December 2004

Joel on Software should be essential reading for anyone in the business of creating and selling online software. Joel has huge experience in the field and his personal blog is a wonderful showcase of useful information and interesting anecdotes.

His recent essay: Camels and Rubber Duckies is another must-read even if the title seems rather esoteric. In a nut shell it is a point of discussion on selecting pricing for your software products and something to keep in mind if you ever decide to sell the fruits of your labour. There are no firm answers but it definitely gets you thinking. It covers some of the factors we take into consideration when pricing our products. Contrary to popular belief, we don’t simply pluck a figure from thin air and use it, we actually do a lot of calculation based on demand, cost of support, product worth and projected sales (which is tied to the price model we select).

I firmly believe that any company has to constantly change and evolve to survive and succeed in this market and staying stagnant for too long or using a model which does not account for growth is a very bad idea. Our main competitor is actually using their stagnation as a selling point. They, for some reason, believe that not reviewing their pricing and licensing models for over four years is a good thing and creating an unscalable support structure with over-promised support targets is a secure and long-term business model.

Takes all sorts, I suppose.

The internet is like a fun sponge at times. While we amuse ourselves with flash animations of frogs in blenders and armless characters in Home Star Runner we seem to be unable to bask in the warmth of a seasonal holiday.

People post stupid lists of how scientists have proved that Santa doesn’t exist and we argue whether or not one man could visit every child in the world in one night. Are there ever likely to be flying mammals with light bulb noses? If Santa was real - would he be arrested on paedophile charges?

Should we say "Merry Christmas" and risk offending every non-christian in our community? Should we put up a few pictures of Santa or a cute nativity scene or would we see a revolution from sympathetic non-christians? What makes a Christian? Do I have a right to say Merry Christmas having never been to worship in a Christian church? Does that make me a hypocrite? Should we be forced into purchasing unwanted gifts for people we rarely see? Is it just another commercial holiday? Is it just a pagan festival that has been hijacked by toy manufacturers?

I don’t care. To me Christmas is about love and family and I’m looking forward to it. So, if you’re easily offended look away now.

Merry Christmas.

A little while ago, I blogged about why I considered "full disclosure" to be a potentially damaging way of dealing with security issues that arise in internet software.

Yesterday saw a simple vulnerability in phpBB responsible for "hacking" over 40,000 websites. This so-called "Santy Worm" used a very simple exploit in the phpBB code to spread to other websites. Once a phpBB installation had been infected, it used a Google search to indentify other exploitable phpBB installations to further spread.

The exploit itself is nothing too clever. A simple and innocent urldecode() allowed unsafe data to be passed into PHP. Usually, this kind of vulnerability is fixed and a patch issued and thats about as far as it goes. Even though the phpBB developers released a fix pretty quickly, its uptake was pretty slow which allowed the worm to do so much damage.

This is quite a turn of events as this means that any simple vulnerability in any piece of internet software can be turned into something quite malicious and in a matter of hours deface thousands of installations leaving webmasters and software developers with quite a mess on their hands.

Google have said that they are going to do more to respond quicker to these type of attacks but it’s not really their fault. It’s also not the fault of the phpBB team. This is the problem - no one is to blame and no one can do anything to really prevent this from happening in the future.

In the mean time, it might be an idea to remove the version number from the board copyright.

The internet has brought us many things. Instant global communication, online shopping and fan-sites on ninjas but to name a few.  The internet has also brought us a fair amount of idiots. Actually, it’s an unfair amount of idiots but they do make for entertaining reading as the website Bash.org proves. Here are a few of my favourites:

<Ben174> : If they only realized 90% of the overtime they pay me is only cause i like staying here playing with Kazaa when the bandwidth picks up after hours.
<ChrisLMB> : If any of my employees did that they’d be fired instantly.
<Ben174> : Where u work?
<ChrisLMB> : I’m the CTO at LowerMyBills.com
*** Ben174 (BenWright@TeraPro33-41.LowerMyBills.com) Quit (Leaving)

<i8b4uUnderground> d-_-b
<BonyNoMore> how u make that inverted b?
<BonyNoMore> wait
<BonyNoMore> never mind

<calin> we had a guy at school that wore black lipstick.. and was all gothy.. and then one day we caught him buying an assvibrator
<ecoli> ew.
<ecoli> wait, you "caught" him?
<ecoli> like, you were behind him in line at the assvibrator store?
*** Quits: calin (No route to host)

<Sui88> 67% of girls are stupid
<V-girl> i belong with the other 13%

<studdud> what the f*ck is wtf

<frank> can you help me install GTA3?
<knightmare> first, shut down all programs you aren’t using
frank has quit IRC. (Quit)
<knightmare> …

<Mendo> lmao there’s a wicked lookign spider on my monitor and if i move the mouse around he chases after it
<spitfire> haha mendo
<spitfire> take a screen shot
<spitfire> wait
<spitfire> that made no sense

Inspired, I submitted my own quote from a conversation I had yesterday with a member of the IPS team who shall remain anoynmous.

Me: BTW, I’m listening to Celine Dion’s "Holy Night"
Me: That Canadian wafe sure can bellow out a tune.
Anonymous: That’s what I be sayin’ dawg!
Anonymous: These playa hatahs in the office don’t be knowin what da hell they be talkin bout
Me: That’s incredibly ghetto for a white man listening to Celine Dion.
Anonymous: You’re off my xmas card list!

I was flicking through a copy of .Net magazine and the "Web Builder" section had a feature on Flash and came with some examples to type into your Flash editor to learn some new Flash skills. This sent me on a voyage of nostalgia of halcoyn days long gone spent trashing away at a BBC Micro keyboard typing in a 500 line program from a computer magazine. This was before the hard drive, before the CD-Rom, before the floppy disk and just before cassette decks made portable storage possible.

It then struck me that we’re never really moving forward in terms of how we work. Whilst you now find magazine games on a CD-Rom stuck to the cover, they still list program code for Flash projects, HTML and javascript. So while technology has advanced, the way we work really hasn’t.

Let’s look at the web. It’s 1999 and 56k modems are super-fast at downloading text but images are still slow. We optimize the images to within an inch of their life to make them smaller. We all whimsically dream of a better life, of broadband and of never waiting for a 40k image to load.
Fast forward five years and even though a large proportion of the western world has a broadband connection, we’re still optimizing. Why? For those trendy PDA and mobile phone users who wish to browse the web from the airport, train station or car. We’re almost back to square one in creating different versions of our websites to enable quick loading on these memory frugal and costly devices.

In five years time when the average PDA and mobile phone has a speedy connection and bags of memory, we’ll still be optimizing for internet watches and we’ll still be typing in code for some low level programming language.

Round and round we go.

There’s nothing to see here. I’m just testing the trackback functionality on our IPS Blog software.

Trackback is an interesting feature. In a way it could be adapted to be used within forum software. You could elect to "ping" a post or topic from another forum when quoting material. The usual PHP limitations apply though; the inability to use fopen_wrappers in some configurations could cause a few minor problems down the road.

Anyway, back to working out how to efficiently compile a bunch of recursive templates in IP.Dynamic.