The malware in question is Pando Media Booster. A few years ago this software was arguably useful, it allowed games like LoL to distribute patches via a peer-to-peer network. But Pando was discontinued in August 2013. Then in February 2014 someone used Pando to install malware on any suckers who still had the software. The software Riot is still distributing. And all of Riot’s customers who clicked “yes” on the update dialog had their browsers hijacked.
Riot has millions of users all over the world. I’m sympathetic to how hard it is to make software changes; they’re famously behind on a whole lot of development projects. But continuing to distribute malware to customers is unacceptable.
Update: a Riot employee said on Reddit that the problem was "the amount of work it takes to hand update new installers for every language" and offered the idea that the previous Pando owners might help them prevent the malware. That was five months ago.
My tweet last night “Node.js is the MongoDB of programming languages” got enough response I feel I need to explain it a bit. It’s an awfully snarky thing to say, but it has some truth.
MongoDB used to be the cool kids’ database. It’s appealing when you start using it: good docs, easy to get going, a plausible story on performance. NoSQL is exciting and MongoDB is an easy NoSQL system to try. But then people started looking closer and finding all the ways it broke and now MongoDB is out of favor, at least for serious production servers.
I’m not saying Node.js is bad. There’s a lot of good in it, I particularly like that it’s made non-blocking programming more accessible than Python or Java or Nginx has. Mostly I’m just mocking the fashion of the month. It is a shame that people are rushing to this Brand New Thing without knowing the history and potential pitfalls. Just like we learned with MongoDB that ACID is hard, Node users are now discovering that reasoning about continuations is hard and memory management with closures is tricky, not to mention unwinding the stack on errors. The Node community is hard at work on improving things, hopefully that development process will lead somewhere productive.
I had no idea Microsoft’s Bing Ads included an option to import from Google AdWords. Complete with simple OAuth-like authentication and seamless data import. It’s been able to do that for at least a couple of years, I only learned about it today when setting up a Bing campaign.
Warms my heart to think my AdWords API project helped enable some data portability for Google customers. That’s essential to having a competitive market. Google AdWords is nearly a monopoly, so much so I’m surprised there’s not more anti-trust interest in Google’s ad business. Allowing customers to bring their data to competitors is a valuable step in staying honest and legal.
The drawback is Bing’s ads have to mirror Google’s crazily complex data model. (Quick, what’s an AdGroup, and how is it different from a Campaign or a Creative?) I also recently set up my first AdWords campaign in years and the frontend product is really complicated and confusing. It’s been nearly ten years since I worked on the AdWords advertiser UI, I was sad to see that it hadn’t gotten any simpler or clearer for advertisers.
There’s a new history of Perl making the rounds now that’s worth reading, if nothing else then for the dissonance of reading a whole thing written about Perl in the past tense. It reminded me of a bet my friend Marc and I made back in 1999 or so.
Marc and Nelson will agree that Python has more mindshare than Perl on May 1, 2004. If so, Nelson gets the contents of this envelope. If not, Marc does.
In 2004 I conceded he won the bet, based on this evidence of Google search result counts:
Perl: 28M. Python: 14M
I don't think anyone would argue that Perl is still more popular than Python in 2014. I looked at those measures again today, but given how goofy Google’s results count can be I don’t put too much stock in this:
Perl: 28M. Python: 45M
The ad says the URL goes to blockchain.info. The URL displayed on mouseover on the link is to a Google redirector, goo.gl/vL2zmr. But when you click the link you go through a few redirectors and end up at blockchain-info.consulpisos.com, which is allegedly a phishing site. It sure looks suspicious; that page goes straight to a “type in your password” page, which the real site hides behind several clicks.
I don’t much care about the Bitcoin part of this, but Google should really not be selling ads with fake URLs on display.
There are two terrible web properties out there that everyone hates, Scribd and Quora. Please don’t use them. Instead of Scribd just host a PDF anywhere, or upload text to pastebin or make a nice blog on WordPress or Medium or something. And instead of Quora use Ask MetaFilter or StackExchange.
Quora’s business model is to trick people into sharing information for free, then put it behind a login. It’s like Experts Exchange 2.0! For instance, on Quora you can read Who owns the copyright on content contributed to Quora? Only you can’t just read the text. Depending on your history with the site and the way you got there you may see a giant popup demanding you log in obscuring the page, or the first answer clear and then the rest blurred, or if you're lucky just the page. It appears nondeterministic.
Both businesses are deliberately trying to lock up text content to make it harder to access, to force users to pay or share advertising data or some such bullshit. The part that kills me is some engineer actually wrote code to deliberately break document sharing on the web. It’s terrible.
Screenflick is good software. It captures full video with sound from your Mac desktop, full screen or a portion. I’m using it to record games I play. Could have all sorts of applications.
There’s a variety of screen capture options on the Mac from the free recorder included in Quicktime to the market leader ScreenFlow for $99. Screenflick’s only $29 and is very good at capture, including keystrokes, mouse events, and audio via Soundflower. I also appreciate its ability to downsample the raw video when recording. It also has an impressive variety of export options.
The big drawback is that Screenflick has no editor, not even a simple interface for cropping out sections of video. My theory is that’s what iMovie is for. But folks I know who produce a lot of screencasts appreciate that ScreenFlow is an integrated solution.
I continue to maintain my linkblog; here's how it works these days. It's all managed via a Pinboard account. Every time I see something I want to linkblog, I add it as an URL to Pinboard with a browser extension. My Pinboard page is the web view of my linkblog. Pinboard also publishes an RSS feed for my followers. I also use dlvr.it to automatically tweet my links to a Twitter account.
The Twitter account has been very successful for me, it's a natural form of engagement for the short form. (The follower number is hugely inflated because it was a featured account for a couple of hours a long time back.) The Pinboard extension is great because it makes it very easy to linkblog any URL I'm looking at. I also like that Pinboard archives the full text of pages I link ($25/year); I often find myself searching my own linkblog. The one drawback to my setup is the web view is ugly. That's kind of purpose, I expect people to mostly follow via RSS or Twitter. But I may yet use IFTTT or the like to set up a Tumblr for a nicer web view.
Adapted from A MetaFilter comment
XML is a ridiculously complicated data format. And XML parsers implement all the features, including the obviously dangerous and useless ones. And engineers keep forgetting to turn those features off. It’s just terrible.
Unison is good software. It’s a command line program to synchronize filesystems, to keep a directory tree identical on multiple computers. I use it to sync about 40G of files across two Macs, to keep my home directory and source code and various applications in sync. The neat trick is I sync those two Macs through a portable hard drive so I don’t have to wait for hours for files to go over the Internet. Unison can also work online so changes are propagated automatically.
Unison is a lot like rsync. But Unison is designed to be bidirectional. Rsync always syncs one way: copy A to B. Unison will look at the differences between A and B and merge them, including a limited UI for conflict resolution. This protects me from the case where I modify something on both machines without syncing beforehand.
The main drawback with Unison is it’s slow, it takes many minutes to decide what files to sync. I also hate the interactive UI; it doesn’t work well when you have lots of files that changed in both places. I’m also a bit concerned that it’s no longer under active development but Unison is the rare software that’s a complete product, it’s not clear it needs many changes.
There are other tools solving similar file sync problems, none perfect. Dropbox is phenomenal but doesn’t have offline syncing of large files. Camlistore is promising but not quite ready for civilian use. git can be used to keep stuff in sync but is better suited for text files whose history you want to keepl. And CrashPlan is great for online backup but doesn’t really provide a second live copy.