Archives


Atom Feed

Associated Blogs
 
Edge City
 
Numbering Peano
 
Orcmid's Live Hideout
 
Praxis101
 
Prof. von Clueless in the Blunder Dome

Recent Items
 
I Blog, Therefore I Am
 
Amma Vicki and the Monks
 
Let It Rain, Let It Rain …
 
The Fate of Microsoft Outlier Customers
 
Just a Little Bit Facebooked
 
By Your Start Bars Shall Ye Be Known
 
Golden Geek: Sibling Memories Revisited
 
Monday Morning NaN: Confirmable Experience with my...
 
Saturday Geek Photo: A Back-to-the-Future Moment
 
Friday Cat Picture: Hide-and-Seek Fail

Monday Morning NaN: Confirmable Experience with my Coffee

Darren Rowse tweeted about Threaded Tweets, and I went for a look.  I can’t remember the last time I saw a NaN delivered up by a web page, and this may be a first.  I’m not sure whether 14996 replies is a very successful number, but I guess any thread that lives that long deserves some respect [;<).

There are three interdependent themes that I see around the development and sustenance of dependable systems: system coherence, confirmable experience, and trustworthiness.  These and dependability itself are not independent notions.

I think this one is about confirmable experience

Something odd is happening.  Thanks to screen-capture software, I can show you (and the producers of ThreadedTweets) what happened.  In fact, I will tweet about this and if the cycle of learning and improvement is operating, the Threaded Tweets folk will pick up on it, if they aren’t aware of the glitch already.

It would be fun to create a threaded tweet about this as well, but I am not about to provide my Twitter credentials to ThreadedTweets in order to do that (and you can see the reason for distrustfulness here even though they claim to be using OAuth to protect me, yes?).

There is a part of the confirmable-experience cycle that figure in trustworthiness that I can’t account for.  I have no idea how to the tweet threading folks are able to identify the specific difficulty, although it appears to be a stand-out no-brainer, so long as they can see the data on which the failed time-lapse calculation is being done.  Smells like there is a division by zero or a failed data conversion in there somewhere too.

But as an end-user, I don’t know about any of that and my speculation is not the same as having visibility on the process for confirming what is happening, as opposed to confirming how users experience it.  That’s the part I provide.  Also, I notice that the NaN message has disappeared in the past few minutes, possibly because the defect has been noticed, possibly because it is transient and difficult to find.

The tie-in to trustworthiness

ThreadedTweets has a feedback and a support link that I could use to communicate what I noticed to them.   Now that it the NaN is gone, I’m not sure whether that will help.  They want an e-mail to the support address.  I’ll send them a link to this post.

The tie-in to trustworthiness has to do with the demonstration of care for the adopters (a.k.a. users) by the producers of ThreadedTweets.  In this case, it is how friction is removed from the ability of adopters to communicate their experience to the producers.  The back half is how the producers demonstrate remedies or other solutions in a reliable way. 

Since I am very much into identification of confirmable experiences and occasions where system incoherence show up, I have a screen capture utility at the ready at all times.  This is necessary but not ordinary behavior required to to demonstrate what my experience is. 

An interesting problem for an organization that wants to be trustworthy in delivering a dependable web-based service is this: what can be done that would allow ordinary, casual adopters to convey their experience to the producers in a way that is confirmable?  That’s the question to consider.

And your assignment, if you choose to accept it …

That’s the bigger point of this tiny object lesson.   Look for more to come.  Notice ones in your own experience.  Collect the full set.  Entertain your friends. 

Most of all, begin to notice those little moments of truth where your experience of products raises “uh oh” and “ick” experiences for you.  What do you do about them? 

This is not a trick question.  I don’t do much about many that I experience.  It is valuable to notice and even question that, though.  What is it you are putting up with?

I arose at 5:30 am to be prepared for the 7:00 am Monday morning conference call of the OASIS OpenDocument Format (ODF) TC.  The cancellation notice went out about 2:00 am, my time, from Germany, and I had the opportunity to crawl back in bed after a poor night’s sleep or start my day early.  Oh wait, I can post on my much-neglected blog.   Aren’t you the lucky ones.

Labels: confirmable experience, system incoherence, trustworthiness

Social-Grid Identity: Please Enter Your Twitter Credentials Here

[update 2009-03-06T20:43Z Hmm.  I just checked onto Twitter over lunch and the first update was from Ed Yourdon about Twitter being hacked in some way that allows accounts to be used or users impersonated in some way.  The instance on Yourdon’s update page suggest that these came in under the guise of posts using the web, so the exploit appears to be against the Twitter home page or the web site.  Ideally, Twitter has finer-grained detail about the path over which these tweets arrive and what the likely exploit is.  I had no knowledge or suspicions about this when I researched and created this post yesterday.]

It’s still happening.  First it was Facebook credentials.  Now it is the new hot: Twitter.

There’s an onslaught of web-based applications that integrate with Twitter and provide additional functions and services for you.  Sounds exciting, yes? 

But all of them want my Twitter credentials.  Like TwitPic, when I wanted to make a comment on this photographic complaint about someone taking a single bite out of the P-I newsroom’s fat-pill supply.  That stopped me short.  They wanted my Twitter credentials simply to comment on the photograph.  I passed.

WAIT!!  Have I already fallen for this?

This has me wonder who else I may have already given my Twitter credentials too. 

• FriendFeed?  No, they just wanted to know my Twitter name in order to include my tweets in FriendFeed.
   
• FriendFeed posting to Twitter?  Not sure.  I can’t tell what it took for those tweets to be forwarded.   I’ve turned it off, turned it on, and turned it off again.  No credential request, but I’m leaving it off anyhow.  I don’t remember providing my Twitter credentials though.  That sort of request usually triggers instant uh-oh on my part.  I know the Linked-in connection ceremony does not involve disclosure to FriendFeed, and expect that no other arrangements like this do either.
    
• Twhirl.  Well, this is a desktop (Adobe AIR) application.  It does know my Twitter and my FriendFeed passwords.  It also will forget my passwords if I tell it to.   Apart from the prospect of the application simply stealing that information via my authorization to access the Internet through my firewall, there is no more exposure here than my entering the a password on the Twitter and Friendfeed pages.  Not perfect, but at least retained only on my machine and not someone else’s.

So there are mixed results. 

It doesn’t have to be that way.  When I configured Windows Live Photo Gallery to update to my Flickr account, I never divulged my Flickr (that is, Yahoo!) credentials to the program.  Instead, it worked more like a PayPal transaction, with Flickr arranging a unique credential for Photo Gallery to use that applies only to it, apparently.  I don’t know the details of that arrangement; I will find out more.  This sort of arrangement needs to be more widely understood.  (I’m pretty sure that I can use an Information Card to accomplish arrangements like this too.)

And Now, Some Security Theater

I have resisted two invitations to supply my Twitter credentials, not counting the one at TwitPic today.  On reflection, they are each instructive.

Mr. Tweet Sends Me a Message

Mr. Tweet sent me a direct message.  Well, that means I am following Mr. Tweet, doesn’t it?  Apparently not.  If I go to this page, it tells me I need to follow Mrtweet to start receiving the benefits.  And when I check MrTweet on Twitter, I am not shown as already following it.  Since my only contact with Mr. Tweet was 76 days ago, I have no recollection of anything I might have done that invited that original direct message to me, but I could have. 

On the other hand, this appears to be an interesting arms-length arrangement.  Mr. Tweet apparently provides support that does not require my credentials to access.  Furthermore, its communication with me is via Twitter direct messages.  My opting-in by direct-messaging Mr. Tweet does not require me disclosing my Twitter credentials. 

I would say I am safely intermediated by this clever use of existing Twitter provisions. 

Because I’m not interested in this service, especially not enough to receive direct messages, I am not following Mr. Tweet.  This personal choice has to do with my direct messages coming to my e-mail inbox and also my mobile phone.  I want to limit that traffic. 

Hmm, looking deeper while researching this post, I see that the Mr. Tweet page does have a (Twitter?) login panel at the very top.  Maybe this isn’t cool after all?   Worse yet, if I choose to follow any of those Mr. Tweet lists as interesting followers using buttons on the Mr. Tweet page, it requests my Twitter credentials.  Even though I can click through the links provided to the Twitter pages of those followers and follow them there.

FAIL!!  I did notice someone that I thought I should be following, but I went to the Twitter site to do it.

Mr. Tweet should stop being so helpful and take those follow links of their recommendation page, letting us use Twitter to do it.  Links to individual Twitter pages are all we need.

Now I wonder what the direct-message enablement is all about.  It should be a way to establish that I am the user of the account I would use Mr. Tweet for, but they don’t really need to establish that, it appears.

Mr. TweetSum has Data just for Me.  Not Really.

Tweetsum was being recommended in a Twitter update from Andrew Woods.  I still don’t know what a DBI is, but I saw immediately that I must use my Twitter credentials to get started.  That stopped me cold, as usual. 

On questioning Andrew about this, I was not inspired by his remark that he knew the developers and one was a security expert so he had no problems with providing his credentials.   What failed to inspire my confidence is that there does not seem to be any need for my twitter credentials for them to accomplish what they offer. 

I now see on the TweetSum blog that they know they don’t need the credentials too.  They promise not to keep them and “don't worry, we don't keep this info -- twitter merely tells us you are who you say and we believe twitter.”  

So, wait a minute.  They don’t need my Twitter credentials to do what they do, just as I thought. 

Yet they want to be sure it is me?  Why? 

Someone who asks for Tweetsum analysis for orcmid still can’t impersonate me to Twitter or any of my followers or anyone else.  They can’t do anything with information from TweetSum that they couldn’t do anyhow (like, stalk all my followers or something), with or without automated assistance.  So what’s the point? 

TweetSum having my credentials even for that one check is just security-theater ceremony.  There are a lot of those being passed around these days, but that is no reason to tolerate them. 

There is value in learning to spot security theater illusions, though.   When we encounter these charades it is also legitimate to wonder what else is not being understood about security on the behalf of a service’s users. 

Labels: confirmable experience, social networking, system incoherence

WTF: Umm, Flash 10 Detection Not So Simple

Just after midnight coming into Saturday, 2006-12-06, I unloaded my sad experience with Flash Player detection since updating to Flash 10 in IE 8. The details are in the article “WTF: The Adobe Flash Version 1x Crisis.” After that, I created a question on Stack Overflow to explore the geek side of the problem.

I just confirmed that the problem is more subtle than my original suspicions: Flash 10 Detection works in IE 8 beta 2 when I’m elevated to admin and it fails on many (but not all) sites when I am running as a Limited User Account (LUA). So I am seeing what may be a permissions problem that only shows up for users who browse as limited users on Windows XP SP3.

This leaves two mysteries: (1) what is the permissions problem and (2) why does Flash detection work on some sites anyhow?

Not Exactly What I Was Looking For

Thanks to a lead from RoBorg on StackOverflow, I was given some useful leads on Flash Player detection resources. This led me to experiment with Adobe Flash Player Detection Kit 1.5. The Kit’s sample for client-side (that is, in-browser) detection failed, suggesting to me that this would be good code to explore for isolation of the problem. I began to conduct an autopsy on Adobe’s sample code.

My first discovery in using the Client-Side Detection sample code is that the failure to detect Flash 10 is not about an incorrect comparison for desired-or-later version. The client-side detection doesn’t get that far. An internal procedure, GetSwfVer, for finding an installed version of Adobe Flash Player is unable to detect any Flash Player at all. So it reports that it failed to find any version installed.

This had me suspect there is something going on with the Windows Registry (where I can see that there are entries for ShockWavePlayer, the Macromedia name that continues to be used). I can also see that there is an entry for Flash Player version 10. Internet Explorer also shows that it has the player installed and enabled when I check the Tools Manage Add-ons menu selection for all add-ons:

My plan is to dissect the GetSwfVer JavaScript and bench-test it by parts until I see where the procedure is failing to find the installed Flash Player control and report its version.

I also have observed that the Adobe Flash Player Detection Kit and recommended detection methods have a poor reputation among some developers. I have no reliable evidence to support that. I will, however, also check into the recommended alternative, <swfobject>. If I find that it works where the Detection Kit Client-Side solution does not, that will be worth exploring for what the workaround is. There is a handy article by Bobby van der Sluis on the Adobe Development Center. The sample files there should get me started the same way I have made use of Detection Kit 1.5.

Another Country Heard From

Meanwhile, I noticed that there is also support for Google Chrome. Chrome is the other in-beta browser I keep around to compare with IE 8 beta 2 results and to sometime use as an alternative for some sites that I just can’t get to work with IE 8 beta 2, even in compatibility mode.

I managed to install Flash Player 10 for Google Chrome today. It turns out that Google uses plug-ins, not ActiveX controls, and the same plug-in that works with FireFox and other browsers sharing some of the same code base works with Chrome. It is actually tricky to get Chrome to install a plug-in, but I managed it.

This is a plug-in, not an ActiveX control, so its detection and use can be rather different. Nevertheless, I confirmed that Chrome will play Flash 10 for all of the sites where I am unable to have it work for Internet Explorer, including YouTube and the CBS Television NCIS program page. That solves my immediate desire to catch up on programs that I’ve missed. That makes me happy, as a program watcher.

I still want to get to the bottom of this and complete my diagnosis of Flash Payer detection difficulties with Internet Explorer.

A Small Matter of Privilege

Because I had to be running as administrator to install the Flash Player Plug-in, I first tested Chrome-based Flash Player detection and video playing while my Windows XP SP3 account was still elevated to administrator. Everything worked.

As an afterthought, I also attempted to use IE 8 beta 2 under administrator privileges. It works!

But when I restore to my account to Limited User, it doesn’t:

Hmm, it doesn’t pick up the icon in the address bar either. IE 8 offers compatibility mode for this page, but it doesn’t make any difference to pretend to be IE 7 here.

OK, What’s Next?

I have solved the problem of being able to continue watching my favorite Internet-available programs.

I have not solved the problem of client-side detection in IE8 and what about account privileges has detection work where it doesn’t when I am operating as a limited user.

I will continue my dissection of available client-side code to isolate the problem and determine how some sites manage to get around the limitation I am experiencing.

This business of having applications work while I am administrator and not as limited user is not new. I tend to associate this with my upgrade from Windows XP SP2 to SP3, and it may be related to more-recent security updates. I cannot be certain. I do know I have been putting up with this for some time.

I am hopeful that if I get to the bottom of this one, I may be able to solve other problems (such as having a NewsGator Inbox plug-in for Outlook that only runs when I am administrator).

As far as the specific problems of reliable Flash Player detection in IE8 go, I will continue to work on that as well, but not with the same urgency.

Also, because anything I do from now on will be very geeky, I will provide an account on places like Professor von Clueless in the Blunder Dome and Stack Overflow, as appropriate.

The Incoherence of Confirmable Experience

Although I have wandered off into the weeds on this exploration, there are a number of examples of system incoherence, something where the web is a bountiful source of examples. The difficulty of confirming my experience and isolating it to something that is reproducible by others is also well-demonstrated here.

I am also mindful that the reason there is no great hue and cry over Flash 10 detection problems is that I may be part of that select and small population of devoted LUA users who are seeing the problem at all. This is, of course, fodder for a different sort of rant.

Labels: confirmable experience, cybersmith, interoperability, system incoherence, trustworthiness

WTF: The Adobe Flash Version 1x Crisis

Had any problems with Flash Player version detection lately?  Try updating to Adobe Flash Player Version 10.  Prepare to be shocked by the poor quality of Flash version detection in the wild.

After upgrading to a clean install of Adobe Flash 10, I discovered that nearly all video sites that worked for me in the past began denying that I had a version of Flash as good as what that they required.  Still other sites deliver Flash video to me just fine and, on occasion, I am able to experience the higher quality HD streaming that some sites now support.   It is amusing to see who fails to deliver video to me and what they have to say about it. 

I leave as an amusing puzzle how one determines what is going on and what the bug is likely to be.  My suspicion is that the bug is hilariously simple yet spread like some sort of plague throughout the Internet.

Adobe is experiencing its own version of the Y2k disaster, only in a simpler and more hilarious form.  As far as I can tell, the problem is not Adobe’s.  The difficulty is that many sites are completely unprepared for this version of the Flash Player.

[2008-12-08T20:37Z update: Further analysis reveals that my particular problem is related to permissions in some way, not simply comparing version numbers incorrectly.  I have no trouble with Flash 10 detection and playing when I am running as administrator.  The difficulties arise only when running as a limited user.  This doesn’t explain why I am successful some of the time as a limited user, and more forensic work is required.  For details on the dissection so far, see “WTF: Umm, Flash 10 Detection Not So Simple.”
 2008-12-07T00:37Z update: Well, the sample Client-Side Detection in the Adobe Flash Detection Kit 1.5 definitely fails to detect Flash 10.  The script is a bit hairy and one problem may be related to how Flash Player 7 and later versions are recorded in the Windows Registry.  Assuming that the version string is found properly, the next problem may be in the logic of JavaScript function DetectFlashVer.]
 2008-12-06T22:43Z update: I put the questions about this up as a teaser on StackOverflow.  I am already seeing a couple of interesting comments.  The frightening prospect is that the bug is in detection code that Adobe (still) recommends.  So, I had to add the eReader page’s failing of its own demonstration of the proper solution, below.  Stay tuned.]

Here’s how I experienced the widespread (for me) Flash 10 detection failure.

	Updating Flash.  On November 24, I encountered a pop-up advising me of an update to the Adobe Flash Player.  This one promised full screen HD playback, faster performance, and security enhancements.  I wanted it. Because I run as a limited user when on-line, actually installing the plug-in took a little more effort.  Before I was done, I had removed Flash completely from my computer and then done a fresh install.  On November 25, I had a successful installation in Internet Explorer 8 beta 2.  (No cracks: IE is not the problem here.  Sometimes I need compatibility mode for a site to render properly, and those issues are separate from whether or not Flash will play.  I have Google Chrome, and could try its Flash plug-in except I need to be admin to install it, as usual.) This display appeared in IE8 when the install succeeded. If I select updating any time later, no downloading will occur and I see this display near-instantly.  At this time, version 10.0.12.36 is the latest and I have it installed already.
	Successful HD Video.  Here’s an example of the high-quality video presentation available on Hulu, my favorite site for watching movies and television episodes.  This snapshot is a few seconds into the 480p feed of a recent episode of Fringe. Hulu works so consistently, while so many other sites are failing, that I was concerned that the site wasn’t serving up Flash at all.  To make sure I wasn’t receiving Silverlight video, I inspected the source code of the web page.  Yes, it is using the Flash Player.  The code is in nice AJax structure and I can find where the player is operated, although I can’t determine how the version is checked.  I also see how messages that I need Flash are produced.  That isn’t happening. The Flash 10 Player is recognized by Hulu, which plays everything just dandy.
	Nice embedded play on Change.gov.  On December 4, I also visited change.gov because of an interesting phenomenon there.  Here’s a simple video in its own frame on the Change.gov site.   The video and audio play just fine. I don’t know where this particular video is hosted, so I looked for another that was part of the YouTube video collection for change.gov.
	Change.gov shows YouTube well.  Here’s a larger video frame from a different page on change.gov.  You can see that the video is YouTube-branded in the lower right corner of the video frame. What’s fascinating about this and any other YouTube video is that viewing directly on a YouTube page will fail, as shown below. It also fails if I go to Y! Video for the Yahoo presentation.  The MSN Video works just fine.
	The best rejection of them all.  This is the only accurate message that I received.  About Face author Alan Cooper should be very pleased that someone is learning how to present straight-talking, factual messages. It is valuable that this message reports the only thing that the Kyte site can be sure of.  It doesn’t speculate anything about my computer and what the problem might be.  If you’re going to fail, do it this way.  This is evidence for a level of care that inspires trustworthiness.
	YouTube the know-it-all.  Here’s brash You Tube guessing what’s wrong with me.  The statement is completely false.  Also, remember that YouTube video that plays just fine from change.gov? So, somebody is doing Flash Player version detection differently (i.e., properly) compared to most everybody else.  I wonder how we’ll learn what the difference is. PS 2008-12-06: Ironically, Google Video does play through Flash 10.  Viddler plays beautifully (and that says a lot about Chris Brogan’s relationship to trust).  MSN Videos play as well, also using Flash for delivery.
	CNN Fails Twice in One Blow.  Notice the version it reports that I am using. At first, I thought the problem was that all of the failing implementations are truncating “10” to “0”, but that would be misleading. All we know for sure from this display is that the version was truncated in making the message, assuming it is using a detected version at all. An interesting aspect of the CNN site is the number of different implementations of Flash viewers there are.  I include two more in the rogues gallery below.
	Yahoo! wants my attention.  I went to the solutions page.  Meanwhile, back on the page that had this message, I start hearing audio.   Returning to the tab with that page, I see that the video is indeed playing.  It is a reduced video image that does not play in the full frame of the Yahoo! player on the page, but the video is playing. It is difficult to get to the AP feeds in a direct way, and I haven’t tried comparisons with other sites that carry AP or other services delivered via Yahoo!
	Not so great, Yahoo!  This “solution” is amusingly inaccurate.  It may be true that they require the version they do, but upgrading won’t get it for me.  The fact that the video was playing while I looked at this makes for a rich Internet experience.
	Oh Oh, Adobe FAIL?  This image shows failure of Flash 10 detection on a web page that is proudly showing off the correct way to detect Flash 8 or higher.   I found this in a link on the Adobe Developer Center article “Best Practices for Flash Player Detection.” The article has some great demonstrations of hubris: ”Well, folks, today is a good day: The search is over. The wheel has been invented. And tested. And taken on a nice, long road trip. “Say hello to the newest detection script, which you can implement easily using Macromedia Flash 8. Much like the Six Million Dollar Man, it's better, faster, and stronger. And as an added bonus, you can actually rely on it.” ending with ”Finally, tell every web developer you know about this article. The sooner Flash Player Express Install becomes standard, the sooner we can stop frustrating users and start handling Flash experiences in an effective manner and improving user experiences on the web.” Apparently, that is exactly what happened. The late Michael Williams provided, in 2005, an Adobe Developer Center article on “Future-Proofing Flash Player Detection Scripts.”   There are some weird solutions, but it looks like they should detect Flash 10 (but maybe not Flash 26).
	Adobe’s Example Fails.  The Client-Side Detection example in the Adobe Flash Player Detection Kit 1.5 fails to detect Flash Player version 10. Examining the JavaScript file suggests a number of ways that DetectFlashVer might go wrong.  Determining the actual defect requires some careful forensic reconstruction.
	Adobe Unhelpful Helpfulness.  The Flash Player Detection Kit also provides an example of an ActionScript detection technique.  This sample will automatically invoke installation of an ActiveX plug-in, but when I allow it to run all it does is quickly report that the version I have installed is present (as if it has installed it anew). This “10.0.12.36 Installed Successfully” has no impact whatsoever on the already-reported detection difficulties.  In particular, the Client-Side Detection example still fails. It is time for that careful forensic reconstruction.  I am also curious about the way that the Windows Registry is accessed as part of ActiveX detection activity.
	Joi’s Wedding-Present Clue.  I have a theory about what is happening here.  It is the kind of thing that is going to embarrass a lot of Web developers while those who got it right are laughing their heads off by now. [update: The Vimeo video is working fine on Joi’s own site and the link-through to Vimeo.  The full-screen HD rendering is not bad.  But the above message still occurs when I use the direct video link on Joi’s FriendFeed stream.  That makes this a self-contained systems-incoherence demonstration along with the confirmable experience (until they fix it).]  OK, Let’s Figure This Out, Aye? I can’t be certain that every detection failure has the same bug, but the odds of a Y2K sort of failure are pretty high.  The way I think it happens is a little different, but it requires having gone from “9” to “10”, giving lots of time for the defective code to be shared among far too many Web developers around the globe. I’ll leave it at that.  This is a great challenge question for novice developers and experienced ones, the latter probably having committed this one at least once themselves.  I can see how I might have been caught by this myself, although I’d like to doubt that I would simply because I am always aware of representation issues from my experience in early programming languages and machine-language programming.  I am also inclined to over-engineer edge cases, and that might have been appropriate in this case. Meanwhile, here’s a rogues gallery of other sites that have an unfortunate approach to Flash Player version detection.

There you have it.  I’m sure this is not pleasing for Adobe.  Let’s just hope that the detection problem is not from an Adobe-provided sample of how to do it.  [Update: It appears that the problem has been promulgated in Adobe-promoted materials.] 

[2008-12-06T19:20Z update: I went through and added links to the actual sites and videos where there is narrative.  I also noted some successes where sites simply worked as expected.]

Labels: confirmable experience, interoperability, software usability, system incoherence, trustworthiness, web site construction, web standards

Friday Cat Picture: Weez Ur Trickz n Treatz

[update 2008-10-27: I couldn’t stand the way the picture worked so I am putting in a different one and discussing how it came to be so different.]

I am substituting the tightly-cropped version (above), sacrificing the dangling tail of the first arrangement (below).  At the same time, I realize that I had over-warmed and –saturated the image.  To be sure that I obtained something more like I had in mind, I recalibrated my new LCD monitor with Calibrize (thanks to LifeHacker).  This seems to work better than my hueyPro which seems to be confused by my video pipeline.  On the other hand, I may be the one who is confused, having not figured out how to calibrate my display properly by any means.

You, as the viewer, have no idea what I have in mind as a proper presentation of the photograph, above, and the alternative that I found unsatisfactory, below (although the difference in cropping should be obvious).  You can click on the Calibrize button and find your own balanced monitor adjustment (or use your favorite alternative for non-Windows platforms).

That makes this updated post into fodder for my confirmable-experience soapbox and there’ll be more about that in further posts.   Meanwhile, it is time to shop for Halloween candies for the Friday night visitors.  I have a great cat-picture repost to put up at that time.

I really wanted to keep Teh Amor’s tail in the picture, but it makes the composition really cock-eyed.  Looking at it, I think the only solution would be to separate out the two figures and ditch the tail and the framing of them together.  And I’m not going to do that well, just because.  And now I’ve gone and done it.  They are still framed together, but the tail is gone.  Do you see other differences?  Which one looks better in that regard?

The original photograph was taken on Wednesday, October 22, on one of those unexpected and delightful snappy autumn days with bright sunshine.  One or both of the twins will usually laze in the sun on the window side of the vertical blinds.  I have no idea what has them facing into the room.  I was anxious that they not decide to hop down and come closer to see what I was doing.

I’m holding the camera vertically, with the on-camera pop-up flash on the right.  Teh decided to look right into it, hence the village-of-the-demon-cats effect.

No, they’re not dressing up for Halloween and yes, it is a week early.  Maybe they’ve over-dosed on the run-up to the US Presidential Election.  Could be Princess still yearns for Hilary, or maybe for John Edwards?

Labels: cats, confirmable experience, photography

Geek Dinner Collection: 2007-09-12 Hanselman Event

[This 2007-09-13 Orcmid’s Live Hideout Post is being recovered from my Live Spaces blog for improved preservation and consolidation. While it is a way to appear to be blogging more regularly, it is also a serious preservation attempt. I want to move off of Live Spaces anyhow, since I can now accomplish all of the same things in a place where I have complete backup and preservation capability. It also happens that there are some threads that were partly over there that I want to build on over here.

I did not know that this was more urgent than I realized. It seems the latest Windows Live Writer (or Live Spaces itself) will not let me retrieve previous posts beyond the latest 20. So I am literally scrapping this one off of the blog page. We’ll see how it goes.

Scott Hanselman hosted another of his Bellevue Crossroads Geek Dinners this past Monday, 2008-10-06. It is appropriate to retrieve this message while I stall my preparations for a response to Hanselman on a different topic.]

My snapshots from the casual dinner meet-up called by Scott Hanselman with swag by Charlie Owen. Here I play with the thumbnails that Flickr provides, along with the ease of using photos in posts via Live Writer. I do fancy my Live Writer, yes I do.

[update 2008-10-09: Along with movement of this post to Orcmid’s Lair, there is also a confirmable-experience moment concerning these digital photos. They appear much darker than on my previous display. This is a noticeable concern and a complex confirmable experience situation. There’ll be something more coherent about that after I manage to calibrate my new monitor for reliable digital-photography work. Oh, I’m also making use of the categories feature and have abandoned any effort to keep cybersmith posts all in one place. Scary.]

[update 2007-09-13: Arun Bhatnagar has put his photo set on Flickr. They provide a great demonstration of how the Crossroads Mall building is unusually inviting for socialization and informal meetings.]

Labels: confirmable experience, cybersmith, geek dinner, photography

Confirmable Experience: What a Wideness Gains

Four years ago, I replaced a failing 21” CRT display with a 20” LCD monitor.  The improvement was amazing.  I have since upgraded my Media Center PC with a graphics card that provided DVI output and there was more improvement.

But the greatest improvement came when the 20” LCD monitor recently began to have morning sickness, flickering on and off for longer and longer times before providing a steady display.  Before it failed completely, I began shopping for the best upgrade on the competitive part of the LCD monitor bang-for-buck curve. 

These days, 24” widescreen LCD monitors are the bees knees.   For almost half what I paid for the 20” LCD in 2004, I obtained a 1920 by 1080 DVI LCD (Dell S2409W) that is not quite the the same 11.75” height but is 21” wide.  The visual difference is dramatic when viewing 16:9 format video and also when viewing my now-favorite screensaver.  I added a shortcut to my Quick Start toolbar just to be able to watch the screensaver and listen to the bubbles while making notes at my desk.

One of the problems I had with the 20” old-profile (6:4, basically) was that I could not work with multiple documents open at the same time.   I don’t mind only having one fully on top, but I often needed to be able to switch between them easily.  In some standards-development work that requires comparison of passages in different documents, it was also tricky to have them open in a way where I could line up the material to be compared and checked.

The wider display permits having more of an application open, such as Outlook, and it also allows access to additional open material. 

What I hadn’t expected was the tremendous improvement that becomes available when there is a 21” task bar at the bottom of the screen.   I did not expect an advantage there as the result of the wider display.  That alone has made my working at the computer more enjoyable and more fluid. 

My desktop is still too cluttered with icons and I am still tidying them up, removing ones that I rarely use.  Even so, the perimeter of the display provides for more icons on the outside of the central work area so that I can find them without having to close or move application windows.  That’s another bonus.

I must confess that I haven’t had so much fun since I progressed from Hercules-graphics amber monitors to full-color displays in the early 90s.  It is sometimes difficult to realize that it wasn’t that long ago.

Oh Yes, the Confirmable Experience …

There are two confirmable-experience lessons here.  First, the subjective experience I am having is mine.  The wide-format monitor is an affordance for my heightened excitement and enjoyment, but the experience is mine.  Others have different reactions and, in particular, have their own ideas about display real-estate, task bars, and other user-interface provisions.

For the second lesson, recall how much emphasis I give to using a screen-capture utility for computer forensic and trouble-reporting work.  That will often provide important out-of-band evidence for a problem that one user is seeing and that another party does not.

These screen captures provide similar evidence of what the wider-format display provides for me.

They don’t provide any assurance that you will see them the same way I do, however.  If you click through to the full-size images, you’ll see a rendition of the same bits that my display shows me.  I assure you that the image I see when replaying those bits to my screen is exactly the same as the one I took a screen capture of.  

There are a number of ways that your experience will be different.   At the most fundamental level, there is no way to know, using these images only, to determine whether the color presented for a particular pixel on your display is the same that I see on mine.   The PNG files do not reflect what I saw.  They do faithfully reflect what my software and graphics card used in the internal image that was presented via my display.  But we have no idea whether your computer is presenting the same color using the same bits.  There are other differences of course, in that gross features may not be viewable in the same way my monitor allows me to see them (unless yours has at least the 1920 by 1080 resolution that mine does).  This is all there to interfere with our sharing this particular experience of mine even without allowance for our different vision and subjectivity influences.

The takeaway for this part is that context matters with regard to what qualifies as a confirmable and confirmed experience.  It’s also useful to notice how many different aspects of the computer bits to displayed pixels pipeline can influence whether or not I have successfully shared relevant aspects of my experience with you.

And we do manage to make it all work, most of the time, for most of us.

Labels: confirmable experience, trustworthiness

 
Comments:

 
Hi Dennis,

Having myself moved to a 24" LCD six months ago, there are a number of things you can do to enhance your screen real estate:
- Unlock the taskbar
- Drag its top edge UP so that it become 2 (or, even better, 3) lines high
- Create a folder containing shorcuts to your most common apps. (Don't have the folder on the desktop)
- Drag that folder to your new taskbar; a new toolbar will appear
- Right click on your new toolbar, and turn off text displays (name of toolbar and name of apps); it will now be a fraction of its original size
- Resize the new toolbar so it sits just to the right of the Quick Launch toolbar
- Do exactly the same exercise for utilities you use all the time
- Do exactly the same thing for folders you access all the time. You could do the same for common documents.

Now you have one-click access to the apps, utilities, and folders that you use all the time, and its hardly used any screen real estate.

Finally, remove 99% of the junk off your desktop.

Regards,
Ian Easson

# posted by  Ian Easson: 07 October, 2008 16:30

 

Post a Comment

Confirmable Experience: Consider the Real World

Clarke Ching just posted a great illustration of a confirmable-experience situation.  Until a set of comparative photographs was available to illustrate some different experiences, he and his wife did not know how to understand a difficulty that one had and the other did not (and check the follow-up for more important reality). 

This is the entire crux of it. 

I often go on about the importance of confirmable experience in the area of trustworthy and dependable systems.  Providing confirmable experience is something software producers (and motivated power users) need to pay attention to.  Clarke provides the Cool Hand Luke reality version.  Sometimes communication is not simple and it is important to remove the barriers.

I want to post this here and I also want to drag it into my confirmable-experience cybersmith collection too.  I want it here because it is so juicy, even though this is not my main confirmable-experience category location.  Well, I think not.  I will resolve it for now with cross-posting.  Sometimes, I need to make a mess to know that is not the way to do it.  Now I have to dig my way out of it.

Labels: confirmable experience, trustworthiness

Interoperability: The IE 8.0 Disruption

I've elected to adopt the IE 8.0 beta 2 release as a tool for checking the compatibility of web and blog pages of mine.  I see how disruptive the change to default standards-mode is going to be and how IE 8.0 is going to assist us.  I need to dig out tools and resources that will help me mitigate the disruption and end up with standards-compliant pages as the default for new pages.

Looking Over IE 8.0 beta 2

I avoid beta releases of desk-top software, including operating systems and browsers.  Because the standards-mode default of IE 8.0 is going to place significant demands on web sites, I also thought it time to install one copy of IE 8.0 simply to begin assessing all of my web sites and blog pages for being standard-compliant enough to get by.  I am willing to risk use of beta-level software in order to be prepared for the official release in this specific case.  I'm also sick of having IE 7.0 hang and crash on mundane pages such as my amazon.com logon.  I'm hoping that even the beta of IE 8.0 will give me some relief from the IE 7.0 unreliability experience.  And so far, so good.

With the promotion of beta2 downloading this past week, I took the plunge.  Installation was uneventful and all of my settings, add-ins, favorites and history were preserved.  My existing home page, default selections, menus and tool bars were also preserved.  [I am using Windows XP SP3 on a Windows Media Center PC purchased in September, 2005.  IE 8.0 beta 2 also seems faster on this system in all of its modes.]

I did not review much of the information available on IE 8.0, expecting to simply try it out. 

My first surprise was a change to the address bar.  There is a new format where all but the domain name of the URL are grayed.  That was distracting for the first few days and it still has me stop and think.  I realized this is the point: emphasizing the domain name so that people will tend to check whether they are where they expect to be.  I like the idea, even though I have to look carefully and remember the full URL is there when I want to paste it somewhere or share the page on FriendFeed or elsewhere.  I take this provision as one of those small details that demonstrates a commitment to safe browsing and confident use of the Internet.

What I was looking for, and saw immediately, is the new compatibility-view button.   This "broken page" button appeared on the first site I visited after installation of IE 8.0 beta 2.

Clicking the button causes it to be shown as depressed and the page is re-rendered as a loosely-standard page with the best-effort presentation and quirks renderings of IE 7.0 and earlier Internet Explorer releases.  If you leave the button selected, the setting is remembered and automatically-selected on your next visits to the same domain.  It stays that way until you unselect the button by clicking it again while visiting pages of that domain.  It was this feature that tipped-me over in wanting to check out my own pages using beta2 (although I thought the button was tracked at the individual page level until I read the description of domain-level setting). 

By the way, if a page is detected to require a standards or compatibility mode specifically, no compatibility view option button is presented.The amazon.com site is this way from my computer, and so is Vicki's pottery-site home page.  I looked at the source of the amazon.com site and confirmed that they are not using the special tag that requests that the compatibility view be automatic.  I didn't check the HTTP headers to see if they are using that approach to forcing a compatibility or a standards-mode view.  I know I did nothing of the kind on Vicki's site.  This suggests to me that there is also some filtering going on in standards-mode rendering to notice whether a compatibility view should be offered.  I'm baffled here.  I am curious whether there is any browser indication when the compatibility view is selected by a web page tag or HTTP header.  I suspect not and I'll have checked into that soon enough.

I also checked out the InPrivate browsing feature, which, although popularly dubbed the "porn mode," is very useful when using a browser from a kiosk or Internet cafe and when making private on-line transactions from home.

At this point, I am not interested in special features of IE 8.0 other than those related to improving the standards-compliant qualities of web pages and the browsing experience.  I may experiment with other features later.  My primary objective is to use the facilities of IE 8.0 and accompanying tools to improve the quality and longevity of my web publications.  Once I have some mastery over web standards, I will look into accessibility considerations, another project I have been avoiding.

Disrupting the State of the Web

The problem that IE 8.0 is intended to help resolve is the abuse of Postel's Law [compatibility view offered] that the web represents: "be conservative in what you do, be liberal in what you accept from others."  The abuse arises when what you do is based on what is being accepted, with no idea what it means to be conservative.  The web was and is an HTML Wild West and it is very difficult to enforce conservatism (that is, strict standards conformance in web-page creation).  Since browsers also varied in what they accepted and then what they did with it, loosely-standard pages and loosely-standard browsers have been the norm and web pages are crafted to match up with the actual response of popular browsers. 

Since Internet Explorer is made the heavy in this story, we now get to see the price of changing over to "be strict in what is accepted and be standard in what is done with it."  This is a very disruptive change.  We'll see how well it works.   Joe Gregorio argues that exceptions to Postel's Law are appropriate.  Some, like Joel Spolski [no compatibility view], think it might be a little too late.  There are already some who claim that the IE 8.0 Compatibility view is a sin against standardization [compatibility view offered], no matter that not many of the 8 billion and climbing pages out there are going to be made strictly-conformant any time soon.  With regard to compatibility mode, I think it is foolish for it not to be there and Mary-Jo Foley is correct to wonder how much complainers are grasping at straws.

It was surprising to me to observe how regularly the compatibility-view option button appears and how terribly much of my material renders in IE 8.0's standards mode.  Apparently the button is there because IE 8.0 can't tell whether the page is really meant to be rendered via standards-mode or is actually a loosely-implemented page.  I'm spending a fair amount of time toggling back and forth to see if there is any difference on sites I visit.  This suggests to me that there is going to be a rude awakening everywhere real soon now.  It is also clear to me that I don't fully understand exactly how this works, and I need to find a way to test the explanation on the IE blog and the discrepancies I notice, especially when the compatibility-view option is not offered and I know nothing special was done to accomplish that on the web page I am visiting.  I am also getting conflicting advice when I use an on-line web-page validator.

This change-over to unforgiving, default-standards-mode browsers is going to be very disruptive for the Internet.  In many cases, especially for older, not-actively-maintained material, the compatibility view is the only way to continue to access the material successfully.  There is a great deal of material for which it is either too expensive or flatly inappropriate to re-format for compatible rendering using strictly-standard features.  Without compatibility view, I don't think a transition to standards mode could be possible.  The feature strikes me as a brilliant approach to a very sticky situation.

Although there is a way to identify individual pages as being loosely-standard and intended for automatic compatibility view, that still means the pages have to be touched and replaced, even to add one line to the <head> element of the HTML page.  There are billions of pages that may require that treatment.  Perhaps many of them will be adjusted.  That will take time.  Meanwhile, having the compatibility-view option and its automatic presentation is very important. 

There is also a way to adjust a web server to provide HTML headers that request a compatibility (or standards-mode only) view of all pages from a given domain.  That strikes me as a desperate option to be used only when there is no intention of repairing pages of the site.  I might do that temporarily, but only while I am preparing for a more-constructive solution that doesn't depend on compatibility view being supported into the indefinite future.  The variations on the available forms of control (browser mode, DOCTYPE, HTTP header, and meta-tag) need to be studied carefully.  I expect there to be confusion for a while, probably because I am feeling confused with the ambiguities in my experience so far.

Another problem, especially with regard to IE 8.0 beta2, is that we don't reliably know how badly a loosely-standard page will render with a final standards-mode browser versus the terrible standards-mode rendering that beta2 sometimes makes at this time.  It is conceivable that the degradation might not be quite so bad as it appears in beta2, but there is no way to tell just yet.

The need for expertise and facility with semi-automated tools as part of preserving sites with standards-conforming web pages is probably a short-term business opportunity.   The web sites that may be able to make the transition most easily may be those like Wikipedia, where the pages are generated from non-HTML source material.  (That makes it surprising that Wikipedia pages currently provoke compatibility buttons and compatibility view is needed to do simple things like be able to follow links in an article's outline.)

Mitigating IE 8.0

To mitigate the impact of IE 8.0 becoming heavily used, it is necessary to find ways to do the least that can possibly work at once, and then to apply that same attitude in making the next most-useful change, and so on, until the desired mix of standards-compliant and loosely-compliant pages is achieved.

To find out what tools are available along with IE8 beta 2, these pages provide some great guidance and resources:

• Ed Bott 2008-08-28: An IE8 Beta 2 Q&A
    
• IE8 Blog 2008-08-27: Internet Explorer 8 Beta 2 Now Available
    
• Microsoft: Windows Internet Explorer 8 (beta): Home Page 
    
• US ISV Developer Evangelism Team: Consumers Begin Using Internet Explorer 8 Beta 2
    
• MSDN online: META Tags and Locking in Future Compatibility (preliminary), with details for how to mark pages and also set the sites HTTP response headers (not for the faint-hearted)

That should point you to all of the resources you need to understand how to check sites, how to use the compatibility provisions, and other ways to take advantage of IE8 availability when it exits beta.

I'm looking at a progression that will allow the following:

1. Have a complete site automatically set to be browsed in compatibility mode (EmulateIE7, in my case), buying time to provide finer grain solutions
        
2. Modify templates on blogs such as this one to specify compatibility mode on all new and updated pages until I say otherwise
     
3. Find a way to make bulk changes to pages, adding a <meta> head element that specifies compatibility mode for those pages
     
4. Decide how to migrate pages so that their results are delivered best in standards mode.  This may be a very long-term approach that doesn't begin implementation until the percentage of old browsers still in use diminishes enough to have standards-mode browsers be dominant.  There should still be a substantial period of time while compatibility mode is grand-fathered by the latest browsers.
    
5. Even if compatibility modes eventually disappear from popular browsers or whatever comes after the browser, there will be a lasting need for compatibility view of archival materials, or some other creative solution that allows those materials to be accessed in a standards-mode world.
     
6. There will be future breaking changes in standards mode as updated/successor standards are introduced.  The compatibility view requirement may never disappear, although its future achievement may be accomplished with less disruption.  Unless, of course, we fail to learn the lesson.

I will work out my own approach on Professor von Clueless, since I have definitely blundered my way into this.

Labels: confirmable experience, IE8.0 mitigation, interoperability, trustworthiness, web site construction, web standards

 
Comments:

 
just make it simpler: use Firefox

you have better things to do that support poor browsers that never took standards serious.

# posted by  franco: 31 August, 2008 15:24

 

 
My concern is not about choice of browser, it is about the level at which my web-site and blog pages are standards-conformant and will render properly with a standards-conformant browsers.

It happens that the IE 8 beta 2 compatibility-view option is giving me a way to confine my incompatibilities and then remove them as browsers all become standards-compliant together.

# posted by  orcmid: 31 August, 2008 17:50

 

Post a Comment

Punishing Standard Users: When Will It Stop?

[update 2008-11-27 This page is moved from Orcmid’s Live Hangout and retained here as part of the topical archive on confirmable experience and software incoherence.  I was moved to do this, and salvage more Hideout material, by some remarkable experiences a full year later.]

There is a slippery tug-of-war going on between Microsoft and third-party application developers.  This even has Microsoft application-product and developer-product development teams fighting/ignoring/neglecting/throwing the mud that is piling up on the user doorstep. 

I'm talking about the effort to have users operate safely and snuggly in Standard User Accounts (SUA) and the actions taken by application developers and their employers that completely fail to respect the user in this matter.  No matter how much has been said and published about how to deploy applications in a way that works easily for standard users, there are continuing expectations that users run as administrator all of the time.  This is made the simple case, reinforcing a practice that we all know to be unsafe (although Vista has a mitigation that some people insist on disabling). 

Picking on Second Life

Here's an example of what I mean.  I choose it because it is typical and because it all happened while I was looking for a way to illustrate this.  Second Life is representative (although no less disheartening).

The Setup: I haven't been on Second Life for a while, which means there is doubtless a mandatory update that I'll be required to install before I can get "in-world."  This is so predictable that it actually keeps me away from Second Life even longer once I have been away for more than a week.  I start putting off the pain of downloading and installing another release.

Today I was doing some system clean-ups and celebrating the new power-backup unit I installed after a series of storm-related power hits defeated my old battery backup.  As a reward, I was tidying up some loose ends after running system tune-ups and catching up on important things like my Facebook presence.

Nice New Update Announcement

  I decided to check into Second Life and see what's new.  When I brought up the application (and I was running as administrator because I had been installing some other updates), I found a message that I have never experienced before.  The message was in a corner of the Second Life client user interface.

I hadn't logged-in yet, but the application apparently checked on-line for an update and it had that message for me.  I went ahead download the 1.18.3.5 release into a location on my computer where I save Second Live releases.  (I usually keep the current one and its immediate predecessor, along with screen shots of my experience.)  Now, I usually don't turn on any automatic check for updates, and I don't recall ever being offered an option in the matter.  Since Second Life is an on-line application, I am not surprised.  I am surprised this showed up before I opted to connect to the on-line system though.

Not So Fast There, Sparky!

  I downloaded the announced update while still elevated to computer administrator, but I didn't install it.  I was excited by that "now the choice is yours" phrasing.  I wanted to see that in action.  I clicked the Connect button to sign into Second Life.  Oh, what have we here?  The usual.  Not exactly a choice, huh?  This is the dreaded message I have come to expect. 

Since I don't want to do this as an on-line administrator, I clicked Quit.  I already have the update.  I can install it when I am good and ready.

My previous experience using the Download button is that Second Life will download and attempt to run the install.  Because my computer account is normally set to "limited account" the install will fail and I will still have to go to the Second Life site, log in to that site, download the new version, and then install it myself while temporarily upgraded to a computer administrator account.  The new Update Available notice has saved me the need to hunt down the download on my own.  That is a nice improvement.

Say Stranger, New in These Parts?

I wanted to demonstrate how painful it is to go through a 33-megabyte download only to be told the install can't be done.  I switched from Computer administrator back to Limited account to demonstrate what happens.  I haven't taken this path since March 2006, the first time I discovered that Second Life does not have a non-administrative way of updating itself.  (This was no surprise, but I tried it to be certain.)  [This is from a photograph of my screen, slightly defocused to avoid interference patterns in the image.  The OneCare pop-up refuses to be screen-captured with the software that I use.  The yellow-alert condition there is because I need to run backups.  I have to be elevated to administrator to do backups and also to have the correct account data be backed-up too.]

When I opened the Second Life client and got to the download button again, the download didn't even start: Second Life tripped over my firewall.  That's interesting because my firewall is already conditioned to allow Second Life access to the Internet.  What's even more interesting is that whatever program is being used to install the download, it is one I (and OneCare) have never heard of.   I can go no further without checking with OneCare.  

I could take Second Life's advice and install using the download that I already have.  I certainly don't want the auto-update to succeed.  I do want to understand why it failed in this particular way.

I switch users and quickly log into a computer administrator account to consult with OneCare on the matter.  I do so, and OneCare's notification comes up immediately.

Uh, I Don't Think So

As a computer administrator, I now have something to say about the program that was blocked.

Now, what program is that exactly?

Let's see, it is not signed code (that's what Publisher Unknown means).  There is no version or company identification.

The name of the program is a made-up tmp.exe with a random name.

In fact, the program is in my user-account Temp directory.  None of this is reassuring in any way.

My intention is to block this program forever, assuming that it ever runs again, but I'm curious to know if it will still attempt running.  [Next I have second thoughts and block it permanently on the second notice which was apparently already stacked up.]

There are two things going on here.  First, I am willing to believe that the Second Life client creates a copy of a down-loader in the Temp directory so that the install can happen atop the Second Life location without weirdness.  I am almost willing to give that some credence. 

Secondly, I am satisfied that the update would attempt to run automatically.  There's no danger that the down-loader can accomplish anything, however.  Writing to C:\Program Files\Second Life\ on my machine can only be done under an Administrator account.  I'm not operating in one of those, which is what I had started out to demonstrate until the firewall intervention occurred.

Reviewing the Situation

So, the easiest way to install all of those interminable Second Life updates is to be running on-line as administrator without a firewall. 

Cool huh? 

Clearly, the Second Life folk know that and they design that as the inviting case.  Look, they suspect that their connection attempt with this weird little program is blocked by a firewall. 

That's what I mean by the slithery tug-of-war.  I also hate it when applications check automatically for updates and then nag me about it.  Being denied access to the service until I install one of the interminable updates is worse.  Of course, the fact that I put up with this in order to enjoy Second Life eye candy and all the in-world denizens just shows how tempted I am.  Even I, a devout Standard User.

Apparent convenience trumps security and safety.  Almost all of the time.  And we mostly put up with it.

Installing the Usual Way

Today's experience has me thinking that I would be better off not playing in this game with the Second Life developers, regardless of any seductive appeal of their application.   But let's see how well I do when I employ my safe practice to install the update and finally return in-world. 

  This is the file I downloaded earlier.  The message applies to that file.

See how complacent I am?  The code is not signed, and I don't do anything about refusing to accept unsigned software, especially when downloaded from the Internet (although probably under safe conditions). 

As you see, I am going to go ahead and install it.  I am now running with my account switched from Limited User to Computer Administrator.  I am not on-line, although I am connected. 

My intention is to install and run the application once while I am administrator so I can condition my firewall for the new version of the application.

  Oh yes, installers have a habit of wanting to access the Internet too.  I often experience requests to condition my firewall before a Setup program gets very far.  That is also true here.  No surprise.  We haven't even started up the program and already there is Internet activity.

On continuing, the revised Second Life version starts up for the first time.

  Oh, What's this?  We get all of this way and now I am given an absolute click-through requirement to accept a lengthy Terms of Service agreement.  That seems to be one of the improvements of this release.

I couldn't even get it onto my clip board for closer review later.  You can see I selected the text, but I couldn't get it where I could preserve it.  And it is long.  And mind-numbing.  The part that I have scrolled to is section 5.3 where I am informed that everything that I have done on Second Life, any Linden Dollars that I happen to have, and any credit for any purchases can disappear at any time for any reason whatsoever.

Well, I'm certainly happy that they require me to promise to have read this terrible document before I am allowed to continue on and connect into Second Life, the world. 

After my exploration was over, I went to the Second Life site and did manage to find a web page with the Terms of Service at  http://secondlife.com/corporate/tos.php.  I can't testify that it is the same document, but Section 5.3 is definitely the same and I did download a copy for my reference.

About now, I am wondering why I am continuing to put up with this.  I wander around in-world for a while, mainly pruning my list of landmarks of places that seem to be dormant or not that interesting.

The Prize in the Bottom of the Box

OneCare let me know about a second program not long after I allowed the main Second Life program to have access to the Internet.  For some reason, the extensions to allow direct voice audio in Second Life are provided or installed using a second program, one that my firewall wants me to consider whether or not to allow. 

I opt for the program to run.  I didn't put on my headset and microphone nor did I find any avatar to talk to this way. 

I am grateful for this little addition though.  When I closed Second Life, I experienced a frightful system slow-down.  Everything turned to molasses.  Windows were blank and took forever to paint, that sort of thing.   At the end of that prolonged seizure, I received a wonderful message.  

I have been waiting almost two years for one of these.  It is worth a completely separate blog post by Professor von Clueless, but here is the message.  I wanted a real-world example of one of these and now I have it.  Thanks, Second Life developers. 

[Dear developer: This condition may be a consequence of the temporary blockage that OneCare instituted during the first-time execution of the new version.  If the program never noticed that the block had been removed, or was somehow derailed by the block, this Runtime Error might be a consequence.  I did run Second Life one more time after restoring to a limited account and there were no further errors and no unusual slow-down conditions.]

A little more background:  Even though my main development system runs Windows XP (Media Center Edition 2005), I operate in a Limited User Account (LUA) whenever possible.  I have an administrator account that I use only when I need to perform a purely-administrative function (including allow Microsoft Update to install goodies it has ready for me).  I'm effectively implementing the equivalent of User Account Control by manual procedure.  This is in the spirit that Dennis Wallentin expresses in his 2007-10-20 blog post on being UAC Compliant:

"UAC stands for User Account Control and is the new technology in Windows Vista to provide users with different level of administrative rights and privileges. UAC main purpose is to support a more secured environment then what Windows XP offers.

"Microsoft has a good white paper that covers UAC in detail and therefore I have no intention to cover it here:

• The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC)

"Most developers I know have intentionally disabled it because they found it to be rather annoying, time consuming and too restrictive.  [orcmid: my italics]

"Although I can agree with these opinions I try to have it enable as much as possible simple because that will be the most likely scenario for many of my customers. In addition, from a general point of view I support it because by default all users (except Guests) are logged on to Windows Vista as standard users and get extended rights only when needed.

When I need to do something different, such as install new software or update downloads from other sources, I will carry out the download, parking the file in a safe place that I can use for any future re-install.  Before installing, I switch my normal account to being a computer administrator and I install under that account.  This is to ensure that the software installs properly for operation under that account and not all accounts, if possible.

Second Life, as do many other applications, installs for all accounts on the machine, including all Administrator-group accounts.  When I detect this, I remove all icons, shortcuts and start menu occurrences from "all users," confining them to my normal account instead. Automatically installing for use from all accounts on the machine is another action that punishes my efforts to be a Standard User and only allow pure administrative activity in my separate administrator account.

[update 2007-10-21T16:59-0700: I provided a link to the detailed post about Visual C++ Library runtime error messages and also cleanup up some rough edges in the text of this post.]

Labels: computers and internet, confirmable experience, software usability, system incoherence

OpenOffice.org: Another Hot Tip!

[update 2008-10-13 The installer bug observed here is not specific to OpenOffice.org, it seems to be specific to installers.  I have not examined this enough to see which installers do this, but I have seen the identical problem with installers of other software.  In all cases, the software will correctly place a single-user install under the user who is running the install.  But the dialog identifies the wrong user, apparently always showing the User ID for the first user created on the machine.]

When I installed OO.o 2.3 on my sister's computer, I was disturbed that it kept offering her admin account as the single account it would install under, even though we were not running the installer under that account. 

At my XP SP2 system at home, I installed the same version and I did not have that problem.  This time it did name the account I was using, even though it was not my normal administrator account.  It was, however, the first account that had been set up on my machine, as was the case for admin on my sister's machine.

So I tried again, this time on my Tablet PC and Windows Vista Ultimate.  For variety, I also used the OO.o 2.1 Novell edition, installing from CD-ROM.  There, I ran into exactly the same problem.  I was presented with this dilemma:

Once again, me is not admin.  I am doing this install from my standard-user account (SUA).  But just to see what would happen, I took that option anyhow.  Guess what: This dialog is lying.  It will install only for the account being used.  The bug is that it doesn't present the correct account name.  The behavior is actually correct.

So if you are attempting to install OpenOffice.org 2.3 (or the 2.1 Novell Edition) only under the account you are running in, you can ignore the incorrect account name.  It will do the right thing. 

The next time I assist my sister in adding an OpenOffice.org update, I'll be sure to uninstall the current version and then install the new one only for her standard account.

Now, you might wonder what the fuss is all about.  If you are as obsessive as I am about computer security, you might want to omit all but pure administrative applications from the administrative account, and only ever use the administrative account for essential administrative operations.

This means that to have ordinary applications install properly in the ordinary accounts where it is safest to run them I elevate my standard-user account to an administrator account just long enough to install the software and run it the first time under the standard account.  This gyration is required because many programs expect to perform final administrative setup operations on the first execution.  Setting of registry entries and creation of application data, plus other details, may be specific to the account that is used for the install.  I will usually discover the firewall conditioning that is required upon the first execution.  From then on, I can use the program as a standard user.

When certain programs (e.g., Second Life) install for all users with no other option, I will remove the shortcuts and links placed on the "All Users" desktop and startup menu and place them in the profile information of my standard user account.  This is just a little preventative against my foolishly using recreational software from my administrative account.

[update 2008-10-13 Moved this post from Orcmid’s Live Hideout to Orcmid’s Lair for better preservation and tie-in to other confirmable-experience and cybergeek topics.]

Labels: confirmable experience, cybersmith, interoperability, software usability

OpenOffice.org: Installation Hot Tip!

[2008-10-08 Another preservation of an Orcmid’s Live Hideout post.  This is to have the collection under one blog roof and also along the proper timeline.  These posts will not show up the recent-posts lists of surrounding posts, but they can be found in the category archives.  My blog archive list has run out of gas and I need to find a way to bring it forward.]

Yesterday, I gave my tale of woes around installation of OpenOffice.org 2.3 on my sister's (and then my) computer.  Here's the key take-away as a Hot Tip!

1. When you are installing OpenOffice.org 2.3, the current latest-and-greatest from the download site, you will eventually run into this dialog.
     
2. THIS IS VERY IMPORTANT.  YOU NEED TO PUT THE INSTALLATION FILES IN A SAFE PLACE.  NOT YOUR DESKTOP.  The  installation of OO.o is going to remember where the installation files have been placed.  OO.o software depends on being able to find the Installation Files in the future if you ever want to uninstall or upgrade your OO.o software.  Be warned!
       
3. Use the Browse ... button to find a safe place to keep the installation files.  Do not accept the default as I am doing in this screen shot.
     
   I recommend a location that is backed-up and restored and is otherwise in an out-of-the-way place. 
     
   I keep all of my downloaded software in folders of a special directory, so that I can reinstall if I ever need to rebuild my system.  I changed the destination folder path to be under that directory, in an "\OpenOffice.org 2.3 Installation Files" subdirectory. 
     
4. It is a great waste of space to keep all of this around when apparently it is just the .msi file that will be needed in the future.  But to be safe, I recommend keeping all of the files.  You might want to delete or archive the downloaded .exe file that the Installation Files are unpacked from, though.
      
5. Update 2007-09-27-12:22: Another option is to back up both the downloaded .exe file and the folder of OpenOffice.org 2.3 Installation Files onto a CD-ROM or a backup service.  When the Installation Files are needed again, it should be sufficient to access them directly on the backup CD or remote folder.
     
6. An Alternative: [added 2007-09-27]:  The OpenOffice.org 2.1.0-12b Novell Edition downloads as a CD-ROM .iso image.  You can burn this to a CD-ROM and install it whenever and wherever you like.  The setup.exe of this version does not require your cooperation in creating and preserving an Installation Files folder.  I don't know whether uninstall requires the CD-ROM, so hold onto it, but I somehow doubt that will be a problem.
   • I don't know if this variant of OpenOffice.org 2.1 is subject to the TIFF exploit that applies to the Sun-sponsored OpenOffice.org 2.1 release and that does not apply to their release 2.3.  I am willing to risk that because I am not expecting to be receiving and ODF documents containing TIFF images.  Also, I don't use office productivity software in anything but limited-user accounts.
   • My interest in the Novell version is the greater attention to Microsoft interoperability and the availability of an early OOXML-conversion plug-in.  I also have an interest in products that support ODMA.  Novell is adding that to their Windows edition with initial presence in the OOo 2.1 Novell edition.

[listening to: Pink Floyd, The Wall (1994 Digital Remaster) from Amazon MP3 in Windows Media Player 11 on Windows XP]

Labels: confirmable experience, cybersmith, software usability

Open Office Not Ready for ‘Just Plain Folks’

[2008-10-08 This is another Orcmid’s Live Space post scraped for placement here so that I have a preservation of it.  I have put it back in the Lair at the same date (I hope) because it involves an old version of OpenOffice.org and I have not confirmed whether later versions have the same problem.   The lesson is important to retain in case I need to bring it up again.]

The Qwest tech came out and installed my sister's broadband (and changed her standard user account to an administrator account, but more about that another time).  On my next visit I went over all of the Qwest-branded MSN and Windows Live software to get it to work for her (more about that and about Vista inanities another time too).

Her OpenOffice.org Sweet Spot

I did not include any Microsoft Office software when I ordered the computer.  It came with Microsoft Works by default.    My sister, a retired elementary-school teacher has an occasional need to interchange Word documents and, on rare occasion, documents of other Microsoft Office applications.   Even though Works no longer includes a version of Microsoft Word, she didn't find it worth increasing the cost of her system from its under-$600 sale price just to have a version of Microsoft Office.  I suggested that we set her up with OpenOffice.org for her routine use and as a way to open and create the simple Microsoft Word and other documents that she encounters in her volunteer work.  Now that her system is up and running on broadband, it was time to install OpenOffice.org.

Uneasy Moments Installing OpenOffice.org 2.3

I took her through the download (the site is not novice-friendly and she was thrown by the donation appeal) of the recently-released OpenOffice.org 2.3 version ( a reminder to me that people come to sites for a particular purpose and distractions are unsettling, especially when they are not sure what is going on).  It was also distracting to me that the download page says the current stable release is 2.2.1 when I know the download is 2.3 

The download went well over her 7.5 Mbps DSL connection.  We created an Internet Downloads folder in her Documents, and added an Open Office sub-folder to store the download and anything else in.  It was my sister who asked for the folder organization and named the folders that would help her know what's what.  I don't use my documents folder for this, but I realized this would work for her: We already set up Windows Live OneCare to save her entire Documents folder on backups, so the downloads of installs would be backed up too.  That's handy.

There were a number of odd things in the installation process.  But we worked our way through it.  I think she might have balked if I hadn't been piloting.  She actually reads through EULAs (hey, she's my sister), and the LGPL 2.1 is weird enough for a normal user that she might have been distracted by it.  The LGPL 2.1 is not really addressed to users that don't develop software and have no particular understanding or concern for the manifesto that occupies most of the text.  (She also knows how to create strong passwords and is very careful visiting web sites and installing software.  I am very impressed with what my sister has taught herself about safe computing.) 

When the option to make Open Office applications be the defaults for .doc, .xls, and .ppt files, we checked those boxes because this is going to be her only means to operate with those documents. 

Then we stumbled on a bug where OpenOffice.org would not install for just the account we were doing the install under.  It kept saying that the "this account only" case was for the admin account and not the personal account we were logged into and performing the install under.  Not wanting to have it installed only under admin, we finally had to allow it to install for all users to be sure she could use it from her ordinary account.  That is not what either of us wanted.

The installation completed successfully. The first-run of OpenOffice.org Writer (with even the names of these applications, with the .org extension, being too geeky for plain folks) forced her through a second acceptance of the EULA (just the LGPL 2.1 license and disclaimer) that requires you to scroll to the end before the "accept" button is activated.  If you didn't know that, you'd be stuck right here.  Anyhow we did that, and went to the OpenOffice.org site to "register."  At the invitation to complete a survey, she closed the browser instead.  All right, sis!

What's This Crap Here?

We did some display-setting adjustments and admired our handiwork on the wide-format LCD display of the new system.  I suddenly noticed that there was a folder on the desktop left over from the install.  When the downloaded "OOo_2.3.0_Win32Intel_install_wJRE_en-US.exe" file announced that it was going to unpack the installation setup into a folder, I failed to notice that the default choice for the setup files was on the desktop.  So we had a stray "OpenOffice.org 2.3 Installation Files" folder cluttering up her desktop.   [If Dare Obasanjo reads this on return from his honeymoon, he'll know exactly the trouble I'm about to get my sister into.]

Oh Professor, Don't Touch That Button! ... Oops

Having one geek gene (but not two), I saw no reason to keep 109 MB of installation files lying around, especially on the desktop.  We are already keeping the original 120 MB download file so that can be used to re-install OO.o 2.3 if necessary, right?

I deleted the folder from the desktop.  Nothing bad happened (yet).

Satisfied, we went shopping, had dinner, and I returned home.

Emergency, Emergency, Please Read My Letter!

Two days later, after my usual weekly tune-up process, I decided to update my OpenOffice.org 2.0 configuration to OpenOffice.org 2.3 also.  I wanted to see if the same glitches happened for me, and confirm that the default for Save and Save As ... of documents opened from Microsoft Office formats was to store back in Microsoft Office format.  It is, so my sister won't have to do anything special to round-trip Microsoft Office Documents that land on her computer.

But I also found out that those folders of Installation files are needed (well, about 6MB of them are needed) if you ever want to remove or update a version of Open Office.  I didn't save mine and my OpenOffice.org 2.3 would not install.  Before I managed to get that to work, I had even crippled the existing OpenOffice.org 2.0 software and I could neither remove it, upgrade it, or use it.  Three hours later I stumbled back from my near-death experience with a correct upgrade.  It was a close call.  It is also a very stupid installation procedure.  Stupid, stupid, stupid.

So, here is how my sister gets out of having any future update or removal of OpenOffice.org 2.3 crippled:

From: Dennis E. Hamilton
To: Sis
Subject: OOPS!  Need to do something

I was a little uncomfortable with silly things that happened when installing Open Office 2.3 on your machine.

So I installed it on mine (I had an older version already installed) and discovered some difficulties.

Here is what you need to do.

1. While in your regular account, open your recycle bin.  Just double-click on the icon on your screen.

2. You are looking for a folder with name "OpenOffice.org 2.3 Installation Files"

3. When you find that folder in the recycle bin, don't look inside.  Just right click on it.

4. On the little menu that comes down, click "Restore".

5. The folder should then appear on your desktop.  That is where I deleted it on Thursday.

6. You need to keep this folder. 

    -    -    -    -    -    -    -   

It is just stupid that they put it on your desktop and it is also stupid that you need to keep the whole thing around.  However, we will do the easy thing and hold onto it.  Otherwise, you may have trouble updating OpenOffice.org or even removing it in the future.  (I learned this the hard way on Saturday.)

Here is my recommendation for putting it away out of sight in a place where it can be found later.

7. Open your "Documents" folder.

8. In that folder, open the "Internet Downloads" folder that we created.

9. Open the "Open Office" folder that we created there (I don't remember its exact name).

10. Shrink or adjust the window that you have open so you can also see the "OpenOffice.org 2.3 Installation Files" folder icon on your desktop.

11. Drag the folder icon into the opened-up "Open Office" folder.  (Dragging is by putting the mouse over the icon and holding down the left-mouse button.  While still holding down the button, move the mouse cursor over to the document area of the "Open Office" folder above an open space.  Release the mouse button.  In a moment, the folder should show up inside that folder and no longer be on your desktop.

Problem solved.  You will need to remember this the next time you install an update for Open Office.  We'll worry about that then.

12. If your recycle bin has been cleaned up and the Installation Files folder is no longer there, something more elaborate has to be done.  I'll want to come over to work through that with you.  For now, I'm hoping that you find it in your recycle bin and that the above procedure makes sense and works for you.

If you are uncomfortable doing this, I can talk you through it on the phone and confirm what you are seeing at each step before going onto the next. 

Love,

- Dennis

Labels: confirmable experience, cybersmith, software usability