My tweet last night “Node.js is the MongoDB of programming languages” got enough response I feel I need to explain it a bit. It’s an awfully snarky thing to say, but it has some truth.

MongoDB used to be the cool kids’ database. It’s appealing when you start using it: good docs, easy to get going, a plausible story on performance. NoSQL is exciting and MongoDB is an easy NoSQL system to try. But then people started looking closer and finding all the ways it broke and now MongoDB is out of favor, at least for serious production servers.

Node.js is now the cool kids programming language. It’s appealing; good docs, clean slate of libraries and tools, fast VM, and a plausible attempt at server performance. Non-blocking systems are exciting and Javascript closures make continuation programming easy. But now people are looking closer and finding all the ways Node.js is awkward or brittle and one starts to wonder.

I’m not saying Node.js is bad. There’s a lot of good in it, I particularly like that it’s made non-blocking programming more accessible than Python or Java or Nginx has. Mostly I’m just mocking the fashion of the month. It is a shame that people are rushing to this Brand New Thing without knowing the history and potential pitfalls. Just like we learned with MongoDB that ACID is hard, Node users are now discovering that reasoning about continuations is hard and memory management with closures is tricky, not to mention unwinding the stack on errors. The Node community is hard at work on improving things, hopefully that development process will lead somewhere productive.

For a more hilarious view on MongoDB and Node.js see Mongo DB Is Web Scale and Node.js is Bad Ass Rock Star Tech.

tech
  2014-06-18 16:40 Z

I had no idea Microsoft’s Bing Ads included an option to import from Google AdWords. Complete with simple OAuth-like authentication and seamless data import. It’s been able to do that for at least a couple of years, I only learned about it today when setting up a Bing campaign.

Warms my heart to think my AdWords API project helped enable some data portability for Google customers. That’s essential to having a competitive market. Google AdWords is nearly a monopoly, so much so I’m surprised there’s not more anti-trust interest in Google’s ad business. Allowing customers to bring their data to competitors is a valuable step in staying honest and legal.

The drawback is Bing’s ads have to mirror Google’s crazily complex data model. (Quick, what’s an AdGroup, and how is it different from a Campaign or a Creative?) I also recently set up my first AdWords campaign in years and the frontend product is really complicated and confusing. It’s been nearly ten years since I worked on the AdWords advertiser UI, I was sad to see that it hadn’t gotten any simpler or clearer for advertisers.

tech
  2014-06-10 16:04 Z

There’s a new history of Perl making the rounds now that’s worth reading, if nothing else then for the dissonance of reading a whole thing written about Perl in the past tense. It reminded me of a bet my friend Marc and I made back in 1999 or so.

Marc and Nelson will agree that Python has more mindshare than Perl on May 1, 2004. If so, Nelson gets the contents of this envelope. If not, Marc does.

In 2004 I conceded he won the bet, based on this evidence of Google search result counts:

Perl: 28M. Python: 14M
Perl filetype:pl: 2.9M. Python filetype:py 0.2M

I don't think anyone would argue that Perl is still more popular than Python in 2014. I looked at those measures again today, but given how goofy Google’s results count can be I don’t put too much stock in this:

Perl: 28M. Python: 45M
Perl filetype:pl: 11M. Python filetype:py 2.9M

I wish I'd taken up his 2004 follow-on bet: Groovy vs Python. Oops. Meanwhile we both missed the language right under our noses, Javascript. Mostly I’m just grateful Java is on the way out. If it weren’t for all the work put into JVM efficiency I think it’d be entirely dead now.

tech
  2014-06-09 16:00 Z

Interesting report of stolen Bitcoins, a phishing scam involving a Google ad. I just confirmed that the phishing ad is still running on Google on a search for blockchain.

The ad says the URL goes to blockchain.info. The URL displayed on mouseover on the link is to a Google redirector, goo.gl/vL2zmr. But when you click the link you go through a few redirectors and end up at blockchain-info.consulpisos.com, which is allegedly a phishing site. It sure looks suspicious; that page goes straight to a “type in your password” page, which the real site hides behind several clicks.

I don’t much care about the Bitcoin part of this, but Google should really not be selling ads with fake URLs on display.

techbad
  2014-06-07 15:45 Z

There are two terrible web properties out there that everyone hates, Scribd and Quora. Please don’t use them. Instead of Scribd just host a PDF anywhere, or upload text to pastebin or make a nice blog on WordPress or Medium or something. And instead of Quora use Ask MetaFilter or StackExchange.

Scribd’s business model is to host documents in formats that are unusable. For instance, here’s a copy of the Declaration of Independence. Or rather, the free preview; you have to download it to read the rest and a one-day guest pass costs $9. Here’s a copy of Elliot Rodger’s insane manifesto. It starts “This is the story of how I, Elliot Rodger, came to be.” Only I had to retype that phrase; if I copy-and-paste I get “]fjs js tfh stgry gl fgw J, Hccjgt Tgmahr, eknh tg dh” because Scribd uses some stupid DRM font. Easy enough for a pirate to reverse engineer but impossible for normal use. They also broke “Find”; there’s some Javascript thing overriding the browser that doesn’t seem to work.

Quora’s business model is to trick people into sharing information for free, then put it behind a login. It’s like Experts Exchange 2.0! For instance, on Quora you can read Who owns the copyright on content contributed to Quora? Only you can’t just read the text. Depending on your history with the site and the way you got there you may see a giant popup demanding you log in obscuring the page, or the first answer clear and then the rest blurred, or if you're lucky just the page. It appears nondeterministic.

Both businesses are deliberately trying to lock up text content to make it harder to access, to force users to pay or share advertising data or some such bullshit. The part that kills me is some engineer actually wrote code to deliberately break document sharing on the web. It’s terrible.

Update: the Quora CEO responded on Hacker News to correct me that Quora neither runs ads nor charges users. At the moment, they apparently have no revenue.
techbad
  2014-06-02 20:23 Z

Screenflick is good software. It captures full video with sound from your Mac desktop, full screen or a portion. I’m using it to record games I play. Could have all sorts of applications.

There’s a variety of screen capture options on the Mac from the free recorder included in Quicktime to the market leader ScreenFlow for $99. Screenflick’s only $29 and is very good at capture, including keystrokes, mouse events, and audio via Soundflower. I also appreciate its ability to downsample the raw video when recording. It also has an impressive variety of export options.

The big drawback is that Screenflick has no editor, not even a simple interface for cropping out sections of video. My theory is that’s what iMovie is for. But folks I know who produce a lot of screencasts appreciate that ScreenFlow is an integrated solution.

techgood
  2014-05-19 20:39 Z

I continue to maintain my linkblog; here's how it works these days. It's all managed via a Pinboard account. Every time I see something I want to linkblog, I add it as an URL to Pinboard with a browser extension. My Pinboard page is the web view of my linkblog. Pinboard also publishes an RSS feed for my followers. I also use dlvr.it to automatically tweet my links to a Twitter account.

The Twitter account has been very successful for me, it's a natural form of engagement for the short form. (The follower number is hugely inflated because it was a featured account for a couple of hours a long time back.) The Pinboard extension is great because it makes it very easy to linkblog any URL I'm looking at. I also like that Pinboard archives the full text of pages I link ($25/year); I often find myself searching my own linkblog. The one drawback to my setup is the web view is ugly. That's kind of purpose, I expect people to mostly follow via RSS or Twitter. But I may yet use IFTTT or the like to set up a Tumblr for a nicer web view.

techblosxomlinkblog
  2014-05-10 17:30 Z

Seven years ago I wrote about XML security problems, the XXE vulnerability. This flaw is the gift that keeps on giving: someone exploited Google with it this month.

XML is a ridiculously complicated data format. And XML parsers implement all the features, including the obviously dangerous and useless ones. And engineers keep forgetting to turn those features off. It’s just terrible.

techbad
  2014-04-11 18:29 Z

Unison is good software. It’s a command line program to synchronize filesystems, to keep a directory tree identical on multiple computers. I use it to sync about 40G of files across two Macs, to keep my home directory and source code and various applications in sync. The neat trick is I sync those two Macs through a portable hard drive so I don’t have to wait for hours for files to go over the Internet. Unison can also work online so changes are propagated automatically.

Unison is a lot like rsync. But Unison is designed to be bidirectional. Rsync always syncs one way: copy A to B. Unison will look at the differences between A and B and merge them, including a limited UI for conflict resolution. This protects me from the case where I modify something on both machines without syncing beforehand.

The main drawback with Unison is it’s slow, it takes many minutes to decide what files to sync. I also hate the interactive UI; it doesn’t work well when you have lots of files that changed in both places. I’m also a bit concerned that it’s no longer under active development but Unison is the rare software that’s a complete product, it’s not clear it needs many changes.

There are other tools solving similar file sync problems, none perfect. Dropbox is phenomenal but doesn’t have offline syncing of large files. Camlistore is promising but not quite ready for civilian use. git can be used to keep stuff in sync but is better suited for text files whose history you want to keepl. And CrashPlan is great for online backup but doesn’t really provide a second live copy.

techgood
  2014-04-07 16:32 Z
Gfycat (and CloudFlare) has a fantastic error page for when they have a server error.
Such a clear, simple statement of what the error is and what the user can do. One of my pet peeves is software that blames the user when it's not their fault, like the "your Internet is down" message Steam displays when their client can't connect to their server. This kind of message is much more honest and useful.

BTW, Gfycat is an awesome service. They host animated GIFs for sharing. And they transcode the bloated source GIF to much smaller HTML 5 video, then serve the smaller file to browsers who can handle it. The hosting is good, the 95% bandwidth savings is great.

techgood
  2014-04-01 15:56 Z