Suprablog HQ

I have never experienced a level of simultaneous hate and love for any technology like salesforce.com. I’ve been developing on the platform for almost two years, and it’s truly astonishing how powerful and incredible it is, while also sucking so profusely. Of course, this is all from a developer’s perspective and not an end user’s.

My nickname for it is the “Little Ease Platform”. Where does that come from? Little Ease was a torture chamber in London:

In the Tower, the notorious chamber known as ‘Little Ease’ measured just 1.2m square (4sq ft), and its cramped conditions prevented the prisoner from ever finding a comfortable position.

Why do I call it Little Ease? Because there are so, so many aspects of the system that are truly limiting and befuddling. You hit limits everywhere you look, often with no apparent reason, and the only recourse is to call support or an account executive, who, much more often than not, will tell you “That’s just the way it is”, or ask you to purchase some feature. I feel like I’m on an airplane with coin operated toilets.

Here I am, well after midnight, trying to figure out why I can’t delete a sandbox associated with a production org. I initially created a sandbox where I either must not have selected a check box requesting that data be included in the image refresh or this “org” might not be configured to allow “Full Sandbox Refreshes”, but of course there’s no way to tell what limits are currently applied to the org in which I’m working. So, I’d love to start over and create a new sandbox where it will also include the data (if that’s even an option), but for some reason, I can’t delete the existing sandbox, and I can’t create a new one because, well, I don’t know, I must not have some permission somewhere. It’s just not possible.

Here’s the “short list” of my gripes with *just* the data management issues, seriously in no particular order:

1. Creating a sandbox can take an arbitrary amount of time, sometimes minutes, hours, or many days. You just have to wait for the email to arrive notifying you of completion.

2. Data export/import does not automatically allow you to keep all the relationships between objects, so if you want to export and re-import into a new org, you have to use Microsoft Excel to do vlookups between all the different relationships between objects. It’s as if the relational database was never invented. If you have a backup of all your data, you can’t re-import it in one step. Mysqldump be damned!

3. Certain data and metadata is not included in exports

4. There is no concept of transactions and locking of the database so one might get a sense that the data is actually accurate

5. Importing is an astonishingly royal PITA. There are a bunch of different ways to import data, and each one has it’s own idiosyncrasies. If you use the web interface, you have the option of matching against existing relational data (via names rather than ids, the data loader doesn’t let you do that), but it’s limited to a certain number of records per import.

6. If you have triggers on any of the objects you’re trying to import, forget about it. More often than not you have to “disable” the triggers during the import process whether using the web interface or the data loader.

7. There is a very strange phenomenon where if you try to import the same data set over three or sometimes four times for testing, it starts failing, even if you have deleted the record completely within the system.

8. Their concept of “upsert” is totally stupid. You’d think that it would either update if a record exists or insert a new one if it doesn’t. Nope. I’m not even exactly sure what the heck it does, and I’ve used it a LOT.

9. The data loader doesn’t always handle record ids the same way that the web interface exports them. I can’t be bothered to remember right now what those nuances are.

10. The data loader is generally way better than the web importer, but the data loader isn’t available in all “editions”.

11. I could go on with just the data management aspects of the platform. I’m writing for myself to vent because I doubt this will ever change anything.

All that said, Salesforce reminds me a bit of Microsoft in the early, early days. Sure it sucked on many levels, but you could almost always figure out a solution to the problem and make it work, even if that involved reinstalling the whole thing (creating a new org in salesforce) or going through some absurdly painful processes. There was some inexplicable “market force” at work somewhere much bigger than any single user or developer. Salesforce has somehow managed to find a way to create a platform that the end users love, where it scales beautifully and has all the features people want, where the people using it could never imagine how truly frustrating it is for those of us tasked with having to make the stupid thing just work.

I found this really interesting:

U.S. Enables Chinese Hacking of Google

Providing a backdoor into large technology infrastructure for whatever reason has been shown not to be sustainable over time. The US government originally wanted a cryptographic skeleton key into any widespread encryption, which was abandoned for many of the same reasons that Schneier mentions in the article. Too attractive an attack vector. Open, collaborative science beat the NSA even while they employed drastically more mathematicians and cryptography researchers than any other organization on earth. That war was won a long time ago but some people never got the memo.

When I first wrote SupraSphere I designed it so that it didn’t require a trusted third party at all. It used this authentication protocol http://srp.stanford.edu, and all communication was always encrypted by default, with zero known MITM attacks, with a distributed spheres of trust security model.

I realize such an approach might not necessarily scale to Google size, but then again, it really shouldn’t have to for most cases. The vast majority of applications outside of perhaps search could be handled in a much more distributed way ( Open Online Mapping Helps Haiti Relief Effors). Google is using the leverage they have with search to force the same level of centralization of information across every other social application segment. Google isn’t the only one for sure, just the most successful and aggressive with that model.

That isn’t to say that distributed systems are always the most efficient (they usually aren’t), or that innovation can necessarily happen as quickly (true consent on protocols, especially social protocols, might be impossible in some cases…. see Facebook privacy settings and Google Buzz), but it looks like the whole “cloud computing” model is taking over with very few other approaches being tried any more. I decided a long time ago with SupraSphere to focus against the grain of the web, at least the implied centralization of both DNS and HTTP, and pursue something much more distributed and secure.

For a while to dull the pain and loneliness I convinced myself that I was like Noah building some type of ark. I ran out of every type of credit building the damn thing (a book in and of itself…raise your hand if you’ve ever unsuccessfully pitched an idea to hundreds of different investors), so now I just get driven nuts as a sharecropper on other peoples’ grids like everyone else. SupraSphere was about letting people have their own digital plot of land, not just an Avatar on Farmville. I’m still pursuing other avenues and approaches to achieving similar goals as SupraSphere (focused much more directly on changing the fundamental nature of capital), but as for now, I’m in a fairly stable if anxiety-inducing holding pattern.

I went into the bank the other day. I complained that they were holding checks I was depositing for almost three weeks at a time, which was more obnoxious than anything. Their response, which left me speechless by its candor, “Sir, the computer makes that decision, not us”. Sure, move to another bank, etc., but the unmistakable trend is clearly in a direction of individuals having very little control over their own context. Credit card companies probably have the same policies for the same “natural” reason that local news stations all have the same story segments (competition?), but that doesn’t make them any less offensive. Usury went out of style a long time ago.

When the system achieves a certain level of scale and dominance, it can change rules in arbitrary ways without much redress, especially when any alternatives are all half-finished Arks (but at least they’re open source!). The dude who flew a plane into the IRS building had his whole life turned upside down by some small rule put in by Congress supposedly to help IBM. Of course most people don’t go nuts and get violent like he did, but people have breaking points and when we’re all subject to being controlled by a bunch of centralized databases with very little understanding about how these decisions get made (if humans are even making them any more), with no practical alternatives and little to no redress, it creates a feeling of despondence with results as unpredictable as climate change weather.

I’ve seen the future and it has a kill switch

David

I did some thinking recently about Facebook Connect. With its proliferation and certain sites marketing it pretty heavily, I got to thinking about why I generally don’t want to use it. It boils down to the fact that I’m not sure what particular interaction any site or application using Facebook Connect will have with my Facebook profile.

How will it notify users of my profile that I’m using the application, if at all? Is there any sort of guarantee that it won’t notify in certain ways? At least sometimes I want to be able to post in a way that I know for certain that the information I create in one context (a cooking site, political site, technology site, doesn’t really matter), won’t be automatically shared on my Facebook profile in any way. It’s actually not related to wanting to keep this information private from any of my Facebook Friends, as I don’t mind if they stumble upon it some other way, but I don’t want explicitly to notify my Facebook profile because I don’t want to publish in that “identity context”.

So from a branding perspective, Facebook needs to do a better job creating structure around what Facebook Connect is and what the social protocol/contract is around its use in every case where it’s used.

Certainly some of this is vestiges of the massive inundation of application notifications people used to get in the earlier days of Facebook, which put me in the habit of disabling every application and never installing any because I don’t want the notification overhead.

Perhaps Facebook could have a different designation for something like a “Facebook Login”, restricted to only authentication and the use of my Facebook name and Avatar. Then “Facebook Connect” could represent where any activity could possibly be notified back into my Facebook profile.

Until then, I’ll hesitate to use Facebook Connect until I have a better sense of how it will work in any given case. The “transaction cost” of using it is simply too high, by forcing me to figure out in each case how to manage my identity. This is similar in some respects to why microtransactions haven’t taken off, because the cost of making the decision often exceeds the value of the transaction itself.

Connecticut community college computer systems are at risk of becoming infected due to users performing non-work related activities. A newsletter was sent to all staff and faculty which loosely said: “Don’t do non-work related activities online or we will confiscate your computer!” I feel this was a little harsh, especially since I’ve not worked with the IT department in four years…but whatever. It’s true though.

Malware is any malicious software designed to infiltrate or damage a computer system. Unlike years ago when malware was primarily created by “computer geeks” as pranks to demonstrate their mastery of the computer, today’s malware is increasingly the result of organized criminal activity aimed at collecting identification or financial data. Today, sophisticated “infections” record user keystrokes and transmit the data in the background to sites in other parts of the world.  And the activity is growing at a pace that anti-virus vendors can’t keep up with. In 2008, there were over 2 million new malware variants discovered – more than the total of all prior years combined.

Interesting statistic-Even at 100% productivity, security software can only protect a computer from 80% of threats. (according to a press release from The CCC) According to the US-CERT (United States Computer Emergency Readiness Team) anti-virus software is not the be-all end-all for computer security.

Because it relies on signatures, anti-virus software can only detect viruses that have signatures installed on your computer, so it is important to keep these signatures up to date. You will still be susceptible to viruses that circulate before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.

Recently on the BBC, there was a news article about a man who used trojans to hijack people’s web-cams. Key hacking sites are known to disseminate malware, along with the vast majority of pornography sites. Email attachments are a big concern to me, due to the fact that so many of the people I know will open scam attachments thinking they are okay because they are supposedly from people they “know” or sources they trust. The US-Cert has this to say:

Resist believing email chain letters that claim that a well-known anti-virus vendor has recently detected the “worst virus in history” that will destroy your computer’s hard drive. These emails are usually hoaxes (see Identifying Hoaxes and Urban Legends for more information). You can confirm virus information through your anti-virus vendor or through resources offered by other anti-virus vendors.

The best way to stay protected is to stay informed! Do the research first before downloading anything or visiting sites without checking their security. The US-CERT has useful information found here too, that all should read.

Last.fm is my favorite thing online. What is it? It’s much more than an online radio service. Add a mix of social networking to streaming music and ooh statistics, and you have last.fm in a nutshell. For every song, every album, every band, every genre, and every tag there is a dedicated statistic page all syncing with your library as you listen to your personalized radio.

The statistics is pretty awesome. Last.fm’s ‘audioscrobbler’ scrobbles–or records–songs you listen to and builds charts, kind of like top 40, only way better. For people like me who have had the service for years there are statistics going back to the first song you ever listened to. You can browse your listening habits and discover new artists that you might like all based on the tracks you and other people listen to.

Like a particular band? Put “Muse” into the music search box, and give them and their similar artists a listen! You can ‘love’ tracks, ban tracks, and tag tracks. On my profile I have several tags to create playlists. You can listen to “neighborhood radio” and find out what your peers listen to.

The coolest feature on last.fm is probably the Music Compatibility feature. When visiting somebody else’s profile, a small bar will display showing your compatibility with their music tastes. This makes making friends online so easy. Adding friends is a mutual thing as it is on Facebook, each person has to reciprocate the friend request.

If you want to add me, look me up: http://last.fm/user/doormayhew

Facebook. Myspace. Livejournal. Youtube. Last.fm. Deviatart. There are so many websites that people use to put themselves ‘out there’ for the world to see. My generation is a generation of communication and identity. And yet, my generation is also the generation of internet piracy, and also the generation that came up with anonymous web browsing and downloading. I find it ironic when I find tweets on twitter about the latest torrent downloads. Common sense about piracy is one would want to do it secretly, axxo. The internet for my generation is designed for anonymous exhibitionism. A paradox, yes. But not one hard to understand. 

Exhibitionism is the act of putting one’s self on display. Anonymity is the exact opposite-hiding one’s self. Both words bring to mind one website in particular…Myspace. 

I will use Myspace as an example. Almost every parent knows of Myspace and the dangers of having a Myspace page. Internet bullies, pedophiles and good old fashioned creeps hang out there, pretending to be someone else. And yet thousands of people flock to Myspace everyday to create personal profiles.. Surely Myspace itself is not inherently evil, but user beware of what you put out in the public eye. Employers, significant others, and others use the information found on these personal profile pages to their benefit, whatever that may be. Some people use this site to spy on the lives of family members and or friends.

Myspace was the first really prominent one out there and ended up under fire by the media quite often. Facebook has tried to squash the anonymous “fake” profiles by putting it in their terms of service to use their real name. Some of my friends still don’t. These friends still mind having their name googled apparently.

On the flip side of things, we have private browsing efforts and private downloading programs and ip address ‘veils’ and proxy servers all to mask who we are when on the internet. What would happen if you got caught looking at something nsfw or downloading free music illegally? Your isp calls the athorities for the latter and you get fired for the former. So, naturally, people want to do risque things online and not get caught, so they do their darndest to hide who they really are. 

And then, there are some that respect the fact there is no privacy and that it’s all relative in the long run. If you don’t mind everyone knowing your business use the internet. Once you put it out there it’s never going to be private again.

Psychologically, the commercial world is rather daunting. Stores are built not only to appeal to the public but to also overstimulate one or more senses. We see this in large department stores as well as grocery stores and even small shops. I repeatedly see customers in a trance-like state in the shoe store I manage. I call this behavior ’shopper’s fog’. The symptoms seen from afar are rather humorous: disorganized walking, mumbling, poor eye contact, talking to one’s self, being oblivious to signage and personel, as well as compulsively destroying displays.

Does that sound like you while shopping? Would you like to avoid and even change this behavior? These seven steps can help.

1. Make a list (and follow it!) What this does is to keep the mind focused on what you need rather than what your eye wants.

2. Look for signs. Find what you need by using signs and going to your destination. An example of this is going to the pants section in the tall area.

3. Speed it up! When preparing your list, organize it by aisle. In store, don’t wander looking for what you need wasting your and other shoppers’ valuable time.

4. Bring reinforcements. Bring along a companion and send them on ‘missions’ getting things on the list. With kids especially this becomes a fun and productive activity and teaches good shopping habits.

5. Smile and wave. Greet personel and acknowledge them. Good etiquite is being polite and courteous right back at employees offering you assistance.

6. Observe with your eyes. Displays are made to attract and appeal to the customer. Don’t look at displays with your hands unless you are going to put it back the way it was.

7. Utilize services. Ask for help whenever you need to. Make sure you are polite and courteous and the assistant will help you in whatever he or she can. This makes your shopping trip go smoother and helps improve employee’s customer service skills.

So if you can’t stand shopping because it makes you feel like a zombie or you love shopping but it just takes too long or you have a bad time shopping, try my advice. I can assure you it works on both the shopper side and the company side. You won’t feel in a fog, and you’ll be a joy to associates.

In my last post I went on a slight rant about the Pirate Bay. Hopefully by now, our readers know where we stand on internet piracy- i.e. it’s an illegal activity and illegal activity is bad. But the question still remains: is bit torrent therefore as a protocol bad?

First off, bit torrent, for those of you living under a rock, is an extremely effecient file transfer protocol. The vast majority of file transfers however are copyrighted material such as movies and music. The MPAA and INTERPOL are trying to put the kabosh on this kind of file transfer much like similar forms of piracy. Of course, internet piracy will always be around in some form, but because so many people use this form of protocol, it is naturally the biggest target.

So, is it inherantly evil, this protocol? Quick answer: no. Bit torrent is a super fast form of transferring large files from one computer to another without corrupting the data. Huge disc images or .iso files can easily be distributed along with other types of files. I personally have used it to transfer giant data heavy 3d model files between myself and a friend working on a film together. Downloading Linux distros is a breeze with bit torrent. In fact many software companies distrobute software and updates via “download managers” which essentially uses this protocol without actually saying so. Pretty sneaky, eh?

Laws protect the protocol now, but with it under so much fire, who knows its future?

With my BlackBerry on at last legs, or the battery at least (I hope), I figured I would use a blog post as an excuse to do some research on possible new phones.

Since I’m a technologist, I try to choose devices that will inform me somehow on the market. Since I don’t own an iPhone, for example, it’s hard to know much about the experience and what everyone’s all talking about.

However, I’m still not sold on the iPhone despite having played around with it a bunch, and I have a lot of interest in the Google Android platform. I first learned about the technical underpinnings of Android from this presentation (warning, long and technical):

http://www.youtube.com/watch?v=Mm6Ju0xhUW8

So, I’d like to own an Android phone to use it as an excuse to hack on it. As much as I love my BlackBerry, I’m willing to give another device a shot where I think it has a chance at creating a large ecosystem and market around it. For example, I don’t think the Palm Pre has enough momentum yet despite its being a very innovative and sophisticated product.

Unfortunately, the only carrier in the US that currently sells Android phones is T Mobile, and I will not use them. They screwed me out of a lot of money and I don’t like them at all.

However, if this rumor is true:

http://www.androidcentral.com/motorola-sholes-runs-android-launch-verizon

It means that Verizon might be having an Android device coming to their network. I’d happily switch to Verizon from AT&T even though I’ve had a fairly good experience with AT&T and my BlackBerry Curve. It seems like the Motorola Sholes will also be available for AT&T as well, but one thing I couldn’t figure out in my research is if it would record video, something I would like.

As I ran across this site researching:

http://www.mobilewhack.com/2009/07/index.html?page=2

it occurred to me that there’s such an incredible amount of activity and excitement in the mobile space in general. It would be cool if there were a retail store that only carried the coolest phones on the market from around the world, with instructions on how to run them on local networks if possible. At least it might put some market pressure on the companies to open up their networks a bit.

One such device I’d love to see in such a store is Nokia’s N900:

http://blogs.wsj.com/digits/2009/08/28/an-early-peek-at-the-nokia-n900/

I really liked the Nokia phone’s I’ve owned in the past, but they haven’t had a mainstream smartphone in a while, or at least it seems that way to me. The device seems rather powerful, but it’s hard to imagine their creating a developer ecosystem around their software stack, even if it’s based on Maemo Linux.

Here’s an example of the type of applications that developers are creating around Android (although I’m sure there are some for the iPhone as well):

http://www.talkandroid.com/1264-layar-mobile-augmented-reality-app/

It’s an “Augmented Reality” mobile browser. More evidence of the innovation going on in the mobile space.

Finally, here’s an excellent article about creating new highways and parking lots with intelligent solar panels instead of asphalt:

http://www.treehugger.com/files/2007/08/solar_roadways.php

Let’s hope they figure out a way to include some type of WIFI GRID as well! :)

We have, ourselves, full confidence that if all do their duty, if nothing is neglected, and if the best arrangements are made, as they are being made, we shall prove ourselves once more able to defend our Internets, to ride out the storm of war, and to outlive the menace of tyranny, if necessary for years, if necessary alone.Even though large parts of Internets and many old and famous trackers have fallen or may fall into the grip of the (International Federation of the Phonographic Industry) and all the odious apparatus of MPAA rule, we shall not flag or fail. We shall go on to the end, we shall fight in France, we shall fight on the ef-nets and darknets, we shall fight with growing confidence and growing strength in the air, we shall defend our Internets, whatever the cost may be, we shall fight on the beaches, we shall fight on the baywords.org, we shall fight on the /. and on the digg, we shall fight in the courts; we shall never surrender, and if, which I do not for a moment believe, the Internets or a large part of it were subjugated and starving, then our Empire beyond the seas, armed and guarded by the Anon Fleet, would carry on the struggle, until, in Cerf’s good time, the New World, with all its power and might, steps forth to the rescue and the liberation of the old.

Signed;
The Pirate Bay Crew - Now until needed

Arrrr, they be walkin’ the plank tho’ they speak. No matter what they try to do they will be shut down eventually. Yes, yes, everyone knows file sharing is illegal according to the MPAA and FBI and INTERPOL and whoever all else. Sad to say though, everyone has done it at least once that I know personally, and usually for things as innocuous as Linux distro downloads. Music, movies, TV shows and software are among the most popular things to download and People are trying to find work arounds to stay annonymous. Is there such thing as annononimity  on the internet? I don’t think so, not even with things like the Tor Network, famous for Onion routing. I do not say the biggest torrent tracker online will be shut down lightly. I have followed a number of trackers’ demise in the recent years, and sad to say, no matter how hard The Pirate Bay fights back, they will lose the war. So many have gone under, and it will never stop till somehow one of two things happens: one, piracy will be legalized (yeah, right) or two, all internet piracy has been shut down (might I give another mighty yeah, right).

The science of bit torrent is amazing, and I have read many an article concerning how it all works. Sadly the purpose of this editorial is to express my dismay in the fight The Bay puts up. It’s inevitable, whatever global server hosts them will be brought down, no matter what business proposal is made to save The Bay will come to a crushing end. It’s just sad, and they should learn to put up the white flag of surrender.