The Windkey and the Lamplighter

Dixon's Aerial pencil, with text in a font described by H&FJ as "open Lombardic capitals with terminal lightning bolts"

Wordsplosion! had a link to Hoefler & Frere-Jones’ blog entry about grawlix, which was right next to an entry about the cool typefaces used on pencils. Here’s another one from http://www.brandnamepencils.com/ :

Pencil with reverse leading quotes!

Somehow, my current writing implements just aren’t as beautiful to look at. I wish I worked in a fashion that made pencil a reasonable alternative. I even do my crosswords in pen.

On the other hand, though, I do have a lovely new pen—a Pilot Extra Fine RazorPoint in purple to match my new iPod.

AT&T operates a casino. You bet on how many minutes you’ll use. If you use less, they keep the extra money. They win. If you use more, those cost 50 cents per minute. The house always wins. It’s a great business model if you can keep it up.

Last month, I went way over on minutes. AT&T’s staff switched *last month* to a different billing plan. The house gave up its edge. Yes, this is also evidence that they win enough either way.

WordPress has their iPhone client out. Seems nice enough so far. Most interestingly, they’ve released their source under the GNU GPL. That means that they wrote it from scratch, without any libraries buy their own and Apple’s.

I’ve been playing an addictive CCG on Facebook, called PackRat. It’s a lot of fun—steal/trade cards from people who are listed as your friends on Facebook (all trades are “stealing”, where your success in stealing the card you want depends on the card you’re dropping.) and make sets, or buy cards from the marketplace, which is shared with all players.

The game, however, is not what has my attention right now. It’s the ads.
Facebook advertisers appear to have my age, gender, and location (based on my net connection—when I was behind a firewall that connected in LA, I suddenly got LA-centric ads instead of Boston-centric ones.) as well as potentially other data. So, what do Facebook’s advertisers think of me?

They think:

• I want to learn Spanish. (Seriously. “26 year old girls are learning Spanish”)
• I want an MBA (possibly from Dubai)
• I may want to earn money from home answering surveys.
• I care if I have a “celebrity twin”
• I may have bad credit or be in debt or want new credit cards.
• I enjoy online auctions for gadgets or jewelry
• I either have small children or am otherwise interested in “frilly diaper covers”

I think I’m glad I’m not the person Facebook’s advertisers think I am.

Schmap has my picture of Dockweiler State Beach in Los Angeles!
(They sent me a note on Flickr telling me they used it.)

This is what Creative Commons licenses are for. Unfortunately, some people are unhappy with having allowed commercial use—Virgin Mobile in Australia is using Flickr photos in an ad campaign that portrays some of the subjects rather poorly. They’re attributing, but they didn’t contact any of the photographers or anything. Some of the subjects are quite upset, like this girl. I suspect I’d be upset, too.

I have a smartphone! I’m blogging this from my laptop, because I can’t add the data plan until my number transfers, but the nice people at Best Buy Store 186 in Broomfield set me up with a new Palm Centro. We started out looking at the AT&T store, but the people at the Flatiron Mall AT&T store were completely uninterested in selling Palm devices.

I left the AT&T store thinking I might well wait to buy the iPhone in July, (and not from AT&T’s store) but we went to Best Buy to look for a Nintendo DS game for the flight home and I stopped one more time to look at the Centro. The girl in their phone department was friendly, helpful, courteous, and brought out a live phone for me to play with, so they got my business. Now I have a shiny black phone, with my number transferring. I’m now paying more for phone service than ever before, but that’s because this is the first time in years I’ve been on a plan which isn’t the no-longer-offered minimum plan. I can not wait to blog and read email and such from my new phone.

Left on an answering machine:

"This message is for *name*.
If you are not *name*, please hang up or disconnect.
If you are *name*, please continue to listen to this message.
There will now be a 3 second pause on this message.
By continuing to listen to this message, you acknowledge you are *name*."

The answering machine is clearly insufficiently voice-activated.

I want a smartphone. Currently, I’ve got a Nokia T610, inherited after I lost my little Motorolla flip-phone. The T610 accidentally calls 911 through the lock on occasion, but otherwise has no particularly good nor bad features.

The camera is a disadvantage (my employer prohibits cameraphones in many of our buildings), but I’ve had trouble finding even non-smart phones without a camera, so I’m willing to deal with it.

There are four things I really want: a telephone that will work in most places, a fast web browser, an IMAP email client, and a password safe. An mp3 player is a bonus, but not a necessity. 12+ hours of battery life would be good.

The last of these seems to be the killer for the iPhone—it’s a closed platform so I can’t port the Palm app I use now (even if I relearned programming to do it) and nobody out there is offering something that actually keeps the passwords on my device.(1) I’m also looking at the Treo 755—I held one at a Verizon booth in the mall last week, and it looks like a nice toy, but it didn’t have enough battery time remaining for me to try out the web browser.

Anyone have other widgets I should be considering, or input on the iPhone or Treo?

(1) I found a password-keeping application for the iPhone that stores your passwords, encrypted, on a website. It looks okay, but I am not interested in trusting even my encrypted passwords to a remote server. Besides, I want to be able to get my passwords even when I can’t get online. Even the parts of my office where a cameraphone would be allowed are in a 1950s-style brick-and-steel Farraday cage—my current cell phone doesn’t start working until I’m over 100 ft from the building.

Joel Spolsky has written several thousand words on the subject of standards compliance, Postel’s Robustness Principle, and their effect on web browsers in general and the new Internet Explorer 8 in particular. His axioms are correct, and he reaches many correct conclusions from them. He misses one alternative open to the IE 8 team, and one critical point of interpretation of Postel’s Law.

First, IE8: if you haven’t read Spolsky’s summary, you should at least know that most big web pages have two sets of CSS and two sets of JavaScript: instructions for IE, and instructions for everybody else. Some now do differentiate between the bugs of Firefox, Firefox 2, Opera, and WebKit. Special features for WebKit Touch are becoming particularly common. IE8 isn’t much like I7. It has many fewer standards-compliance bugs. Web page code sees the IE identifiers, though, and inserts bug-circumventing extras. Pages that look great in Firefox or in IE7 after they’ve worked around its bugs look terrible in IE8. They are often unusable. The Microsoft folks and ex-Microsoft Spolsky have fixed on two futures: one in which IE8 breaks lots of web pages by default, and one in which IE8 ships with a IE7 bug-compatible mode by default.

But the problem doesn’t happen until the web-page code figures out that it’s running in IE and takes action appropriate only to IE7. There’s a very simple technical solution: don’t admit to web pages that this is IE. Microsoft already lies in its user-agent strings, claiming IE to be Mozilla 4.0. They should just lie in the internal tags as well, changing the few symbol names necessary to ensure that none of the common checks for browser identity will give away that this product is marketed and sold as Internet Explorer. What doesn’t work in that scenario?

Separately, Joel (and perhaps the authors of early web browsers) misunderstand a crucial point of Postel’s Law. The proper reaction to malformed tags is not to guess—it’s to remove paired tags and display the content as plain text. Keep the data and the requests, but reject (and log) bad commands and context. There are some commands that should be handled differently, whose content it’s not safe or appropriate to just disclose. But that’s a very limited set. This is how malformed character entities are already handled. Malformed HTML should work in just the same way.

Apple’s new SDK reads:

3.3.2 An Application may not itself install or launch other executable code by any means, including without limitation through the use of a plug-in architecture, calling other frameworks, other APIs or otherwise. No interpreted code may be downloaded and used in an Application except for code that is interpreted and run by Apple’s Published APIs and built-in interpreter(s).

There’s some nice commentary on this at sublimeguile. I’d certainly be inconvenienced by it. I quite like having LispMe and a HP-48 emulator on my palm pilot. If this is meant to be a ban on interpreted code… what a pain! But if it’s only meant to be a ban on downloadable interpreted code, it might be survivable. And there is the Safari JavaScript interpreter.

It’s more interesting to me that Apple is demonstrating a serious multi-pronged attempt to combat malware. Leopard added code-signing in a nicely subtle way. Every application bundle on a Mac is signed when it first runs. Changes after that point cause warnings to users, and clear any special privileges (like listening to the network). It’s clear that Apple can and will extend the set of privileges restricted with this mechanism using the sandbox MAC system also introduced in Leopard.

The iPhone is a step ahead. The restrictions placed on third-party applications will make self-replicating malware very, very difficult to install. The Mac’s biggest malware threat for the last eight years has been Microsoft Office macro viruses. The iPhone won’t have anything like that, because it won’t have extra network-capable interpreters. Moreover, this is done in a way that won’t inconvenience more than a fraction of a percent of the user base. Sun and Adobe will mind, since their Java and Flash interpreters won’t be permitted. Microsoft’s Office team may or may not mind… but their Windows Mobile team should be terribly jealous.