I'm not really in the market for a new digital camera. My existing Kodak DC-290 is doing quite well. It replaced my Kodak DC-210 about 2.5 years ago. However, if I was looking around, I'd have to give the Coolpix 5700 a serious look. Here's a review of a pre-release model at Digital Photography Review.
blogdex:
is a system built to harness the power of personal news, amalgamating and organizing personal news content into one navigable source, moving democratic media to the masses. at current, blogdex is focused on the referential information provided by personal content, namely using the timeliness of weblogs to find important and interesting content on the web
Adam Goodman points me at this TCPA / Palladium FAQ and an article over at The Register.
Here's a bit of the FAQ that struck me:
12. Scary stuff. But can't you just turn it off?
Sure - one feature of TCPA is that the user can always turn it off. But then your TCPA-enabled applications won't work, or won't work as well. It will be like switching from Windows to Linux nowadays; you may have more freedom, but end up having less choice. If the applications that use TCPA / Palladium are more attractive to the majority of people, you may end up simply having to use them - just as many people have to use Microsoft Word because all their friends and colleagues send them documents in Microsoft Word.Yuck. Microsoft and the media industry are saying "you don't have to play the game, but if you do play you're gonna play by our rules."
And check it out, it comes with MySQL support now. Guess what I'll have to play with soon. Maybe the Google API stuff works right too. I still haven't managed to get it working right. Hmm.
I still don't quite grok the new TrackBack feature. Can someone show me the power?
Dylan Tweney (the brother of a guy I went to high school with--both are geniuses) wrote an article called Broken Trust about Microsoft's Palladium in which he concludes:
But the rest of us should be very wary of putting so much faith in Microsoft. The real question is, for whom does Palladium make computing safer? It will surely make the digital world safer for Microsoft and Disney. But who will defend us from Bill Gates?
I couldn't agree more. When I first read about Microsoft's plans a few days ago, I couldn't believe what I was reading. The guys in Redmond really have balls. It's pretty scary.
That's right. Tim O'Reilly, in his article The Strange Case of the Disappearing Open Source Vendors mentions:
Jeremy Zawodney [sic] of Yahoo talks about MySQL Optimization not because Yahoo sells MySQL but because it uses it to deliver its service. And of course, it's not just the speakers but the attendees at the conference who are using open source to improve productivity, cut costs, and drive innovation in the products and services that they do sell.
Oh, if you look at the URL for my talk, you'll notice that it's apparently session 2600. I'm not sure what to make of that.
Here's a bit of advice. Don't make your record buffer too large. In fact, if you're adjusting it at all, there's probably something wrong. I was helping someone at work figure out what was wrong with their MySQL server today. It worked pretty well until it was stressed with more queries.
I looked at the disk stats. The machine had relatively fast SCSI disks in it. Running iostat -d -n 5 5 didn't show any particular disk bottlenecks. The CPU was pretty busy, but it wasn't saturated. I checked to see how much ram was in the machine (1GB) and roughly 40% was unused. The CPU wasn't a speed daemon (500MHz Pentium 2). But it should have been able to perform much better.
Then I began to watch the output of vmstat 5 and noticed something very odd. In each 5 seconds worth of output, there were thousands of page faults. The number was really high. There was clearly something funky going on with memory utilization.
I looked again at startup options that were set for MySQL on that machine. It turns out that the record_buffer was set to 24MB. What that means is that each active thread in MySQL was constantly allocating and releasing a lot of memory. The kernel was doing a lot of unnecessary work by keeping track of that.
After taking that setting out and letting MySQL use its default value (roughly 1MB), the server performed much better. CPU utilization was far lower. We were able to see the server plow through 500 queries per second with room to spare.
That was the lesson of the day.
I've been a die-hard Perl user for years now. Started with Perl 4 back in 1994 and have been programming Perl ever since. Perl is a great language. I can get a lot done with relatively little effort most of the time. But some of the time it can be a real pain to work with. No language is perfect. They're just tools in the computer world. Being a good Software Engineer means knowing when to use a particular tool.
Recently I've realized that my tool set hasn't grown much. Yes, I'm more skilled with the tools I do use, but that's no substitute for picking up a few new tools. I briefly toyed with the notion of picking up Java a while back. Heck, I did C++ in college for a few years, so it wouldn't be too hard. But Java never really got me excited. The closest I've come has been to read a bit more about Python and to try and study the occasional Python code I come across. Python sort of gets me excited--or at least curious.
Seeing this article on the O'Reilly Network reminded me of a 2.5 hour lunch conversation I had at work a few weeks ago.
Without recounting all the details, I'll say this. One of the engineers that I really respect spent a lot of time singing the praises of Ruby. He talked about being like Perl but better than Perl. Less strict that Python, more readable than Perl, and most importantly, it was fun to write. As I said, this is a guy I respect. Someone who knows more computer languages that I've ever studied. I believe him. I just need to find the time to see why he (and others I know) are excited about Ruby.
The only thing I need is a project to get started. I'm considering doing some back-end XML blog-related stuff as a way of learning the language--if I can squeeze any time away from working on the book, of course.
Apparently there has been quite a bit of, uhm, exposure at the World Cup festivities. And that's one of the more tame shots that has been flying around on Yahoo Messenger recently. I guess I should be proud. That is a Yahoo site hosting the content. :-)
While blogging around tonight, I ran across an old article on the O'Reilly Network that helps get folks (former Windows users, mostly) acquainted with OS X and the MacOS in general. Good stuff.
Have I mentioned how cool the Mac TiBook is? When my review in Linux Magazine finally appears on the Web site, I'll link to it.
Oops. Apparently PowerPoint defaulted to saving my recent MySQL presentation in a web format only viewable by Internet Explorer. What a moronic thing for Microsoft to do.
Anyway, it's all fixed now and still available at the same url.
Or something like that. I've managed to help convince at least one other person that I know of. Huh? Derek (aka Dredd) has setup a blog using Movable Type now too.
It has been a bad month for security in the Open Source world. First was the Apache chunk handling bug, and now there's an OpenSSH root exploit just waiting exercised. Aren't we supposed to be immune to this?
Eric Raymond rose to fame in the midst of the great Internet boom as a visionary who saw into the future of Open Source and computing in general. One of his most famous saying, often cited as the reason that Open Source software is more secure than commercial software like Microsoft Windows, goes like this:
The reason I'm confident that the bazaar model, the open-source model, will continue to thrive and claim new territory, is because all of the other verification models have run out of steam. It's not that open sourcing is perfect, it's not that the many-eyeballs effect is in some theoretical sense necessarily the best possible way to do things, the problem is that we don't know anything that works as well. And the scale of problems with other methods of QA (quality assurance) is actually increasing in severity as the size of projects goes up. On the other hand, open-source development, open-source verification, the many-eyeballs effect, seems to scale pretty well. And in fact it works better as your development community gets larger. [ZDNet Interview]
He proposes that the availability of the source code means that thousands of eyes are looking over the code and are more likely to find bugs and security problems than the small Engineering and QA departments at most software companies.
I think he's full of it. Actually, I know he is. In theory it makes sense. It's a mathematical argument. Simple probability. You're also more likely to win the lottery if you buy more tickets. But the argument only makes sense on the surface.
There several assumptions built into Eric's claim that often go unchecked. They're questions that nobody seems to ask. Let's have a quick look at them.
How many Open Source developers actually read the code?
I'd wager that nearly all the so-called open source developers don't read the code that we've been led to believe. In fact, I'd wager that virtually all of them install their software the same way the rest of us do--using our distribution's packaging system (rpm, apt, etc.).
But surely some are reading the code, right? Of course they are.
Why are they reading the code?
So, let's think about the motivation of the folks who do read the code. Many of them are simply trying to figure out how it works, either so they can copy some of the functionality or ideas for their own purposes or to figure out how to add their favorite feature.
My experience has been that when someone is reading code they're not familiar with, they spend most of their time and mental energy simply trying to digest the code. They need to develop a mental model of how the data is stored, common flow, and so on. Once they finally "get it", they go back to solving their original problem. Few continue analyzing the code.
Even if a brave hacker communities to read the code, they're not terribly likely to spot one of the hard-to-spot problems. Why? Few open source hackers are security experts. That leads to the next question that nobody seems to ask.
How many experts are reading the code?
Few. Very few.
What makes me say that? There are simply very few folks in the world (open source or otherwise) who really know how to write secure code and how to spot insecure code when reading it. One of the most famous is Theo de Raadt of the OpenBSD project. Theo spends a lot of his time auditing OpenBSD's code, attempting to find and fix potential security holes. He's one of the best.
There aren't many others like Theo. Really good security skills takes time and experience to develop. Theo spends his life doing this. It often takes money. Many software companies send their engineers to security training.
Few open source hackers have the time, motivation, or money to invest in really learning how to write secure code. Have a look at the recent Bugtraq archives.
In the past few years, I've seen little evidence to support Eric's many-eyeballs theory. Have I just missed it? I'd be surprised. Even so, look at the sheer number of open source projects and compare it with the number of developers who are likely to find the bugs. The numbers are not that impressive.
According to this article on CNet's news.com site:
Yahoo on Tuesday said it is shutting down several broadcast services, including its financial news program Finance Vision and Yahoo Radio. The closures will result in fewer than 30 layoffs, said Henry Sohn, Yahoo's vice president and general manager for network services.Yahoo has been refocusing its businesses after an early growth spurt that featured a string of pricey acquisitions, including a $5 billion stock purchase of Broadcast.com in 1999 that thrust the company into streaming services. That industry has suffered as harsh a downturn as many with the burst of the dot-com bubble, thanks to high expenses and a tough advertising market.
I was right. Back when Yahoo launched Finance Vision, I said it was stupid idea--a large void into which we (well, Yahoo as a company) would pour buckets of cash, seeing little return.
We were told that it was important to be the first in the on-line streaming space. If we produced original content back in 2000, then when broadband became ubiquitous users would turn do us. The argument made sense, but the assumptions behind it were terribly flawed. A few people listened to me, but mostly folks just drank the Kool-Aid.
The biggest problem is that the adoption rate of broadband technology wasn't anywhere near the predictions that folks were citing. It was clear to me that broadband was going to take at least 5 years to become popular enough for it to be a money-making business. Of course, Yahoo had money to burn at the time (and still does), but that didn't mean it was right.
Then, when the first round of layoffs hit in early 2001, some of us expected Finance Vision and similar services to vanish. Why? They never made us a dime. The infrastructure was expensive to build and maintain. There was no sign of it becoming profitable. And we didn't have many viewers. But they kept it going.
When the second round of layoffs hit, I was certain that Finance Vision would be axed. It was not.
Oh, well. It's good to see the right folks finally coming to their senses. Better late than never. I just hope they learned the lesson. We cannot afford to repeat it.
According to this article at news.com, Office version 11:
will include better support for XML (Extensible Markup Language), an industry standard for data description and exchange and a key technology behind Microsoft's .Net Web services plan.
Amusingly, they're playing catch-up again. A lot of Office alternatives already gork XML.
I need to get to bed before 3 or 4am for a change. So I'm going to not go surfing other weblogs tonight. Instead I'm going to try and be like a normal person and sleep. Let's see if it actually works.
That's right. I can finally get the Iron Chef. After resetting my Tivo and configuring the channels, it turns out that I can get the Food Network. I don't pay for it and it's a little fuzzy, but the audio is good and my Tivo is smart enough to record it for me. Woohoo!
Okay, here are a few things I didn't expect to see. First off, we have a tennis picture that makes you wonder what the photographer was thinking. Then we have something completely different. It seems that some folks in Korea have decided to nab a picture of mytop from my site. It appears to be a discussion of the tool. I just hope they like it. It's always interesting to see what turns up in my server logs.
As noted in Dave's weblog, American Airlines is getting serious about E-Tickets. That's great. I've recently become a big fan of AA anyway. Not only do they have the "more room in coach" (you really can tell), they have laptop power at the seat in most of their large jets.
Now if I could only find a way to transfer my 60,000 miles on the Northwest, Continental, America West plan over to AA. Hmm.
According to a Reuters story,
Users of Instant Messenger can keep receiving messages, even when they are not logged on to their personal computer, as Microsoft and eight European mobile operators expanded the service to cellphones. A message sent from a PC to a user who is 'off-line' will automatically be forwarded to his mobile phone in the form of a short SMS text message. Replies from a mobile phone will land back in the Instant Messenger dialog box on the computer. Mobile phone users will be charged per message received or sent.
I can imagine people just trying to jack up each others bills by spamming their phones. I sure hope there are some good filterting options.
There is an interesting discussion going on at K5 about Microsoft's real motivation for .NET. The author derives some of his ideas from Joel's latest column, Strategy Letter V.
In his latest strategy letter Joel Spolsky describes a general principle, Smart companies try to commoditize their product's complements. It's interesting to try and apply this to Microsoft's .NET efforts. In programming the best way to learn a language is to try to write programs in it. With these sorts of ideas the best way to understand them is to try and apply them.
I'm not sure if I buy it or not. They may be on to something. But a part of me really thinks that .NET is Microsoft's answer to the threat of Java and things like Java--the thought that they'd lose control of part of the development foundation.
Props to Ye Olde Phart for pointing out Over the Edge. It looks like a weblog to watch. I think that the Phart is right about Dan's weblog. It does feel rather journalistic. I like what I've read so far.
This is certainly isn't helping me get to bed at a reasonable hour.
While reading a few comments in this thread on slashdot, I saw mention of a guy who makes some cool WinAMP plugins. Then I looked at what one of them actually produces. Amazing. Yet another thing to try out if the notebook ever arrvies.
The odd problems we've been seeing with MySQL on FreeBSD have flared up recently. I just had to throw all traffic off our east coast servers and send it to the west coast (ouch!) to restart one of the east coast machines. The other east coast machine has been off-line since it got messed up on Friday.
It seems that FreeBSD's threading is to blame once again. Grr. I'm working to get a good build of MySQL with LinuxThreads support to see if this all goes away. In the meantime, things are quite fragile. I'm starting to really wish we had a Linux box on the east coast. Right now they're all on the west cost.
Damn you, Murphy. Can't you ever just leave me alone for a week?
No, not me. But this guy named Joe found wireless at the park in New York. How cool. I have a feeling that I'd find something similar if I moved up to San Francisco, but that's not exactly a good reason to pack up and move, now is it?
The folks over at DSLReports.com have assembled a very good FAQ on Windows XP. When (if?) my new notebook ever arrives, it will be very useful.
Thanks to Steve Friedl, I'm a big fan of the DSLR discussion forums too. There's a lot of very good info in them.
I've been trying to ignore all the fun new stuff I want to explore so that I can finish working on the slides for two of my three talks at OSCON this year.