Wednesday, December 24, 2008

Phone Review: BlackBerry Storm

I'm eschewing my standard phone review format and making a more editorial format review. The Storm showed up on a list of the top 10 embarrassments of 2008. I really don't think that's fair. In the current market I really doubt any one is going to get very excited over a phone unless it can absolutely STOMP the iPhone...or IS an iPhone. But to call a sluggishly adopted phone an embarrassment just isn't fair.

The phone did almost everything right. They took a very mature platform, put a highly advanced touchscreen and very innovative UI on top of it. Created a very nice media player and packaged it into one of the best looking BlackBerries ever. There's nothing about the phone to NOT like. The detractors have constantly complained about the lack of WiFi, and while NICE to have, the phone doesn't NEED WiFi because the Verizon network is so good. I had the phone for over a week and never sat around thinking "Boy I wish I had some WiFi so I could use some data".

I feel the Storm is better than the iPhone in several ways:
1. Native multi-tasking. This makes on-the-go IMing work out quite a bit better since the connection is actually persistent and real-time and not some kind of answering machine service. 2. The device wide notification API allows any application to let you know you have messages RIGHT on the main screen. You don't need to depend on sound cues to know what you have.
3. The keyboard is worlds beyond what the iPhone has. The spelling correction and predictive text features are golden, I never really got into an argument with it. Also the extra physical buttons makes for an easier "No I really meant to type it that way" experience since the key is always in the same place.
4. Just about every application changes orientation as opposed to the like 2 blessed iPhone applications that do that. RIM understands that people will want to TYPE type on the phone and let you do it with both thumbs if you want.
5. MMS. Had to say it.
6. Copy & Paste. Again.
7. Haptic feedback. The phone cleverly simulates pressing a real button when navigating its interface by...making you press a real button. Yes it's the whole screen, but it really doesn't make much of a difference pressing one button for every key or each key is a button like the inside keyboard on the Voyager.
8. Programmable "convenience" keys. No matter what application you're in, these keys will do whatever you tell them. So you have 1 touch access to your camera, or your email, or anything else you can think of...without having to go back to the home screen.
9. The camera, more mega pixels, better focus, and a real flash. Physically better in every way than the iPhone's...too bad the software for it was no good.
10. It's the little things, when you're using the media player tapping one of the Up/Down keys on the side below the headphone jack will increase or decrease the volume. But if you HOLD down that button it will skip to the next song or go back to a previous one. On the iPhone you need to unlock the phone to change volume, and work your way all the way to the "Now Playing" screen to move around in the playlist. Laame.

It's a very BlackBerry thing to have several functions built into a single control depending on how long you hold it or how many times you hit it.

They missed the boat on just a few things:
1. They put out the phone a little too early (Wow where have I heard that before?), before the BlackBerry store for the phone was launched. Most of the success of the iPhone was due to the app store you had access to the first day you opened the box. Without the app store, it's difficult to find programs for the phone and even then the quality is questionable.
2. Without a "Corporate" data plan from Verizon, which costs $15 extra on top of the $30 unlimited PDA data plan, the phone will not sync anything over the air. It will RECEIVE email, and somehow mine managed a one time sync of my calendar. But after that the only way I could get appointments would be to send myself invitations. The phone does understand invitations. But reading or deleting a message (Even when selecting "Delete from mailbox & handheld") will never sync back...so you need to delete everything twice. The iPhone does this synchronization without the extra data plan. It just may not necessarily be pushing those changes, but I can live with that. This is the big point for me. Had they managed to pull this one off, I may have not cared about the lack of apps or ...
3. Pandora Radio. I love Pandora. I love it so much I paid money for access to a free service. I think what they do is innovative, unique, and high quality. They deserve to be paid. There is a Pandora radio application for any phones on the AT&T or Sprint networks, and also for any Windows Mobile phone. BlackBerries, regardless of network and ESPECIALLY Verizon, are SOL. This really irked me. While not RIM's fault specifically, this is very disappointing, especially given all the other mobile platforms the app is available on. Considering the howling the BlackBerry community has been doing to both Pandora and RIM, it may behoove both of them to sit down and work something out since it's long overdue.
4. Not really a major detractor, I really do wish that more applications too advantage of the device's multi-touch capabilities. The API includes these features. I'm betting they wanted to get the phone out to market and didn't have the time to implement it, probably the same situation as the app store. It may be coming in a future update.

Verizon didn't let me try the Omnia, which is unfortunate since it may have saved them in my eyes. But this is it folks. I tried. I tried so very hard to avoid it. I bought and tested 3 phones, and did extensive in store trials and market research on 4 others. The best of the best, available in the US. And nothing quite got it right. The Storm was the closest. And some phones that SHOULD have been amazing got crippled by manufacturers not realizing they can't bully and short-change the market.

It makes me sad.

I now own an iPhone.
I admit this likely makes me a sellout...but no one can deny the pains I took to make sure it was the only way to get the features I wanted, and I don't think I wanted much. I'd like to go to Verizon the next phone cycle in 2 years. Let's hope the market gets their shit together and learns to compete.

--PXA

Tuesday, December 16, 2008

The perfect phone

I had originally written an article describing several mistakes phone manufacturers are making in their quest to compete with the iPhone. I realized that was too negative. Instead of describing all the stupid stuff other companies are doing I should describe what I've seen that would make a phone capable of truly competing with the iPhone. On its own terms, and not just a "this is as good as I can get, being stuck with this carrier."

The phone should be about the same size as any recent BlackBerry, and weigh about as much (4-6 oz). This is important. If the screen is too small no one will be able to read the increased font and picture sizes required of a touch screen phone.
Fully or mostly touch screen phones are catching on, while full touch screen phones may not last... the idea is here to stay.
Also the weight is very important. Any lighter and the device will feel too cheap, any heavier and no one will want to tote it around as a phone.

Using a capacitive touch screen like the BlackBerry Storm and the Apple iPhone opens a few interface possibilities which the iPhone has leveraged (in a small way. If you hold the phone to a heat source while in a call, the screen turns off to save on battery.) This also allows the phone to exist in your pocket while locked and not accidentaly call people. The Storm and the iPhone are also capable of leveraging multi-touch. The perfect will leverage its advanced touch screen to save battery and provide cooler applications.

This is purely my opinion, but I love the "click" screen included on the BlackBerry Storm. It allows to have not only "tap", "flick" and "hold" events in your interface but "click", opening options like "click and hold". I'm just theorizing here, but as interfaces advance to and past the touch interface of Minority Report, differentiating between a "tap" and a "click" will become increasingly important. Having the feedback of actually clicking a real button actually helps me type incredibly fast on this keyboard. RIM done good. The perfect phone will include some form of haptic feedback, preferably in a clicking screen.

Include a real headphone jack. I'm serious. I threw the HTC Dream (otherwise known as the Google Phone or G-1) out of the race for forcing you to use a mini-USB dongle to use a standard pair of headphones. This behavior may have been acceptable when the major companies (Samsung, Nokia, LG, and Motorola) ruled the market with a laconic fist, but now that Apple has rocked the boat the consumers rule. If a jack is not offered, people will quickly jump for a new phone that offers this as soon as possble. You can't annoy the market into buying shitty Bluetooth headsets to listen to music. Not anymore. The perfect phone will let me use my own headphones without being annoying, it will let me listen to my music on my terms.

Wait long enought to offer your phone. Apple kept the lid on the iPhone for years before its launch, waiting until they could offer a comprehensive and integrated solution for each feature they wanted to include. They let the store cover anything they couldn't think of by themselves, which I imagine is what the fabled BlackBerry Storm application center will be like. Samsung/Sprint jumped the gun on the Instinct and released an unstable and immature phone into the market, and they're paying the price. Their development SDK couldn't even mimic KEY features of the actual phone (like the keyboard), crippling 3rd party development (which they tried to encourage with the Instinct Developer Contest). Make sure your device is ready to play with the big boys before you get into the game. The perfect phone will mature enough that the existing features of the existing applications will work.

Be productive. The line between entertainment phones (RAZR, KRZR, Vu, Dare, Instinct, Rant) and business phones (BlackBerry ANYTHING, Windows Mobile ANYTHING) has begun to blur since the iPhone includes all these features. The line between the "hip" and the business-folk is also blurring, as younger people become industry leaders. Pulling the RIM (Research In Motion) and charging an extra $15 a month to access your exchange/exchange clone calendar is not going to fly for much longer. This information is accessible via IMAP, just check that when you check your email and be done with it. The iPhone already does this, and Windows Mobile does it even better. BlackBerry/RIM and feature phones are the only groups not on board with this idea. Just drink the koolaid, already...people are scheduling their lives online. The group that offers this without making a big stink is the group that is going to win. If everyone puts it out there, that's one less stupid thing to judge a carrier on. The perfect phone will let me WORK and PLAY.

The perfect phone will let the user community enhance this phone. I'm talking to you, Verizon. iPhone, Blackberry, Nokia, etc provide a relatively complete SDK which allows software developers to create applications for the phone. Even if they're not blessed by the carrier and not included in a central "Application Store", you can easily install these things on several phones as long as you accept it as a security risk. The perfect phone will let me screw around with it, since it's good enough that anything I do will be enhancing the phone, not hacking around its limitations.

Realize one thing: As a mobile device manufacturer in 2008/2009 you are now a slave to the market. If Apple has proven one thing it is that a hand-held device is capable of more than anyone thought possible. Except the BlackBerry people, they've had half these features for YEARS...they're just too busy to say anything. But the other half, if your phone doesn't do it people are going to leave you for the phone that does. Apple is not exempt from this. They have a very poor history of paying attention to the market, people just happen to like what they do a lot of the time. iPhone users have been asking for haptic feedback, MMS, camera flash, video camera, flash enabled web-browsing, etc, since the phone hit the market. If they don't deliver soon, some of their customers may jump ship to a different carrier when their contracts expire...which should be soon.

Two more phone reviews will be coming soon. I will be exchaning my BlackBerry Storm for a Samsung Omnia within the next few days and will review both of those soon. Then the winner takes all championship match: The iPhone v. EVERYONE ELSE.

--PXA

Monday, November 3, 2008

Twitteriffic?

Eh, Maybe not.

If you do read this blog, there's a chance you've noticed the new Twitter sidebar widget. It says "Reluctantly". There's a lot of buzz around Twitter and that's got me on guard. Just like the iPhone (which I'm still trying to avoid), Twitter has to prove that it's really as good as everyone else thinks it is.

Every since I got into blogger and started trying to grind my writing skill I noticed there were certain little blurbs and short statements I wanted to blast into the ether of the intarwubs, but I really couldn't justify full blog posts for them. That's where I hoped Twitter would come in.

Unfortunately, I'm really not impressed. The Linux clients available are dismal, but there are some OK plugins for Firefox. When I went to add my little icon, the service told me it was "overloaded". Further, it said the cause of this was "Too many tweets." Somehow people actually USING the site had placed such a strain on their backend and/or bandwidth that user profiles couldn't be updated...but tweety activity on the main site continued unaffected. Huh? Whatever. Only it's done the same thing every subsequent attempt to get a picture up, and that's pretty annoying since the default icon is brown and lame. Also, with only about 140 characters per update...I'm not sure how the service could get that overwhelmed. That'd probably fit into a single packet.
That's another disappointment too, the character limit. I hit it with the FIRST post I tried to make, and took 3 minutes to edit and cut down...not really the amazing avenue for "mini-blogging" I had in mind. If I wanted to make updates that were this small, I'd just use Facebook's "status" feature. But everyone else seems pretty excited about Twitter so I'll continue the effort in good faith...but I'm still looking for the service I was hoping to find. Anyone got any recommendations or am I going to have to homebrew this one too?

...At least it's not completely "Web 2.0 Trendy", and called "Twttr."
--PXA

Monday, October 27, 2008

I haven't written about jQuery yet.

I realized that while I've had jQuery listed as an interest of mine for all this time I still haven't written about it. Shame on me.

One of the coolest things about jQuery, aside from the fact that it is generally kind enough to stay out of your way and let you write YOUR javascript the way you want to with just a bit of help from it (unlike some other JS libraries *cough*prototype*cough*), is the rather robust extensibility. It's almost trivial to write your own plugins for jQuery, which other people can then simply include and use like it was any part of the library. You can even override or extend existing jQuery functionality if you wanted to.

On a recent project I had to add functionality to a page to create a dynamic list of filters for some log information, which was presented on a table. The filters had different types, some were time/date fields, some were plain text, and some you could pick from a preset list of values.

Some of my favorite programming features and APIs are the kind where you can setup a large list of parameters, instantiate an object or call a method and let 'er rip. Plugins, especially jQuery plugins, really lend themselves to this sort of programming.

I ended up using this approach to write my filter feature, eventually realizing I could turn it into a jQuery plugin without too much effort.

Here is a link to my actual .js file for the plugin-ized version. And here is a basic example of how to use it.

$(document).ready(function() {
$('#filterform').filterselector(
{filters:[{value: 'state', name: 'Status', type: [[0,'Open'],[1,'Closed']]},
{value: 'customer', name: 'Customer', type: 'text'},
{value: 'opened', name: 'Date Opened', type: 'datepicker'},
);
});
The code above is used by the plugin to create the HTML to display the initial form, which consists of 3 buttons and a single drop down list. The dropdown list is constructed using the value and name attributes, where value is the and name is the pretty name. It's probably easiest if value corresponded to the name of a database field somewhere, for ease of writing the backend.
When an option is selected from the original dropdown, the script looks at the type in that filters array to decide what to add. The types of "text" and "datepicker" both create text fields, but the datepicker has a special event attached to it to popup the jQuery datepicker and let you pick a range of dates. The only other option right now is to set an array like "[[0,'Open'],[1,'Closed']]", each internal tuple (python terminology), consists of a value and a name. The plugin uses these to make another dropdown list using those tuples.

Right now creating your own types involves adding a new elseif to the code, but it'd be pretty easy to add a hook to write new type handling functions.

Anyway, I finally wrote about jQuery. Even if I suck at writing.

--PXA, apologizes for this mess.

Monday, October 20, 2008

Sound the alarms

So I was walking to my car after work today and saw something VERY curious. On the corner of RIT's building 77 (The admissions/financial aid/co-op office building) there was what looked like a glow stick, duct taped to the side of a pillar.



Seriously? It wasn't glowing, and wasn't as green as they usually are. What I'm wondering is what paranoid idiot will call some sort of terrorism warning in on it. (Boston, anyone?)...I stood around for like 3 minutes looking at it...but I was thinking about if taking it.

Fun.

--PXA

Sunday, October 19, 2008

Spreading the wealth

So on my recent trip I spent a few hours (like 9) trapped in Chicago's O'Hare airport. And at one point received a phone call from a good friend of mine who I had tapped to tend bar in my absence at Steak and Whiskey night last night. The woman next to me at the bar had a son who was a bartender and was interested when I started talking about a drink recipe.

At Steak & Whiskey 2 we created a drink which was tremendously popular called "Stand back! I'm about to try science!". Science was created through use of the scientific method.
Hypothesis: Irish Cream and Amaretto curdle.
Evidence: several shots with these 2 ingredients were curdling in the glasses.
Experiment: Mix the 2 ingredients in equal portions.
Conclusion: Not only do they not curdle, they are delicious together.

It occurred to me that by telling her the story so that she could tell her son, this drink could suddenly start being made in a remote corner of the country - Far from Rochester.

Why not the world?
Now I call on the power of the internet to spread the good word of this drink.

Go forth and get blasted!

Thursday, October 2, 2008

I <3 Launchy!

It's no big secret that Launchy is one of the best programs ever to be written for Windows.
For those unfamiliar, Launchy is an open source keystroke launcher for Windows. Effectively a clone of the incredibly useful OS X tool Quicksilver. Launchy binds to a global shortcut key combination (defaults to alt+space) and then indexes the links in your start menu as well as others, allowing you to simply begin typing the name of the program you'd like to run and then hitting enter when you've given Launchy enough to work with. Launchy also learns what your common shortcuts are, so the first time you need to launch Firefox, you'll probably need to type almost the whole thing. However, after a few weeks you'll be able to launch Firefox by typing "f" into Launchy.

I have previously made the statement the Executor was better because it allows custom keywords to be set in the application so you can configure it to...say, run Internet Explorer when you type "turdpile" :D. However, as cool as it was, it took so freaking long to display the window I couldn't deal with it.

But this isn't the reason I bring it up today. I wanted to make note of the fact that Launchy has recently released a Linux version, bringing the power of keystrokes to the GNU desktop.

Launchy provides a .deb package for Linux distributions whose package management is based on dpkg or apt-get. They also provide a source tarball which can be used to build just about anywhere else. My preferred Linux is Gentoo. Some say this is because I like to suffer. Gentoo's package management system is based on ebuild files which are a set of instructions for retrieving source, patching, configuring, and compiling. To this end I decided to install Launchy on Gentoo legitimately, using an ebuild and an overlay.

Included in this zip file is a folder which can be unzipped into your portage overlay and installed using emerge. If you do use it, you should note:
The Launchy portion itself depends on qt4, while the calcy plugin requires Boost. Since Launchy can be built without calcy, I have set this in the ebuild as a USE flag. If you would like calcy, make sure to add 'calcy' to your USE flags before emerging launchy.

As an interesting note, with any luck you may not have to go through the trouble of creating an overlay for this as the ebuilds and associated patches have been submitted to Gentoo's bugzilla to be added to portage. (YAY!)

The bug can be found here.
Vote for me!

P.S.: My good friend, Sam, has offered me some of his bandwidth and hosting space. I will be hosting all future packages and patches on his server. Check out his stuff at www.samplusplus.com He does webdesign and also makes sweet little desktop enhancement applications like Jango Desktop.

That is all.
--PXA

Tuesday, September 23, 2008

YOU'RE DOING IT WRONG! Part 3a: Intersections

I haven't written a YOU'RE DOING IT WRONG in quite some time now, and most of this whole time I've been getting pissed at more bad driving habits...and some of the same old ones.

One topic that I've been thinking about quite a bit is intersections. As a driver and as a pedestrian. They're just another thing that it seems like the driving community can't figure out.

So part 1 of intersections is the pedestrian perspective.

I tend to cross the road 2 or 3 times a day, due to the retarded parking situation at RIT, and I HATE doing this when there are cars on the road. Not that I worry about getting hit or anything like that, I HATE the way other drivers react to pedestrian intersections.
We're all taught pedestrians have the right of way. Unfortunately this combines with the modern driving tendency of relentlessly giving up the right of way when they shouldn't be (in the name of COURTESY) and you have people in command of ~5,000 lbs vehicles wearing their break pads and wasting energy (read: GAS) to stop their cars in intersections they could have CROSSED before a pedestrian got to it.

So this whole wasteful habit comes from an overdone forced politeness that society is too fond of today. But it's actually very rude.
Because you stopped your car before I even got NEAR the intersection, because you were so scared of my pedestrian ass feeling offended at you blasting your car past me now I need to hurry up and jog past you so I don't make YOU wait.

You would get pissed off at a driver who stopped at a green light because there was another car 40 feet up the road.

I'm pissed at you stopping at a crosswalk when I'm still 10 feet from the road. Seriously. If you can make it through before I get there...or HEY if your passing would make me wait a whole 3 seconds...do it. It's easier for me to stop 260 lbs than it is for you to stop 6,400 lbs.

Learn to judge distance, if I'm 10 feet away I'm NOT in trouble. LOOK OUT for pedestrians, but stop this overly polite bullshit and drive your damn car.


This installment of YOU'RE DOING IT WRONG is brought to you by Sudafed.

--PXA

Wednesday, September 10, 2008

More Cisco Linux VPN problems

I have noticed another issue with Cisco's VPN for linux, this time in the form of a module that inserts fine but won't connect. /etc/init.d/vpnclient_init status reports a good module but the interface can't be found.
When I saw this my first inkling was to see if I could change the name of the interface it's looking for in the initscript, this made status report good but the client still won't connect to anything.
This is because Cisco, in their infinite "wisdom" decided to hard code the name of the interface into the driver itself.

Your best bet is to figure out what udev rule is forcing the rename...it's probably in the file /etc/udev/rules.d/70-persistent-net.rules

Only other option is to rewrite parts of vpn_ioctl_linux.h to change the device name the driver tries to use to the one it's getting anyway, or change the MAC address and hope /etc/udev/rules.d/75-persistent-net-generator doesn't mess with your device when you reload the module.

Matter of fact, it'd be a cool patch to change those on the fly.

Hmm,

--PXA

Tuesday, September 9, 2008

Mini-update: KDE4

I just rebuilt KDE 4.1++ from SVN sources, and frankly, it makes me want to kill small puppies.
This is the list I have compiled after approximately 15 minutes of use.
  1. I tried to use the auto-hide, KDE4 does not like this. To trigger the taskbar's visibility you need to get all the way to the screen side where the panel lives, then back off several pixels. And hope. The panel would sometimes not respond or become visible then immediately fade. But the edge of the screen itself does not respond to input at all.
  2. For me, KDE starts without window decorators, if I try to enable them the panel gains a title bar which doesn't seem to accept input. This causes some problems when trying to open the panel settings. The panel settings are cool when they open since they attach to the panel. But when this titlebar is open you need to quickly cross it to get to the configuration panel, a lot of the time you will lose both panels.
  3. Desktop Folder is the crappiest thing I've seen in a long time, I would LOVE to turn this off and get a real desktop. I can't.
  4. The focus is very strange, to bring a window to front you need to click on its TITLEBAR, not anywhere in the window... I'm hoping that's a settable option but I couldn't battle the interface enough to get to the control panel so no idea here. If this is default, it's just a stupid idea.
Maybe I'll try more later, maybe I'll delete it again and wait for KDE 4.2. Anyone have any GOOD things to say about KDE4?

--PXA

Monday, September 8, 2008

Cisco Linux VPN on kernels 2.6.19+ (And x86_64)

Cisco seems to have been screwing the pooch recently when it comes to releasing good installers for their VPN software. A version of the VPN client for windows released last February had a nasty glitch where it tried to iterate every group in RIT's active directory environment 4 times. And the previous version of the Linux VPN (4.8.00) unceremoniously broke with kernels higher than 2.6.19 and remained officially unpatched (There were only community written patches) for several years. Cisco recently released 4.8.02, which brings with it full compatibility with modern kernels (tested up to 2.6.25)

However, to compile on a 64 bit kernel the module included code which modifies the compiler flags (or CFLAGS) to build correctly on 64 bit kernels. The linux build system for kernel modules (called Kbuild) does not allow makefiles for modules to modify CFLAGS directly, so it accepts a parameter called EXTRA_CFLAGS. The Makefile for Cisco VPN Client for some reason uses EXTRA_CFLAGS fine normally but in the conditional for 64 bits uses CFLAGS directly, causing the build system to throw a hissy fit. So the simple fix is to change line 15 of the Makefile for Cisco VPN 4.8.02 from
CFLAGS += -mcmodel=kernel -mno-red-zone

To
EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone

Then there's a whole slew of other issues with 64 bit kernels which are fixed by this patch.
(patch linked from http://www.lamnk.com/blog/, and written by Steven Frost)

At least there's a positive note with that: A codebase patched for 64 bit will still compile (albeit with warnings) on 32 bit systems.

I see stuff like these issues, and I've gotta wonder...Do they TEST this stuff? At all?

--PXA

Tuesday, September 2, 2008

How To: Break MOLLY!

I have wanted to post this for a long time now, but I had previously been afraid of retaliation by RIT's IT department since this exploit was discovered using their public facing website. However, http://it.rit.edu and http://nssa.rit.edu have both recently switched from Molly, a pseudo in-house solution written mostly by Ronald Vullo. Molly's status as a publicly available CMS from sourceforge opens the possibility that other people outside of RIT will be using it, and these people would probably appreciate being told about a security vulnerability in their software...unlike the IT department which would likely try to expel me or prevent me from graduating on schedule. (Yeah, I have great faith in these people.)

Anyway. Molly stands as a key case example for how you should NOT write PHP. It makes heavy use of BAD-THINGS ®, does not use any sort of legitimate string munging to prevent SQL injection, and has almost no concept of session security.
As for bad things, I mean things like polluting the global namespace, using .html files with PHP in them, the eval() statement, old functions like eregi_*(), and heavy use of $_REQUEST as opposed to $_GET and $_POST. The PHP manual itself states that $_REQUEST cannot be trusted, as you do not know which of Environment, Cookies, Get, Post, Server sources provided the variable you're looking at in $_REQUEST or if one has over-written what you actually want.

The most glaring exploit I've found, however, is related to the rendering engine the the database module (Called forms). Molly controlled pages will often have some string in their URL which tells the Molly engine how to render said page, example: people.maml?id=77&renderAs=output Or renderAs=edit
Yup. I can just see all the tech minded people thinking "What if I change output to input?".
When RIT used Molly, exactly what your worst fears were, is what happened. Each element on the page became HTML Input.


After that point it became trivial to use the Firebug plugin for Firefox to modify the contents of the page on the fly to make Molly bend over for you. To update any record you wanted, it was a simple matter of navigating to that page, changing the URL, using firebug to change the form action from "insert.html" to "replace.html" and adding a value to a hidden input element named something along the lines of "form[0][id]".

Since Molly doesn't understand security, the files which parse the form input and create the SQL queries are wide open for all to access, as long as you can post the right information.

One way these can be protected is through the use of an .htaccess file using the directive and some form of HTTP authentication. And that's probably the simplest way, but I don't know if there's anything resembling security on the rest of the engine that could be expanded to these files.

YOUR CODE IS BAD AND YOU SHOULD FEEL BAD TOO!

--PXA

Wednesday, August 27, 2008

Tech Fix: Windows Update fails when using XP SP3.

Short tech fix, intarnets:

When using Windows XP that has been upgraded to SP3, Windows update will begin to fail to install ANY updates. It will run, download, initialize, then fail. If this problem begins immediately after updating to SP3. What the root cause of the issue is, is that wups2.dll has become unregistered. This file is described as the "Windows update Client Proxy Stub 2", and I have no idea what that means. The fix is to stop the WU agent, re-register the DLLs involved in Windows update and restart the agent.

As an administrator, run these commands from the command line:
net stop wuauserv
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups2.dll (this is the real culprit)
regsvr32 /s wups.dll
regsvr32 /s wuweb.dll
net start wuauserv
Then Windows update should actually finish some updates.


Another issue seen with installations from a slipstreamed XP SP3 CD is that the installer will fail to update the web client itself, claiming certain DLLs to be in use. This is rare but it does happen.

The solution here is to simply delete the files it complains about, this is usually wuapi.dll, wups.dll, and wups2.dll...found in C:\Windows\system32\.

This message is brought to you by RIT ITS CSS Desktop Support Operations. ;)


Side note: more updates coming soon, just getting busy working and doing battle with some new computer hardware.
--PXA

Tuesday, August 19, 2008

Spare me the humanity

Ok, what? This is going to be pretty rant-ish, I apologize.
The internet today is very much about the idea of human interaction. Even in forms that are not immediately interactive. The rise of bandwidth and sites like youtube and metacafe have brought about the concept of "Vlogs", or "Video Web Logs". Before that people would record radio shows as MP3 files and attach them to RSS feeds.

All in the name of attaching a more human facade to the cold dark cloud that is the internet.

I say...STOP! I beg you!

Not that I'm saying your goals are illegitimate, far from it, I like the idea of being able to put words in one end of the internet and have some other person on the other end give me their words back...I just hate content being offered in this format. Maybe I'm just a fading member of the old guard, but I grew up on the text-based internet, and I don't see adding new venues for delivering content as replacements for text.
Even today I read "blogs", read comics, chat with people on IRC, AIM, GoogleTalk. I enjoy the value the internet has for me as a social tool, but I like those tools to be under MY control.
If I need a how-to for some programming concept, or a brief about some security exploit or idea...I want to be able to read it. Or read half of it and come back to it, or read it while watching an episode of Star Trek or listening to music. I hate the idea of having to pause whatever I happen to be doing in the background just so I can hear what you have to say. At that point you've gone beyond providing content, you've entered the realm of interrupting MY computing activities and are telling me what I can't be doing on MY computer!
And this goes double for the websites of products like cell phones or video cards, or whatever. I want to look up some news or specifications for a product, and BAM some madly loud drum'n'bass beat comes blasting at me. I spend about 1 second looking for the "STOP THIS INFERNAL NOISE" button, and then just close the tab. If you're going to dictate what I can use my speakers for, maybe I don't need to know if I can buy your phone, or your car, or your TV. These sites have even less excuse. They're doing it for flash and marketing. At least people posting their security discussions as podcast are just trying to put a human voice behind an academic discussion, and one presented in a cold and factual way.

I think we need to get used to the idea that words alone, without a face, are just as capable of representing the humanity of the person who wrote them as an audio or video recording. But then again, I grew up here.

Monday, August 18, 2008

When lolz turn to sadness

My current employment is as the Co-op student for ITS Desktop Support, the only major project so far has been the rebuilding of the department's internal website in a more interactive, database driven format. The new version of the site is being hosted in RIT's new totally redone better-than-the-old-environment-ever-could-have-been web applications environment. Despite the rather cramped space limitation, and unnecessary staging server, it's been less painful than it could be. Until I got around to porting a few of our backend processes that need to run on a regular basis. This involves command line PHP and UNIX Cron. Which would normally be well and good but this environment is really more than meets the eye.
In short, developing in it is like trying to get from point A to point B in this room:
It took a day to get database connections, because for some reason scripts run by Cron run on a DIFFERENT HOST than scripts run manually from the command line or scripts run by the browser. WHAT?!!!

These people have obviously never heard of the principle of Keep It Simple, Stupid. So when any of these points of failure go down, the whole system dies. I found this out over the weekend. Because it went down.
Every 5 minutes my cron task ran, and every 5 minutes it failed. Which meant that every 5 minutes, I got an e-mail saying that there was a problem running the script, and then another e-mail saying the script failed. I was greeted Saturday morning by well over 100 e-mails.

Remember, don't laugh at the convolution of your development environment, for it might come back and pee in your shoes.

:(


--PXA

Thursday, August 14, 2008

I done good.

I found this during random Googling:

















Gotta say, that's pretty sweet. I came in 2nd fiddle on a search to Apple, and beat out one of my favorite webcomics on a Google search.

Pretty funny considering all the comics about random Google searches XKCD does.

Edit: At the time I did this, these were the top 3 search results for that term. Just want to be clear.

--PXA

Setting up for failure, redux.

I realized the first time I tried to write about my opinion on this matter, I pretty much failed to produce anything resembling coherent thought. I'm going to try to do better this time.

I said IT is failing us as programmers. This statement derives from the original impression I got of IT when I first heard of the program, and by extension the reason I chose it. It seems a lot of people think that IT is effectively a "Tech Support" training program, and therefore requires its students to learn basic hardware, software, db, web, etc. What I always felt IT was, and probably why I have pushed the bounds of the program, is a program that aims to create technological Jacks-of-all-trades. Someone with passable skills in just about anything, but not necessarily the depth of study you'd get in a more focused major.

IT, however, seems to have no idea what it's doing. IT is incredibly unfocused, going to rather ridiculous depths in things that have never seemed important but barely skimming over things that could be very useful. Fundamentals of Data Communications, is a course whose entire contents could probably be tacked onto the beginning of Networking Fundamentals, if the sections on manually performing QAM encoding, Hamming Code error correction, Manchester signal encoding, etc were removed... Seriously? Why would we, as IT majors, need to know the configurations of the electrical signal we'd need to program a NIC?
Then examine the 3 course sequence in Java programming. This sprawling mess of an introduction to object oriented programming somehow covers basic OO, static v. instance variables, TCP/IP networking, Filesystem I/O, Basic GUI, Swing, Event driven Java, and we even had some basic game AI in a 3D environment...but no mention of what a singleton was, or a decorator, or a factory. These are BASIC design patterns that anyone should understand to work on software beyond simple scripts and applications. Maybe I'm wrong in my idea that people graduating from IT will gain employment in a development position...and it's very possible that if a student takes concentrations outside development areas they won't. But what about those of us that do? I'm not sure what the courses in the IT Application Development cover, but what about web programming? The Programming For The Web class is a JOKE, and from what I've heard Web Client-side programming (Javascript and SVG) isn't much better. Isn't web programming just as much real programming as system applications in Java or C++? Web programming requires just as much knowledge and skill as system programming. If you prick us, do we not bleed? Assuming they're teaching this stuff to THOSE concentrations...why should an application developer need to know how to write a database abstraction layer, but not a web application developer? C'mon, Guys....not cool!

There's a case to be made for "If you want to be a programmer, why not major in SE?", but SE doesn't train WEB Programmers. IT is where you go for that. I just don't think they're teaching us what we need to know.

I think I did a little better this time.

--PXA

Full Review: The Samsung M800 (Samsung Instinct)

Unfortunately, the Samsung Instinct, the most heavily advertised phone ever made by Samsung, has been measured and found wanting.
I've had the phone for about 2 weeks now and I am preparing to return it, and Sprint's plan, to the store tomorrow. That means it's review time. I'll try to keep this as pragmatic as my Voyager review but it's difficult to discuss a phone like this without mentioning its potential.

Things about the PHONE that suck:
  • The battery cover is difficult to get off until you get the hang of it. Also the plastic flap that covers the charging port (at least on the phone I had) is hard as hell to remove. Every time I have done this I've needed to use something else like a knife or a paperclip to open the flap.
  • The battery life is pretty awful, but the unit ships with a 2nd battery that's easy to change once you figure out how to get the back cover off. The poor performance of mine may have been to the poor Sprint coverage where I live, as I was constantly moving into roaming areas.
Things about the PHONE that are sweet:
  • A full size stereo headphone jack. Not a mini-jack. It's good to see a media phone with physical media attributes.
  • The touchscreen is GREAT
  • The speaker is incredibly loud.
  • The camera takes good pictures.
  • The speed is great, WHEN you have signal.
Things about the PLATFORM that are sweet:
  • The navigation is great, with the scrolls and the flicks, and the taps. They clearly took a lot of cues from the iPhone, and came up with a really fun interface.
  • The keyboard is amazing. It's incredibly versatile. Everywhere you could type you could use a full landscape QWERTY keyboard, a portrait quasi-dvorak keyboard, or handwriting recognition. (although I really couldn't get it to recognize more than 3 letters at a time. You've gotta write big)
  • Visual Voicemail is well done
  • Messaging is really cool, texts and pictures are threaded by contact.
  • The photo gallery has a lot of TouchFLO style things, makes it real fun to use it.
  • Pretty much all the updates are Over The Air.
  • The music player actually keeps playing if you leave the application, you can listen to tunes AND check your email! WOAH!
  • The email application is easy to setup, works with almost everything (I had mine with 2 OWA accounts, a gmail, and an IMAP). Although word around the forums is it has some problems with POP.
  • The navigation app is a gem. It is clear, rather accurate, and tied nicely into the movies and live search functions. Location based features on the phone really get tied together here. The thing even checks the traffic for you. It's like having a real GPS.
  • "Movies Near Me", Such a cool button. It locates you with GPS then finds theaters near you and displays movies, from there you can view showtimes, get driving directions, call the theaters.
  • Live Search, open the app, push a button, tell the phone what you want. Excellent voice driven functions.
  • Weather application is one of the best things I found. I checked it every morning, got morning/afternoon/evening forecasts and Doppler radar images.
Things about the PLATFORM that suck:
  • This phone is too new. Samsung and Sprint rushed it out to compete with the iPhone, and it shows. In the 2 weeks I've had the phone every app has been updated about 2-3 times. Some of these updates broke features that used to work. And Sprint has not done well with communicating timelines for the updates or WHAT they actually changed to their users. Not EVERYTHING about Apple is worth copying.
  • The browser is slow and kludgy. Opera Mobile won't work (well).
  • The platform uses a custom set of widgets which doesn't play well with standard J2ME, so most applications that COULD work don't. Mostly because they can't access the keyboard.
  • The built in calendar can only store 9 appointments at any given time.
  • The email application will sometimes inform you that you have new messages, when you don't. Or grossly miscount the number of messages you do have. I once had it tell me I had 63 emails when I had 7.
  • The phone cannot sync with Exchange/OWA for calendar, or use your Google Calendar outside of the browser. This is likely due to the builtin calendar being such a POS. The company that built the email application has software capable of doing this...Sprint/Samsung either decided they didn't want it on the phone or that it would've taken too long to develop the feature.
  • The phone has no instant messaging application. None of the free ones will work due to lack of keyboard, and the only online ones you have access to are static and awful because of the lack of a good browser.
  • The music application, while being really good and even having some features my iPod lacks, has an unfortunate habit of rescanning my entire memory card each time I start it. This takes almost a minute for 4-5 gigs of music, and the phone can take MicroSD cards up to 8 gigs.
  • Sprint's network is pretty bad. I'm roaming in most of the building where I work, and everywhere in my house. Including a decent amount of the area OUTSIDE my house.

That being said I still think the phone is incredibly cool, and for the most part really don't mind the idea of owning it. They need to fix the calendar, add OWA sync with it, either add an IM application or fix the keyboard problem, and get some version of Opera Mobile supported fully. If they can pull this off they can win, but people are rapidly losing faith in the phone...time is running out. If they work these kinks out they have a major edge over Verizon or iPhone, since they have a free SDK and you don't need to pay licensing just to get your apps on the phone. Without a certificate you can't access "restricted" APIs, but a cert with Sprint is much less expensive than the Qualcomm version you need to do BREW development. Also the whole thing is Java (J2ME), which makes it simpler to write applications for than C++ or Objective C. (in my opinion anyway).

I'll be paying close attention to this one and might try it again after I graduate, if I move somewhere with better Sprint coverage.

--PXA

Tuesday, August 12, 2008

Movie time: The Mummy - The Tomb of the Dragon Emperor

I find reviewing this rather appropriate given the other movie review on the site so far. That being said this will not contain major spoilers, but will however hit on major characters and their interactions. From a broad perspective.

This is the Indiana Jones 2, of the 'The Mummy' franchise. The characters are all right, and the danger, adventure, and safety of the world are not in question. Yes Indiana Jones 2 had nothing to do with the safety of the world, but bear with me.

Think about this: Indiana Jones 1 and 3 (Raiders of the Lost Ark and Last Crusade, respectively) are commonly considered the best 2 of the series. 1 set the template and 3 actually followed. 2 and 4 lag behind, and I think the reason is this... They are missing the Indiana Jones standard plot version 1.7. Movies 1 and 3 can be boiled down to Indiana Jones being witty and incredibly lucky while running from Nazis chasing after an object of Bible Myth that if in the wrong hands could end life as we know it. The 2nd movie found Indiana being clumsy almost, bumbling in misadventure running from cultists chasing obscure Indian stones. To save...a village. Yes he also did some running from a crazy Chinese businessman. And #4 found Indiana being OLD, but almost superhuman sometimes...running from RUSSIANS, chasing ALIENS. What just happened? Am I in the wrong movie franchise?
But the point remains that the fundamental pillars upon which Indiana Jones is built are: Archeology, Bible Myth, Nazis, Indy Rocks.
In that same vein the fundamental pillars of The Mummy can be seen as: Bad library research, Mummies, Mad Arabs, Rachel Weisz is clumsy yet endearing, and a hell of a lot of sand.

The Mummy 3 was actually pretty entertaining. However it seemed to focus more on the O'Connell's son, Alex, than Rick and Evelyn. Which goes against template. It's the parents trying to follow their son on HIS OWN adventure and generally being overshadowed. It doesn't help the case that the writing of, Evy especially, is just strained and BAD. Yes, they have retired, their life is boring...we GET IT ALREADY.

There isn't any research, any books, in this one. All the information they need is given to them by a magical old immortal Chinese lady.

The "mummy" here isn't even a real mummy! It's Jet Li, cursed to live out his life as Terracotta. He doesn't even get to fight for 90% of the movie. There's ONE GOOD fight scene and it's only like 10 minutes long right at the end of the film.

There's no sand, and no Rachel Weisz! Evy's been replaced! NOOOOO!

The tense dialog that worked so well between Rick and Evy, doesn't quite work when they try it between Alex and his squeeze. Later in the film there are some genuinely nice moments with these 2 characters. But they had to try really hard to get there.

It's important to note I don't think this is a BAD movie. I even think it's better than Indiana Jones 2. There's no Short Round, the fate of the WORLD is still at stake. It's even got some bad ass kung fu and a pretty cool undead army. All pluses in my book.

If you can get to the flick for under $5, it's worth it. Otherwise the lack of Egypt...and more specifically Egyptology make it a little disappointing if you paid more. The Mummy is supposed to involve a cute girl in glasses reading out of a huge ancient book trying to figure out who Brendan Fraser needs to punch to save the world. This one just doesn't deliver that.

--PXA

Tuesday, July 29, 2008

How-to: Full read/write access to ReiserFS in Windows Server 2008 x64

Yes, I am fully aware of the ReiserFS IFSD project. However due to the somewhat draconic driver signing requirements of 64 Bit Server 2008 this driver doesn't load. I have heard you can convince it to in 32 bit versions of the OS. There's something about the image hash integrity that prevents it from working. I may try to recompile this in 64 bit but that is a project for another week.

However, it's still possible to gain access to your ReiserFS (and any other linux filesystem you'd like) using free tools in Windows Server 2008. All it takes is some time and a rather twisted hack.

You will need:
  • An installation image file (ISO) for your favorite linux distribution. If you don't know linux that well I'd recommend Ubuntu or Fedora. I used Gentoo, since I knew I could make it a very small installation.
  • VMware Server 1.0.6. VMware Server is free, you need to fill out a web form to request pretty much any number of license keys.

At the end of this article I've provided the kernel configuration file I used for Gentoo as well as my smb.conf.

Start VMware Server, before you install you should reboot. Press F8 before windows loads, and make sure to select "Disable driver signature enforcement". Before some recent patches, this could be set permenantly using bcdedit, but no longer works. It is recommended you suspend your windows installation instead of shutting down to avoid having to do this every time you boot your system.

Connect to localhost and create a new VM, use typical settings. Selecting the type of OS you'll be running is only really useful for VMware tools, which I won't discuss here. Feel free to comment on this. Call it whatever you want.
At the networking screen, for security's sake it's advisable to use NAT or host-only networking. I used NAT.
The next screen is for the size of the virtual hard disk. This doesn't really matter, and should only be as large as absolutely needed for your linux of choice, but really shouldn't need to be much bigger than 6 or 7 gigabytes. My Gentoo installation is about 1.3GB, and could probably be made smaller.
For the CD-ROM drive, if you've burned your installation disk use the physical drive, otherwise select the image file you downloaded earlier.
Finish setting up your VM and start it. With no data on the virtual hard drive, it will boot off the CD. For the sake of the length and scope of this article, I will assume you know how to setup the distribution you selected. When you get to a point where you can, make sure to install the most recent version of Samba you can.

Once your linux VM is installed and working, shut it down.
In the VMware console select the VM and click "Edit virtual machine settings", then click "Add" to add hardware. The 3rd option when adding a drive should be to directly access a physical hard disk, for experts only. Click 'ok'.
The names VMware gives the disks in your system are probably not the most descriptive things in the world, but you select to use Invidual Partitions and click next you can see the partitions and their types that are available on the selected disk. Select your Linux partition(s).
Start your VM again.
Once you are up and running, fdisk -l or the system browser should recognize the new disk.

Open the file /etc/fstab as root in your editor of choice and add a line similar to this:
/dev/sdb1 /mnt/reiser reiserfs user,defaults 0 0
Where /dev/sdb1 is the name of the partion as shown in fdisk -l. Also make sure the directory /mnt/reiser actually exists. If it doesn't, create it (you will likely need to be root).

Now mount /mnt/reiser.

The final piece of this convoluted puzzle is samba, the smb.conf file.
[global]
workgroup = WORKGROUP
netbios name = vmlinux
server string = Samba Server %v
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
[reiser]
path = /mnt/reiser/
public = yes
writable = yes
browsable = yes
guest ok = yes

Make sure samba is configured to run on startup...in Gentoo this is
rc-update add samba default
in Ubuntu or Fedora you can configure this in the GUI. If your desktop is GNOME, this will be in System>Administration>Services

Either reboot here or start the service /etc/init.d/samba start

Now back in Windows, open the explorer and go to Network. If you are using Aero you will need to hit the 'Alt' key to see the 'Tools' menu. Select 'Tools' and 'Map Network Drive'.
Select whatever drive letter you want, and as a folder use:
\\vmlinux\reiser
Click 'Finish' and you are done! Yay! You can now open your linux partition under windows and have full access to it.

If you left 'Reconnect on logon' checked when you mapped the drive you should edit the virtual machine. In the options tab of the edit dialog, select the Startup/Shutdown setting and from the dropdown box under "On host startup:" select "Power on virtual machine"


Click here for the Gentoo kernel .config file


As a note I wrote this while incredibly hungry, so it might but hard to understand some things. I might be rewriting sections of it to word things better later...if it looks like anyone's coming here and reading this.

--PXA

Saturday, July 26, 2008

How-to: VLC/Windows Full Screen Video trick.

Once upon a time, nVidia cared about us. The nVidia control panel was hard to use but pretty slick and it had one feature that I thought was absolutely great: There was a video overlay feature that would automatically clone any video output from either screen in full screen on a screen you specify.
In Linux I can simulate this by selecting a screen for full screen output, and VLC will comply without hesitation every time I go to fullscreen mode and every time I add a file to the playlist...it opens in full screen ON THAT SCREEN no matter where the VLC window is.

Windows has befuddled my every attempt to do this. In Direct X output mode video uses the wrong aspect ratio in XP and forces Vista to change from Aero to Vista Basic, and displays on a portion of the video. (Your milage may vary). And OpenGL requires me to move 51% of my window to the other screen, but then if the next video on the playlist starts and I have moved the window to a different screen, it full screens there. Usually on top of my work.

After some experimenation using VLC 0.8.6i on Windows Server 2008 I have managed to get an affect that is close to my Linux experience.

The final result is this: A VLC player with controls, but no video in the main window and video automatically playing in full screen, on the same screen each time (even after the next video in the playlist.)

First enable full screen off the bat so you don't need to force the video into full screen when you start VLC the first time:

1. Go into the settings menu and open preferences, check the box that says "Advanced Options"
2. Select the "Video" section from the box on the left.
3. Check the box that says "Fullscreen Video Output"
4. Scroll the main settings area down to place where you can see "Window Properties"

"Video Height" and "Video Width" should be set to the height and width of the screen you will be viewing your full screen video on. (In this iteration of the technique this is not strictly necessary, but is a leftover from experimentation with the "clone" video filter which would allow video in both the main window and the extra screen)

In my case this is 1024x768 screen.

5. The next 2 options will be Video X and Video Y. In my case, my 1024x768 screen is to the right of a 1280x1024 screen. So I set Video Y to 0, so it's at the top of the screen, and Video X to 1280 so that it will be in the left corner.

6. Further down the window will be another box for "Window decorations". Uncheck it.

7. The very last option on the left should be "Interface", expand this, and then expand "Main interface". Select "wxWidgets" from this list. Unceck the options for "Embed video in interface" and "Size to video"


While this is incredibly involved and rather inflexible, it does get me video the way I'd generally watch it and could hopefully be of use to someone else.

As a note I already tried getting Windows Media Play, MPlayer, and Media Play Classic to behave the way I want them to (like VLC/Linux) but had no luck. MPlayer wouldn't even play ANY video on my other screen.

--PXA

Sunday, July 20, 2008

Full Review: The LG VX10000 (LG Voyager)

I have had the LG Voyager for just shy of a full week now and I've uncovered several things I haven't seen in any review so far.

Let's get this out of the way.
Things about the PHONE that suck:
  • The phone is soap bar shaped, there are buttons on only one side. Unfortunately if you're not looking for these it's too easy to hold the phone upside down. In 6 days I have done this twice. Despite the slickness of the phone, it's hard to look cool when you're jabbing the speaker.
  • The speaker. The speaker is pretty good for regular calls, when speakerphone is off. The speakerphone speakers (Yes, two...AMAZING) are on the inside of the flip. The first time I turned speakerphone on I didn't even realize it, the volume was still so muted. Honestly, who opens their phone to talk unless it's SUPPOSED to be a flip-phone?
  • They only have a mini-jack, not a 3.5mm
  • I wish they put a slide cover over the camera lens. Not really a big deal but I keep putting my fingers on it when I hold the phone when it's flipped open.
Things about the PHONE that are sweet:
  • I gotta say I really like the unique interface. The 2 screens, the flip, the full QWERTY keyboard.
  • Slide out antenna for mobile TV to improve reception. It makes it look like one of those old battery powered handheld TVs.
  • The touch screen is very good, so is the keyboard. I can type pretty quickly on both. The locations of the spacebars on the full keyboard is a little eh, and differs from the on-screen one...you have to learn 2 different layouts to use 1 device. But the keyboard is still sweet.
Things about the PLATFORM that are sweet:
  • Relatively responsive.
  • Custom shortcuts.
  • VZ navigator has gotten quite a bit better since I last used it 2 years ago when I got my RAZR.
  • The keyboard does sometimes self-correct if you shuffle across a key very fast or put in 2 letters very fast that make absolutely NO sense. Or at least it seems that way. The haptic and audibly feedback is good stuff, too.
  • The mobile IM app is nice, in the fact that it supports both screens.
  • The contact list is layed out really well.
Things about the PLATFORM that suck:
  • The mobile email app sucks out loud. It only runs in the inside screen, it's slow. Scrolling sucks. It won't pull URLs from messages, but sometimes finds phone numbers hidden in them.
  • The mobile IM app is ugly as sin and hard to use from the touch screen. If you open the phone to type a message using the real keyboard (since it's a little easier, and you can see IMs other people send when you're typing.) then close it again, the application quits. Also it has a "SENDING" screen when you send an IM...not very instant, is it? This app also seems to have a HELL of a time connecting sometimes.
  • There is an application, RemoSync, which costs $10 to install and allows syncronization with Microsoft Exchange. This is worse than staring at a horse's ass for a protracted period of time. It syncs calendar, but to its OWN application not the phone's main calendar. It does this BADLY. When I tested it missed half my recurring appointments and a few standard ones. It also only pulls the last week of email. Also for some reason I had to turn the application's SSL off to work with RIT's servers. This was odd since we use SSL on our servers for MAPI and OWA.
  • The phone can't multitask at all. If you close the phone while something's running, the app will close. You can't do ANYTHING while the music player is running. There is no rhyme or reason as to which apps require you to open them. Most of them are obviously hacked up ports from the standard platform to the dual-screen/touch screen paradigm.
  • The SMS app seems to be the only application on the phone that doesn't allow the wide touchscreen keyboard to be used. You're stuck texting your friends on your pimpass touchscreen phone using a touchscreen keyboard that's faking your old 10 button phone keyboard.
  • The Obligo browser is a piece of junk. Don't even pretend.

I've enjoyed having the phone, but I intend to take it back in another week. It definitely isn't worth the $410 I paid to get it without a contract.

What I would love to see is a phone with the unique physical attributes running something like LiMo or Android. An open platform that the development community can make stop sucking. I daresay that the extra screen would make a linux phone on the Voyager sweeter than the Instinct or the iPhone.

As a closing, I'm sure I missed something here someone wants to know about the phone...I am always available on AIM or by e-mail for questioning regarding anything I write about.

--- PXA

Saturday, July 19, 2008

Dark Knight For Dummies.

I recently had the pleasure of seeing The Dark Knight in IMAX. It was an absolutely amazing film, tinged slightly by the passing of Heath Ledger. Although the movie is really a fitting memorial.

During the movie I was surprised initially at the rambling feel of the plot, and the ridiculous feel of the dialog in some parts. I read a review that described it as "operatic", that's a very good way of putting it. Phrases like "Gotham's White Night", "He's not the hero we deserved, he's the hero we got.", "We'll hunt him, because we have to...because he can take it.", ...the word "MUST", and such are peppered in.

And it seemed like every 20 minutes the movie was reaching an epic climax, which would lead directly into the next building sequence. Not that I don't think movies should do that, I thought it was excellent, but it just didn't fit with the very clear and straight plots modern films and the previous Batman films have had.

It took me until almost the last frame of the film to realize what I was missing. And I'm disappointed it took me so long. I realized all these make more sense when taken in a different context. If you think about it not as a movie, but as a comic book series, it all makes more sense. The dialog while somewhat overstated and strange when spoken is now perfectly at home in a speech bubble. The repeating epic points are like end of each book, keeping you there so you buy the next installment.

Recent films have been following in this trend, emulating graphic novels. Most are far more blatant, being based on the novels, being cell shaded (Or using a very obvious visual style). The Dark Night is very much like these in scope and attitude, but opting for a more striking true-to-life visual look.

Viewed with this in mind the whole thing really does feel more ingenious, a more epic vision. It's a little strange to think that a MOTION PICTURE is made better by imagining it as a photo-realistic, live-action comic book...but it works.

Monday, July 14, 2008

I do not own an iPhone.

I own a MOTORAZR.
My poor phone has had its balls unceremoniously removed by my wireless carrier. Yes, I admit, I have Verizon.

My Verizon contract is expiring in November. Since the standard cell contract is 2 years, I have been shopping for not only a new phone but a new carrier. I'm going to be graduating with this phone, and this carrier. Verizon got me when I was graduating high school. They were appealing on plan cost, "in" calling. I didn't care much about phones or features. Times have changed. I'm addicted to the internet, I need e-mail at my beck and call, IM available at all times...just in case. My life is ruled by Microsoft exchange. I'd really like to have that calendar at easy access.
My iPod is beginning to die out. Bad battery, freezing hard drive...it's out of warranty. Why buy two devices when I can get one? Unfortunately the only "one" device is the iPhone. There are a few that come close in cool. And given the type of people who've jumped on the iPhone...I've really been trying to avoid buying an iPhone.

So I've been looking for my transition phone on the eve of the release of Apple's next massive lifestyle addon. And HOO-Boy, it's hard to avoid.

However there are several other phones available on the market (Closed source/proprietary OS phones only...I have yet to see hide or hair of a LiMo or Android phone) with compelling feature sets.

This excludes the Windows Mobile and Blackberry phones. I don't know why, but it always feels like these phones are trying to violate my corneas in incredibly inappropriate ways. SO! I ignore them.

The LG Dare: 4 Cool points.
The LG Dare is an all touch screen feature phone. I think it is of note because it is the only phone I have seen that has a concept resembling a desktop, and not just a collection of shortcuts. The "dumped" look of the icons on the "desktop" is very interesting, and very indicative of the amount of eyecandy the phone presents. The phone uses the same mobile e-mail app as most Verizon phones. It also has its balls removed, like most Verizon phones. The calendar is passable by itself, but it doesn't sync to...anything. The e-mail app on the touch phone doesn't provide the most compelling interface, since it's just an update of the old app to use touch interaction, but it serves well. The screen is very bright and clear and the touch is very responsive. But in the pure-touch contest it can't compete with the Samsung Instinct or the iPhone, it just doesn't have the features those do.

The LG Voyager: 6 Cool points.
The Voyager is a dual screen phone carried by Verizon. There is a touch screen on the front allowing access to the phone, contacts list, some other features. It does a very good job here, the phone is very easy to use. To use any of the advanced features like the browser or the text client, you simply FLIP the phone open to reveal a full QWERTY keyboard and another GREAT screen. This one's not touch though. Aside from the interface differences (The keyboard, the dual screen) this one doesn't have anything on the Dare. The Dare I used at the store actually had the e-mail app installed, the Voyager didn't. The phone actually loses there. The Voyager does have several cool points on the Dare, simply by virtue of its unique interface.

The Samsung Instinct: 8 Cool points.
This phone is seriously one of the coolest things I've ever held in my hands, next to girl-parts. This is another all touch screen phone. It has a very large screen, a bit smaller than the iPhone's, but larger than pretty much everything else on the market. Even those eye-porking blackberries. The colors are smooth, the screen is great...even for video. The browser is marginally better than the Verizon standard browser. The phone also has a pretty-ok music player and a standard headphone jack. Which serves my purposes well. I love the interface on the phone, the menus are very intuitive, the keyboard is surprisingly good, the phone app is slick. The haptic feedback is done quite well, it's present but not obnoxious. Sometimes it lags a little bit when switching layouts or moving between applications but it's still better than anything Apple's done. The e-mail application on the phone configures almost effortlessly to work with Outlook Web Access, but doesn't sync to the calendar. The lack of calendar sync is really the ONLY thing I don't like about the phone. Since they're scraping OWA already it'd be pretty inconsequential for Samsung/Sprint to hook this into the calendar, much like the Evolution Linux e-mail client. Unfortunately the platform the phone runs on is closed so no one can write a bridge...Samsung will have to do it, and they really ought to do this, if they want to compete with the iPhone. And WOAH they want to compete with the iPhone.

Apple iPhone 3G: 9 Cool points.
This phone has been written and talked about ad-nauseum. I'll keep it short. Think of the Samsung Instinct: now make it a little wider, taper the edges, brighten the interface, add calendar synchronization to Exchange, add some more applications on the phone by default, remove the haptic feedback, double the maximum storage capacity (but remove the expandability), and add an SDK. The iPhone uses a heat sensitive screen for its touch, not pressure like most of the touch phones on the market, slight difference but given the SDK people could actually use this. Also add that it's an Apple product, and everything that comes along with that.
...Turtlenecks, berets, inability to upgrade computer hardware, a strange desire to round all the corners on websites, goatees...


So there is the not quite objective review of feature phones. Despite my very strong desire to NOT like the iPhone, it still wins on cool...but only barely beyond the Instinct. Unfortunately Apple's always going to have the upper hand since the phone runs OS X under the hood and that allows for the robust SDK. A proprietary platform like the Instinct's will never compete with this. Samsung's only move would be to adopt LiMo or Android. (*wink*) I have reserved the 10/10 cool point rating for a phone like the Samsung Instinct running an open platform. An unencumbered phone WILL beat the iPhone...because OSS developers will make it so.

--PXA

Wednesday, July 9, 2008

Exchange Form-Based Authentication and WebDAV in Python.

Since I've become employed fulltime at RIT, in addition to my part-time work with Synacor and trying to maintain something resembling a sleep schedule...I haven't had too much time to write. I did complete a successful test of the gcal sync software and then realized that IMAP won't allow me to place appointments into it making 2 way syncing impossible. So I have been forced to try to re-architect the script using Exchange's poorly documented WebDAV API.
WebDAV is supposed to be an XML web service that goes over HTTP/HTTPS. Unfortunately Microsoft can't do anything right. DAV uses several non-standard HTTP methods, like SEARCH, PROPFIND, PROPSET...instead of the standard HTTP GET, POST, and PUT methods.
Microsoft Exchange also has a bit of a quirk called Form-Based Authentication. When you enable Outlook Web Access, this is the only way to authenticate. Without OWA you can use Basic HTTP Authentication which is pretty easy. With OWA you have to do some interesting maneuvering to get your query in. From a theoretical point of view, what you need to do is simple:
  1. Fake an HTTP Post to the owaauth.dll file.
  2. Receive the response headers and pull the cookies, store them.
  3. Send these cookies back to Exchange while making your "special" DAV SEARCH request.
However, implementing this gets a little annoying. I've been using Python...which has a pretty slick high-level network protocol API, called urllib2. Which can automatically create HTTPS connections, parse HTTP response headers and grep out the cookies, create requests and urlencode GET and POST strings, all sorts of happy things. Unfortunately this library only deals with GET and POST, unless you write your own "handlers". I wasn't sure how to go about extending the library so I chose to go the dirty hack route and implement the functionality I needed at the low level.


import httplib,urllib2,cookielib,sys,getpass,Cookie

exchserv = raw_input('Exchange server: ')
loginex = raw_input('Enter Exchange Username: ')
passex = getpass.getpass('Enter Exchange Password: ')
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPSHandler(),urllib2.HTTPCookieProcessor(cj))
urllib2.install_opener(opener)
owabody = 'destination=https://'+exchserv+'/exchange/'+loginex+'/&username=main\'+loginex+'&password='+passex
owaheaders = {'Content-Type': 'application/x-www-form-urlencoded',
'Connection': 'Keep-Alive',
'User-Agent': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)',
'Host': exchserv}
owareq = urllib2.Request('https://'+exchserv+'/exchweb/bin/auth/owaauth.dll',owabody,owaheaders)
owa = urllib2.urlopen(owareq)


conn = httplib.HTTPSConnection(exchserv)
conn.set_debuglevel(99999999999)

#there is nothing I like better than manually constructing HTTP headers.
conn.putrequest('SEARCH','/exchange/'+loginex+'/')
conn.putheader('Content-Type','text/xml')
conn.putheader('Content-Length', len(davapptquery))

stringofdeath = ''
for i in cj:
stringofdeath += i.name+'='+i.value+';'
conn.putheader('Cookie', stringofdeath)

conn.endheaders()
conn.send(davapptquery)

resp = conn.getresponse()


Where davapptquery is an unholy string containing a SQL query wrapped in some XML.
I pretty much suck at python, but this does work. Someone better could probably more easily create a handler for exchange's DAV insanity.

Monday, June 23, 2008

Complaints and Grievances

George Carlin died today, of what I understand to be a heart attack.
That sucks.

I started listening to Carlin around the time I was a Freshman in High School, and for better or worse, he shaped a lot of my outlook back then. And still does, but really it's hard work being that angry all the time so I had to calm down. He might have major psychotic fucking hatreds, but for me it's OK to have pet peeves.
My first idea for mourning the man was to go to the bar with my friends and raise a pint of Arrogant Bastard Ale, for a real Arrogant Bastard...unfortunately due to the New York State Driver's Assessment fee I'm dead broke. SO for now I'll just recount some of my favorite Brain Droppings. And go to the bar after I get paid on Friday.


  • "I don't have Pet Peeves, I have major, psychotic fucking hatreds"
  • "Just last week I either ran over a sheep, or a man standing in the road wearing a sheepskin suit."
  • "If you're looking for self-help, why would you read a book written by somebody else? That's not self-help...THAT'S HELP! There's no such thing as self-help...if you did it yourself, you didn't need help! Try to pay attention to the language we've all agreed on."
  • "And one more item about children: this superstitious nonsense of blaming tobacco companies for kids who smoke. Listen! Kids don't smoke because a camel in sunglasses tells them to. They smoke for the same reasons adults do, because it's an enjoyable activity that relieves anxiety and depression."
  • "Either get a hat or don't. No one's interested in the top of your head. Go back to the store and tell them to give you the rest of the hat. They've cheated you."
  • "And then we're gonna colonize deep space. With our microwave hot-dogs, and plastic vomit, fake dog shit and cinnamon dental floss, and lemon scented toilet paper, and sneakers with lights in the heels. And all these other impressive things we've done down here."
  • "The truth is obedience and respect should not be automatic. They should be earned, and based on the parent's performance. Some parents deserve respect. Most of them don't. Period."
  • "You ever notice anyone driving slower than you is an idiot and anyone driving faster than you is a maniac?"
  • "I have a strong immune system and it gets a lot of practice. My immune system is equipped with the biological equivalent of fully automatic military assault rifles, with night vision and laser scopes. And we have recently acquired phosphorous grenades, cluster bombs, and anti-personnel fragmentation mines. So when my white blood cells are on patrol reconnoitering my blood stream seeking out strangers and other undesirables, if they see any...ANY suspicious looking germs of any kind they DON'T FUCK AROUND. They whip out the weapons, wax the motherfucker and deposit the unlucky fellow directly into my colon. No nonsense. There's no Miranda warning, none of this 3 strikes and you're out shit. First offense: BAM! into the colon you go!"

For some reason I can't go a day without thinking of these 2:
  • "You know when I wash my hands? When I shit on them!"
  • "You just need to wash the 4 key areas: Armpits, asshole, crotch, and teeth!"


And of course:
"Shit, piss, fuck, cunt, cocksucker, motherfucker, and tits."

Listening to Carlin I noticed how easy it could be to use language to change something that made me mad into something I could laugh at.

Thanks, George.

-- PXA

Monday, May 26, 2008

Indiana Jones and the raiders of the temple of the lost crystal ark

I have seen Indiana Jones 4. My impression are thus:
Harrison Ford is old, but surprisingly good.
Harrison Ford is old, so his pants are suddenly incredibly baggy.
Mutt is a STUPID name for a character. I don't care if he's a greaser.
It's hard to write a greaser without making them fix their hair every 30 seconds. It's creepy, stop.
Lucasfilm has lied to me. They have billed Cate Blanchett, but in actuality have cast Lime Helmet Cat. I guess he was cheaper.





And (SPOILER)












What the hell is up with the hook? In raiders the ark was just a box until they opened it, temple of doom it was just a sect until the magical heart ripping out thing. Even in last crusade there was nothing magical until they found the knight and drank from the cup. The whole time through #4 there's some crazy crystal skull which is magnetic (despite being crystal) but also somehow attracts gold, scares away plus-size jungle ants, drives space miners insane. (Right: picture of insane space miner)

And seriously...inter dimensional aliens? Maybe you should'nt have explained the skull to us, George.










However, it could have been much worse and I actually enjoyed it. As a matter of fact, I wouldn't be opposed to the concept of more Indiana Jones, even if Harrison Ford is old.

Sunday, May 11, 2008

Setting up for failure.

As an IT student it, certain things about the way IT is viewed by the rest of RIT. Not the least of which being why everyone I meet always says "Oh, don't you mean 'I Tried'?" when I mention I'm an IT major. I always feel like I need to defend my major, because really...in college we are defined very much by our majors, because once we graduate these will be our careers and we'll be defined by our jobs. Sorry, Fight Club.

As depressing as it is, though, I realize there's an amount of truth to the myth of I Tried. In some sense, anyway. I don't know a single washed out CS or SE that went to IT because they couldn't hack "real programming".

RIT's first mistake is using Java to teach Programming and OOP to IT students. At least in CS you're eventually exposed to C++, but that leaves a bitter taste with a lot of people. They get used to the language coddling them and holding their hand, which is what Java does. In addition, it's incredibly well documented which makes it easy to teach. But the way the sequence is designed, all you do is learn to write code...they don't teach anything about design, or WHY OOP, or the more groady low-down details of programming.
Not that I have any idea what would make a better language...Python maybe? The problem isn't the language, but how they teach it. They spoonfeed you things, and never teach you how to be a programmer. It sets people up to fail when they think they know how to code but don't actually know the finer points.

Since I am on the web track, I had to take RIT's programming for web class, but was lucky enough to be allowed to bypass it. I helped out tutoring some of the students and I was initially horrified at the way to class was taught. It taught students to use procedural, spaghetti code. Now while there isn't anything wrong with procedural code...make spaghetti of HTML and PHP is very bad. It's hard to maintain, confusing to debug, and makes it nigh on impossible to correctly design a large project.
Soon I moved from horror to disappointment when I realized that that was how I learned to code PHP, but I moved on. Unfortunately what I had that RIT doesn't (Maybe can't?) teach is the idea that there is more beyond this.

What they're not doing, is exciting people about programming. Now I'm not saying that they should be trying to get people to become programmers if they don't like it, but there's gotta be a decent amount of people in these classes...especially track courses...that already like programming or are just looking for a reason to.
In programming for the web, RIT should show off some cool stuff that PHP can do. CMS, templating code, sessions, security layers, image editing...interact it with some javascript. Make it do cool stuff on the backend, like talk to other services and send info back to the browser...and not just databases.
All they teach is code-by-numbers quizzes and blogs. Some basic "stick some PHP in here to pull from MySQL and bake a dynamic website" stuff. Yes it's simple and gives you enough to learn the basics of the language...but people need to know it's a spring board to REALLY dive in, and not the end of things.

RIT's failing us as IT programmers, and it's making us look bad. Not cool, dudes.

--PXA

Monday, May 5, 2008

Shenanigans!

The requisite post describing how sweet Steak And Whiskey Night was will be coming soon. This post is serving as an announcement, I am calling shenanigans on the IT department.

I have found a security vulnerability in http://it.rit.edu/, the IT department's public facing website which allows me to arbitrarily inject faculty and staff into the site's database. I have made the department aware of this issue, however should they fail to acknowledge the issue or attempt to take any action against me I will make the exploit publicly available.
Also should they fix it, I will also make the exploit (and my theories for how they fixed it) publicly available as website security is an interest of mine...being a web developer. It should be an informative adventure.

Also the IT department has elected to not offer the course I need to finish my concentration in fall, meaning I will likely not get to take it until winter...and I'm sure will somehow play a role in prolonging my stay at RIT.

-- PXA

Thursday, April 17, 2008

Checking for life...... Not found.

Since the last update to BE, RIT has been bending me over the desk as is its custom. I have a small amount of time free at the moment and I feel I need to keep a modicum of momentum in my quest to have a regularly updated web log. Since I have nothing major to report I will just summarize.

RIT SG:
RIT Student Government Elections are this week, I have already voted. My initial thoughts on the election can be found at the RIT Sentinel:
http://sentinel.ironcouncil.net/2008/04/07/sg-election-time-2008-edition/

As a note, apparently SG will actually count votes for the cockboat this year.

Unfortunately, due to academic concerns, I was not able to make it to the RIT Parking Advisory Group meeting this month. Which is actually quite a pity considering I finally don't have class or work during the hour of the meeting and would've have been able to go if my System Administration lab hadn't taken 6 hours to do. It's hard to find the time to be politically active.



Google Sync:
I have made a pretty decent amount of progress on the Exchange -> Google implementation, however there are still some problems translating Microsoft to Standards. This makes for some annoyances when applying recurring appointments. I was hoping to avoid having to parse and then reassemble the RRULE myself, but this appears to be the only way to get Google to play ball. The UNTIL clause of some RRULEs uses a date/time format which looks like "20080512T010000" or yearmonthdayThourminutesecond. According to Austin from Google's API team I should be saying "20080512T010000Z", I don't get why something that is likely just looking at the day/month/year stuff cares about what timezone the stamp is in (Z refers to Zulu time which was an older name for what became UTC)


Samba:
Recently a co-worker upgraded all the Vista computers in the office where I work to SP1 of Vista, which generally went unnoticed until he went to update our department's intranet site (called DSWeb). DSWeb has been a bit of a pet project for a while for me, working on my sysadmin skills in a practical application environment. The new update to Vista breaks the way it talks to standard Samba servers. Windows based shares (Win 2k3, XP) are likely not affected but the open source implementation Samba, which emulates bits of Windows networking in Linux to allow Linux to do things like Windows File Sharing or join Active Directory managed domains, cannot speak the new dialect that Vista is using. Something about SP1 causes Samba to fail decrypting the challenge when a Vista machine is trying to authenticate. After much misadventure I found that Samba released a bugfix version, 3.0.28a, to address the issue. This is generally marked as unstable or testing by most distributions and must be explicitly installed at this time. However, I have seen no major issues with it and it did fix the Vista issue without even having to modify the configuration file.


Steak & Whiskey Night:
Back in the fall my apartment began a celebration/tradition called Steak & Whiskey Night. It can be celebrated at any time, as often as we want to. This became quite popular, even in the short span of time it existed before Rochester weather became too cold to enjoy the outdoors.
This May, Steak & Whiskey Night returns! It is currently planned for Friday, May 2nd. Attendees are encouraged to bring their own cuts of meat or custom steak rubs. It promises to be delicious.


Graduation:
Is approaching, that is all. With any luck if I can hack around some requirements and get another co-op soon, I will likely be RIT Alumni come next Winter. This concept is bizarre, and frankly a little frightening. I have paid over $32,000 a year for 4 years of my life for this education, and everything I consider at this point to be a marketable skill I have no learned from RIT. I have taught myself, or learned on the job. When my knowledge and RIT's curriculum overlapped, I was told I was out of luck and had to sit through their version. My self-motivation and ability to learn very technical skills on my own was NOT rewarded like I always thought it would be in college, it was effectively punished. So...if they're not going to teach me anything...and I'm not learning anything...Why am I paying this much again? And why does this degree matter? ...Do these skills even matter?

It's probably just Realworld-phobia. I hope.

Thursday, March 13, 2008

Syncronization again

Google has, in some ways, beaten me to the punch. For this I am actually grateful, since they built the calendar service, and the GData API they should have figured it out before me.

Unfortunately they're doing so in a bit of a different way than I am going about it so we may still be leaving some people in the dust.

The Google Calendar Sync utility:
http://www.google.com/support/calendar/bin/answer.py?answer=89955

The nature of the tool requires you to be using Windows, and Microsoft Outlook which is problematic. I primarily use Linux with Thunderbird at home, and I have the Lightning Thunderbird plugin to allow me to use it for calendaring. At the office I do use Windows mostly, but spend some of my time in Linux and Evolution or using Entourage on the Mac. Google cannot help me here.
The utility itself is a compiled executable and Google has not release the code, so developers don't know how the tool works. The Terms of Service also prevent developers from reverse-engineering to find these things out, so our only hope is to ask Google how this thing does what it does.


On a related note I've been making some progress with my own sync tool, but Spring Quarter here at RIT just started so my time is growing slim. With any luck I should have a working beta within a few weeks, but that probably will have limited support for recurring appointments, at best.

-PXA

(Edit, I went to retag this and blogger.com ate some of my article. Looks like their regex got a little too greedy)