Archive for June, 2007



Among their podcast offerings, Minnesota Public Radio have started offering speedcasts: speeding up the audio but keeping the pitch down so the speakers don’t sound like chipmunks. Suddenly I’m more likely to listen to that hour-long show because it’s only half an hour.

Why there are separate feeds for hours 1 and 2 of Midmorning, I do not understand. That should change.

I am not an aural learner. I listen to a lot of podcasts — well, maybe 15-20 hours a week, I don’t know if that’s a lot — in part to help develop better listening skills. It still takes concentrated effort to absorb what’s being said. This is doubly true of the speedcasts, but that might change as I get used to the speed. Who knows, it might help my listening skills even more. We shall see.

Incidentally: most people I know who use screen readers have them set to read faster than the speedcasts.


My desktop is no longer virtual

David Berlind’s experiments with desktop virtualization reminds me that I forgot to follow up here on my own attempt to live inside VMWare.

I tried for a little over two weeks to work inside VMWare full-time (at work, not home). Or nearly so: I did still use the GroupWise email client in the host OS, but since I only check email a few times a day, that was no big deal. I wanted this to work, but what Jim called the “virtualization tax” was too high. My poor little ThinkPad wasn’t up to the task. It’s a good computer, but it’s not high-end by any means. It needs to be souped up a bit more before I could comfortably rely on VMWare alone.

If I were just running the normal suite of office applications, it would probably have worked well, or at least well enough. But my work day is spent running Eclipse and JBoss, not to mention a couple browsers and an IM client (pidgin, thanks for asking). JBoss is… more than a little demanding. Given the nature of hot deploy, which after a few deployments starts to get really flaky, I find that I’m restarting JBoss quite a bit. I cannot bear for that to be as slow as it was. Not when I’m already peeved at what I consider an unnecessary delay.

Lack of support for the second monitor was also a problem. For some reason, this particular model ThinkPad doesn’t support two external monitors. Instead I rely on a PC card for the second monitor, which means it’s sloooow. It also means that my VMWare image couldn’t used it.

At the time I was running VMWare 5. I don’t know whether VMWare 6 would improve on any of this, but I’ll probably give it a try. Except that MacBook Pro oughta be showing up any day now…

All this said, I do use VMWare every day. It’s just not for my everyday use. Follow?

Design, Time Management

Piler. No question.

Anne Zelenka asks: are you a filer or a piler?

As I’ve gotten better at using search and as search has itself gotten better, I find myself relying less and less on folders or on Gmail’s labels. Filing just takes too much thought and work without a payoff later for me. Besides, it seems a holdover from our physical desktops.

My desktop is feeling Gmail’s impact. After almost three years of dumping email into an heaped archive, knowing that I’ll find it later, I’ve noticed that I’ve taken the same approach to my physical filing system. At least at work, I no longer obsess over carefully putting project documents into the correct folder. Nope. Everything just gets added to a pile on my desk. Granted, the pile is separated into several stacks, but there’s no organization to them. Some things still get sorted. Documents relevant to annual performance reviews. At home, I still have special folders for taxes and such. But they don’t touch my daily life.

It works. I can find what I need quickly enough, and I feel better not spending time in needless sorting. I’ve spent a lot of my life engaged in devising careful taxonomies that I end up never using. This carried more stress than I cared to admit.

So what do I think about the new Google Docs interface? I don’t mind the folders, but I won’t use them. I preferred labels, even though I don’t use them either.

I do miss the less-used documents being hidden when I first log in. Now I see docs that I’d rather not be reminded of every day. Chapters of an abandoned book. Proposals for projects that went nowhere. I want to be able to get those when I need them, but I prefer that they be hidden otherwise.

Accessibility, Ajax, Web Standards

Meeting etiquette tip #5: sit quietly, then explode in a fury

Sitting around shooting the breeze with a group of developers today, someone made a comment about how Ajax just flies in the face of all the web standards wins that we’ve made over the years. This was followed by an assertion that other places — i.e. the private sector — don’t have the same accessibility concerns that we in government and education are saddled with.

I lost it. I’m pretty sure I actually shouted, “STOP!”

One: companies do have the same accessibility concerns, they just don’t admit it. Ask Target if it’s a non-issue for them.

Two: I’ll agree that popular toolkits have a lousy record on the web standards front and are far from unobtrusive — UJS for Rails exists for a reason — but well-done Ajax and DOM scripting is predicated on a foundation of web standards. I’d even go so far as to say that following standards is necessary, at least if you’re writing code the way I want to see it done.

I am, however, on the liberal wacko fringe.

Open Source, Security

Two Top Tens

I spoke about the latest OWASP Top Ten at my local OWASP chapter yesterday. To be frank, I wasn’t entirely sure why. This is by no means the first time I’ve given a talk about or framed by the Top Ten — indeed, when I was supposed to be giving this talk at the April chapter meeting, I was instead doing so elsewhere. But I figured that if any group of people is going to keep on top of the OWASP Top Ten, you’d think it would be people who go out of their way to attend a chapter meeting. Sure enough, everyone was familiar with the basic document but not necessarily the 2007 update. So for better or worse, especially since I had only a half hour, I just did a quick diff and highlighted the important changes. It was perhaps too casual an approach, but that’s the mood I was in. If you want more detailed discussion, I can certainly provide that at great length.

Then Gunnar Peterson gave a rapid-fire version of the talk he gave in Helsinki on his top ten list for Web services security issues. Amusingly, in Helsinki he was also preceded by someone talking about the OWASP Top Ten. Gunnar possesses an impressive ability too make the much-maligned WS-* security standards seem reasonable. More than reasonable: self-evident. Always a pleasure, Gunnar, thank you.

Almost inevitably, discussion turned to the question of what can be done to “make” developers write more secure software. This always sets me on edge, largely because of the subtext that software security is just a developer problem. There’s no question that developers need to learn more about writing secure software, but it is also true that security is too infrequently considered as part of the requirements or design phase. This has been much on my mind lately, since in the absence of security requirements I’m being forced to write them myself, so expect more from me on this soon.