With that said: Rant On.

Two of the best presentations had asides where they spoke about working to deliver your content and code to the lowest common denominator of users. Clint Andrew Hall came down on the side of making everything available to everyone, while Kevin Potts took the opposite opinion (acknowledging, of course, that your customers may disagree and their opinion really counts). Paying customers want what they want, and any sane consultant will give them what they’re wanting to pay for. I get it, and I practice that. With that said:

Why in the world would any project dedicate man hours to supporting old crap? Let’s take PHP4 as an example. PHP5 has been out since 2004. Every major Linux distribution has been packaging PHP5 as the default for years. I don’t know of a single reputable hosting provider that is still running PHP4. There is no reason in the world why we should have serious discussions about maintaining compatibility to PHP4. There is no excuse other than laziness to still be on PHP4, and are we as developers going to work harder so that a handful of lazy admins don’t have to upgrade one set of packages? Not in my world. My Recently Popular WordPress plugin is not backwards compatible. Thankfully WordPress itself has given up and as of 3.2 you’ll be required to have PHP5. Other projects are coming around as well.

Should we immediately drop support for WidgetSoft 8 the day WidgetsSoft 9 comes out? Of course not. I don’t like being on the upgraded treadmill any more than the next guy. But if WidgetSoft 9 has proven itself stable for a year and is a free upgrade then in my book version 8′s days are numbered, and that number is very small.

The same holds true for web front end work. Clint maintained that we should all do the extra legwork to ensure that our users get a native and acceptable experience on their own browser version and device. Kevin’s point was much more a “screw the guy with the old browser, we all know we’re talking about some guy on IE6″ approach. In this case I think there’s a happy middle ground. Delivering a native user interface for the iPhone if a lot of your viewers will be on iPhone makes sense. Spending the time building an iPhone specific skin if you have no idea how many of your users will be on an iPhone is a colossal waste of effort. (Note: I don’t believe Clint was saying to do this)

I do have a philosophical problem supporting older browsers, though. People who are running older, un-patched browsers aren’t just affecting themselves. The viruses, trojans, and other nasties they acquire wind up sending spam to the rest of us, or letting their computer act as a node in a DDoS attack, or getting their bank accounts hacked and costing us all money during the ensuing legal battles, or any number of other problems. These people have proven they’re too lazy to upgrade, but for the sake of everyone else on the Internet they need to be put in a position where the pain of not upgrading is worse than the pain of upgrading. Google recently announced that they would only support the current version minus one for any given browser. The major browsers are all beginning to implement a background upgrade process that doesn’t require the user to do anything, and I think that is a fantastic idea.

Phew. Rant off.

Initial setup is still very computer-like.  You’ll need to know the basics like what your wireless router is named and what the password is.  The Verizon 3G setup was easy enough and consisted of filling out a form on a web page.  Should be doable by just about anyone.

Both of my kids (six and nine) were able to add themselves with no problem, including an account picture.  I didn’t give them any pointers or help so that part lives up to the hype of being easy to use.

I had one lock up that forced me to remove the battery to cure it.  Of course that happened when I was showing it off to a friend.

I had to disable and then re-enable the wireless network once to restore communication.

The battery life is amazing.  I’ve had it unplugged for about 36 hours, and I’ve been on it for probably 4 hours.  The battery is at 50%.

The small screen size isn’t a hindrance at all.  The trackpad took some getting used to, but it’s fine.  The size and weight make it very easy to move around and to leave on your lap.  It also doesn’t generate as much heat as my Vostro 1720 which also makes it more comfortable.  The primary hot spot is on the center of the back, which is much more comfortable than some laptops I’ve owned where there is a heat source under the palm rests.  I don’t know if this is by design or not, but it’s something they should replicate in future hardware.

Flash isn’t tuned well enough to watch shows on Hulu without lagging, but it works fine for Youtube.

All told, though, this little device is really growing on me.  I’m already reaching for it instead of heading down to my office to climb on my 17 inch dual core laptop.

I understand that it’s still in beta, and I’m cutting it slack on things that should be ironed out by the time Chrome OS goes live.  Right now I only have one problem: I only have one of these things, so I can’t take it to work and leave it at home for the kids.  Come to think of it, three would be better.

So I hope you’re ready Google.  This little guy is going to see the full wrath of a six year old and a nine year old.  I’ve told them both to let me know if they have any problems with it or any problems using it.  To help test the theory that Chrome OS is completely user-friendly I’m not even going to explain to them how to use it.  I’m just going to hand them this device and let them have at it.  They’re already Chrome users, so I don’t think it will be that hard.

As for the obligatory first impressions that everyone gives: it is working well for me.  The keyboard is full sized, and works great even despite my large paws.  I’m a huge screen bigot, but the resolution and screen size on this work just fine and may change my mind about hauling around 7 pound lunch tray sized laptops.  The trackpad isn’t the best I’ve ever used, but it works.  Like every other laptop I’ve ever used I tend to hit it when I type, so I had to disable tap-to-click.  It has a matte screen, which I love.

It comes with two one-page instruction cards, but frankly you don’t need them.  If you’re fortunate enough to receive one, though, I highly recommend reading them.  They’re hilarious.  When you first log on you’ll be presented with a presentation on how to use the device which is more than adequate and is the right way to do it given the evolving nature of Chrome OS.

So if you haven’t applied to get one I highly recommend it (now that I have mine).

Let’s start by breaking down FUD into its component parts:

• Fear
• Uncertainty
• Doubt

FUD isn’t really an acronym specifically about technical things.  Wikipedia defines FUD as “a tactic of rhetoric and fallacy used in sales, marketing, public relations, politics and propaganda.”  It’s used in lots of places and industries, but here we’re going to be concerned with the computer software industry, where this practice is prominent, preying on the fact that it is impossible for decision makers to stay up to date with everything in a large and rapidly evolving industry.

Microsoft in particular has a long, documented history of using FUD as a tactic to attempt to discredit anyone they view as competitors, including a series of leaked internal memos spanning from 1998 to 2004  generally called the Halloween Documents.  While the Halloween Documents were specifically related to the threat they face from Open Source software, and Linux in particular, it is by no means the only FUD campaign by a major tech player.

FUD is frequently used by smaller companies as well.  Articles like one I discovered last week (I left a comment detailing these points that hadn’t been approved by the moderator at the time this article was written) where the author:

1. misrepresents Open Source as shareware.
2. makes claims about product ownership that are not correct (PHP’s license does not include copyleft restrictions, even though those wouldn’t apply in the example given).
3. includes a link to a SecurityFocus article from more than four years ago about PHP security, which states in the first paragraph “While flaws in the language itself account for a very small percentage the total…” as evidence that PHP itself is insecure.
4. conveniently leaves out the massive vulnerability that was just in the news regarding one of the products he is pushing, ASP.NET.  This cryptographic vulnerability took approximately two weeks for Microsoft to release a fix for.

So what can you do to protect yourself from FUD?  It’s easy, really.  Simply acknowledge to yourself that everyone has an agenda.  Research their arguments and verify their facts.

And yeah, that includes me.

Canon sent her what is a standard corporate response by most compnaies when they see the word “Linux” in a support email.

Dear XXXXX XXXXX:
 
Thank you for contacting Canon product support.  We value you as a Canon 
customer and appreciate the opportunity to assist you.
 
 
While considering the desire to provide the best possible support for
Canon's products, Canon must make decisions. Currently, Canon is unable
to provide drivers for Linux.
 
With this in mind, we currently do not have drivers available for your
operating system.
 
We apologize for any inconvenience this may cause.
 
Please let us know if we can be of any further assistance with your LIDE
700F.
 
Thank you for choosing Canon.
 
Sincerely,
 
Olaf
Technical Support Representative

So Canon (CAJ on the NYSE, valued at $39.50 a share when this article was written), like so many other companies, is completely missing the boat either from being lazily ignorant or willfully avoiding Linux.  So, here’s a quick note to Canon and any other hardware manufacturer trying to claim making a Linux driver is too hard:

Don’t do it yourself.  Let someone else do it.  The fine folks at the Linux Driver Project will do it for you.  They have developers who are standing by, ready to do the work for you.  For free.  They’ll even sign an NDA with you.  Your only responsibilities are to provide the type of device, the device’s specs, the NDA if needed, and to provide the person who will develop your driver with a demo unit of your hardware.  That’s it.  Once complete your driver will be included in the Linux kernel source tree.

There is no requirement that you support your Linux users.  The Linux community is very industrious.  If you give us a push in the right direction we can ferret out the rest and get to the destination.

Canon: Help us help you.  There’s no reason your LiDE 700F scanner doesn’t work in Linux.  The cost to your company would be negligible at worst.  So, let’s get on it and help my friend out.  Unless you prefer all of us Linux users buy HP.

I want the ability to exclude a song based on a word in its lyrics, preferably by frequency and/or total count.  I would love to be able to say, for instance, “don’t play any song where the word California is used more than twice”.  When I brought this idea up with a coworker he mentioned it would be great to only hear songs with the word “shotgun” in them.  So we’ll need this feature to allow for inclusion/exclusion of key phrases entered by the user.

You guys over at Pandora get to work on this for me please.  In the mean time I’m going to check into body armor in case my coworker has a particularly bad day…

Except KDE 4.  It’s just not that exciting to me.  The new features aren’t that important to me and as a whole the desktop performs rather pitifully on Kubuntu 8.10.  I’m running an Intel Core 2 Duo with 2 Gigs of RAM and a nVidia 8600M GT with 256MB of RAM.  If that’s not enough of a system then perhaps we need to rename this release to “Kubuntu 8.10, Vista”.  On a side note, this computer runs Vista without a hitch.

The culprit could be just about any combination of lots of things.  KDE 4 may not be fully baked.  Kubuntu may not have implemented it well.  It may not deal well with Compiz.  However, it doesn’t really matter to me since there isn’t a compelling feature that would make me want to find out so that I can move.

Frankly 8.10 reminds me of 7.04.  Much ado about nothing except moving back to the previous release.  If they follow that same trend, however, 9.04 will be as fantastic as 7.10 was.

Thankfully for me (and the many others I suspect share my opinion) 8.04 was a long term support (LTS) release, so we have another year to hope the bugs get ironed out of KDE 4.

PS: Am I the only one who things the new desktop background looks like a bunch of hair under a microscope?

We’ll use this blog as an example.  It has a total of eight images that may be loaded, three of which are external to this server (related to the PayPal ‘Donate’ button [please use it] and the Add-To-Any button).  The eight images comprise about 6KB worth of the page size with 2KB coming from the external ‘Donate’ button.  Then there are the stylesheets, between two and four (one extra to fix IE problems, one more if your version of IE is less than 7).  Those are about 16KB, but are gzipped to only require 3KB of bandwidth.  Then there are my two JavaScript files totaling 65KB uncompressed, 21KB gzipped.  All of these items need only be downloaded once.

So, of the total page size of 156KB (56KB compressed) for this article, around half won’t change with any regularity and falls within my control.  By setting a far future expires header on those items your browser won’t feel the need to check and see if there is a new version the next time you visit this site, saving both of us TCP connections.  When you first visited this site it told your browser those files don’t expire for ten years.

Sounds great, but what if I want to change, say, my CSS file?  Well in that case I need to change the file name so that your browser doesn’t think it already has a copy and will go ahead and download the changes.  This is generally accomplished in one of two ways: Change the filename or add a query string to the original filename.  But which is better?

Adding a query string to the existing filename is easy.  Especially in the case of a CSS file that is included once in a header file, such as this blog.  If you view the source you’ll notice I use this method.

<link rel="stylesheet" type="text/css" href="http://eric.biven.us/wp-content/themes/eric2/style.css?v3" />

Notice that “?3″ at the end?  That fools your browser into asking for the file again and my server just ignores that part of the request.  Now when you get this new version your browser again gets a response from my server saying “this file doesn’t expire for ten years”.

With that said, I prefer to change the filename.  Using a query string has the drawback that some internet caching proxies don’t cache files with query strings by default and others are configured not to by their administrators.  Since my goal is to reduce bandwidth it only makes sense that I would want to offload as much as possible onto other people’s caches.

So why not do that with my CSS file here?  Well, in the case of the WordPress stylesheet I haven’t found a good way to use a file with a different name.  According to the WordPress Codex the stylesheet_url parameter for the bloginfo template tag is hard coded to output a link to a file named “style.css”.  That means that adding the query string parameter is far easier.  Sometimes the path of least resistance is good, especially when it lets me go to bed earlier.

“Software isn’t secure.”

The licensing model of a piece of software will have almost no effect on the quality of that software in the early stages.  The reality of the situation is that the quality of the developers will have the greatest effect on the quality of the software.  It’s no different that building a house or playing Beethoven’s 5th symphony.  The better the crew, the better the result.

So what about after the initial stages of development?  Assuming that the product never takes off then open source software will generally be better.  The open source application will (generally) at least be used by the people who originally developed it for themselves, and so will receive some attention.  Commercial products without followings won’t be likely to be supported due to low profitability.

Well, what if the software turns out to be wildly popular?  Then which model is going to be more secure?  The answer here is “neither”.  One of open source’s advantages is also a weaknesses: The ability for anyone to view the code and alert the community to problems also allows hackers to find the problems and exploit them.  Open source allows for what some call the “many eyes” principal, meaning that having so many people looking at it will ensure that someone will notice the problem.  This can also be untrue since frequently people will just assume someone else is looking.  Wildly successful open source projects may also draw in more developers, which can be positive or negative depending on the skill level of those developers.

The closed source camps have other problems.  First, they will have a finite number of developers who will ever see the source code.  If those developers aren’t good, the code will never be good.  If the developers are good they may be put under time constraints which require reduction in testing and quality by marketing and sales departments.  While the hackers can’t view the source code, they certainly can and do find exploits.  When exploits are found you absolutely have to wait for the software company to fix the problems itself.

So, which software licensing model is more secure?  The answer is that your licensing model has a negligable effect on the quality of your software.  The skill of the developers and the culture of the group involved in the project are what matters.

Why are you still using IE 6?

I get that about half of you seem to be running Windows 2000, so IE 7 isn’t an option.  However, that means the other half of you are running IE 6 on Windows XP.

So what gives?

As a web developer this concerns me because making sites work in IE 6 takes up an inordinate amount of my day.  It’s the oldest browser that still has any real user base.  Which seems strange, given that it has a number of unpatched security holes.  Add to that the fact that there are many free alternatives, including IE 7, and I just don’t understand.

This blog is highly technical.  Are there actually people who are interested in my content and run IE 6, or are these hits from some sort of bot?

If you are running IE 6 you should be aware that software companies are beginning to phase it out.  37signals has announced that they will be discontinuing support for IE 6 as of October 1st of this year, citing a lack of desire to “invest significant time or resources into making sure we are backward compatible with IE 6″.

So do yourself and us poor developers a favor and grab yourself a brand new, shiny, secure, and free browser upgrade soon.  You’ll thank me later, and I’ll thank you in advance.