Older blog entries for dmarti (starting at number 485)

software development link frenzy

Great stuff that the RSS reader dragged in, some going back quite a ways. Enjoy.

AlienVault OSSIM: The Power of All

Crowdsourced data analysis with Clockwork Raven

Artificial Intelligence Will Defeat CAPTCHA — How Will We Prove We’re Human Then?

BitZino And The Dawn Of ‘Provably Fair’ Casino Gaming (via The Monetary Future)

So long Drupal, hello WordPress

PCRE Performance Project

GitHub adds a command line, and so should you!

Switching to KGB from CIA

Planning Our First ShipIt Day at Caktus

Generation Gap

Pull requests and other good practices for teams using github (via Reinout van Rees' weblog)

OpenDyslexic in Firefox

The MDN event reference, at last

Just Because HTML5 Was Bad For Facebook Doesn’t Mean It’s Bad For You

Android's smartphone OS upgrade issues need more than a quick fix | Dan Gillmor

Introducing Go by Example

Stables and Volatiles

Commons In A Box, ready to unbox

As Supreme Court Software Patent Ban Turns 40, It’s Time To Stop Ignoring It

You Already Won The Lottery

Linux brings over €10 million savings for Munich - The H Open: News and Features

Why We’re Pivoting from Mobile-first to Web-first | philosophically by Vibhu Norby (via Disruptive Competition Project)

Why Nokia Lumia and Windows Phone 8 will fail - ie will never become the promised third ecosystem

How 4 Microsoft engineers proved that the “darknet” would defeat DRM | Ars Technica

Blue Beanie Day – Celebrate You!

A Primer on Cheap Software Defined Radios

On handling your pets and a CSRF protection that wasn't

Is TDD better than Apps Hungarian?

Surveying DVCS Usage

The Mathematical Hacker (via taint.org: Justin Mason's Weblog)

Samba - opening windows to a wider world

LibreOffice runs on the Raspberry Pi

Do Not Underestimate the Power of Convenience

PuTTY configuration

Eclipse Says Goodbye to CVS

Deciding which features to build for a big demo

I regret not learning some new tools sooner

End users are the new CIO: How Andreessen Horowitz, Box, Github, others view the enterprise in 2013

DARPA and Defense Department look to a more open source future

Git, clients, partners, and woes.

The conflict frontier of a nightmare merge

English Letter Frequency Counts: Mayzner Revisited or ETAOIN SRHLDCU

Understanding your own code

Requests: HTTP for Humans

Why the Web is going to win Mobile

The New Kingmakers, The Book – Available Now

On Antifragility in Systems and Organizational Architecture

CVs and file extensions

An Introduction to Persona

Geeks, Freaks, Nerds, & Programmers

Why Open Source Governance Matters: Vert.x Case Study

From SVN to Git: How Atlassian Made the Switch Without Sacrificing Active Development

From SVN to Git: How Atlassian Made the Switch Without Sacrificing Active Development – the Human Side

[Book Review] Coding Freedom: The Ethics and Aesthetics of Hacking (via P2P Foundation's blog)

Simplify Responsive Design by Embracing the Flexible Nature of the Web

Gitano – git hosting with ACLs and other shininess

Moore’s Law won’t kill passwords

Mozilla and Non-Copyleft Licensing

Is 2013 the year for DVCS domination?

Only compiler vendor customers, not its users, count

Linus Torvalds: we never ever blame user programs

SpiderOak's Analysis and Recommendations for the Crypto in Kim Dotcom's Mega, Part One

Programmer Interrupted

Lennart Poettering: The Biggest Myths

How FLOSS Software Became More Easily Accepted at Work

Dependency Graphs and Package Versioning

Distributed Issue Tracking with Git

App.net moves beyond its ad-free Twitter alternative, adding 10 GB of storage to share

Moore’s Law (Munitions Edition)

Git now fully supported and integrated into Team Foundation Service (via MSDN Blogs)

IPMI: Freight Train To Hell

Stripping Referrer for fun and profit

Planet Gnome: Travis Reitter: Answering the question: "How do I develop an app for GNOME?"

GNOME and Languages

Defending Opus

Script and Screen

MariaDB living in interesting times

Coding Horror: Civilized Discourse Construction Kit (via Rands In Repose)

Rethinking Cookies: originOnly

The Document Foundation announces LibreOffice 4.0

Everyone at Yipit is Now Learning to Code

Hello Chrome, it’s Firefox calling!

Greg Kroah-Hartman: AF_BUS, D-Bus, and the Linux kernel

mjg59 | Samsung laptop bug is not Linux specific

Ruminations on front end-centric webapps

Drupal 8 progress from my / MongoDB perspective: update #13

The New Amazon Elastic Transcoder

Open Source is the New Microsoft

Opera switching to WebKit: thoughts and guesses (via Adrian Roselli and Christian Heilmann)

Why Mozilla Matters

xkcd: App

I will miss the “Douglas Crockford of browsers” (via Brendan Eich)

A Few Signs That Your Project May Be In Some Serious Trouble

The Maintainer's Life (1)

Branching Is Easy. So? Git-flow Is Not Agile.

What can we(Eclipse community) learn from Libre Office?

GitHub for reviewing code

Don't use PHP libraries with known security issues

Exciting Stuff: Firefox 19′s Built-in PDF Viewer

Agile Anti-Patterns in Non-Blocking Development

Learn Git Branching

KumaScript: Bringing scripting to the wiki bears

From PHP hobbyist to pro Ruby developer course – 1, Setting up the hipster blog

Wipe the Drive – Shmoocon 2013

The Magazine: now with full-article sharing, web subscriptions (via Felix Salmon)

Introducing Google+ Sign-In: simple and secure, minus the social spam

Agile git Workflow

One (via Stuff Michael Meeks is doing)

Bypassing Google’s Two-Factor Authentication - Blog - Duo Security (via From the Treetops)

git-review

Converting Github issues into pull requests

The Document Foundation announces LibreOffice 4.0.1 (via Techrights) (via You can't take the sky from me.) (via Stuff Michael Meeks is doing)

RFC 6585 - Additional HTTP Status Codes (via taint.org: Justin Mason's Weblog)

its a bird, is it a space station? no its a display server

Wait, dude, what?

20 Rules of Software Consulting

Rendering Markdown, Asciidoc and Friends automatically while Editing

GitHub Archive

Hacking Github with Webkit

Joel On Software: Town Car Version Control

Kiln Harmony Internals: the Basics

We're Building A Reader

Scripting News: If you're doing a new RSS reader... (via Planet Intertwingly)

Java: Not Even Once

Scripting News: Have you met your users?

Introducing SourceTree for Windows – a free desktop client for Git

Inner sourcing to open sourcing

Put Down Your Forks - Introducing Protected Branches

Coding Horror: Why Ruby?

day 200 release day

GitHub gains new prominence as the use of open source within governments grows (via Techrights and ReadWrite)

Syndicated 2013-03-24 03:33:49 from Don Marti

The gas pump test

One of the points that the adtech crowd keeps bringing up is that privacy demands are coming from "activists" or "advocates" or some other polite word for "long-bearded freaks who know how to do HTTP over a telnet connection but have no connection to how people actually want to shop for stuff."

So here's my question.

If regular people like being tracked, why is there a Please be assured that your zip code will not be used for marketing purposes sticker on gas pumps? Would they really put it there just for the people who think a Saturday night key signing party is good fun?

Syndicated 2013-03-24 02:26:18 from Don Marti

Why is another adtech person freaking out over fixing a privacy bug?

Scott Meyer (not the Basic Instructions Scott Meyer) writes that Firefox's new policy on third-party cookies will mean a loss of privacy controls for consumers, a degraded web experience and further tilting of the playing field toward the biggest companies on the web.

That's a lot of impact for one bug fix, so let's try to unpack it. First of all, does the new policy have a disproportionate effect on smaller adtech companies? No doubt. Firefox is, in effect, leaving tracking open for big sites, such as Google and Facebook, which can give users a first-party cookie, then follow them across other sites. Meanwhile, hardly anybody ever visits the pure adtech firms directly, so their cookies get blocked. Unfortunately, the adtech field is crowded with similar firms doing similar things, and it's bound to consolidate anyway. What the shift to a small-timer-unfriendly cookie policy means is that more of the consolidation will happen on the acquirers' terms. Instead of adtech firms getting snapped up for their programmers and their partner lists, more are going to end as pure Talent Acquisitions.

So it sucks to be an adtech investor, but, seriously, people, all that investment based on a design mistake made in Netscape 1.0 that has been controversial from the beginning. It's hard to build a business on the expectation that a bug won't get fixed. (I could say the same thing about Microsoft Security Essentials and the MS-Windows desktop antivirus business, but that's another story.)

So the small fry of adtech will go away faster and with less lucrative exits. That, Meyer is right about. But there's a next step that will affect the larger sites. The harder problem is having the user stay logged in to sites he or she chooses to visit, without leaking information through third-party cookies from the same sites. I'm a fan of an approach called double keying, which would do what looks like the user-expected thing, but Social API and other ideas are also kicking around.

Should Mozilla have waited to fix the easy problem of pure third-party tracking until it could also handle the harder problem of "Like" buttons? I don't think so. If you have a clean fix for part of a hard bug, ship it and iterate. Don't hole up in an ivory tower and try to fix everything, then have to iterate anyway.

Next item: the degraded web experience. This one I'm just not seeing. Many of the most dedicated user experience people are fans of Apple's devices and operating systems. And, aside from users who never visit Disqus.com, but want to use the Disqus comments on blogs, the Apple implementation of third-party cookie blocking has been painless. Bloggers know that a post about an Apple problem is great clickbait, but so far we have: (1) Disqus comments break unless you also go to Disqus.com, and (2) well, fine, I'll get back to you on the other one.

Now for the overall point of Meyer's piece. There are "consumers" and "advocates", and the "consumers" want to be tracked, but those mean advocates are deceiving the browser developers into keeping users from giving away information. Or maybe a better way to put it is that users like to get original content free of charge, and that the advocates are destroying the adtech system that brings it to them.

This is where the adtech system is giving itself way too much credit. Alexis C. Madrigal writes, The ad market, on which we all depend, started going haywire. Advertisers didn't have to buy The Atlantic. They could buy ads on networks that had dropped a cookie on people visiting The Atlantic. They could snatch our audience right out from underneath us.

Snatching is going to be less and less of an option. One of the key points that privacy advocates often miss is that user tracking isn't just for targeting in order to increase response rates. User tracking is also a key part of adtech's fraud prevention efforts. After all, an adtech vendor that's willing to run ads on copyright-infringing or other illegal sites can't depend on those sites not to do some click fraud. Every extra step between the advertiser and the user is one more opportunity for fraud.

People disagree about the extent of fraud perpetrated on the adtech system—John Battelle makes a good case that there's a lot—but there's no doubt that denying third-party cookies will open up more places for it to happen. The natural response is for advertisers to pull back on highly automated adtech and go for more native advertising, just as publishers are backing away from third-party social sites to "own the conversation" about their content.

Today's online ad industry is largely based on exploits for a browser privacy bug. Fixing the bugs will mean fixing the business. This is good for online advertising in the long run, because paradoxically, the better targeted an ad medium can be, the less valuable it is.

And now, bonus links (things that the RSS reader dragged in. RSS forever.)

Mozilla identity team: Persona plays well with Firefox's third-party cookie policy

Bob Hoffman: Advertising Is Like Exercise and Money Is Their Leverage. Media Is Their Weapon.

Jacques Mattheij: Disqus bait and switch, now with ads

Bob Garfield at MediaPost: The Miracle Machine That Keeps A Dying Magazine Alive.

Josh Dreller asks, Ad Blocking: Theft Or Fair Use? (But my big question is: why was ad blocking so rare until users started learning about tracking? If the adtech proponents are right, targeted ads should make blocking go down instead.)

Adam Lehman: Just Who Do The Data Paranoiacs Think We Are?

Mozilla Privacy Blog: Firefox getting smarter about third-party cookies

Syndicated 2013-03-15 17:27:35 from Don Marti

minimal rss reader

If you really liked Google Reader you will not like my RSS reading thing, rtwt, at all.

  • strips images
  • lumps all feeds together
  • only controls are three mystery buttons
  • puts author's name at the end, not at the top
  • you have to ssh in to the server to add a feed since there's no form for it.

On the plus side, it does use Mozilla Persona, so no annoying password wrangling or online service lock-in.

Developed using the "write random crap until it basically works and then mostly leave it alone" methodology.

Syndicated 2013-03-14 13:58:00 from Don Marti

QoTD: Alexis C. Madrigal

The ad market, on which we all depend, started going haywire. Advertisers didn't have to buy The Atlantic. They could buy ads on networks that had dropped a cookie on people visiting The Atlantic. They could snatch our audience right out from underneath us.Alexis C. Madrigal

Syndicated 2013-03-10 16:21:54 from Don Marti

A patent troll defense scheme

Depressing piece from RPX: Quantifying the "Fight Hard" Strategy. This kind of “fight hard” stance against NPEs has always held tremendous emotional resonance. Its economic foundations, however, have been more elusive, and while dodging an approximately $25 million dollar verdict – based on the judgment of $2.5 million and a $.15/transaction running royalty – is always cause for celebration, it is worth noting that Newegg’s victory didn’t come cheap.

The big problem is that it's hard to convince a troll that you actually have a Fight Hard strategy and not a Put Up A Fight And Then Settle Strategy. Eugene Kaspersky wrote, From our (KL) side – we’ll fight the trolls until the last round of ammunition (their round!). If they attempt to just sneeze in our direction – we’ll be back at them in a flash and take no prisoners.

Kaspersky is credible because he has already done it. But are you? The troll probably figures that even if you want to fight hard, your board of directors will make you wimp out. So you won't get the same protection that a credible Fight Hard company has.

So here's a possible solution. Sign a contract with me, agreeing that if your company ever licenses from a troll or settles with a troll, you'll pay me ten times the amount first. You may not have established a credible Fight Hard position on your own, but you can show the troll that you don't have a viable alternative. (The contract will let you go out and license all the patents you want -- the protection just kicks in when an NPE contacts you with a licensing demand.)

I don't expect that any of my counterparties will ever have to pay me, but if anyone does, I'll figure out some productive troll-fighting things to do with the money.

Syndicated 2013-02-25 16:33:12 from Don Marti

Nuclear first strike?

Fortunately for advertising in general, Mike Zaneis has it wrong. Blocking third-party cookies would be a free gift to the advertising industry, because reducing trackability would raise the average value of online ads.

It's possible for both of these to be true:

This individual ad will have a higher click-through rate if we personalize it to the user.

and

Online advertising as a whole will be less profitable if we personalize ads to users.

Which makes it an interesting game theory problem. All advertisers would probably do better if nobody used creepy tracking on users, but if some advertisers track users and others don't, the ones who do might be at an advantage. As long as users believe that "online advertisers track and customize" the non-targeters won't get the credibility benefit they deserve.

Firefox fixing the problem at the client software level in a high-profile way is a win. Advertisers who are first to help with making "creepy tracking" harder will be better prepared for the new post-creepy Web.

Let's not get online advertising in general mixed up with specific creepy tracking techniques.

More: Can privacy tech save advertising?

Syndicated 2013-02-24 22:44:47 from Don Marti

The Hedge

(I wrote this short story a while ago, but the news is catching up fast, so I'd better put it up now.)

"Look, Agent Bellamy, I appreciate you coming out, but it's three in the morning. Can we set up a time to discuss this tomorrow, and can your people check the house while I'm at the office?"

Jack Murphy was too tired to follow some involved technical discussion with the big Intellectual Property Enforcement agent, who sat in Murphy's old steam-bent office chair, briefcase at his feet. Murphy, quickly dressed in chinos and Stanford Law sweatshirt, sat in his new ergonomic chair at a gleaming glass and metal desk. The desk looked out of place in the rambling Maryland house that Linda had found when Murphy accepted the appointment in DC.

"I'm afraid it won't wait, sir," Bellamy said. "Sorry for the unannounced visit, but as you're probably aware, our agency tracks the Free Markets closely."

"The Free Markets? That underground money web site?"

"Yes, basicially. Although it's not really a site, just a system for communicating and trading. That's what makes it so hard to shut down."

"Well, all I know is that if you jailbreak your computer you can get on anonymously and buy drugs or guns or whatever."

"That's right. Let me show you an example." Bellamy pulled a plastic IPEA evidence bag out of his briefcase. Inside was a heavy semiautomatic pistol. It was raw machined steel without the usual blued finish, and a blank slide where the manufacturer's name and serial number would be. The plastic bag, oily on the inside, looked like it was lined with little rainbows. "You can't make steel parts like this on a 3D printer, but you can make parts for a plastic machine that will cut aluminum. Then you can use aluminum parts to make machines that can cut steel. People trade machines, parts and weapons every step of the way. This one's complete, and it works. It was on its way to an underground gunsmith who puts a nice finish on them."

Murphy could see the shiny steel reflected in both of the room's immaculate black windows. "It's like Adam Smith's pin factory."

"Yes. And this piece could have come from any combination of thousands of basement workshops. It's completely untraceable, and infringes a zillion patents. These things are a headache for us, but that's not why I'm here."

Murphy leaned over the desk, and Bellamy continued.

"There's also an online scene called the prediction markets. Oh, hold on, sorry." Bellamy spoke quietly into his jacket cuff. The agents who had arrived with Bellamy were still doing some kind of security sweep of the house. Murphy was glad that Linda was away, dropping Jack Jr. off at college. Security stuff always put her on edge.

"All right. Prediction markets," Bellamy said. "If I want to bet on a football game, I can buy a prediction, say 'Eagles win on Sunday.' If they win, after the game the prediction expires and I get a dollar."

"Sounds like just online gambling. They're just saying 'prediction' instead of 'bet.'" Murphy yawned and shook his head to try to clear it.

"Yes, it's like an ordinary bet in a lot of ways. If the Eagles lose, my prediction expires worthless. Just like losing a bet. But those predictions trade up and down, like stocks and bonds, right up until the end of the game."

"And they're untaxed and anonymous."

"Right. And there are other predictions I could make. I could buy a prediction on 'Jack Murphy dead before October 14th'." And if, for whatever reason, you're no longer with us that day, I make a dollar."

"So is that how the assassination market works? Someone just makes a bet that somebody else will be dead?"

"That's one side of the deal. That's the bet that the assassin makes. Someone else has to take the other side of the bet, and lose. If you want somebody dead, you just place a bet that they'll be alive. You lose your bet, but they get taken care of."

One of the agents who had come in with Bellamy was standing in the office door. His light blue gloves and shoe covers didn't go with his dark blue suit. He was holding Murphy's laptop computer, with Murphy's mobile phone and charger on top.

"We're going to need to check those in the van," Bellamy said. "We'll have them back in ten minutes."

Murphy nodded and the agent turned and left. Bellamy had introduced him but Jack was too tired to remember the name.

"So the original client, or whatever you want to call him, makes a bet, and loses, and the assassin wins, and that's how the assassin gets paid. But you said a dollar. Nobody's going to murder someone for a dollar."

"Right. There has to be some volume in the market for it to be a significant risk. A lot of people have to be willing to buy those predictions of 'Jack Murphy alive.' and lose the money."

"So how is my stock doing?" Murphy knew that DC was still chattering about the news of his surprise appointment. The Secretary was an old colleague from think tank days, but nobody expected that the President would go along with bringing Murphy in. The President was too good a politician not to have his own person in every department's number two spot.

"That's why we're here. There's a lot of volume. A lot of outstanding predictions on you alive."

"They're predicting I'll be alive because they want me dead." Murphy finally yawned and got his hand over it.

Bellamy just continued. "Yes, that's right. The good news is that the administration has an independent fund for protecting appointees. Our agency can't know about it officially, of course. That fund buys the same 'dead' predictions that an assassin would. Makes it less profitable for the assassin. Basically, we play the market to lose. It's expensive, and it's not a hundred percent solution, but it's the best answer so far."

"What about just going after the people who want me dead?"

"Frankly, sir, that wouldn't scale. Between the senior citizens and the cat thing, our market model says that more than four hundred thousand people have some money on you. If you're alive next week, they make a little money. If you're dead, they're happy too."

Murphy was silent.

Bellamy said, "They don't really think of it as gambling. More like they're hedging their exposure to your continued existence."

Murphy looked up. One of the other agents, whose name Murphy didn't remember either, was standing in the doorway. "We're clear, sir. No cameras or devices left. Verified no other residents present. Charlie team is watching the egress. We're good to go."

"All right." Bellamy ripped open the evidence bag and pulled out the raw steel untraceable pistol. The room smelled of some kind of oil.

"What are you doing?" Murphy yelled. His voice went up in a squeak at the end. He grabbed for his desk phone and realized it was gone.

"Sorry, sir," said Bellamy. "But the money in that slush fund has to come from somewhere. Sometimes we play to win."

Syndicated 2013-02-19 13:21:29 from Don Marti

Real Advertising needs a voice

The Information Technology and Innovation Foundation bills itself as "Smart Ideas for the Innovation Economy," but what they're putting out there is just a well-summarized version of the conventional wisdom on creepy adtech: The problem is that if users are not tracked, then websites cannot deliver targeted advertising. Instead, websites would only be able to use non-targeted advertising which does not generate as much revenue. Less revenue means less free content and services for Internet users. But privacy advocates are pushing forward, regardless of the consequences.

The conventional wisdom has two key points. First, more creepy stuff means more money for everyone. Second, users don't mind creepy—it's those scary elitist "advocates".

I believe they're wrong on both points. First, the idea that the whole industry can profit by going creepy. I don't doubt that individual ad campaigns can get better click-through rates when targeted. But targeting tends to fuel a race to the bottom for content, and a decrease in signaling power for the medium as a whole. Look at the end of the road adtech is taking, and you'll see email spam already there, funding no content and satisfying no users.

Second, the conventional wisdom says that irresponsible "advocates", not regular users, are behind demands for privacy tech. I wondered about the demand for web ad blockers back in 2009, when hardly anyone was using them. Ad blocking had been around for years as an easy-to-install browser add-on, much easier than a bunch of things that did catch on. But calling it a niche product would have been generous. Nobody did it.

Today, though, ad blocking is is over 9 percent, and spawning at least one startup to help sites deal with it. What changed? Three words: What They Know. This popular Wall Street Journal series started in 2010, and began explaining adtech practices to the public, well enough that the explanation stuck. And a lot of other mainstream media coverage followed. If you believe the conventional wisdom, we should have seen something like: 2009, hardly any ad blocking. 2010, the WSJ explains how well customized those ads are to you. By 2011, ad blocking should disappear, right? Why should I block what's relevant to me? Instead, the opposite happened. People discovered the extent of tracking, and ad blocking finally went mainstream.

In a way, ad blocking is following in the footsteps of spam filters, which were also niche for a long time before they became a must-have. We missed the opportunity to align privacy tech with laws and norms to help everyone, both users and legit advertisers. Shortsighted lobbyists at the DMA got CAN-SPAM passed, which helped the bottom-feeders (who probably don't pay for DMA memberships anyway) but made it a never-ending challenge for legit DMA members to get a legit email newsletter through.

There are a lot of details to work out about how the norms and protocols for online ads have to change, all the way up and down the stack, to support real advertising, and not just direct response. (Firefox is making progress, for example.) But starting with the conventional wisdom on creepy tracking will get us to the wrong place. The real danger here is that the policy conversation about Internet advertising is missing a voice. Somehow, the chair at the debate reserved for Advertising is not occupied by Advertising in general at all—it's been reserved by the vendors of specific creepy techniques.

Syndicated 2013-02-18 15:38:46 from Don Marti

QoTD: Bob Hoffman

Every day, Facebook has an audience that is three times the size of the Super Bowl's audience. That's every day, not just once year. Yet, in its entire history, not a single person has ever mentioned or discussed or remembered a single fucking ad they've ever seen on Facebook.

Bob Hoffman, Ad Contrarian

Syndicated 2013-02-04 14:24:59 from Don Marti

476 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!