Archive for August, 2003



I forgot about this coincidence the other day: Edward Tufte published an article in Wired about how “PowerPoint is Evil” just as I finally got around to reading his essay on The Cognitive Style of PowerPoint.

I’ve written before about how much I hate PowerPoint. Even before I read Tufte, I’d realized that it’s more than just the tool, it’s that the tool contributes to so many bad presentations. Its all the excruciatingly dull or misused PowerPoints I’ve sat through that I really resent.

That and PowerPoint on the web. The slide shows themselves are bad enough, with their ugly markup and pages that are usable only in certain browsers (<cough>IE/Win</cough>). More troublesome, though, is the fact that PowerPoint presentations are going on the web in the first place. A well designed PowerPoint is meaningless outside the context of the presentation it is meant to accompany, yet (as Tufte bemoans) the slide shows are regularly disseminated via email and on web sites.

My biggest gripe is against the use of PowerPoint in lieu of written reports. Gartner does this. For a study they did for my employer last year, they supplied their report as a PowerPoint instead of bothering to actually write something. Two PowerPoints, really: an executive summary and the actual “report.” Bah.

(In)accessibility is an obvious complaint, as well. Yes, there are tools to make PowerPoint-generated web pages more accessible, but thus far they have not impressed me. Moreover, they distract from the far more pertinent question of why a slide show is on the web in the first place.

When I get a call asking for help putting a PowerPoint on the web, my first response is to discourage the caller from doing so. Publishing a single summary page or an honest-to-god written report will server her readers far better. If I can scan a page that contains the same content as the PowerPoint, or even slightly expanded, I’ll be much happier than if I have to click through fifty or sixty low-resolution and low-content pages. I’ll be even happier to read something more carefully written that lays out information and arguments in a thoughtful and sensible progression (something that one should expect from a high-buck and respected organization like Gartner. Oops.).

Is it harder and more time-consuming to create these alternate versions? Depends. Creating a summary is certainly easier than futzing with the convoluted process of creating an accessible or even usable HTML version of the slide show. In most cases, writing a complete report is more difficult, but to my mind that is an advantage because it forces you to consider whether it is worth adding content to your web site. If you are unwilling to take the time to string together coherent sentences to make your message meaningful, then what you have to say will not usefully contribute to your web site’s content.

Or you could go ahead and throw another PowerPoint on the midden heap that your site will become.


DVDs at the library

We’ve started checking out DVDs at the library. They have a surprisingly decent collection. There’s usually a waiting list, but big deal: we can add ourselves to the list online, and be notified by email when it’s our turn. It’s like Netflix, but free! Well, that and the DVDs aren’t mailed to us. Again, big deal: we’re at the library on a regular basis anyway.


Wired coincidence

The latest issue of Wired arrived the other day with more than a few coincidences:


Using the Web to Help Teach Kids Writing Skills

New York Times: “A Young Writers’ Round Table, via the Web.” I would have loved publishing online as a kid.


Anil’s Ghost.

A long commute on the bus gives me several hours guaranteed reading time every day. I love it. Sometimes I’m lucky enough to read something that so overwhelms me that I forget myself: I moan in extasy at a particular turn of phrase, laugh out loud, quietly read passages under my breath. Some time later I become aware of fellow passengers’ sidelong glances, and it dawns on me that I’m the crazy guy on the bus.

Which isn’t all bad. At least no one will sit next to me.

Storm Constantine used to have this effect (Burying the Shadow is wonderful) until she got all weird and sex-magic crazed. Right now, pride of place belongs to Michael Ondaatje’s Anil’s Ghost. An absolute gem. I’ve been reading bits of it aloud to Owen, who quietly lays against my chest, listening. Considering that his usual reaction to a book is to crawl frantically toward it, chew on the binding, then coo as he flips through the pages, his calm appreciation for Ondaatje’s prose speaks for itself.

But I’m still the crazy guy on the bus.


One-Stop Business Registration

Utah has launched OneStop Online Business Registration. Instead of having to register independently with several state and federal agencies, you can now register a new business online, in one place, “in about an hour.”

Now that‘s effective and useful eGovernment.


Goodbye, Cathy.

A coworker died this morning, after being hospitalized suddenly yesterday. It feels very strange to be working, everyone going about their business. I did not work closely with her so do not immediately feel her absence, but it’s beginning to creep into my awareness.


IE vulnerabilities are so much fun.

We don’t allow HTML mail at work. Our GroupWise email clients are configured to disable both display and creation of HTML messages. This causes some problem for those who receive HTML mail without a plain text equivalent, but someone decided that the benefits are strong enough that the inconvenience is worth it. Some may declare to our tech support, “You’re preventing me from doing my job!” but they’re wrong.

The problem is Internet Explorer. Many popular Windows email clients use IE for HTML rendering. Since IE is riddled with unpatched security holes, HTML mail is potentially unsafe. Opening an email message is enough to bring down your machine.

To help out our beleaguered tech support staff, I put together a little web-based app that demonstrates our two primary reasons for disabling HTML mail: security and spam. (Spammers sometimes use single-pixel images to track their mail and help identify valid addresses.) It’s quite simple: supply an email address, and the system sends you an HTML-only message. The message contains an <img> whose src is a PHP script that associates your email address with an IP, user agent, what time the message was opened, etc. Most important to a spammer is that the email address is valid. A more malevolent attacker could use the user agent information to craft a more focused exploit.

The message also includes exploits for several IE vulnerabilities: one buffer overflow (now patched), an ActiveX exploit, and now something that launches NotePad (see this followup). Depending on the circumstances in which the message is opened, one or all of those is triggered.

The trouble was not coming up with exploits. IE security holes abound. The trick was coming up with something that a non-technical user can see is a problem. So many of the vulnerabilities are complex or hidden: “Oh no, a cookie has been read!”

The astute reader will point out that disabling image loading and scripting in the email client protects from most of the existing vulnerabilities. True enough, which is why I included a bogus link in the same message on a web server. If the user follows the link, IE crashes. Too, in my tests I was still able to launch NotePad without user intervention. Considering the rate at which IE security holes are discovered, some of which do not require scripting, I do not consider simply disabling functionality to be adequate protection.

I used to abhor HTML mail but no longer feel so strongly: I can understand why many people prefer to read styled text. That is, as long as a plain text version is sent as well. I just read that and refuse to read HTML-only mail. Know, however, that there are risks.

Simon Willison may be glad that he switched to Firebird. Switching your web browser may not be enough.

Now I’m going to get all sorts of mail complaining that I’m alarmist. Nah. I just think that my employer’s tech support staff’s concerns are valid, and if they don’t want to enable HTML mail, I stand with them.


ELF is moving in.

“Firebrands of ‘ecoterrorism’ set sights on urban sprawl”:

The latest attack came last weekend when a large condominium project under construction in an upscale San Diego neighborhood burned to the ground. A banner stretched across the charred site read: “If you build it – we will burn it. The E.L.F.s are mad.” In e-mails to regional newspapers, the Earth Liberation Front (ELF) claimed responsibility for the conflagration that also damaged nearby homes.


Perl in Elvish?

Writing with Elvish fonts. This would be perfect for those who aren’t satisfied with ordinary means of obfuscating Perl.

Heck, why stop with fonts? Surely if we can write Perl in Latin, we can write Perl in Elvish, too.

« Prev - Next »