Joe Walker - blogging tag

Useful Feeds

Fri, 23 May 2008 11:59:17 GMT

How many blog posts start with the words "Sorry I've not been blogging much recently, but I resolve to post more often from now". Such a post may be followed by some actual substance, before the silence re-starts.

This is not one of those posts.

Getahead used to be the only place I blogged, but I've infected a few other feeds. I generally don't spend ages linking from one blog to another - I figure you can subscribe to the others if you want that content, however you can't do that if you don't know they exist.

I'm not closing this blog down, however I expect to blog less here. The good news, however, is that I hope that means that the subject-to-noise ratio will go up and not down. Stay tuned.

Both of these blogs are multi-author, 'professional' blogs. By professional, I mean peer-reviewed posts and no cat pictures - you can get those elsewhere.

CometDaily is written by the people that have spent the most time working on Comet. I've been busy this week so:...

On-board vs. Off-board Comet is about 2 architectural styles around how to deploy comet. DWR typifies one style. It's taken (in part) from the Comet BOF that Alex and I did at JavaOne.

Comet and Cross-Site Scripting is about how comet could supercharge a web worm so it becomes more virulent than a Warhol Worm. Samy took MySpace down with a web worm in 23 hours. I think it might be possible to reduce this time to about 6 seconds.

I work for SitePen along with a long list of similar techies. Our blog generally one post per day, about Ajax, Dojo, DWR and Comet.

Servlet Spec, Comet and Java is about how to work around Java's servlet spec to avoid needlessly chewing up threads. It looks at the options provided by Jetty, Grizzy, Tomcat and the new Servlet Spec.

And clearly, like everyone else, I tweet from time to time. In between tweeting, like everyone else, I mostly complain about how I can't tweet because Twitter is so unreliable.

Still no cat pictures, but I don't get peer reviews on my tweets.

Killing Blog Spam without Captcha

Thu, 18 Jan 2007 06:45:58 GMT

There are a few alternatives to Captcha - there is a nice trick that Damien Katz recently blogged about. It's ultimately doomed, because a spammer can easily adapt, but it is neat and it's working for now.

I've been mulling over a couple of ideas with Geert who was thinking of implementing the first for his Paste Bin site.

1. Use unpredictable form field names

When the user clicks on the "add comment" button, a comment form is presented with the usual fields: Name, Email, Website and Comment. The form fields however do not have predictable names. Instead, the fields are generated from some user-derived secret - maybe something stored in the users session. The important thing is that the field names are predictable to the server, but unpredictable to the user.

The server can then easily work out which field values relate to which input field, but the only thing you have to go on as far as HTTP stream goes is visually what labels are next to what fields, and there are plenty of ways to obscure this in HTTP. You can even alter the field ordering at runtime to make life even harder.

In order to submit the spam now, the spamming tool will need to manage cookies, visit a set of pages, and then guess which field names relate to which fields. This could be used in conjunction with fields hidden using CSS to make the guesswork near impossible.

2. Process the form with JavaScript

If the onsubmit process requires some JavaScript computation then the spammer will need to include a JavaScript engine in their toolkit for the post to be accepted. While it's possible that spammers could do this, maybe we can use this to slow them down to the point where it becomes less of a problem.

We dynamically create a short bit of Javascript that asks the posters browser to compute the factorials of some small prime. We can adjust the size of the prime to dictate the length of the required computation. The computation can be happening in the background while the post is being written.

I suspect that this method is slightly flawed because spammers will be using some bot-net to perform the attack, so slowing the submit rate down by 2 or 3 orders of magnitude isn't a big deal, they'll just use bigger bot-nets.

However the annoyance of having to include a Javascript engine in the spamming toolkit could easily stop all but the most persistent spammers.

Review of top blog posts this year

Thu, 28 Dec 2006 12:07:52 GMT

Out of the 100+ posts on this blog, these are the best from 2006 and some interesting notes on why:

While I generally think that 'opinion' blog posts are more interesting than 'news' blog posts, news is more likely to get people linking to you (so long as you are the source of some news). So my most visited post was my announcement of DWR 2.0RC1, because it was linked from everywhere.
Hot Tip for getting more search action: Use the keyword "review" in a blog post header. It's something people search for, but not something that people commonly use in writing reviews. For a long time this ie7 article was a top hit for the search phrase ie7 review, mostly due to lack of competition.
My post on Architect Level Interview Questions continues to get lots of link and search love. Looking back, I think the questions are probably a bit slanted towards the technical angle a bit too much. What do you think?
More people have commented to me personally about the Airport Security article, which is bizarre because I usually stick to Java / Ajax topics. It's also got quite a few comments (for me at least) so it appears to be quite popular.
Lots of people wanting to know about which Apache/Tomcat connector to use get directed towards my "mod_jk is dead" post, which questions mod_proxy_ajp. At least my post has lots of links to help people find what they really want.
One of my favourites is my post about the Myths of Ajax and Accessibility. The post used to have a huge comment spam problem, so I've only just re-enabled comments. The post has a sister in my post about contradictory accessibity advice.
The prize for my most under-rated post is on Writing Malicious Code in Java. The "answer" was given by Zsolt. I've temporarily removed his post so you can read the comments for clues if you want.

HTTP-301 for RSS

Wed, 10 May 2006 17:48:12 GMT

RSS feeds are way too static. A blogger can’t easily change feed URL without the co-operation of their entire subscriber base.

2 examples:

Robert Scoble changed his feed URL, and six months later his subscriber count is under half of his original subscriber count (according to Bloglines). I'm sure Robert would have loved to have automatically moved the thousands of subscribers to his new blog automatically, and I would prefer not to need to re-subscribe.

Russell Beattie decided to stop blogging, but his several thousand subscribers couldn't be bothered to unsubscribe - and why would they; he might start blogging again, and anyway it's only a hassle to unsubscribe. However for Russell, this means his server gets perpetually swamped by hundreds of update checks for an update that will probably never happen.

The reality of the situation is that you can't change your feed URL without a huge effort. How long does it take one person to change the feed URL for one blog? Maybe 30 secs or less if you are quick, but the average is probably longer and it depends a lot on how simple your aggregator it. So it's easy to understand why people don't bother, and that's if they noticed the "re-subscribe over there" message in the first place.

I'm sure Robert would like to aggregate his 2 subscriber lists. I'm sure Russell would really quite like to point his subscribers at a holding blog hosted somewhere else so he doesn't get the traffic and maybe that even gives him the option to start again at a later date.

These problems make sites like Feedburner both very valuable and a "sell your soul" type service. But what happens if Feedburner gets greedy? Maybe the Feedburner servers get "overloaded" and it takes a long time for your updates to get propagated, and maybe they introduce a premium service to help people get the word out fast. Would you want to pay? If your feed URL is very hard to change don't you want to control it yourself?

These problems are compounded by the how ill defined your feed URL actually is. The RSS feed I’d prefer people to use for my blog is http://getahead.ltd.uk/blog/joe/rss.xml but you can also get it via http://www.getahead.ltd.uk/blog/joe/rss.xml or http://getahead.ltd.uk/blog/joe/atom.xml or http://www.getahead.ltd.uk/blog/joe/atom.xml and all have subscribers at Bloglines.

We need a way to say, "this is not the feed you are looking for", a bit like an HTTP-301, but one that you can create simply by editing the text of a blog.

We need a micro-format for blog redirecting.

This new micro-format must:

Be readable by the worlds feed aggregators.
Allow bloggers to point subscribers to a new feed URL.
Be simple enough that it can be used by bloggers with a limited ability to edit the text of their blog.
Make sense in a HTTP form as well as an RSS form. This rules out (this and the last rule out HTTP-301)

It would be also be nice if:

The honchos at MySpace couldn't block it easily.
It gave people that have had their blogs hacked a chance to change their minds.

So how about this for a solution; the micro-format looks like this:

<p>autoresubscribe using <a href="url">url</a></p>

In fact we could probably dispense with the <p></p> elements to make life simple.

The rule could be that the "autoresubscribe" blog entry must remain on in the RSS feed of the blog for 30 days or more to become permanent. If it is removed before then, it is assumed that the blog was tampered with and the redirect is cancelled.

There is a slight worry about false positives. What happens if the text above matches somewhere else by mistake? As far as I can tell, so far the web it totally devoid of any mentions of the phrase "autoresubscribe using", so if we combine that with a requirement to have a url in a link to that url, I think we should be safe. Even this blog entry describing the micro-format with examples shouldn't match.

There is the issue of internationalization; the proposed solution is great for the English speaking world but not so good for non-English blogs. On the other hand "autoresubscribe" isn't exactly a real English word in the first place. Maybe the spec would define a number of languages in which this could be written. Probably support for every one of the worlds 300 trillion languages is over the top, and we could limit ourselves to the top few. It is only 2 words after all. Or am I being too colonialist?

All we need to make this work is the support of all the world's feed-readers. Surely that's a simple problem?

Right?

Blogging can make you a better programmer

Tue, 20 Sep 2005 07:34:20 GMT

Michael Nielsen wrote and interesting piece about thinking and mentions something Stephen Covey did in a seminar:

"Covey has a large group of people in a room, split up into many small groups, each group seated around a small circular table. ... Covey tells people that he is going to make five points over the next ten minutes, and that after he’s done the person sitting at "6 O'Clock" at the table is going to explain the material to everybody else at the table.

"the first of Covey's five points is that the best way to learn is by teaching ... Then he looks around the audience, and asks people to compare the behaviour of the people sitting at 6 O'Clock to those not at 6 O'Clock. Invariably, the people at 6 O'Clock are assiduously taking notes, ... paying much closer attention on average than those not at 6 O'Clock.

"By changing the role of some of the people in that room ... Covey changed the way they perceived themselves, a change that was reflected in vastly more effective behaviour. They began to see themselves as teachers, and this made them much better learners."

It's interesting how something so simple can change your actions, but more interesting to me is how blogging is similar to sitting at 6 O'Clock.

Since I've been writing this blog I've noticed that I've started to take more notes. Originally because I've thought "that's cool I might want to refer to that". But I think the process of taking notes has made me remember more.

The other day I was considering the design of a fairly complex login system and normally I would just have considered what I needed to authenticate the users, but since taking a few notes on Web 2.0 (from articles like this one) which makes the point about how important data is to big web-sites I've altered my thinking about how the login system should work. If data and an on-going conversation with customers is important then you don't want to throw data away nearly so much as you did when you were only interested in authentication.

So the notes I made because I blogged have altered how I design software, and for the better. Which I guess is the point Covey was making in the first place.

Has blogging made you a better at your job? You'll be answering in your blog using trackbacks of course ...