Rants by Chort
What's wrong with everything

Don't you just love those sites that try to make you feel "extra safe" by putting padlock images on everything, even the "next" button?

Read the rest of this story...

I've been noticing a trend lately. The people participating in online "communities" these days are so blinded by the perceived inherent rightness of their beliefs that they are unable to see how their opinions are viewed by others.

This first struck me in an obvious way as I was wasted a perfectly good night on Youtube a few weeks ago. I got sucked-into The Key of Awesome. It's a Youtube channel that parodies pop music (fairly well, in my opinion). The creator often reads feedback on camera, most of which is facepalm-inducing. Most of the criticism goes along the lines of "dear so-and-so, I really love most of your videos, but the one about [my favorite artist] was totally ignorant! [my favorite artist] is awesome, and the fact that you made fun of them shows you don't understand their genius!"

What the hell is wrong with these people that they think any artist could be so perfect as to transcend criticism, or even caricature? They apparently have no concept of the difference between an opinion and a fact. Aside from that, if you can't even chuckle when someone adeptly roasts your idol, you have some real insecurity issues.

Another example of this can be seen in the Retarded Emails section of The Oatmeal comic. Apparently you can pick any arbitrary topic as the basis for your comedy and people will hate you for it, regardless of the obvious lack of seriousness.

This all makes me think: The massive push in the last 20 years to value self-esteem over any objective measure of merit has convinced each kid that their opinions are the only thing in the world that matters, utterly oblivious that every other human being in the world also has an opinion. We need to be teaching kids how to objectively evaluate themselves in the context of the world around them, or we are in for a future that makes Charlie Sheen look like a thoughtful critical-thinker.

Recently I decided to write an application for Twitter to report changes in my friends and followers. As part of the process I went looking for a pre-built library of methods that I could use to interact with the Twitter API. I settled on python-twitter as an actively-developed solution that should keep up with changes to the API.

Due to Twitter's rocky past with SSL/TLS (henceforth simply SSL) support on their web interface, I decided it would be prudent to investigate whether their API used SSL. It turns out that it does, and it has a properly signed certificate. Then I looked at twitter-python to see if it had and option to connect over SSL, and was pleased to notice that it does by default. On a hunch I checked out the underlying library that python-twitter is using to make HTTP requests, and I was shocked at what I found.

Read the rest of this story...

I was recently reading excerpts from an interview with Melinda Gates in the New York Times. What struck me is she forbade her children to have iPods when they asked, and instead offered Zunes. This is consistent with past articles I recall reading where Microsoft employees were criticized by supervisors for having iPods or iPhones.

It's easy to use the Microsoft examples, but I'm sure there are many others. Your initial reaction is probably along the lines of "how dare a company try to dictate what their employees use for personal entertainment", but really there is a more interesting aspect: What does it say about your products when you have to force your employees to use them?

Read the rest of this story...

Recently I was talking with an executive about challenges they were having generating revenue from customers. The exec shared that they had some unprofitable customers, and most of the expense was in support. The problem was identified as the customers not having enough education on the product and/or not being smart enough to use it.

Since I have some experience with their product, I asked if the problem might be more due to the complexity of the product and the fact that even a training course isn't sufficient to make an administrator proficient with it. The exec admitted there are some complexities, but insisted they've been "working on it" and cited one example from long ago where they fixed a major usability issue. The exec then went on to point out how many hours the developers have been working and basically had a cheer-leading session for their efforts to roll-out new features.

Click here for the ranty bit.

Read the rest of this story...

Ready for a shocker? A lot of the things your IT/Security department makes you do are stupid. According to Microsoft researcher Cormac Herley quoted in The Boston Globe, many "common sense" security practices are economically unwise. In plain English: You lose more money following a lot of security recommendations than you would by just letting the bad thing happen and dealing with the aftermath.

To continue, flip over the keyboard and read the sticky note...

Read the rest of this story...

As many people know, Apple introduced Parental Controls in Tiger. The current version in Snow Leopard allows administrators to block potentially inappropriate content, specific sites, and access to unapproved applications.

The first two work more or less how you would expect (although the error message when a site is blocked for content has been bewildering in my experience), but the application ACLs are a disaster. They prevent the application from being run if it's not approved for that user (in fact, with Simple Finder enabled you can't even see it), but it's when you try to allow a restricted user to access an application that the fun starts.

I haven't examined it in depth, but it appears that OS X adds some kind of wrapper or extended attribute to an application when you enabled a restricted user to run it. The problem is that this extra layer is extremely invasive, and most of the apps I've tried to use it with simply crash. Not only do the crash for the restricted user, but they also crash for unrestricted users. It's demonstrably the Parental Controls that cause this problem, because if you Trash the app and reinstall it, leaving Parental Controls alone, the app will run fine for unrestricted users.

Parental Controls have been around since Tiger, and this problem existed for sure in Leopard (possibly Tiger, I forget when I started using the feature) and definitely still exists in Snow Leopard. So I have a simple question for Apple: Did you bother to QA this feature at all? I know I've submitted the automated reports at least a few times after OS X detected an app crash and it does include audit trail information showing that Parental Control attributes were changed for the app prior to it crashing.

Today is has yielded a bumper-crop of FAIL from various organizations out there. Here is a sampling of the head-scratching stupidity.

Read the rest of this story...

Apple's operating system has long been considered a refuge for those sick of viruses and malware that plague Windows systems, but this reputation for safety has been widely misinterpreted to mean the design is safe. In fact, as has been widely recognized in the security community, it's the relative rarity of Apple machines on networks that simply makes them an economically uninteresting target.

Apple for their part have enthusiastically encouraged this misconception, and while they've benefited from the positive PR, they haven't actually taken the concept of safety to heart. Much like the corporation in Redmond that they delight so much in mocking, they seem determined to ignore security issues until they affect public perception.

Read on for the ownage ->

Read the rest of this story...

It took nearly 7 hours, that's right SEVEN HOURS to build the GIMP.app port (on a 2.33GHz C2D w/4GB RAM), which inexplicably included a full build of gcc4.3. Is that reeeeeeeeeeally necessary when 4.2.1 is included with Xcode? Did those 5 hours of my life have to be wasted? WHY WAS IT YOU COULDN'T JUST UPGRADE PERL???

That's not even the best part. The best part is it got all the way to the gimp-app port itself (after going through a quarter of a day worth of dependencies), and it failed. Yes, apparently there were incompatible functions, which were found three months ago! Diffs were uploaded 3 weeks ago, and 9 days ago instructions were posted for manually applying them, yet today the port was still broken when I tried to install it. Outstanding. Really nice work guys, seriously. Three months?

In case my warning didn't come in time and you actually tried to build this abomination, you need to go here for the solution. If you're even thinking about trying to install gimp-aDON't! There, it's like I just bought you enough time to say goodbye to half a dozen more relatives on your deathbed.