Burningbird

The Wasp

Post author By Shelley Powers
Post date April 7, 2007

Paper wasps are quite common here in Missouri. Unlike other types of wasps, they’re not very aggressive, except around their nests. If you threaten a wasp’s nest, or agitate them in some way, they can sting and like other wasps, they can string repeatedly. Their stings are very painful (3 on the Schmidt Sting Pain index, or “Like spilling a beaker of Hydrochloric acid on a paper cut”), and if you’re allergic to stings, as I am, can be quite serious.

When the paper wasp started buzzing around behind the screens up in the corner of the french doors out to the deck, we didn’t think much of it. It wasn’t until we saw her starting her nest that we knew we had to get rid of it and quick. You can’t have a paper wasp nest next to a door; not if you want to use the door.

However, you can’t knock the nest down when they’re building it. The old, “Busy as a bee. Angry as a wasp” thing. The day before yesterday, when she took off to get more material, I quickly went out with the broom and knocked the nest down and as quickly ran back inside, shutting the door behind me. She returned with the material, long gray streamer behind her, and buzzed all over looking for the nest. For over an hour she flew around in front of the door and around the corner. Eventually she landed, and sat for a couple of hours where her nest was. When she made motions of starting to re-build, I pounded on the door to disturb her and eventually she took off.

Yesterday, she returned to the same corner and again, and sat there for a couple of hours. With today’s storm, she hasn’t been back.

When she was building her nest, I did grab a couple of careful photos using my telephoto lens. It wasn’t until I processed the photo today that I noticed her nest had one tiny egg in it.

wasp and nest

Web

Find your exit points

Post author By Shelley Powers
Post date April 7, 2007

The first time I stayed in a hotel was when I was 12 and I and my brother met my father for holiday in Hawaii. We’d stayed in motels before–this was the era of the auto vacations–but never a multi-story hotel, where you accessed your room using an elevator.

When we got to our room, my Dad took us out into the hallway and pointed out the Exit sign. He told us that if a fire happened, we should not use the elevator. Instead, we should look for the Exit signs and follow them out of the building.

Since that one trip, I briefly pause at my door and locate the nearest exit before entering my room in hotels.

That trip was also the first time I flew on a plane. It was wonderful–scary and exciting. When the stewardess talked about what to do in case of an crash landing, I paid attention. To this day, I still pay attention–not because I don’t know what to do (butt, meet lips), but because it’s rude to ignore this poor soul who has to go through the motions. Shades of fatalism aside, I do check to see what is the closest exit when I find my seat. Old habits are hard to break.

My check for the exit bleeds over into my use of web services. No matter how clever a service, I never use it if it doesn’t have an exit strategy.

Recently, I took a closer look at the possibility of using Feedburner for serving up my feed. Now that I’ve moved my photos offsite to Amazon’s S3 service, the feeds are now the most massive bandwidth use. With my new austerity program of minimizing resource use, the use of Feedburner is attractive: let it serve up the feeds, with its much more efficient use of bandwidth.

My first thought, though, was: what’s the exit strategy? After all, it’s easy for me to redirect my feeds (all but the RSS 1.0) to Feedburner: I can adjust my .htaccess file to redirect traffic for all requests that don’t come from the Feedburner web bot. But what happens if I decide to bail on Feedburner?

This question was asked of the Feedburner staff last year, and the organization responded with an exit plan. It’s a month long process where you can redirect from Feedburner back to whatever feed URI you want. At the end of that time, all aggregators should have an updated feed URI–all without people having to manually edit feed subscriptions.

As such, I’m trying the service out, see how it goes. I know that if I decide I don’t like it, I can bail. If the worst case scenario happens, with Feedburner going belly up, then people know where to find my weblog and will have to manually edit their feeds. That’s also an exit, albeit more like jumping out a window than walking down stairs.

When I used Flickr, the API was what sold me on the service more than anything. When I decided to not use Flickr, the first thing I did was use an existing application to export a dump of all the original images, to ensure I had a copy of each. If I wanted to, I could also export the metadata and comments. I then ran an application to make an image capture of all the photos I had linked in my web pages, saving the photos locally still using the image names that Flickr generated.

I created a program that then converted all Flickr, as well as other photo URIs, to using one local URI: http://burningbird.net/photos/. This is redirected using the .htaccess to Amazon S3. If I decide to stop using Amazon the exit strategy is very simple: run an API call and pull down the images into one location; stop redirecting to that service and either host the images locally, or redirect to another storage service.

I use Bloglines, but I can easily export my subscriptions as OPML. Though it lacks much as a markup vocabulary, OPML is becoming ubiquitous as a way of managing feed subscriptions. I can then use this file to import subscriptions into Newsgator, or even a desktop hosted tool, like NetNewsWire.

I won’t use a hosted web service like Typepad or weblogs.com. It’s too easy for them to decide that you’re ‘violating’ terms of service, and next thing you know, all your weblog entries are gone. I saw this with wordpress.com in the recent events that caused so much discussion: in fact, I would strongly recommend against using wordpress.com because of this–the service is too easily influenced by public opinion.

I don’t use either my Yahoo or Gmail mail accounts. Regardless of whether I can get a copy of my email locally, if I decide to not use either account I have no way of ‘redirecting’ email addresses from either of these to the email address I want to use. (Or if there is a way, I’m not aware of it.) Getting a copy of my data is not an exit strategy–it’s an export strategy. An exit strategy is one where you can blow off the service and not suffer long-term consequences. A ‘bad’ email address is definitely a long-term consequence*.

Instead, I have a domain, burningbird.net, which I use for everything. I will always maintain this domain. My email address listed in the sidebar, will always be good.

There was a lot of discussion about Yahoo Pipes recently. Pipes is an interesting innovation, and excellent use of the Canvas object–my hat’s off to the creators for their UI design. However, the service has one major drawback: it’s a hosted solution. If you want to ‘export’ your Pipe, you can’t. There’s no way to generate, say a PHP application, from the Pipe, which creates the web service requests for you that can be run locally. No matter how good and interesting the service–there’s currently no exit strategy.

Anytime you find yourself saying, or even thinking, how ‘dependent’ you are on a service, you should immediately look for the exit strategy. If there isn’t one, decrease your dependency. The web is an ephemeral beast; the path of least resistance is 404, not 200. All pages will end someday. The same can be said for services.

Where are you vulnerable? What’s your exit strategy?

*An option for email is to use a local email address, and forward all email to Yahoo or GMail.

JavaScript

Ajax vulnerability

Post author By Shelley Powers
Post date April 2, 2007

Ajax developers should check out a report on Ajax vulnerabilities in several Ajax libraries, and download the extensive advisory. The advisory details the vulnerabilities, and how to protect against.

It’s always a bit risky to put out such details, but I, as a developer, really appreciate such because it allows me to better understand how to protect against security risks. Much of the discussion of the vulnerabilities in this advisory isn’t necessarily new, but it does cover newer issues, vulnerabilities in popular libraries, as well as overall issues.

Money quote:

An application can be mashup-friendly or it can be secure, but it cannot be both.

People

The Couple

Post author By Shelley Powers
Post date March 31, 2007

Our apartment complex is quit diversified, which is one reason I like it so much. There’s an older woman and her daughter who wear the most beautiful saris, and the guy across the way is a young hip-hop rapster, or whatever they’re called.

There is one couple who has always fascinated me. I believe they’re Chinese, but they could be descendant from another nationality. For the sake of the story, we’ll think of them as The Chinese Couple.

Regardless of the weather, he’s out every day for a walk around the complex. Most days, his wife accompanies him. I use the word ‘accompany’ loosely, because she always walks five paces behind him. No matter what happens, whether crossing the street or rounding corners, she maintains that distance.

They’re an older couple but not elderly. Probably about five or ten years older than me. When the man walks, he does so with his hands clasped, firmly but comfortably, behind his back. He never looks right or left; never looks back at his wife, but always straight ahead.

She is not quite as rigid. She tends to look at the ground or his back, but I’ve caught her eye a time or too and she has a shy smile for me.

Today, was beautiful, with cool winds after last night’s storm. I was standing at the screen door, drinking my morning coffee when I noticed them. Both were wearing black pajama-like pants and black nylon jackets. He had a black t-shirt, she had a white and blue floral print. Today’s walk differed from all the others, as she was talking on a cellphone.

Now you know when you talk on a cellphone that your walking rhythm is disrupted. While she talked, she began to slow down. When he finished crossing the street in front of our place, she was actually 20 or so paces away from him.

He stopped on the corner, but not to turn around, either to admonish or to wait patiently. No, he lifted his head straight in front of him, and contemplated the top of the large tree directly across the way. Picture, if you will, a mature, distinguished Chinese gentleman dressed in black, hands clasped firmly behind him, face lifted towards the heavens. There he remained, face impassive, the only movement a slight flexing of his back — forward, as if he had risen on the balls of his feet.

She continued walking leisurely, talking on the phone, until she had crossed the street. She moved into her usual place, directly behind the man, but she stopped too soon and ended up being about ten paces back. He didn’t make a move, just stood there, legs locked, hands clasped, face turned to the heaven in contemplation.

Eventually, realizing her mistake, she moved forward five paces, still talking on the phone. It was as if she stepped on a switch, because as soon as she was her usual five paces back, he turned away from the tree, face directly forward, and continued his walk.

She was still on the phone, though, and her pace continued to be irregular. It was just before I was going to look away, just before they moved past the building across the way that I caught him–quickly, and as stealthily as possible, glancing ever so slightly over his left shoulder behind him, to see where his wife was; making an imperceptible change in his pace so that the distance between them remained constant.

Connecting Weblogging

It’s all about control

Post author By Shelley Powers
Post date March 31, 2007

Recovered from the Wayback Machine.

I did not take the break I thought about, primarily because I was still involved with some communications. I also found myself somewhat obsessed with last week’s happenings.

In the end, what saddened me the most about last week wasn’t about people so much as it was about honesty. Or perhaps I should say, how honesty lost out to this never ending desperate rush to get attention.

I have been engaged in a good discussion on the issues at Blogher, in the post that Ronnie Bennett wrote. I can’t tell you how much I have come to admire Ronnie from this writing. Maybe not enough to make up for the respect I’ve lost for others, but it has helped.

I also agree with Ronnie, in her reverence for the freedom of speech.

Tim O’Reilly has come out with this code of conduct, which doesn’t interest me overmuch. He lists several so-called rules to accompany this new ‘approved’ way of weblogging.

One is the elimination of anonymous comments. Some of the more interesting comments I’ve had in my space have been by ‘anonymous’ people, and I have no intention of changing the way comments work in my place. True, I don’t get the number of comments that Kathy Sierra and Robert Scoble get; if these people want to turn anonymous comments off, why do they need our permission? They’re adults. Turn anonymous comments off, go for it. We don’t care.

Another rule is deleting comments. I’m not sure where the idea that one can’t delete obnoxious comments sprang from. If it came from a post at Tara Hunt’s, well Tara has to accept responsibility for some of this by her setting a somewhat defensive and quarrelsome tone in her responses to people, and then pulling out the ‘abuse’ charge when they respond in kind.

A lot of people don’t deal with strong debate, or with criticism. I feel any problems they have will eventually be self-healing, as people come to realize that engaging in dialog in the posts of these people is a waste of time. If they turn away the more interesting people because they won’t always respond in whatever fashion is deemed ‘civil’, those people are welcome here.

Taking a conversation offline is a good one, but risky. I’ve seen this blow up when people respond to seeming innocuous comments with a great deal of animosity. The reason is because a lot of the communication happened behind the scenes and people weren’t privy. To outward appearances, it looks like someone has blown up for no reason. So I would say do so…but do so warily, and with caution. ‘Ware, there be dragons here.

Taking responsibility for what you write in my comments? Only if you let me take credit for what you write. I have been lucky to have excellent commentary in my posts, with very thoughtful and reasoned arguments. If I’m to take responsibility for the negative, I want credit for the good stuff.

Otherwise, I’m going to pretend we’re all adults here. Do I delete comments? I have from time to time. I find, though, that my old editing capability (which I am adding back, but improved) usually eliminated most of this — the people would edit themselves after they cooled down. As for random nastiness, if the comment is on-topic, not meant to injure another’s ability to communicate, and not illegal, it typically stays.

About the rule for ignoring trolls, I agree, and think it’s the most effective ‘weapon’ we have. But this one could have an unanticipated side effect. A lot of people consider me a troll because I’m critical, and can be persistent in my criticism. My way of looking at this rule is that it works both ways: if you consider me a troll, cool; but don’t expect me to link you, comment about you, or mention you by name in the future. I wonder how long some of the webloggers who ‘need’ the attention will maintain such a code if this is the result?

The labeling system that Tim mentions is as ill-thought out as people wanting to put ‘Be Civil’ or ‘Do not be Mean’ in one’s sidebar. I can’t think of anything more likely to attract the behavior they want to avoid than this. I surely don’t know what the people were thinking of when they came up with these.

None of this is new, though. Most of these, other than the labels and badges, have been brought up in the past any time something like this happens. None of these rules inspired me to post. What did, is the following:

It now seems fairly certain that that the images posted on meankids and unclebobism were not intended as actual threats — but as long as the perpetrator remains anonymous, there is no way to be sure. In particular, as the person who is now seen as the most likely perpetrator insists, after the fact, that his computer must have been hacked, Kathy is left with the fear that there is indeed an unknown stalker at large.

There are a massive number of assumptions in this paragraph, all of which demonstrate a disconnect with the rest of Tim’s writing. There is an assumption of intent; of guilt; of convicting without proof; of deciding to toss the blame for all of this on to the person conveniently absent; of innuendo, gossip, and mean spirited finger pointing. How can one person talk such noble sentiment and then completely toss it all aside with one paragraph?

Couple that with this:

Bringing this back to the level of principle: if you know someone who has anonymously published comments that could be construed as a threat, you owe it to them, to their victim, and to yourself, not to remain silent. If there is no actual threat, you need to convince the perpetrator to apologize; if there is, you need to cooperate with the police to avert that threat.

To the Chinese, freedom is a threat. To the right wingers, criticism of the Catholic Church was a threat. To some folks in Missouri, the fact that I continually bring up issues related to Johnson’s shut-ins is a threat. Exactly how do we define a level of ‘threat’ in this new Gestapo brave new world? Is it in the eye of the beholder? For instance, Kathy feels afraid of these images, and therefore it is our duty to hunt down this perpetrator and bring him or her to justice?

This paragraph is a demonstration of a brighter future? A better world? A better world…wasn’t that mentioned in the movie, Serenity?

So I’ll respond in the only way I–and others dragged into this, since this has been tried in the court of public opinion–can respond: Kathy has said she has contacted the police on these matters. Then I believe we–asked to be jury, judge, and executioner–have a right to demand from her exactly what the response of the police was. I believe this is a very fair question to ask, considering the amount of innuendo and this seeming willingness of all participants to convict whomever is most expedient.

Or we can accept that mistakes were made in the past, much has been said, misunderstandings have occurred, poor judgment was practiced, and that all such can happen in this open environment. Oh, and that it’s time to move on.

I await response on this one. And since we’re practicing a new civility, I await response on this one, please.

Until then, this ‘code of conduct’ is really, to me, not worth the paper it’s printed on.

Absolute must-read post by Jeneane Sessum.

As my family name is raked over the coals across the web and in mainstream press, I would ask those of you who decided to tie me to these threats to spend the time I just did sitting still, considering your own motives and assumptions.

I have seen multiple webloggers condemned purely because they didn’t repudiate their friends, one or more of the Four People mentioned, which included Jeanene.

I read in a weblog, and I’m not sure where it was, perhaps at Frank’s or Rogers Cadenhead where the person was condemned because they had linked to an earlier post in MeanKids. Before, as Jeneane wrote, it wrapped itself around the tree. Just for linking to one post!

I’d like to see 1461 links to Jeneane with the words, “I’m sorry”, in the link. Better yet: “Jeneane Sessum is wonderful”. Then we’ll sit down and discuss, as Seth wrote in my comments, a code of ‘honor’, much less a code of conduct.

Karl in comments did mention that setting a comment policy can work. I also think that Blogher’s policy is a good one. The site’s comment policy is well defined and not applied arbitrarily. By all means, write out a comment policy and apply it rigorously (but also consistently).

I think, though, that setting ‘levels of tolerance’ or putting up badges is not the same thing.

A hacker is spreading Kathy’s address and SSN in hacker forums all over. Sounds like they’re making up some stuff to go along with it, too. Does this change the story and its impact on others? No, but it does demonstrate what happens when people smell a potential victim. As such, any discussion of these events leads to victims, and victims draw rats.

Perhaps it is best to let this issue die. I’m closing comments on this post. I would hope that all participants just drop this issue, chalk it up to misunderstandings and mistakes and let it be.