No (48%)

I’ll be in Geneva Tuesday – Sunday morning for LIFT. I’m hoping to go to FOSDEM as well, although Nadya and Marco still need to book the hotel. April 18th it’s off to London for Future of Web Design (thanks, Malarkey!) for which I’ll be needing a place to crash on the Wednesday night.

For the past few months I’ve been following the ha.ckers weblog, which talks about hacking websites and otherwise internet-connected systems. In the most recent two posts (part 1, part 2) a way to do port scanning without JavaScript is discussed. This all harks back to early August, when SPI Dynamics discussed port scanning using JavaScript. An often heard counter measure to this technique is disabling JavaScript, but it turns out that won’t be enough.

The scan itself is quite ingenious. It relies on the way Firefox parses the document, which by default is sequentially. First, the page itself loads from the attacker’s server. The time is noted. Then, an image is loaded with it’s source set to a server in the local network, say 192.168.0.1. Once finished, another image from the attacker’s server is loaded, the time is again noted.

Because Firefox finishes loading this image before loading the next, it’s possible to determine the time it took to load the image from the local network. If this is a couple of seconds, one can assume the image request timed out, and the port is closed. If it’s faster than that, the port is open.

This goes to show that the browser security model as it is today is not good enough. One idea would be to disallow resources from outside the local network to access resources inside the network. It sounds good to me, but then I’m not a security expert

To close with a comment from RSnake, the ha.ckers’ author:

I think we’ve proven a our point. JavaScript isn’t the root of the problem here. Sure it enables bad stuff, but HTML and the client technologies alone can obviate the necessity for JavaScript alone. Do I think anyone is going to use this technique in reality? Probably not when JavaScript is so prevalent and cross browser compatible. But it is nice to know you can call people out when they claim they are safe because they turn off JavaScript.

Back at Reboot 8.0 Jyri Engeström introduced us to Jaiku. Jaiku is an online presence service: you can post small notes about what you’re doing, either through the website or by texting or using the mobile application. Together with web feeds you can specify this is all combined into a presence stream. It’s much like Twitter, except prettier, cooler and European. And they have Andy!

Today I signed up, and set about automating the process. First off, there’s JaikuAdium by Peter Rukavina. This will set your Adium status to your current presence. Of course, you’ll still have to go to Jaiku to actually update your presence, so we can use some improvement.

Enter some HTTP reverse-engineering. Andy already told me they might inadvertently break the code below, so be warned. This tutorial is also for OS X. Here’s what you need to run in Terminal (you can remove the \ and the line break):

curl -b "jaikuuser_XXXX=username;jaikupass_XXXX=XXXX" \
-d "icon=338" -d "message=Hello+world" --url http://jaiku.com/

The jaikuuser_XXX and jaikupass_XXX are the cookies used by Jaiku which contain your login credentials. You’ll have to retrieve these from the browser. Please note that the XXXX is a long string of letters and digits. The presence icon is identified by a number, I’m not sure of the mapping between the icons and their IDs, so you’ll just have to try. 338 is the exclamation-mark-in-a-text-balloon icon. And finally, message is exactly what you think it is. Take care to properly encode it’s contents though, it shouldn’t include whitespace, ampersands and probably some other characters.

Here’s a Ruby script which updates your presence and Adium status at the same time:

#!/usr/bin/ruby

require 'cgi'

`curl -b "jaikuuser_XXXX=username;jaikupass_XXXX=XXXX" 
-d "icon=338" -d "message=#{CGI.escape(ARGV.join(' '))}" --url http://jaiku.com/`

`osascript /Applications/JaikuAdium/JaikuAdium.applescript`

Here I’ve placed the JaikuAdium script in /Applications/JaikuAdium/. Update the login credentials as mentioned above. Then, call the script with the presence message as it’s argument(s).

Enjoy!

Over the past few months I’ve been getting comments on this blog from Germans. Now, that’s great, especially since a lot of them are regarding sIFR. Something smells fishy, however. The sites behind these comments aren’t the typical sites you would expect from web developers, they are quite ugly and don’t seem to serve a real purpose. After seeing yet another weird comment today, I decided to dive into this a bit further.

We are dealing with the following domains and originating IP addresses (intentionally not linked):

• info-aerzte.de, from 212.23.126.1
• a-katalog.de, from 217.238.100.199
• 0am.de, from 212.23.126.6
• softsensive.de, from 84.139.122.75
• katulago.de, from 84.139.93.56
• restposten-zentrum.de, from 89.50.175.104, 89.50.175.82
• online-reisefuehrer.com, from 84.154.108.236
• afrika-start.de, from 62.159.35.170
• erfolgs-werkstatt.de, from 84.142.155.180
• themenrelevanz.de, from 84.178.2.131

IP addresses nicely listed:

• 62.159.35.170
• 84.139.122.75
• 84.139.93.56
• 84.142.155.180
• 84.154.108.236
• 84.178.2.131
• 89.50.175.104
• 89.50.175.82
• 212.23.126.1
• 212.23.126.6
• 217.238.100.199

Here are some sample comments:

Wow, never thought that it was so easy, fortunately we don´t have to work with this version….

Great job! Runs absolut fine with Firefox 1.5.0.7 xp sp2 german version.

The IE7 will display a few of my websites also in a different way than the new FF, but who cares….

Did you try to get the FF20? I tried to download it but the server was busy all the time. I am curious if there are new challenges for the web designer…

regards, Sandra

Most notably there are a number of comments with just one or two sentences, ending in a lot of periods. The level of English is lacking, too. (For the real German readers, I mean no offense!) Some commenters even post follow-ups. Considering how the comments fit the context, they are definitely typed by humans.

Looking through the WHOIS information for above domains gives some surprising results. Domains for which a guy named …… is the administrative contact:

• info-aertze.de
• 0am.de
• restposten-zentrum.de

The administrative contact for the domains above contacted me on December 28, informing me his sites were being spammed without his knowledge. I’ve redacted his name at his request.

Domains for which Werner Kaltofen of Neue Medien Muennich is the technical contact:

• 0am.de
• restposten-zentrum.de
• online-reisefuehrer.com
• erfolgs-werkstatt.de

Domains with kasserver.com as name server:

• a-katalog.de
• 0am.de
• restposten-zentrum.de
• online-reisefuehrer.com
• erfolgs-werkstatt.de

Softsensive.de does not appear to be registered, although it still works. The name servers for the other domains reveal nothing interesting, nor does there appear to be a connection the domains I just mentioned and the katulago.de, afrika-start.de and themenrelevanz.de.

There clearly is a connection in the WHOIS data between six of the ten suspected domains. The other domains appear to be connected through the style of the comments linking to them and the type of website found. It is, however, possible that I’m seeing ghosts. In any case, the links from the suspected comments have been removed, and I’m adding the following to my commenting guideline:

Non-contributing comments run the risk of being removed. Especially if the website seem “fishy”. Spammers, beware.

If you dislike the new iTunes 7 icon set, you can replace the icons with the iTunes 6 versions. Download the set, unarchive, and copy and replace to /Applications/iTunes.app/Content/Resources/.

These icons are copyrighted by Apple Computer. Enjoy!

About a month ago I gave a presentation at Web Monday about Plazes. If you’re unfamiliar with Plazes, it’s a web service which uses a small application on your computer to register the network you are connected to. Information about this network can be stored, this forms a Plaze. For example, right now I’m at the University of Twente Campus Network, which is a huge plaze for every computer directly connected to the university’s network. Effectively, everyone who uses plazes and is connected to the university network will be at this plaze.

Since I gave the presentation, Plazes launched a mobile client. It works by finding the ID of the cell tower your phone is connected to, asks for an address if needed, and gives you a list of plazes in the neighbourhood. Up to you to pick the plaze you are actually at. Even though the promise of connecting to Plazes without using a computer is pretty neat, picking a plaze kinda sucks. And thus, my proposal at Web Monday:

There should be a Plazes client which uses RFID tags to identify the Plaze, and connect automatically.

The way this would work is that you would walk into a house or office, and there would be a sticker on the wall with the Plazes logo. Touch it with your RFID-enabled phone (inspired by the address book desk by Timo Arnall) and you’re good to go. This would also lead to the creation of more plazes, on locations where there might not even have been a computer network in the first place. However, as was quickly pointed out, I believe by Gernot, RFID is still far from ubiquitous, and a better solution would be to identify the plaze by a barcode. The hardware (a camera) and software for this is available today. The Plazes APIs support it as well (although not directly).

All there’s left to do is actually implement it.

I’m back in the Netherlands. Thank you Jot for this amazing summer!

Plazes is an extremely cool location awareness service. Recently the first version of the Plazes API was released. Together with the Launcher and WhereAmI APIs there now are three public APIs for the service. As a hobby project I’ve updated the RubyForPlazes project, run by Peter Rukavina, to work with the new API. The new version hasn’t officially been announced yet, as there is still some work to do with regards to testing and examples, but it is already in the repository at Peter’s site. During the development of the new Ruby implementation I’ve run across a number of issues with the API design, which are documented in this article.

Please note that the properties referred to below are as used in the Ruby implementation, not necessarily the Plazes APIs.

Plaze? What Plaze?

One problem is that all three APIs return different information about a Plaze, and with different property names for equal values. The data returned by all APIs, with normalized names:

• key: Identifier for the Plaze
• name: Name of the Plaze
• city: City where the Plaze is located
• country: Country where the Plaze is located
• latitude: Latitude for the Plaze
• longitude: Longitude for the Plaze
• url: URL for the Plaze on Plazes.com

The WhereAmI API doesn’t return more information than this. Actually, it returns even less. The Plaze key is not returned, but it is part of the URL.

The Launcher API returns:

• timezone: Plaze timezone
• feed_url: URL to the RSS2 feed for this Plaze

And finally, the Plazes API:

• street: User entered address for this plaze. Includes street number or other address parts when applicable
• state: User entered US or Australian state for this plaze
• zip: User entered ZIP code for this plaze
• blog_url: User entered URL for this plaze, can be empty

I’d love to see the timezone and feed_url added to the Plazes API. feed_url by itself isn’t enough, as it returns an RSS 2.0 feed while RSS 1.0 and Atom 0.3 (which is deprecated) are available as well. The feed URIs are predictable, though, and the Ruby implementation supports this. And while it is annoying that the property names differ between APIs, it is easy to abstract this away.

Users

User information is slightly different between the three APIs as well. You could say there is a base user, which has:

• key: Identification key of the user on Plazes.com
• name: Name of this user.

This is the minimum of user information returned by the plaze.comments and plaze.photos methods of the Plazes API. The base user is an abstraction, though. The mentioned methods return the values as user_key and user_name properties on the general result.

Then there is a normal user, returned by the plaze.people method of the Plazes API and which properties are shared by the other methods described below:

• thumbnail_url: URL to a thumbnail picture of the user on plazes.com. Always set, can point to a dummy image
• url: URL to the users profile page on plazes.com
• blog_url: URL the user entered as her blog, can be empty
• message_url: URL on plazes.com where internal messages can be sent to that user

user.friends returns:

• plaze: The current plaze of the friend. Only available if the friend is online.
• distance: The distance of the friend to your current plaze. Only available if the friend is online.

Note: The actual result from the API contains a normal user, a Plaze and the distance. Since the distance and Plaze are properties of the friend I’ve implemented the result as one object.

Finally, the Launcher API has a plazes.buddies method which returns a normal user and it’s vicinity to your location.

It’d be great if the result from plaze.people is the same as the result from user.friends, especially with the distance. An online property would be handy too, currently this has to be inferred from the presence of other properties and the way the user object is requested. The plazes.buddies method could return the same information and drop the vicinity, as this can be derived from the distance. In fact, since the Launcher API requires a special API key, this is what’s done in the Ruby implementation already. Furthermore, there should be a user.info method which returns this information for a given user key.

Other data types

There are other data types available in the APIs, which have a good definition. I won’t go into detail about these types but you can find them in the Ruby implementation.

Concluding

The Plazes APIs need some clean-up, especially when it comes to plaze and user information. The API results refer to abstract structs, such as the user and plaze struct, instead of extending from them. Extending makes more sense when you are using the API.

It would be useful if the next version of the Plazes API would supersede all three existing APIs. An updated Launcher API would be welcome as well, looking at the recent Plazer apps it can be concluded that this API already exists, but is private.

We’re nearing the end of the year (less than twelve hours in my time zone) and it has become time to write down some final random notes.

• There’s some interesting things going on with regards to tuning in sIFR 3, see these experiments. Of course there’s more info on the mailing-list.

• If you hang out at the coolest webhosting company around (a.k.a. TextDrive), there’s a TextMeet being organized next week in Utrecht. See the forum topic for more info.

• Laurent Haug, whom I met at Reboot last June, is organizing his own conference in Geneva early February. I won’t be able to make it, but check it out: Lift06.

And with that, all the best for 2006!

As you are hopefully aware, backups are the only way to make sure you don’t lose your data in case of a crash or theft or an other disaster. There are several ways to back up your data, such as writing it to a tape-recorder stuck away in a fireproof vault.

Luckily there are easier methods as well.

My personal strategy is as follows: I keep one full backup of the PowerBooks hard drive on an external Firewire hard disk. Furthermore, I upload my documents and work (anything I code, basically) to Strongspace.

There are two programs I know of for the Mac which do full disk backups. One is Carbon Copy Cloner (CCC), the other is SuperDuper. I’ve used CCC for a couple of months, and I’ve recently bought a SuperDuper license. Whereas CCC seems to be aimed at users who know what they’re doing, SuperDuper is clearly for the folks who don’t and/or want assurance that the backup is really working. The interface is clear and consise, and the User’s Guide (pdf) is useful even if you don’t use SuperDuper. Please note that the risk of buying the application after reading the guide is significant. You’ve been warned.

My Strongspace backups are done by means of a combination of Ruby, rsync and SFTP. You can download the script here. It will allow you to upload specific directories, and it lets you exclude files and directories on a per directory basis. It will also remove files from Strongspace which no longer are on your disk. You can follow instructions on setting up a scripted backup at Invisible: Back-up. Instructions on my script are in the script itself.

And finally, there’s scheduling. You need to schedule your backups so you won’t forget making them. Please do as I say and not as I do, because I don’t schedule mine. I usually make a full backup before I take the PowerBook with me on a trip longer than the bycicle ride to university. If I’m not travelling for, say ten days, I’ll also make a backup. The Strongspace backups are made at least once a day, usually before I hit the sack. This means the latest stuff will have been backed up, no matter what time I go to sleep.

Luckily I haven’t needed my backups yet, but at least I’m prepared. I hope you will be, too.

On my way to being a twenty-something.

Because James Bennett bugged me about using TextPattern to output HTML 4.01 code, here’s how I did it.

First of all, make sure the pages and forms use valid HTML 4.01 markup. Then add the following code to publish.php:

$html = preg_replace("/<(.+)\s?\/>/", "<$1>", $html);

after this line:

$html = ($prefs['allow_page_php_scripting']) ? evalString($html) : $html;

This will change all occurences of <tag/> and <tag /> to <tag>. Note that it does not replace any namespaced attributes or other XHTML specific stuff, but to my knowledge TextPattern does not use this anyway.

As for my reasoning, as I wrote before:

(…) for compatibility, XHTML needs to be sent as HTML. Which means browsers see it as invalid HTML, no matter how valid the XHTML is. Furthermore, you can write just as clean code in HTML as in XHTML, so I don’t see a reason to use XHTML.

I like travel of the passive kind: board a train at 8 in the morning and emerge at the other side of the country two and a half hours later. Same with airplanes: board the plain at 11 am and arrive in Copenhagen somewhere around noon.

Thursday and Friday were spent debugging JavaScript code for Firefox, Safari and Opera at work. While not exactly challenging work, in the sense that you can create cool stuff, it is a fight against several browsers, implementing IE’s XML features (really, it’s competition is only now approaching IE when it comes to XML/XSLT support and other proprietary features such as innerText) and forcing things to just work.

Friday night I had dinner with Anne and we and Sjoerd went to see Crash, which is a really cool movie.

Yesterday I returned to Enschede. No matter how small the Netherlands is, it still takes too long to travel from one side to the other.

After some hard work (cough) I’ve updated the following:

• Valid Atom feeds, even for comments
• Feed to get the 20 most recent comments
• Comments form without tables
• and better hints
• Highlighted the comment posted notification
• Ensured no XHTML escapes the system. HTML rocks
• Fixed Last-Modified on comment feeds
• Full content feeds (with summary)

TextPattern rocks.

Look! All new, all shiny! Running on a somewhat hacked version of TextPattern, valid HTML 4.0.1 Strict and Atom 1.0. Now with comments. And article-level feeds. Yay!

This site is not guaranteed to work in browsers originating from Redmond. Batteries not included (but stolen from smoke alarms).

After well over eighteen years I left the family to go live in Enschede, which not entirely by accident is home to the university where I’ll be starting in the Computer Science Bachelor Programme. You can find some pictures of the house on a certain photo-sharing site. The pictures are from about a month ago, I’ll try to upload new pictures soon. And congrats to fellow Happy Clog Anne, who’s now a W3C member and (I think) back in Holland and (I think) proud owner of a certain laptop, which (if all goes well) I’ll be next Friday as well. Yay!

And I hope I won’t regret it

Why don’t you ever want to play?
I’m tired of this piece of string.
You sleep as much as I do now, and you
don’t eat much of anything.

I don’t know who you’re talking to
I made a search through every room,
but all I found was dust that moved
in shadows of the afternoon.

And listen,
about those bitter songs you sing?
They’re not helping anything.
They won’t make you strong.

So, we should open up the house.
Invite the tabby two doors down.
You could ask your sister, if
she doesn’t bring her Basset Hound.
Ask the things you shouldn’t miss:
tape-hiss and the Modern Man,
The Cold War and Card Catalogues,
to come and join us if they can,

for girly drinks and parlor games.
We’ll pass around the easy lie
of absolutely no regrets,
and later maybe you could try
to let your losses dangle off
the sharp edge of a century,
and talk about the weather, or
how the weather used to be.

And I’ll cater
with all the birds that I can kill.
Let their tiny feathers fill
disappointment.

Lie down;
lick the sorrow from your skin.
Scratch the terror and begin
to believe you’re strong.

All you ever want to do is drink and watch TV,
and frankly that thing doesn’t really interest me.
I swear I’m going to bite you hard and taste your tinny blood
if you don’t stop the self-defeating lies you’ve been repeating
since the day you brought me home.
I know you’re strong.

The Weakerthans – Plea From a Cat Named Virtute

I lost it. Damn. It took me a full 0.5 microseconds to realize it was gone. As if it had evaporated in plain sight. I should have known it would happen one day, but I didn’t. And now the pain is unbearable.

It happened in the new high-speed train between Amsterdam and Paris. I had been visiting some relatives back in Holland and was now on my way home. Home, for me, is a small apartment in a large building near a now tiny Eiffel tower. I remember the days when the Eiffel tower seemed to rise above the city, a magnificent display of French pride. Unfortunately those days have been lost.

No, today’s world is different. It’s a world driven by technology, and cost-effectiveness. But yet it’s a world with magic, a world where the unexplainable still happens. Like it did today.

When I entered the train I could feel the magic. I was listening, intently, and looking around, somewhat foolishly. There was a girl at the other end of the cabin, staring straight ahead, not distracted by my entrance, as if she was both deaf and blind. I studied her for a while, fascinated by her silent composure. As the train started to move, I sat down. An old song protruded my mind. A manifest, by some long gone Canadian band. It seemed fitting.

And then, nothing. Poof, the music had disappeared. Slightly startled I searched my bag, thinking that’s where I had put it. Nothing there. I patted my jacket, not there either. It had disappeared, along with the music. And as I looked up, I noticed the cabin was empty.

The girl had disappeared as well.

I lost it. Damn. It took me a full 0.5 microseconds to realize it was gone. As if it had evaporated in plain sight. I should have known it would happen one day, but I didn’t. And now the pain is unbearable.

It was a freezing cold winter day when it came to me. I was huddled inside, close to a warming fire, when suddenly there was a loud knock on the door. Startled I got up, a feeling of dread in my stomach. Not sure what to expect, I grabbed the fire poker. Another loud knock seemed to vibrate the room. With the poker firmly gripped I went to the door, and opened it slowly. There was nothing.

Suddenly angered at my fear I threw open the door and raced out. I could see footsteps in the snow, the distance between them indicating the person, or thing, had run off. Suddenly the cold caught me and I retreated, shivering, inside; bolting the door behind me. As I sat down at the fireplace I realized I was still clenching the poker. I got up to put it back and as I got up, I saw something from the corner of my eye. Something wrapped in gift paper, put inside the house while I was hunting my ghost. What reason there was to lure me out, only in order to present me a gift I did not know. But as I approached the gift, as I moved my hands to open it, I could feel the feelings of fear dissolving. It was a marvellous gift, odd, yet fantastic. A real piece of Art.

That is how it came to me, and it’s been with me ever since.

And now it’s gone.

One year ago exactly I was in London, hanging out with Eddie Sowden and two of his friends. Now today happened and some stations I passed through that day, one year ago, have been hit.

My thoughts are with the victims and their friends and family. Be strong, and don’t let them scare you.

Something I haven’t written about here is that DHTML Utopia contains my Event Cache technique. I still need to get my hands on a copy, but that’s pretty damn cool!

Also, yesterday evening I officially graduated from high school. Another book closed. The evening was quite fun, my dad took some pictures, I might put them on Flickr. Anne graduated as well, congrats man!

And finally, the subject I talked about earlier will have to be picked up later, due to the complexity of prediciting how fast institutions will handle subscriptions. More about that soon, I hope.

I walked into a store today. It was actually quite funny to walk into that store, listening to Steve Wozniak, on my iPod.

So I apologize for the short post of last Thursday, and I’ll try to make it up with this one. Highschool has been a weird mixture of things to me: on the one hand I’d like to know how things work, on the other hand I don’t want to do the maths on these things. It’s really cool how electricity and batteries work, but answering questions on it is not. Couple that with the other stuff I’ve been interested in (think hacking, tagging, “social software”) and it becomes a strange mix.

But it’s over now. And interestingly enough I find that now I’m hacking JavaScript for a living (well, scratch that, it’s a summer gig) there’s less need to work on my own stuff. I suddenly understand the reasons why DC2 never happened a lot better.

Anyway, there’s some other things I’d like to talk about in this post. MyBlogLog, which I talked about earlier, has started an affiliate program. So hopefully tomorrow I’ll be dissecting it yet again, and I’m going to add affiliate links too. Let’s see how much money I’ll rake from that! (Well, looking at my stats now, there’s been 27 hits on that article in the past week, even though it holds the #2 position on Google, so most likely it isn’t even going cover the monthly hosting costs of this site).

Another thing I’d like to dissect is Odeo, which just launched and to which I’ve been invited. No idea if it’s specific or if it’s because I signed up for the invitation. In any case now I can finally speak about Dunstan Orchard who’s doing the UI stuff for the Odeo.

Next Friday I’ll be heading to Enschede to look for a room at the University of Twente, where I’ll be doing CS next year. Anyone who want’s to grab a beer (or has a room I just have to check out) let me know.

Also, next Sunday there’s a JavaScript meetup in Amsterdam, organised by Peter-Paul Koch and Bobby van der Sluis. It looks like some of my colleagues from Q42 are tagging as long as well. Rock!

Have a nice Saturday!

Thus ended six years at highschool: marks between sevens, eights and nines, average eight. More later (as usual).

Oh boy, was that great. I’ve met a lot of cool and interesting people, and learned a lot about cool and interesting stuff. Today I slept in till 11:30, then I spent the afternoon reading stuff and uploading photos. You can find them here and here.

Unforunately I’ve run out of time today to add more descriptions / notes to the photos, or write more here for that matter. But I’m taking notes about stories I’d like to tell, and I’ll give that a shot in the next few weeks.

In the meantime I’d like to give a big shout out to everyone who made Reboot possible. It’s been the best thing of the year!

After two weeks, seven finals, hundreds of items piled up in Bloglines and a broken wiki, I return to the world of language wars and license wars and whatever more. As I’m writing this I have my local copy of Novemberborn up, behind the text editor, and I see the bright yellow of the Reboot banner (to the right, link). Oh yeah, less than six days to go! Rock! Supposedly I’m going to get interviewed by Nicole Simon of the preboot podcast, so we’ll see how that goes.

Yesterday I started at the new job, I’m a colleague of Anne now, if you’re inclinced to know. I get to do cool JavaScript work, with what a great team (it’s good to work with other folks who do JavaScript, instead of developing on your own). It also happened to be the first day something “in real life” told me I should “blog” more, well, this one’s for you, Lon!

Speaking of the “blog”, I’ll be getting a PowerBook later this month, and wil be spending the weekends on hacking away at this site. I’ve got some cool stuff lined up, and if the Ruby on Rails framework is as fast to develop in we should definately see some results before the summer ends. In any case, I’ve already read the pickaxe (great book, even if you don’t care about programming you should read it, it’s that much fun), and although I’ve written not even a few hundred lines of code, it’s the most beautiful language ever.

Now if you’ll excuse me, I have a wiki to repair.

– Mark

As a kid I always used to hate these things, and I still think they’re a bit silly now that I’ve grown up (a bit). But I suppose somebody is interested in my musical habits (yes, that’s you Robert Nyman and Andrew Krespanisand also Arthur Steiner and Marko Dugonjic) so I’ll play along!

Total Volume

20,0 GB, with some more music on an external harddrive. I really need to sort things out, though, there’s loads of stuff I never listen to!

Last CD Bought

RazorLight – Up All Night

Song Playing Right Now

Phantom Planet – Something Is Wrong

Five Songs I Listen to A Lot, Or That Mean A Lot to Me

Ouch, this is such a hard question. I’ll just give you five songs I think are really, really great. Wish I could add more, though!

• The Weakerthans – Manifest
• Phantom Planet – Anthem
• Bomfunk MC’s – Rocking, Just To Make Ya Move
• Jellyfish – Baby’s Coming Back
• Modest Mouse – Ocean Breathes Salty

Five People to Whom I’m Passing the Baton

• Didier Hillhorst
• Joen Asmussen
• Stephanie Sullivan
• Chris Poole
• Andrew Hume

Who’s Tracking This?!?

It’d be really cool if somebody can write a script which visualizes how this meme has spread, what the most favorite songs are, etc. To this purpose I’ve written a small Musical Baton Profile (link goes to XHTML page).

*.total-volume

Total Volume (number GB/MB/KB)

*.last-bought

Latest CD you bought

ul.favs, ol.favs

All list items will be a favorite.

ul.passing-to, ol.passing-to

All list items will be the person to whom you’re passing the baton.

a[rel="artist"]

Link to artist page, preferably on AudioScrobbler.

a[rel="song"]

Link to song page, preferably on AudioScrobbler.

a[rel="passing-to"]

Link to the person you’re passing the baton to. If possible, enhance with XFN

a[rel="musicalbatton"]

Link to a page which has musical baton content on it.

a[rel="via"]

Link to a a[rel="musicalbatton"] page from which you received the baton.

And finally, tag your post with musicalbaton!

Hey I got back from France last Friday. We went home a day earlier because it was raining and it was really cold. Today I had some time to sift through the 263 photos I took, and 141 have made it into Flickr (that is, the photos with my parents and sister on it are private, in total there’s a 172 pictures in Flickr). You can check them out by viewing Vosges 2005, Vosges 2005: The Candy Shop and Vosges 2005: Colmar.

This is the first time I used Flickr for lots of photos, and I have to say it completely rocks. And yes, I’m a pro member now.

Well, it’s that time of the year again, at least for me. I have two holidays planned for the next two months, one is for certain, one highly likely.

The Vesges

On Sunday I’ll be leaving for a one-week holiday in the Vesges, France, with the family. Going to do some nice walks, read some books, and revise for my economics and Dutch exams I’ll have at the end of May. I’ll take some pictures to share when I get back.

Reboot7

I just found out about this conference in Copenhagen, Denmark. The description on the site reads:

reboot is the european meetup for the practical visionaries who are building tomorrow one little step at a time, using new models for creation and organization – in a world where the only entry barrier is passion. reboot is two days in june filled with inspiration, perspective, good conversations and interesting people.

Damn right that’s going to be cool! Some of the cool folks who are going to speak / host conversations are Douglas Bowman, Cory Doctorow, Jason Fried, David Heinemeier Hansson, Matt Webb and David Weinberger. To cut to the chase: I’m thinking of going.

I already managed to get Anne to tag along, but we are hoping somebody is willing to put us up for a few days. We still are students, and speaking for myself I’ll be facing some hefty expenses in the coming months (laptop, but also I’m going to move to uni). Anyway, just asking. We’ll be in Copenhagen from June 9 to June 12. Let us know!

Actually, since I’ll be away next week, let Anne know. Thanks!

Via Merlin of 43 Folders I found out about MyBlogLog, a service which tracks outbound links from your site. It does this by detecting clicks on the body, after which it determines if the click originated from a link. If this is the case it then sends the URI, link text and a timestamp of when the click occured to a server by constructing a new Image and setting its src property.

Okay, so I’ve already explained how it worked in the introducing paragraph… so much for dissecting! Well, there are a few comments I’d like to make about the JavaScript, including tips to make the code invisible to the visitor and some ramblings about privacy. Read on!

The Code

You can find the code at here. The original code was wrapped in a comment, but I’ve removed it here so you can see the code from the browser.

I have to say here that the sign-up process was really fast. Just fill in the form at the front page and you’re ready to go.

I’m afraid I don’t like the code that much, it does its work, but there are lots of things which could be improved. For example, the script is loaded externally: this means there is no need to wrap it in a HTML comment.

Another issue I have with it is that its functions and a some variables are in global scope. This is a bad idea if you want to write a script for people to use in their own websites. Variables like url and trackUrl are too likely to interfer with other scripts. It’s interesting to see though that a different variable, cs_url_trker, and some of the functions, are prefixed with cs_. The variable which holds the ID is prefixed with mbl though. This prefixing makes the variables less likely to interfer with other scripts — the question remains why the prefixes are different.

Some other parts of the code are illogical. Take this code, for example:

if(tg.innerHTML){ text = tg.innerHTML; } //most browsers
else if(tg.innerText){ text = tg.innerText; } //ie only
else if(tg.text){ text = tg.text; } //mozilla only
else{}

innerHTML is indeed supported by most browsers, including IE and Mozilla. Which means that the innerText and text properties will never be used.

And what’s up with that extra else{}? Is it meant to provide a fallback for browsers which don’t support innerHTML in true XHTML pages? I hope that’s the cause, but this empty else condition is used elsewhere in the code as well:

if(document.body){
  document.body.onclick = cs_det_oc;
}else if(document){
  document.onclick = cs_det_oc;
}else{}

Keeping The Function Alive

I did found an interesting hack in the code, namely the pause() function:

function pause(numberMillis) {
  var now = new Date();
  var exitTime = now.getTime() + numberMillis;
  while(true){
    now = new Date();
    if(now.getTime() > exitTime){ return; }
  }
}

pause() is called in this piece of code:

function cs_track_oc(text, url){

  try{
    var now = new Date();
    trackURL = cs_url_trker + '?t=2&u=' + url + '&te=' + text + '&i=' + mblID + '&now=' + now.valueOf(); 
    var x = new Image();
    x.src = trackURL;
    pause(1000);
  }catch(err){ }
}

Appearantly this is used to make sure that data is indeed send to the server. From what I understand from the code the request to load a new image stops if the function returns before the request is made. This “timeout” makes sure the request is made.

It would’ve been nice to document this, though. My first thought was that this was an alternative to setTimeout()…

Improving the Script

The issues I pointed out above can be easily fixed. And, while that’s being fixed, we can also make the script invisible to the visitor. Here’s how.

By wrapping the code in an anonymous function you create a closure. This means that the functions and variables which are now defined in global scope will exist in the scope of that closure. And, even better, by using block scope you can completely hide the code from the visitor.

Well, almost. The events are set using document.body.onclick or document.onclick, which is still visible to the outside world. If you’d use a DOM1 way of setting the event, though, this becomes a non-issue. The added benefit here is that another script will not “accidentally” hijack (or overwrite) the onclick event. Now the code is completely hidden from the visitor.

Well, almost. The script tag still exists. If the site which uses MyBlogLog really wants to hide it, it could point the script tag to a URI on the site which redirects to the MyBlogLog script.

Privacy Concerns

Scripts like these raise various questions. Do you want the sites you visit to be able to tell which links you click? Are sites even allowed to track this? I don’t know the answer to the second question, but there are ways to prevent this from happening.

For this specific script you can disallow images from third party domains. A possible workaround for this is that the site owner runs this script and the tracker on his own server. Therefore the only real solution is to disable JavaScript.

But There Are More!

There are a few other tricks people can use to get to know more about you amd your browsing habits. One it to use the CSS visited pages disclosure. A more advanced monitoring system is Stephen Cote’s IMNMotion Behavior Monitor.

In view of these other techniques MyBlogLogs is just one of many. I’m not sure if this specific method creates privacy concerns either: the page you visit knows where you came from, why shouldn’t the page you left know where you went to?

The more lucky people among you have recieved one of these in real life, but I can’t send everyone a card, so here’s the digital equivalent:

Have awesome holidays, and all the best for the new year!

- Mark

I’ve known Mr. Jones for the largest part of my life. Actually ever since I moved here. Now that he is dead, I can’t help but think about him. I don’t know why, sure, I liked the guy, but that’s it. yet I constantly feel the urge to write the story of his life, as I know it.

You have to know that Mr. Jones was a workaholic. He worked hard. Really hard. Of course there is nothing wrong with workaholics, or at least I don’t think there’s anything wrong with anybody, save some psychopaths, but, you know, workaholics work really hard. That sucks.

Before I proceed, though, I need to tell you something important about Mr. Jones. Physically he was a workaholic, but not in his head. Well, I suppose this isn’t strictly true. He was schizophrenic. And the Mr. Joneses didn’t know about the other themselves.

Mr. Jones ran his own company. He was specialized in advertising, or so everyone thought. I’ve never seen an ad by him, not even for his own firm. And, as with all companies which don’t seem to have any business, and yet stick around, gossip eventually, and then continually, spread about Mr. Jones Advertising.

One day it would be a maffia front, the other day it was CIA. What was there to spy upon in such a calm rural village nobody knew, though. From time to time teenage boys would break in, in an attempt to impress their girlfriends, though nothing interesting was ever found. This, of course, amounted to the gossip.

The really interesting thing about the company I discovered only months after Mr. Jones had died. The firm had paid taxes for three employees: Mr. Jones, director; Mr. Jones, secretary and Mr. Jones, creative mind. I also managed to track down a client of the company.

This client told me a curious story about Mr. Jones Advertising. He had once hired the firm. While there, on his first visit, he saw the secretary first, bitching about not being able to find the director. Then he would leave the room, only to return five minutes later, complaining the secretary couldn’t be found and excusing for the delay. He then welcomed Mr. Client and introduced himself as Mr. Jones, owner.

The client, completely dumbfounded, asked if Mr. Jones had any twin brothers. “No,” Mr. Jones answered, “my twin brothers are long dead!”. Of course this only confused the client even more. He told me he thought Mr. Jones was crazy, and he pitied him. In an attempt to help Mr. Jones he repeatedly hired him to do some ads, but he never published them. Occasionally he would check back on Mr. Jones. He was the good samaritan in Mr. Jones’ life.

After hearing of his death, the client decided to attend his funeral. I never saw the client there, but I did see two people with a strong resemblance to Mr. Jones. Or perhaps I did not, when I looked again to take a better look, they had vanished.