qrcode
The slightly less long-winded not-at-work version of Will

Theme by nostrich.

11th January 2013

Post

Online Advertising Privacy

Lots of stuff went around the news several months ago about online privacy or advertising tracking and such. I figured I’d write a post to hopefully do a better job of explaining some of the technology and techniques, and then give some help on how to protect yourself a little while you’re at it.

Cookies Aren’t (All) Evil

The first big annoyance that I hear is that cookies are evil and you should just disable them. You’ll even hear “spyware removal” ads (which are really just for software that you voluntarily install which will track you) talk about how harmful cookies are. Cookies aren’t inherently bad. Here’s a bit of how they work…

Websites are stateless. That means that from one request to the next as you’re bouncing around the site, it doesn’t know you or your browser from any previous time. The way browsers and web servers work around that is by using cookies. A cookie is a smallish (well, supposed to be smallish) piece of data sent by the website to your browser. Then your browser retains that piece of data for some amount of time, and sends that data back to the site from which it came every time it makes another request to it. (Yes, geeks - I’m deliberately over-simplifying).

There’s not really any standard as to what data can go into the cookie. Sometimes the data in the cookie is the information the site wants directly. For example, you may have a cookie for a video website which says that your preferred background color is red, and so the background color of red may be stored directly in the cookie itself. Often, though, the cookie just contains a random number and that random number is used on the server to look up your favorite color.

Cookies are really useful. Cookies are how your bank has the notion of you being “logged in” even though it doesn’t really know you from now as opposed to you from five minutes ago. So disabling all cookies would make the web just about unusable for you.

Advertising Cookies And Referer

Now this is where cookies can be more rotten. Advertisers often use cookies to track you from one website to the next. Your browser will reject an attempt of a site to directly set a cookie for another domain. However, if the site includes an image, script, iframe, video, etc. from the third-party site, then that third party is (usually) allowed to set a cookie when it sends the response that your browser asked for. So if you go to somenews.com and it includes an image from bigadverts.com, bigadverts.com may set a cookie on your browser. Then if you visit somesports.com and it also includes an image from bigadverts.com, your browser will send back the cookie it originally got from bigadverts.com when you visited somenews.com.

Another piece to the puzzle here is that when you visit somenews.com, it may put the advertising request together in such a way that bigadverts.com knows that this request is being served on somenews.com. So not only does bigadverts.com know how often you get advertisements from them, it can know which sites you visited to get those ads.

Furthermore, even if somenews.com or somesports.com aren’t specifically customizing the request, the browser is probably sending a Referer (spelling is deliberate - it’s been misspelled for years) header which specifies the exact URL you’re visiting, so the advertising knows that you’ve visited somenews.com and somesports.com.

Fixing What You Can

The advertisers have lots of different ways to track you, and unfortunately, if we just disabled all the tricks they use, then the Internet would stop working as a whole. Similarly, robbers use getaway cars, but if we just outlaw card, where would we be? But there are a few things you can do to help protect yourself.

Opt Out Where You Can

While lots of advertisers use these tricks to track you, there are some which are honest about doing so, but subscribe to the Digital Advertising Alliance. So they do somewhat shady things, but they give you a chance to get out of it reasonably. (Don’t think that spam email works the same way - don’t bother unsubscribing from spam sites - you just told them your email address is real).

If you go to http://www.aboutads.info/choices/, it will show you all the advertising partners which are in the DAA. And you have the option there to opt-out of those sites. How do those sites know you opted out? By setting a cookie, of course. For each site you select (or even do Choose All Companies at the bottom), it will delete any cookies from your browser which that advertiser has set, and then the advertiser will set one more - which says that you don’t want them tracking you. The middle tab shows advertising sites in the DAA which have already sent you cookies that are not opt-out cookies.

This doesn’t solve the whole problem - it only deals with the 118 or so sites that are honest enough to use that method.

Protect Your Choices

While you’re at http://www.aboutads.info/choices, click on the Protect My Choices link and then install the browser plugin for your particular browser. This plugin is updated with new sites regularly, and helps to prevent your browser from losing the opt-out cookies.

Advanced-er Settings

  • In Chrome under Advanced Settings, Privacy, check “Send a ‘Do Not Track’ request with your browsing traffic”
  • In Safari Settings, Privacy, check &quot:Ask Websites Not To Track Me”
  • In Firefox Settings, click “Tell websites I do not want to be tracked”
  • In Internet Explorer, click on the Settings icon, Safety, Tracking Protection. Then click on Get a Tracking Protection List.

Again, this only tells the honest guys you don’t want to be tracked.

Advanced-er-er Settings

At your home, use OpenDNS or something similar. In OpenDNS, you can have it block adware sites, Web Spam sites, and my personal favorite, Typo Squatting. If you set this on your home router, it protects everybody in your home, but only at home.

This doesn’t block all advertising, nor does it block any cookies. It just blocks your browser from making requests to sites in the categories you select. You can also blacklist specific sites.

Advanced-er-er-er Settings

You can disable “third-party cookies” so that if you visit somenews.com, an image from bigadverts.com can’t set a cookie. However, this does end up making some legitimate sites not work properly, and it’s often hard to diagnose that as a cause. (Also, if you do this, make sure to turn it off while you get set the Opt-out cookies from the first recommendation).

Advanced-est Settings

This one is not for the feint of heart. You could get Ad Block Plus or even Noscript. The problem with Ad Block Plus is that it actually blocks the advertisement. And many sites are supported by advertising. You’re able to see a lot of sites “for free” because of the advertising impressions. If everybody blocked all ads, then legitimate sites wouldn’t be making as many impressions and the advertisers would stop funding the site.

The problem with Noscript is that it turns off a lot of really good things to turn off - however some sites depend on those really good things. So you have to do site-by-site management in order to get things to work just right, which sometimes takes a lot of effort. If you’re willing to put the effort in, by golly - go for it.

In Conclusion

What did I miss? Oh right. Don’t visit sites that are already shady. They’re obviously going to be carrying advertising from sites that don’t care about your Do Not Track setting or your Opt Out cookies - they’re going to track you anyway. So use OpenDNS to help you stay away from those.

by

()

9th June 2012

Post

Setting Up A Password Database

First, let me say that something like LastPass or 1password are probably easier to set up and use over the life of the product. Both of them come highly recommended from co-workers of mine. So if you trust them more than me - go for it. LastPass does have a free option, and then it’s $12 yearly if you want it on your mobile device and some other goodies.

But I’m going to explain some of the tips of what I did…

A password database is an application that runs on a machine which securely stores passwords, usernames, and notes. Sometimes (like with LastPass) it’s all stored “in the cloud” and runs as a browser plug-in and logs in for you automatically. Some tools (like the ones I use) use a local file and allow you to copy passwords to the clipboard. Then you might have to jump through some other hoops to get it shared across all your devices.

Selecting a Passphrase

Setting up a password database initially is pretty easy. The hard part is choosing a passphrase. Notice I said passphrase. At the end of the day, this is a computer file with passwords, account numbers, secret questions, etc. in it, so you want to make sure that nobody is going to get this in a long, long time. But you want to make sure you can get it. So some things to consider when choosing a passphrase:

  • It needs to be sufficiently long - like at least 25-30 characters
  • It needs to have lots of different types of characters (letters, numbers, punctuation, capitals, etc.)
  • It needs to be easy enough to type on a keyboard
  • You should try to make it so it’s not terribly frustrating to type on a mobile device

The best approach to meeting all those criteria is to use a passphrase instead of a password. Think of something important to you which has some punctuation in it. Maybe something like:

21:12 Jesus said to them, “Come and have breakfast.”

or maybe

He turned his back and walked away, sayin’, “Little miss you’ll rue the day”

Both of these are things I can remember. The first one is from John 21:12. The second is from “The Boy Who Wouldn’t Hoe Corn”.

Another option is to use four or five words that have nothing to do with each other but that you can remember. There are passphrase generator sites which can help you put those together.

Setting Up The Password Database

Keepass is a tried-and-true password databas that’s been around for many years and lots of other software is compatible with it. Most other software is compatible with Version 1 databases. There’s Keepass 1 and Keepass 2. If you’re going to be using a Mac, Linux, or a mobile device, download the latest version of Keepass 1.

On Mac and Linux, KeepassX will open and save Keepass 1 files so you can use the same file on Windows or on your mobile device.

The information below is from KeepassX, but it’s really, really similar on Keepass.

  1. Start KeepassX
  2. If it’s already prompting for a passphrase look at the bar on that window - if it says “New Database” skip to step 4
  3. Hit one time, then go to File/New Database
  4. Enter the passphrase you selected before. Remember this passphrase exactly as you typed it
  5. This will open your new password database, but you haven’t saved it anywhere yet. Click File/Save Database As to pick somewhere to save it.

You’ll need your passphrase to unlock your password database.

It’s important to understand that KeepassX, Keepass, etc. doesn’t “know” what your passphrase is, how long it is, what kind of characters are in it, etc. It’s used as the key to a cryptographic algorithm, and it only knows that it was able to decrypt the database using your key. So you have to remember your passphrase and not depend on the tool to help you. Also, because of the way your passphrase is used as part of the key material, it can’t tell the difference between a forgotten passphrase and a corrupted database. This is by design. But the error message when you enter an incorrect passphrase may look a little confusing.

Using Your Password Database

On the left side of the window, there are groups:

Within those groups are entries:

You can create new groups by going to Groups/Add New Group (⌘G). You can make whatever groups are easy for you to categorize things in like maybe “Financial” for your tax site and bank site, “Professional” for news sites you peruse as part of your work and LinkedIn, “Social” for all your social networking sites, etc….totally up to you. (You may want to spend some time categorizing though because the search is inconsistent on other tools which you might use to open this.)

To make a new entry, pick the group you want and go to Entries/New Entry (⌘Y). Give it a title like “Twitter” or something appropriate. The Username is the username you use to log in. If it’s a website, enter the URL to the login page (later you can use keyboard shortcuts to open a browser, navigate to that URL, etc.). For the Password, you can either enter your existing password or you can have it generate one for you. I recommend going to all the sites you use and making a new password. The Gen. button will generate a random password for you, and since you’ll use the password database, you don’t even need to know what it is. The Quality bar will tell you basically how many bits are in the password - but quality is subjective - most of the passwords you generate here will be higher quality than you’ve had before simply because they only get used on one site. The Comment field is for any notes you want to take (this can be used for an auto-login script on Windows). This would be like “secret questions” or if it was for your mortgage site, you might include the mortgage number so that if you needed to call on the phone that information is handy.

Expires is the date when you want the password to rotate. It’s handy to change your passwords every once in awhile, and with KeepassX you can set your password to expire on some given date, and go to Extras, Show Expired Entries - those are the ones you should go change.

To use a password, remember these shortcuts: ⌘B, ⌘U, ⌘V ⌘⇥, ⌘C, ⌘⇥, ⇥ ⌘V, ⏎

That’s:

  • ⌘B - copy the username for the current entry to the clipboard
  • ⌘U - open the URL for the current entry
  • ⌘V - when your browser loads that page, paste the username into the username field;
  • ⌘⇥ - Splodge-Tab back to KeepassX
  • ⌘C - copy the password for the current entry to the clipboard
  • ⌘⇥ - Splodge-Tab back to the browser
  • ⇥ - Tab to go to the next field (probably password)
  • ⌘V - paste the password in
  • ⏎ - Hit enter

That won’t always work, but you get the idea. ⌘B copies the username to the clipboard. ⌘U opens a browser to that site. ⌘C copies the password to the clipboard.

Other Settings

If you’re really paranoid, you can go to Preferences and set things like how long the clipboard entires stay before the clipboard is cleared, or how long to go before automatically locking your database again. I definitely recommend setting both of those.

Other Tips

Here are some helpful hints for getting along with this system:

  • Write down your passphrase with all the right punctuation pointed out. Put this on a piece of paper, seal it in a manilla envelope or safety envelope, and put it in your safe deposit box labeled “in the event of my death” so your spouse can get at bank accounts, know the password for the security system, whatever. Unpleasant to think about, maybe, but be a help.
  • I use Dropbox to synchronize my db across to my phone, my iPad and other computers. This has some challenges of its own: ** I have to know my Dropbox password to open the database creating a circular dependency (or I have to have my phone with me or something like that to set up a new device) ** What if Dropbox gets hacked? The bad guy has “forever” to unlock my db ** What about places I can’t get to Dropbox or run other software?
  • But I use Dropbox because iKeepass (opens Keepass databases on iOS) supports it and KeepassDroid (for Android devices) supports it
  • Read the password requirements for sites and in the Generate Password dialog, use the strictest ability of the site (does it allow 20-character passwords? Then use one.)
  • Some sites are horrible about letting you set up a 24 character password, then allowing you to ENTER a 20-character password, but it only took the first 12 when you created it or something. These are a pain to debug and I hate them. I need to make a naughty list of these to keep you aware of them.
  • Some sites and applications (like Instagram on Android) won’t let you paste into the password field. So I don’t use Instagram because of this. (On a desktop browser, if you’re clever you can disable the ability to prevent pasting).

by

()

8th June 2012

Post

Another Case For…

If you haven’t read the news yet, LinkedIn gave up password hashes for somewhere between 6.5 million and 8 million passwords. The leaks for the data don’t seem to include usernames, but the holders of the information state they have it. I won’t go into too much detail on what password hashes are, but when you see news sites say that they lost “encrypted passwords”, that’s not exactly true. Encryption allows you to reverse the algorithm to get the plaintext. You cannot do that with hashes.

The way LinkedIn stored those passwords was insecure. Because hashing the same data with the same algorithm produces the same result, it’s common for security-minded groups (blackhats, whitehats, and grayhats) to spend a lot of time computing hashes of what they believe would be common passwords and storing these in what’s called a Rainbow Table. If I see the hash for the password “password1234” in a password dump, I know that 1) either your password is password1234, or 2) password1234 will also work as your password. The secure way to store a password is to concatenate a “salt” to the password to make the hash entirely different before doing the hashing (and multiple rounds), and store this salt with the hash so that rainbow tables are not effective, and so brute force is required to get the password. (There are even more secure ways by keeping additional salt material outside the database, but that’s beside the point).

So out of the millions of stolen passwords, attackers have already gotten the plaintext for 60-80% of them.

So what’s the lesson for you? Use a password database. There are a few benefits to this: 1) Your password will likely be more secure than one you would come up with on your own, and less likely to appear in a rainbow table, and less likely to be brute-forced soon 2) When something like this happens, you don’t have to devise a new password “scheme” or just “add 1” or something - you just generate a brand new password and call it a day. 3) You can use a different password for every single thing you need a password for. So if the attackers get your email address, they don’t also have your email password (or the user ID and password you use for ebay or paypal or last.fm)

Speaking of last.fm, they evidently also had a password breach. So just do yourself a favor and start using a password database now.

by

()

2nd April 2012

Post

Smells Like…

When I was in elementary school, once a week, I was singled out with a few other students for an extra class. Our school district was in an agrarian area, so there were two elementary schools in the district quite far apart. This class was at the school I didn’t go to, so about 5 of us piled into a drivers’ ed car and rode the 25 miles or so to the other school.

The classroom was in a portable building that at that point was pretty stationary. It had been in the same location for awhile, and continued to be there as long as I was in elementary school. Since it was a somewhat permanent temporary building, the teacher had the building carpeted and had her favorite decorations up in addition to all the learning tools, incubators, construction zones, computers, etc.

Since it was a small separate building, it didn’t have central heat and air. The teacher liked to keep it warm, so I certainly have memories of how warm and inviting the place was in the winter, in the afternoon the sun would come in through the windows and warm the thick pile carpet (it was brown).

But one of the things I remember best about the place was the smell. Mrs. Lands loved coffee. I don’t know if I’ve ever known somebody to drink as much coffee as she did. She always had a pot going, and none of us ever drank it. She had brewed so much coffee in that building that the smell had permanently settled on the carpet. As coffee stains something, over time it takes on a completely different smell. I remember my dad’s coffee mugs from work having the same smell.

This place always smelled like that. On the really cold days, as warm as Mrs. Lands kept the room coupled with the sweet smell of coffee brewing and the aged coffee smell from mugs, pots, and on the carpet, it was just so inviting. Mrs. Lands was such a sweet lady. I remember the place, the people, and the classes well.

by

()

31st March 2012

Post

Stop It!

If you’re not the technical type, this post might not be for you…

If you’re a sysadmin, manage your own machine, do any software configuration, etc. This post might be for you.

If you write software that you expect other people to install, configure, and use, this post is definitely for you. Please read this. Every word.

Stop with the XML for configuration thing. Now. Stop it now, right away. Post haste. Without delay. If you want people to actually use your software with any success whatsoever, stop with the XML configuration. I’m not kidding. Just stop it.

First, let’s look at why software developers choose to use XML for configuration of their software. It’s easy for the developer. There are tons of libraries for parsing the XML, reading it in various forms, turning XML into an object graph, turning an object graph into XML, etc. All of these tools to a lot of the boring plumbing stuff for you. You don’t have to worry about trying to figure out if the configuration is well-formed, or if it’s valid, because the libraries do that for you. For free.

But, what is XML ultimately useful for? For message interchange. XSLT, etc. can turn a document in one XML format to another XML format. It’s good for passing to remote systems where the developers need to integrate your data into theirs in a hurry. It’s great when it’s developers’ data communicating with another developers’ system and then that system turning data into an object graph, or into another XML form. (After all these years, it turns out that JSON was probably a lot better for doing data exchange, but that’s beside the point).

It’s horrible for configuration. It’s a nightmare for system administrators. If your primary means of configuring your application is by XML, then it’s clear that you hate your users. You want your application to fail spectacularly. You want your users to hate you right back. You have no love for your users, the people who configure your software, or the people who use your software if the configuration for your software is done in XML format. The real value of XML is lost when a person has to write the configuration in XML format. There’s no real point in doing a business-to-business transformation of your configuration.

It’s easy for you, software developer, to say that XML is a good format for configuration. You have a fancy IDE that helps you write it, validates it as you go, checks to make sure the syntax is valid. In a lot of cases, you even have a handy UI where you fill in text boxes with default values, and it spits out a configuration file in XML format. You might even be ignorant of the fact that at the end of the line, an XML file is produced that some person is going to have to edit by hand.

Those of us who use your software don’t keep those same fancy tools on the systems that run your software. We don’t have an IDE to help us make the right decisions about what to put in one box or another. We don’t have internet access for it to download DTD’s or XMLSchema files, or RelaxNG schemas. If we’re lucky, we have an editor that we can run on a local machine and it will allow us to send the file to the remote machine where your software runs. More often, we have an ssh connection to the machine where it runs and we have vi. We don’t have the luxury of not knowing that at the end of the day the configuration is XML. We’re horribly aware of the fact that it’s in XML format, and the only way to edit it is by hand. And if we’re lucky, we might have xmllint or something that will at least tell us if it’s well-formed, but that won’t tell us if it’s going to cause your application to divide by zero. If we’re not so lucky, we don’t have that luxury, and we’ll forget to close a tag properly, your application will vomit all over itself, and because you assumed that everybody would configure your application correctly the first time with some fancy whiz-bang tools that this would never happen, so you didn’t bother to make the error messages remotely helpful when it does vomit all over itself.

Configuring an application shouldn’t be so complex as to even need XML configuration. The options to turn on and off should be self-documenting with helpful names and inline comments so that it’s easy for us to get it right.

At the end of the day, you’re choosing to use XML for configuration because it made it quicker for you to write the parser at the expense of the hundreds of people who will be configuring your software. You saved yourself a couple of hours of coding but cost your users hundreds of hours of frustration and millions of dollars spent on alcohol treatment centers. Your convenience was at your users’ expense.

This isn’t really for the Ruby folks, or the Groovy folks or the authors of Git or the many other tools that use a straightforward configuration format like INI, properties, or YAML (although YAML can get pretty complex as well - even just to format it properly. It can be as bad as XML but generally is not). (Parenthetically, I have a different bone to pick with Ruby and Groovy - convention over configuration means that the people who use your libraries really have no clue at all what’s going on. Just ask the developers of Twitter.)

This is for you, Oracle (Sun). This is for you, Microsoft. This is for you, Apple (plist files are not only hard for a human to get right, but they’re darn near impossible to query with XPath properly). This is for you, Apache. This is for you, Spring (although to a lesser extent).

Furthermore, you fail to see the fact that the users of your application will be required to read the configuration file to understand how the system is running. How to tune it. How to make it work better on their own systems. Not only does the format you choose need to be easy to edit, it needs to be easy to read. XML is a write-only language for humans, and is read pretty well by computers - so long as a human wasn’t responsible for writing it.

At the very least, you could provide a CLI configuration tool (remember Sendmail and m4?) that reads a human-readable and human-maintainable format and then turns it into something your programmers can process with a library. But that might take you another couple of hours. Besides, you’ll make that tool a GUI that requires administrative privileges, Internet access, and 4 hours of me downloading stuff just to make the preprocessor work. So skip that. Because I don’t need that tool to just run on the system where your software is going to run, I need it to run on my machine so I can work locally and then ship off the configuration file. And you’d never believe that the people configuring your software use a different type of system than the system where the software actually runs.

Sincerely, Your users AKA the people you’re supposed to be working for AKA the people you’ve proven that you hate

by

()

27th March 2012

Post

Doesn’t Hurt So Bad

There’s something inside me that thinks if you go to a restaurant, you should probably get the thing they’re good at. If we go to a steak house (our favorite in the Charlotte area is Old Stone in Belmont), I think that steak is probably the right thing to get. You go to Red Robin, get a burger.

L is not atypical with her culinary palette as an eight-year-old. She gets chicken fingers and fries unless we’re at an Asian sort of place where she’ll get noodles (usually) or rice other times. We can go to a steak house and she’ll get chicken fingers and fries. We can go to the Mansion on Turtle Creek (I’ve actually never been there - was just a fancy place that came to mind) and she’d get chicken fingers and fries. I sometimes try to steer her to something better to expand her horizons, and it’s not of much help.

Tonight at Steak and Shake, L ordered the usual. I told Mrs. At Home that I sometimes feel like I’m supposed to tell the server “it’s okay - she’s actually a connoisseur of chicken fingers and fries, writes reviews, and is traveling the country seeking the perfect chicken fingers and fries” when we go to a place called Steak and Shake and she orders chicken fingers and fries.


On another note, when we were eating at Steak and Shake tonight, they had a “3D Grilled Cheese” sandwich. It was a burger, but on bread like grilled cheese with three different kinds of cheese. Was pretty tasty, although I’m sure any physician would frown upon it.

Mrs. At Home realized that it wasn’t Texas toast at all that the burger was served on, but just a normal hamburger bun turned inside-out and grilled on the insider (er - outside?). I told her that this wasn’t such a bad thing.

When I was a child, I loved grilled cheese. I remember times going to restaurants and actually not eating because they couldn’t make grilled cheese. I remember other times having grilled cheese on a hamburger bun that had been turned inside out. My parents were that patient with me that they’d (begrudgingly) order a grilled cheese off the menu or even ask them to do something special. This was really uncharacteristic for my father to do something like this.

To which Mrs. At Home stated that they probably thought I was touring the country, seeking out the perfect grilled cheese sandwich.


Did you know that it doesn’t hurt so bad? You know - the moment you truly realize you’re turning into your parents. And the moment that your parents’ prayer comes true - you know the prayer. “Dear Lord - I know you’re gracious. I pray that my grandchildren will torture this boy the same way he’s tortured me.”

by

()

24th January 2012

Post with 2 notes

Marriage Advice

My friend, Jinksto wrote a whole month’s worth of emails to a couple who were getting married. While all his advice was good advice, Mrs. At Home and I have our own marriage advice.

Mrs. At Home

Mrs. At Home’s advice is sound, and simple:

You’re on the same team.

This means what it sounds like. Many couples seem to be in some sort of a Women are From Venus, Men are From Mars war. While men and women are quite different, that doesn’t mean it’s “us against them” or you against your spouse. And there are lots of important implications of being on the same team:

  • You never talk bad about your teammates. Ever.
  • If your spouse does something that could be construed as good or bad, it was probably the good one.
  • Your job is to encourage and help your teammate for the good of the team, not to be rotten to them to the detriment of the team.
  • If your spouse says something that could be either nice or ugly, they probably meant it the nice way. (Since Mrs. At Home has this assumption, it’s bailed me out many times since I’m not too good with vocabulary.)

My Advice

My advice can be summed up in two words:

Stay married.

This is largely stolen material from a Sunday school teacher, but he’s got many more years of successful marriage than me, and the way he puts it simplifies what I think we had already figured out.

If you’re going to stay married, regardless of the circumstances, it behooves you to make the circumstances good. Would you rather be unhappily married, unhappily divorced, or happily married? A study on marital happiness and divorce pretty well shows that those are your three options. To summarize the findings of the report:

  • Those who were unhappily married and chose to divorce were no happier 5 years after the divorce
  • Those who were unhappily married and chose to stay married were happier 5 years after the initial study
  • 8 out of 10 of those who were very unhappy with their marriage stated they were happy with the marriage 5 years later.

A different study rates marriages on scales like very unhappy, unhappy, happy, or very happy, and it shows that 86% of those who “stuck it out” were happy, and 60% were now very happy.

So, the Sunday school teacher’s advice goes, if you’re considering divorce, take some time and do the most selfish thing you can do. Think of nothing but your own happiness. And stay married.

This has some implications in your marriage that aren’t unlike Mrs. At Home’s advice:

  • If you’re going to stay married, make the marriage not stink. So stop doing the things your spouse doesn’t like you to do, and do more of the things your spouse likes you to do.
  • If you’re going to be happy in your marriage, you need to be happy with your spouse. Perception is reality, so compliment your spouse often.
  • Those things that you tend to think are bad things about your spouse are probably really good. Mrs. At Home likes to make decisions on a whim. And a lot of the things we’ve done as a couple, I never would have done on my own. (Case in point - when she and the girls are gone for an extended period, I actually find that I don’t leave my office for several days - let alone the house.)
  • Never, ever, ever speak badly about your spouse. If you have a complaint, speak with them directly (and kindly) about it. Never to other people.

So that’s it.

by

()

10th January 2012

Post

Why Dissing Atlassian?

For April Fools’ this year, Atlassian released a “game” called Angry Nerds. And then when they released Confluence 4.0, they truly made a serious mob of Angry Nerds. There are long-ish threads on their site by folks who are stark-raving mad about Confluence 4.0

For the uninitiated, Confluence is a wiki - much like Mediawiki. The idea is that the community of readers is generally more knowledgeable about some subject than any one person. For geeks, this sort of “throw something out there and let the masses correct” mentality is our lifeblood. It’s far more civil than in the 90’s when all we had as a feedback mechanism was flame wars on Usenet (insert reference to Godwin’s Law here).

So what was the think that Confluence did that made everybody so furious? They removed the wiki editor. You might ask “how, exactly, does one edit a wiki without a wiki editor?quot; Geeks are asking the same question. Confluence 4.0 only has a Rich Text Editor (RTE) now, and no wiki markup editor. You can still type wiki markup into the Rich Text Editor, and it’s converted to XHTML on the client side. But it’s stored in XHTML on the server side.

For the non-technical, you might be thinking that this is sufficient - the geeks can still type in wiki markup and so should be happy, and Confluence gets to publish a single editor so non-technical people are happy, right? Wrong. There are a number of beautiful things about wiki markup as a storage format as well:

  • The markup format itself is human-readable.
  • The markup format is smaller in size
  • The markup format can be retrieved to be edited in its wiki format again
  • The markup format is simply created by scripts (without libraries for generating XHTML)
  • The markup format can be read in its native format in a text editor, without a browser

Some of these are very similar to one another, but as a geek, they’re critical. To give an example of this ability to “go both ways” and retrieve the document later in the wiki markup format and be able to read it in plain text, take a look at these couple of pages. README.md from jQuery in HTML format - this is what the Markdown format for the README looks like when rendered in HTML. But the source reads well in a text editor. That last thing is the actual source for what you see on the first link.

In Confluence 3.0, you could edit pages in a similar format, and they were stored in that format, so you could later edit them in that same format, or edit them in a text editor, and it looked formatted even in the text editor.

In Confluence 4.0, the source for that above markup would look something like this:

<div id="readme" class="blob instapaper_body">
<div class="markdown-body"><h1>
<a href="http://jquery.com/">jQuery</a> - New Wave JavaScript</h1>
<h2>Contribution Guides</h2>
<p>In the spirit of open source software development, jQuery always encourages
community code contribution. To help you get started and before you jump into writing
code, be sure to read these important contribution guidelines thoroughly:</p>
<ol>
<li><a href="http://docs.jquery.com/Getting_Involved">Getting Involved</a></li>
<li><a href="http://docs.jquery.com/JQuery_Core_Style_Guidelines">Core Style
Guide</a></li>
<li><a href="http://docs.jquery.com/Tips_for_jQuery_Bug_Patching">Tips For Bug
Patching</a></li>
</ol><h2>What you need to build your own jQuery</h2>

That’s clearly not readable in a plain-text editor, so a developer must use a browser to even be able to read the content at all let alone with some semblance of emphasis, hierarchy, etc. Editing this by hand or programmatically is extremely error-prone.

And all that is not to mention there’s a ridiculous amount of complexity in securely handling data stored in that format. Just ask MySpace.

Oh yeah - I edit my blog posts in Markdown format, and they read just fine in a plain-text editor. And years down the line, if I decide I want to read all my posts in a text editor, they still read just fine there, too.

by

()

17th December 2011

Post

Dallas

Last night, Mrs. At Home and I saw a preview for Dallas the new series. Since it will be on in 2012 and we’ve lived in the Dallas area before, I figured I’d give some bullet points about Dallas and Texas in general so I could set the record straight on some things I know will be asked.

  • No. Everybody in Dallas does not wear cowboy hats. Many people in Fort Worth do, however.
  • No. Everybody in Dallas does not drive pickup trucks. Many people in Fort Worth do, however. And there are many more trucks on the road in East Texas than you will generally find elsewhere.
  • People say they want to move to Texas. Then they say they want to move to Austin. You need to find out which - Austin is the capital of Texas, but it’s not Texas.
  • The Dallas Cowboys are not America’s team. They’re not even Dallas’ team. Two reasons for this: ** Like most warm-weather cities, the Cowboys only have fans when they’re winning. When they’re losing, the weather is fine for golf. ** The Dallas Cowboys play in Arlington. Prior to that, they played in Irving. I think they played in the Cotton Bowl, which is in Dallas, long ago.
  • Yes, there’s lots of oil in Texas. Many schools in East Texas have oil derricks on the school property.
  • No, you can not drive from Dallas to El Paso and back in an afternoon. Yes, there have been shows which say this can be done.
  • No, Dallas is not a bunch of tall buildings in the middle of a prairie. The Dallas/Fort Worth Metroplex is huge - with no traffic, it would still take you 90 minutes to get from one side of the metroplex to the other. Could be longer if you consider Greenville part of the Metroplex (Greenville does).
  • Texas is not part of the South. It’s “a whole ‘nother country”. I’ve never lived in a place with so much national pride.
  • As Texas is not part of the South, there’s no need to ask for sweet tea. There is only tea (and it’s sweet.)
  • Yes, there really is a South Fork ranch. It’s in Murphy, which is a suburb of Dallas. It’s a real working ranch. My sister used to keep a horse there, and we used to go to a concert there every year.
  • There is no Catholic or Protestant in Texas. There is no Baptist or Presbyterian. There is no Evangelical or Charismatic. There is no Atheist or Religious. There is only Ford and there is only Chevy. You must choose one when filling out our application for your drivers’ license, and the Texas Highway Patrol will give you the appropriate Calvin-peeing-on-the-other-logo sticker for your window.
  • What’s bigger in Texas than the Dallas Cowboys is local high-school football. That’s big all over the state (as far as I’ve seen).
  • Some towns in East Texas are small enough that they’re named after parts of counties (I went to North Lamar), and some school districts are named after two cities because neither of the cities would be big enough on its own. Examples include Alba-Golden, Como-Pickton, and Scurry-Rosser (where Mrs. At Home did go to a classroom where they had first and second grade in the same classroom). Near where I grew up, there was a school where the two counties were small enough to have their own school district. Delmar (Delta and Lamar). Having sufficiently large schools is vital to high-school football.
  • There is barbecue in Texas, but it’s different than elsewhere. In Texas, any dead or mostly dead animal roasted over a fire is barbecue. What is called brisket other places is known in Texas as barbecue brisket (even if it came from the oven) and is only to be eaten on Sunday after church (which is dinner - even at noon - because lunch comes in a paper bag).
  • The national game of Texas is 42. Mrs. At Home and I would love to show you how to play. The longer you’ve been married, the better you automatically are at it.

by

()

10th December 2011

Post with 1 note

Trinkets

I’ve mentioned before (I think) that I’m not really big on keeping trinkets around. I had a closet full of trophies in the home in which I grew up - debate, math, soccer, etc., and I had my sister take them all to the trophy shop to be taken apart and donated. I don’t have my high-school yearbooks. In fact, I didn’t even get a yearbook my senior year. I don’t have my letter jacket, or class rings. None of those things have much if any meaning to me.

The company where I work also gives trinkets. At certain anniversaries of enrollment, they give you a nice piece of lucite to commemorate the occasion. I’ve been with the company for 15 years, and I’ve gotten a bunch of lucite from them but don’t have any of them around anymore.

But there’s one trinket I’m hanging onto for now.

This year, I gave four presentations at various conferences. Each presentation was different, to a different audience, over a different set of material. All of those conferences had nice welcome dinners, get togethers for the speakers, opportunities to meet with others in the same industry, etc. However, at one of the presentations this year, I received another nice piece of lucite. On it, is inscribed simply:

Name of Conference

Thanks for being so smart!

2011

That’s all it says. I think the thank you line is a little silly. But this is my favorite trinket (aside from my wedding ring and any picture on the fridge) because this was given to me by geeks for being able to present to geeks.

A lot of the presentations I give are to more “professional” types. Stuffy people in suits who are just waiting for this geek who doesn’t even bother to wear a tie to mess up and say something stupid. And I do say stupid things - usually intentionally.

With geeks, I don’t change a thing. With geeks, though, I speak the same way not to raise eyebrows, bring attention to myself, or to shock, but just because that’s the way we geeks talk. I’m not professional. I don’t know about resource allocation, I know about resource injection. I don’t know about management structures, I know about data structures. We make statements like “YGWAGAM” “RTFM” and “play the wiki game” because those have meaning to us that’s just as meaningful as buzzword bingo words are for the Dilbert management set.

So this trinket, I appreciate. It was given to me by my people. And not because I achieved something, but because I had the pleasure of hanging out with people way smarter than me and sharing a little bit of what I’ve learned and hacked together through the years.

by

()