Some Brisbane Guy

I’m listening to an IT Conversations podcast of Rasmus Lerdorf (the guy who created PHP) speaking about PHP, and I have to say I’m pretty surprised to hear him say “I hate programming with a passion — I created PHP to avoid programming.”

Rasmus says that he wrote PHP while building a web-based system for Toronto University. The university didn’t care how he built the system, they just wanted their system, so Rasmus built PHP to make his job easier.

Rasmus’s decision to open source PHP was made when he was getting lots of questions about how he was doing his work, and they had the same needs. Rasmus and the University of Toronto were delighted at the speed of development they were now getting — and that he was fixing bugs in his sleep!

To run a successful open-source project, Rasmus says that you need to cater to four types of people:

• those with simple self interest - they have a need that the project solves
• those looking to express themselves through their code
• to interact with others to get their oxytocin fix
• those who want to make the world a better place

The same motivations that motivate people to join an open source project also motivate people to join an interactive website.

You have to think about how the people think about themselves when they involve themselves in your project. You have to give them some ownership and control…which was hard for me…then again I’m a really lazy guy

In order to build a decent modern web application, you really need to think about what the users think of themselves when they interact with your site. Every single action a user performs with your website improves your site.

Later Rasmus delves into performance profiling and optimising a PHP website using Callgrind/valgrind, as well as some stuff about the ubiquity of cross-site scripting vulnerabilities and other topics.

It’s a great podcast, do yourself a favour and have a listen.

Whoo yeah I’m excited!

About two months ago I got a new Apple Macbook Pro. I love it, it’s rad, I love using it etc. But something that’s been bugging me no end is that I don’t know the shortcut key to jump to the address bar (where you type http://…etc) in Firefox. In Windows you just do Alt-D and you’re there, I think that works in Linux as well, but on OS X it’s no go.

Well, I’ve just found out the shortcut keys for not only the address bar, but the search bar as well (and also in Thunderbird!):

jump into the search bar in Mozilla Firefox and Thunderbird

Cmd-K (Mac), Ctrl-K (Windows)

jump into the address bar in Mozilla Firefox

Cmd-L (Mac), Ctrl-L (Windows)

Mozilla.org has more juicy keyboard shortcuts.

This is super good news because now I can use basically the same key combo on Windows and on OS X. My life just gets better and better, friends.

Something else that’s kinda annoying about Thunderbird is that it’s not GMail. I love GMail and all my mail goes through it so that:

1. tons of spam gets filtered out by GMail’s awesome spam filtering
2. I can access a copy of all of my mail from anywhere on the internet (except work who block GMail…argh)

But not only does my mail all go through GMail, I download it all via POP3 to my Thunderbird mail client. This is because:

1. I then have a backup copy of all my email on my own computer and am not just trusting Google to never go broke/lose my mail/start charging me to access it/something else unforeseen
2. I can access my email when I’m offline, eg on a plane or a train or whatever

But as I was saying, Thunderbird is not GMail and despite being a proper rich, fat-client desktop application, it doesn’t have the great shortcut keys that make GMail so quick to navigate and move messages around. Plus it doesn’t have that whole “archive and forget, then search later” philosophy, it has the old-school “carefully choose category-based folders for your messages and then take forever to find them later” philosophy, which is so 1998 and lame

But what I’m getting at is that now thanks to GMailUI Thunderbird works like GMail, adding j,k and other shortcut keys to navigate messages as well as a really cool “Expression” search mode that lets you search just like you do in GMail.

As I said, my life just gets better and better.

As I discovered earlier today, if you accidentally leave your Google account signed in on another computer, anything that is searched for on that computer using Google will be recorded in your Google account’s Personalized Search Search History.

But what if you didn’t just leave your account signed in accidentally, but actually managed to remotely log somebody in to a Google account you’ve created using just a crafted URL that you send to them on the pretext of showing them some cool/interesting/funny web page? That would be more interesting, wouldn’t it? (Say yes).

If you did this and that somebody didn’t realise, you would be able to gradually log that person’s search history and learn their searching habits, possibly leading to greater insights about that person. Sound good?

OK well since you’re so keen, here’s how to do it. So that this is all a bit more friendly and relaxed (I love relaxed), we’re going to name our person whose life we want to invade by tracking their search history “Bob”. Here’s what you do:

1. Create a Google account. Well you can use an existing account, but you do run the risk of losing access to it if Bob finds out the password to it, which they may. You can create the account using any e-mail address, although it will most likely end up being visible to Bob so you will want to use something like a fresh Gmail account I would imagine. Make sure you leave ticked the checkbox labelled “Enable Personalized Search”, or this whole thing is pointless.
2. Find a cool/fun/interesting/funny web page that you want to Bob and others whose search habits you would like to learn. The funny link I’ve provided there is hilarious, sure, but also it’s on Google’s Video site. This is potentially good because the several Google URLs that will soon flash across the address bar may raise less suspicion.
   UPDATE: You can only use Google addresses as the target URL eg the “funny” Google Video example just above. BUT you could also use the “I’m Feeling Lucky” button to redirect to other sites (http://www.google.com/search?q=feeling+lucky&btnI=I%27m+Feeling+Lucky).
3. URLEncode the URL of the web page that’s so awesome you just have to show Bob. Yep, just paste the URL into the Plain textbox there, press the URLEncode button and copy the resulting URL from the Encoded textbox. Voila, you have the encoded URL in your grubby little clipboard.
4. Here’s the (slightly) tricky bit. You need to construct for yourself a URL that does the job of:
   1. Logging Bob into your new Google account so that their searches will be added to your new account’s Personalized Search History
   2. Redirecting Bob to the page with the super cool content on it that you’re purportedly showing him.

   Your URL will be like this:

   https://www.google.com/accounts/ServiceLoginAuth?Email=[emailAddress]&Passwd=[password]&continue=[URL]

   Take out the square brackets, and replace the fields in square brackets like this:

   1. emailAddress: The email address for the new Google account you’re using. If it’s a GMail account, you don’t need the @ or anything after it, but for any other mail account you do need the @ and the domain part (examples: mynewgmailaccount, anotheraccount@freemail.com).
   2. Password: The password for the Google account you’re using.
   3. URL: Your URLEncoded funny/interesting/awesome web page for Bob to see.
5. OK, so you’ve plugged all that info into the URL and you have a big-ass string with lots of crazy % symbols and numbers etc. What you have to do now is make it presentable so Bob doesn’t get confused or suspicious or bewildered. We do that with TinyURL, a cool service that will redirect a URL like http://tinyurl.com/6mpq to a big, stupid URL like the monstrosity you have just created.
6. All you have to do now is give Bob your new TinyURL, and let the web weave its mystical magic. You might want to test your TinyURL first, or the big monstrosity URL or both. Just paste the URL into your browser’s address bar and you should be delivered right to the stupid/crazy/wacky site you are showing Bob. Then go back to Google Homepage where you should be logged in as the account you created. If not, check the email address and password from step 4 were correct.

So that’s it! All you need to know. Some ideas for using this are putting the TinyURL in one of those stupid email forwards where everyone puts in their name and “needs” so that Google tells them what they need — this way you get the name of everyone who’s fallen prey to your evil plan. You could also just send it to people you’re suss on or just joke around with your friends, or your Mum! So much fun to be had.

Here’s a good example of why the “if you’re not doing anything wrong, why worry?” argument against privacy invasion is useless and misguided. Just because you aren’t doing anything illegal, does that mean you want your family to be able to see what you’ve been searching for without you realising?  Of course not — privacy is important, regardless of what you’re doing!  As is computer security, which is maybe more closely related to this issue.

So what’s got me going on about this?  Today I signed into my Google Personalised Homepage to see what search terms were in my Search History after a friend brought it to my attention.

I have looked at my search history before and it freaked me out a bit to see all the stuff I’d searched for, but today when I went to look, I noticed some searches in there that I definitely hadn’t done. They were…my MOTHER’s searches! Obviously what’s happened is that I have signed in to one of Google’s services on my Mum’s computer and now her searches are being recorded as mine.

How easy would it be to get on your friend’s (or enemy’s!) computer and sign in to the Google personalised homepage as some Google account you have created for the purpose, and then let it track everything that person searches for until the end of time (or until they realise or delete their cookies or get another browser…), you sure could get some useful and/or embarrassing information I bet.

I’d like to do a SecurityFocus kind of investigation into this, I think there could be some privacy issues here — I wonder if there’s a way to send people a link to sign them into a Google account you desire.

Well, only just after that post it looks like I’ll have to challenge Daniel to use the new Whereis interface and tell me it’s not better, because it’s a LOT better thanks to some AJAX kinda stuff (and of course the new graphics that bring it well into 2002 :P). Clicking to re-centre the map is lots faster now because you only need to reload the map image, not the entire HTML page. It also features dragging but that doesn’t work as nicely as the drag feature in Google Maps.

Good work to Whereis for getting this stuff going, it makes the site a lot nicer to use than before, when it was actually quite frustrating as everything disappeared and was rendered again each time you clicked. Wow, and I also just noticed that you can change the map size, which is great to see instead of the postage-stamp map view the site’s always had.

Now they just need some keyboard shortcuts, haha!

Daniel tonight told me that he hadn’t yet seen a good implementation of an ajax application, that they’re always too slow and the delay bugs him. I really don’t know what he’s talking about so maybe I should have clarified, although I think it’s possible that he’s used ajax on sites that aren’t so obvious and he hasn’t noticed, like, say adoptapet (do an animal search and change the state/territory you’re searching in and the site will ajax you up a new list of shelters in that state).

One app we discussed quickly was Google Reader, the RSS aggregator that I actually use for keeping up with blogs. I reckon Daniel must have been using the mouse to navigate, while I use the shortcut keys which are just like the navigation keys in everyone’s favourite editor, vi. ‘j’ goes to the next post, ‘k’ goes to the previous one and so on. I think it’s a great UI, but then again I don’t really like to use the mouse.

An interface where you plonk your hand down and move one finger or another to make it do things is my cup of tea, not some stupid thing where you have to muster all these motor skills to accurately position a mouse cursor over some tiny target on the screen and then, without moving the mouse, click its button. That’s a lot harder than using simple keystrokes. That’s the only reason I can figure out that people think Google Reader is apparently slow, because I did try using it with the mouse and it’s clunky and irritating.

That said, keyboard shortcuts on web pages aren’t a very conventional feature; most websites force you to use the mouse or make you suffer endless tabbing around every element on the page. Hooray for keyboard shortcuts.

Is PORK the next AJAX-style buzzword?

I really need to get on the Ruby (and more specifically, Rails) bandwagons. I mean, with quotes like these:

It takes about half or less code to put my stuff together in RoR than it did in PHP, ASP, ASP.NET, etc.

I use to worry about giving my client an estimate and then running over the alloted hours BIGTIME. Now, RoR has me UNDER the hours consistently.

Yep, really gotta just do it ASAP. I’ve read why the lucky stiff’s guide to ruby, at least the part that’s in The Best Software Writing I, so that’s progress, right? It’s not Progress, though.

Over some tasty lasagne with some friends last week, the conversation somehow prompted me to bring up Telstra’s new corporate blogs by a few of their employees as part of their attempts at friendly openness on nowwearetalking.com.au.

My enthusiasm was dampened when the response was something like “what, so a bunch of employees have online diaries?” Uhh, well, no.

At the time I didn’t have much of a response; I blathered something about how it’s part of their efforts to make the company seem friendlier and more human instead of being enormous and faceless. That didn’t hit the mark though, everyone kind of went “oh” and looked very disinterested, before the topic changed to something else. Mental note: don’t put “blogging consultant” on the CV. Phil Burgess from Telstra actually explains what they’re up to.

So here’s my attempt to explain all these blogging shenanigans.

I think that blogging is a bit like brand positioning. It’s indirect and fuzzy, and not easy to see what the fuss is. What could employees in a company like Telstra possibly have to say that would be worth reading? And how would this apply to some other company, especially smaller ones? What’s blogging really about, and how is it not just an online diary?

Well, I’ll start with the last question first. In a way, blogging is just like an online diary. But you don’t write in there how much you hate your parents for not letting you stay out past eleven. Or whinge about your stupid neighbour. OK, well some people do. A corporate blog lets people within the company get an unmuffled message out to the world (not to mention the rest of the company.) It lets people “out there” build a sense, over time, of what the blogger is like as a person who happens to work for Organisation X. There’s never been anything like it before, on the scale or low cost that blogging allows. The closest thing is your account manager or sales rep, but those guys have an agenda which is to sell you something. The blogger has no immediate agenda like that, she’s just telling it like it is, hopefully. Blogging costs next to nothing to distribute, is available to anyone who looks, is immediate, timely and permanent (mostly.)

Just the way you are more likely to do business with a company that a friend works for and is passionate about, passionate employees blogging about their company gives you insider info. You can see that Organisation X isn’t made up of ten, a hundred or a thousand people just trying to squeeze every cent from you. They’re personalities who care about their job, just like your friend does. The blogs can make the company seem familiar, friendly and enthusiastic, very much not how official, sanitised PR blurbs come across.

I read Sun and Google’s blogs via RSS. I’ll try and read Telstra’s as well now, although they don’t seem to have RSS which will make it a hassle. Baby steps, Telstra.

Google has released a web-based RSS reader and aggregator that is pretty nice. You can read all posts from all the feeds you subscribe to in a chronological order, or you can just read from a specific feed. It has lots of AJAX and a pretty smooth interface with shortcut keys that really speed up using it, although some people say it’s too slow. But I don’t read 1000 feeds. My issue with it is that it’s web-based, and while I’m employed building web software and I love the web as a universal platform, I still have to go to the website when I want to read my feeds, they’re not delivered to my desktop like in my email client. To state the obvious though, the cool thing about being web-based is that your customised feed list is available from any computer, even down to which posts you have read. That’s tidy work, and Daniel is gonna love it.

Here’s a couple of screenshots:

I’ve been using Mozilla Thunderbird until now to read RSS, which works OK for me; it doesn’t aggregate all feeds and adding new feeds is a touch clunky. But adding feeds in Google Reader is kinda clunky, too.

Which nicely delivers us to Reader’s ability to import an OPML file containing a list of feeds so that you don’t have to edit your feeds manually. As I said, I was using Thunderbird to read RSS before this, which stores your feed list in an RDF file. Luckily, Kevin Hemenway has created a Perl CGI script that converts Thunderbird’s RDF file into OPML. All you have to do is provide a URL pointing to your RDF file, which you can find in your Thunderbird profile, somewhere like:
C:\Documents and Settings\glenn\My Documents\Thunderbird\default.oto\Mail\News & Blogs, and it’s called feeds.rdf.

You’ll need to upload your RDF file somewhere, so you’re going to need some free web hosting or something.

Then, visit http://www.disobey.com/detergent/code/tb_opml_service.cgi?url=
and tack your RDF file’s URL on the end of that location string.

Thanks to Kevin Hemenway for this little script, it’s great and saved me some time…that I have now used writing this blog entry.