The state of the art in interface spoofing
1

The state of the art in interface spoofing

Jeff Atwood has a great series of screen shots describing how malware distributors spoof user interfaces to convince users to install their software. The more operating system and browser vendors do to prevent people from inadvertently installing software they don’t want, the more the malware distributors do to entice people to override the security measures that are in place to help install software that can only harm them.

This is just one of many arms race scenarios that plague the digital world. As DRM improves, people come up with better ways to crack the DRM. As Blizzard comes up ways to keep people from artificially inflating their arena ranking in World of Warcraft, players come up with newer and better ways to game the system. And as antivirus and anti-fishing software gets better, criminals figure out better ways to enlist the user in circumventing that software.

What I’m trying to figure out is where it ends. How much freedom must computer users volunteer to give up in order to be able to use the Web relatively safely?

John McCain and Rick Warren, distilled
4

John McCain and Rick Warren, distilled

Unlike me, you probably didn’t sit through John McCain’s hour with Rick Warren at the Saddleback Civil Forum last night. Here’s their conversation, distilled.

Pastor Rick Warren: Who are three wisest people you’d rely on for advice if you are elected?

John McCain: David Petraeus, who is the greatest American in history besides me, John Lewis, and Meg Whitman.

RW: What’s your greatest moral failure and America’s greatest moral failure?

JM: The end of my first marriage. For America, the fact that not everyone enlists in the military.

RW: Give me an example of a time when you put your country ahead of your party and yourself, politically?

JM: I believe some people may not have heard my old “never been elected Miss Congeniality in the Senate” joke. Also, I love Ronald Reagan.

RW: What’s the most significant thing you’ve changed your mind about in the past ten years?

JM: We need to start drilling for oil right here, right now.

RW: What’s the most gut wrenching decision you ever had to make, and what was your process?

JM: I was a prisoner of war in Vietnam.

RW: What does your Christianity mean to you on a daily basis?

JM: I was a prisoner of war in Vietnam.

RW: At what point is a baby entitled to human rights?

JM: You evangelicals can count on me to try to outlaw abortion.

RW: Define marriage.

JM: No gays allowed.

RW: Do you support Prop 8 in California?

JM: Of course. That’s what I’m supposed to say, right?

RW: Are you against embryonic stem cell research?

JM: I’m for embryonic stem cell research, but hopefully science will get me off the hook on this one.

RW: What do we do about evil?

JM: Evil = al Qaeda = Iraq = we’re winning the war and we can’t quit now.

RW: Which of the current Supreme Court justices would you not have nominated?

JM: Breyer. Souter. Stevens. Ginsberg. The evil ones.

RW: Should it be OK for faith based organizations to accept federal money and then use it to hire only people who share their religious beliefs?

JM: Of course.

RW: Should there be a merit pay system for teachers?

JM: Only until we privatize all their jobs.

RW: Define rich.

JM: Rich as in money or rich as in spirit? I hate taxes.

RW: What’s more important, individual privacy or national security?

JM: We need to all work together to agree that it’s OK for the government to spy on Americans constantly.

RW: What is worth Americans dying for?

JM: I’m proud to be an American.

RW: What are the criteria for the US committing troops?

JM: If I gave an honest answer to this question, you guys would totally freak out.

RW: What’s happening in Georgia right now?

JM: The new cold war is on like Donkey Kong. All my friends are calling Russia the Russian empire now.

RW: What would you do to stop religious persecution of all kinds?

JM: Ronald Reagan was awesome.

RW: I feel sorry for orphans. Would you support spending money to subsidize the adoption of more of the world’s orphans?

JM: My wife once adopted a child without telling me.

RW: Why do you want to be President?

JM: Don’t you watch my TV ads?

The complete transcript is here.

Why design should not be divorced from engineering
0

Why design should not be divorced from engineering

Jack Shedd on why should be no separation between design and engineering:

The idea of design divorced from engineering is laudable, but the way it so often plays out makes it implausible. Yes, in theory, the design team should come up with a perfect solution and the engineering team should be smart enough to figure out how to pull it off and neither should ever have to talk to each other. The resulting product would look exactly as designed and would work perfectly. Keep on trucking you radical dreamer. Here’s a quarter for the jukebox.

The world’s supply of brilliant-the-first-time designers and can-figure-anything-out engineers is not nearly vast enough. While the ranks of folks who think they’re the former is exponentially higher than the folks who think they’re the latter. As an industry where the two sides are so co-dependent on each other, that either group would think of the other’s role as trivial is beyond ridiculous.

This separation can be particularly tragic when the “get client approval” step falls between design and engineering.

In the most absurd case, I’ve worked on projects where one person acts as both designer and engineer, designs without the engineering in mind, and comes to regret the box they’ve put themselves in.

The candidates on evil
1

The candidates on evil

Last night I took the opportunity to watch Barack Obama and John McCain each spend an hour being interviewed by megachurch pastor Rick Warren. Overall, I thought Warren did a good job of asking interesting and fair questions, and I thought both candidates acquitted themselves well, although I thought it was clear that McCain was mainly interested in segueing from Warren’s questions to his own talking points, whereas Obama seemed more interested in giving thoughtful answers to the questions that were asked.

Warren asked both candidates the same set of questions — Obama went first but McCain didn’t get to hear Obama’s answers before he had his turn. If I had to pick one question that pretty directly illustrates the differences between these two candidates, it was Warren’s audience-submitted question on evil.

Here’s McCain:

Q: How about the issue of evil? I asked this of your rival in the previous thing. Does evil exist, and if so, should we ignore it, negotiate with it, contain it or defeat it?

A: Defeat it. Couple points, one, if I’m President of the United States, my friends, if I have to follow him to the gates of Hell, I will get Osama bin Laden and bring him to justice. I will do that and I know how to do that. I will get that done. No one should be allowed to take thousands of American — innocent American lives. Of course evil must be defeated. My friends, we are facing the transcendent challenge of the 21st century, radical Islamic extremists. Not long ago in Baghdad, Al-Qaeda took two young women who were mentally disabled and put suicide vests on them, sent them into a marketplace and by remote control, detonated those suicide vests. If that isn’t evil, you have to tell me what is and we’re going to defeat this evil and the central battleground according to David Petraeus and Osama bin Laden is the battles — is Baghdad, Mosul, and Iraq and we are winning and we are succeeding and our troops will come home with honor and victory and not in defeat and that’s what’s happening. We have — and we face this threat throughout the world. It’s not just in Afghanistan. Our intelligence people tell us Al-Qaeda continues to try to establish cells here in the United States of America. My friends, we must face this challenge. We can face this challenge and we must totally defeat it and we’re in a long struggle, but when I’m around the young men and women who are serving this nation in uniform, I have no doubt, none.

And here’s Obama:

Q: Okay we’ve got one last time — I’ve got a bunch more but let me ask you one on evil. Does evil exist, and if it does do we ignore it, do we negotiate with it, do we contain it, or do we defeat it?

A: Evil does exist. I mean, we see evil all the time. We see evil in Darfur. We see evil sadly on the streets of our cities. We see evil in parents who have viciously abused their children and I think it has to be confronted. It has to be confronted squarely and one of the things that I strongly believe is that, you know, we are not going to, as individuals, be able to erase evil from the world. That is God’s task. But we can be soldiers in that process and we can confront it when we see it.

Now, the one thing that I think is very important is for us to have some humility in how we approach the issue of confronting evil, but you know a lot of evil has been perpetrated based on the claim that we were trying to confront evil.

Q: In the name of good?

A: In the name of good. And I think one thing that’s very important is having some humility in recognizing that, you know, just because we think our intentions are good doesn’t always mean that we’re going to be doing good.

When’s framework overhead justified
0

When’s framework overhead justified

The other day we had an interesting discussion at work about when the overhead of using a framework is justified. Incorporating a framework into an application has costs in terms of performance and complexity. In this case, we have a few JavaScript features that we wind up using on most Web sites, and the question was whether or not to use jQuery to reimplement those features, or to just use some simple home grown scripts that we already had.

The argument against was that we already have scripts (even though they need some updates), and that the compressed jQuery file is still over 20 kilobytes. Plus it’s an additional dependency that could introduce conflict with other choices we make later on.

In the end, we wound up choosing to include jQuery, for a couple of reasons. The first is that it makes the framework responsible for most of the code that’s likely to require more maintenance due to browser inconsistencies. When Internet Explorer 8 is released or Firefox 3.1 comes out, jQuery contributors are likely to find most of the bugs and inconsistencies and release an update that fixes them. Even if I have to fix some of those bugs, I’ve found that the frameworks still save time. I had to fix an Internet Explorer 5 bug in Prototype once, and I didn’t find it that difficult, even though most of Prototype’s source looks like magic to me.

The second is that incorporating the framework lowers the bar for adding new features to the Web site. If jQuery is already available, the barrier to writing new features is much lower than it is when writing those features from scratch, and I don’t have to revisit the decision whether or not to add a framework at that point. It becomes a tougher decision when you already have non-framework code in place.

I’ve become a fan of using a framework from the start, especially if the framework adds at least some value to even simple tasks. For example, JavaScript frameworks like jQuery make almost everything you do a little bit simpler, from binding events to altering styles on the page. They may not save you much time in your initial efforts because you’re doing something simpler, but you’ll be prepared to reap more efficiency as you add features to the site in the future. And you’re then not forced to make a tougher decision about when to add the framework later (especially if it would require writing non-framework code).

There’s probably an economic argument to be made here about marginal costs. Adding a framework increases the fixed costs of an application in terms of time and complexity, although the simplest frameworks make these fixed costs almost negligible. There’s a cost involved with setting up the framework and learning enough about how it works to employ it effectively. However, the right framework will lower the marginal cost of new features.

My thought is that it’s almost always worth it to eat the fixed costs of using a well-chosen framework to gain the marginal cost benefits when writing new features.

Open Salon
6

Open Salon

Salon has finally launched their reader blogs feature — Open Salon. I hope it works out well for them, but mostly this release makes me sad, because in many ways I look at it as another example of Salon’s unfulfilled potential.

The sad thing is that Open Salon is immediately behind the times. There are already plenty of blogging tools/social networks out there, and while it’s fine for Salon to offer one, at this point it’s sort of a “me too” effort rather than anything groundbreaking. And that’s a shame, because I know Salon worked on this project for an awfully long time. (Scott Rosenberg posted about the development of the site yesterday.)

At one time, Salon and Slate were really the leading Web magazines. These days we have the Huffington Post, Talking Points Memo, Politico, hundreds of really outstanding topical blogs, and major online presences from all of your favorite print publications.

When Salon started out, it was so ahead of its time that they were rarely credited in the major media when they broke news. These days, everyone’s accustomed to Web sites breaking news stories and they are as likely to be credited as any dead trees publication. That’s thanks in large part to Salon.

Salon also tried to get into blogging before it was mainstream, but made the poor choice of using Radio UserLand as a tool. Salon Blogs spawned a number of really good sites, but they were always disconnected almost completely from Salon proper.

It’s also worth noting that Salon has been an incredible incubator of talent over the years. They’ve had able editors like Andrew Leonard and Scott Rosenberg. Farhad Manjoo and Jake Tapper were both Salon staff writers. Chad Dickerson made his initial move to the West coast to head up the tech side of things at Salon.

In the end, if Salon does well with Open Salon, it won’t matter that they look like a late adopter. I’d love to see Salon back in the spotlight. The dot com bubble hit them particularly hard, forcing them to move most of their content behind a pay wall and cut the budget right at the time when blogging really started taking off. If the stores on the home page are an indication of the quality of content they’ll be attracting, they’re on the right path.

By the way, anyone know whether Open Salon is powered by home grown software or a third party package? It’s hard to tell from the URLs and the page source.

Why are good people involved in politics?
0

Why are good people involved in politics?

A couple of quotes that should deter any sane person from becoming involved in politics. First, Rany Jazayerli defending his friend Mazen Asbahi, who recently stepped down as Islamic coordinator for the Obama campaign:

I suppose I should credit the Obama campaign for having the courage to appoint a Muslim coordinator in the first place. In which case I have to ask, how stupid were they to not expect this kind of attack in the first place? The first thing I said to Mazen after he was hired – after “congratulations” – was “you know they’re going to come after you now, right?” He nodded, and we both knew who “they” were.

Or how about this bit of political analysis. Hawaiian vacation? Too foreign.

RENEE MONTAGNE: Now Obama is spending the week on vacation in Hawaii, he’s taking a vacation, he says, because it’s good for his family, but is it a good point in the presidential campaign?

COKIE ROBERTS: It’s a little rough to be doing it at this point, although I think he’s feeling somewhat secure, but Hawaii is also a somewhat odd place to be doing it. I know that he is from Hawaii, he grew up there, his grandmother lives there, but he has made such a point about how he is from Kansas, you know, the boy from Kansas and Kenya, and it makes him seem a little bit more exotic than perhaps he would want to come across as at this stage in the presidential campaign.

As far as the Jazayerli piece goes, I think that when we’re confronted with outright character assassination, it’s important to disseminate the context and defense as widely as possible. Most Americans know nothing about Mazen Asbahi other than that he was recently accused of being a Muslim terrorist sympathizer. Having read the truth, I want to do my part to publicize it.