Isn’t He Cute?

OK, I’ll end the suspense. If you want to know what the logo at left really is, rest your mouse over it. Your browser should show you the caption (“alt” attribute, in HTML). Surprised that such a thing exists? So was I. And don’t ask how I found it.

Server Move

JTLnet moved my server (this is the new site), and did a pretty poor job of it. For various reasons having to do with DNS and how virtual servers work, this caused many links within the site to break. I’ve fixed what I could find, but if you find any other broken internal links please let me know. I really appreciate the help.

The annoying IP-plus-account URL will go back to the way it used to be as soon as DNS finishes updating. I’ll post something here to let everyone know.

Bid Sniping

I’ve been doing a little bit of research on “auction sniping”, which is the practice of waiting until the last second to enter a bid on eBay or some similar service, usually using some specialized tool or service to get as close to the deadline as possible. The idea is to get a lower price by preventing counterbids in two ways: by hiding one’s interest in the item, and by not allowing a counterbidder enough time to get in after you but before the auction closes. Some people think this is an unethical practice. The vendors are obviously aware of these objections, and go to great lengths to overcome users’ ethical qualms.

The usual excuse is that “any bid before the deadline is legal”. However, this overlooks the fact that net auctions are not real auctions. Auctions in real life close when bidding quiesces, which makes sniping difficult if not impossible. The arbitrary deadlines on net auctions, however, benefit both sellers and bid-snipers at the expense of regular bidders. IMO, an ethical auction house would at least warn first-time bidders that they’re at a tactical disadvantage, and ideally even provide tools or auction types that work in a fairer manner.

For now, I prefer to do my bidding on uBid, for the very simple reason that the tools and services for bid-sniping tend to be eBay-specific and don’t work on other services. Until market-leader Bay does something to give people besides bid-snipers a fair chance at high-value items, I recommend you do the same.

I’ve opened a PlatSpot discussion on this, in case anyone wants to disagree with me about the legitimacy of bid sniping.

Miscellanous File-sharing Stuff

Things have been really busy on the filesharing-network front lately. Here are some highlights:

  • I got involved in a couple of threads of a Slashdot story about “Hypernets (n-dimensional cube/torus networks). Despite his academic credentials, the original author seemed unaware of some basic facets of overlay-routing protocol design such as route-update overhead and topology mismatches. I was, of course, glad to help him out. ;-)
  • Next up was a discussion on the freenet-tech mailing list, about the value of Freenet’s routing/caching in a proposed derivative system. As I concluded in my last message on the thread, promiscuous caching (like Freenet does) works.
  • Lastly, there was a discussion on kuro5hin, infoAnarchy, and Slashdot about a supposed rebuttal to Steven Hazel’s comments on Freenet at CodeCon. The kuro5hin discussion seems to’ve been the most lively. It gave me a chance to tweak Ian several times over the data-loss issue and the common myth (addressed in my Freenet FIQ) that automatically reinserting/rerequesting data will fix everything.


Well, it’s still a little rough around the edges interface-wise, but my comment system is now “ready enough” that it seems worth getting other people’s input before I waste time heading too far in the wrong direction. Let’s see who the first person is (besides me) to post on PlatSpot!

Go Anywhere…Else

It looks like the Jeep Liberty has become the new vehicle of choice for people who can’t drive, on track to displace earlier favorites such as the Nissan Maxima, Volkswagen Jetta, and Saab Anything. I’ve seen three of these ugly brutes – only the Isuzu Axiom is uglier – misbehaving in just the last couple of days, and have yet to spot one whose driver knew how to drive responsibly.

David Brin on Privacy (again)

David Brin, whose ideas on privacy I have discussed here before (meta-review of Transparent Society, and some subsequent correspondence), was the subject of an interesting interview by the Privacy Foundation. The entirely predictable responses have already been posted on Slashdot and elsewhere. I suggest you read it yourself and draw your own conclusions about who’s making the stronger argument.

Comment System

Over the weekend I finished writing my very own web-based comment system, using the tried and true combination of PHP and MySQL. No, it’s not just because O’Reilly’s book covering the intersection of these two technologies happens to have a platypus on the cover. Yeah, I know, you can’t see it on their oh-so-broken web page, but it’s there in spirit. They just happen to be two very convenient technologies, with much of the convenience relating to their presence and full support on my hosted server.

The comment system has all of basic features. You can view a topic list, with links to invididual topics, which are displayed in a simple linear format with a form to post your own response at the bottom, preview, user info pages, and so on. I chose a linear format because, in my experience, tree formats tend to result in fragmented discussions where each response has to carry context, discouraging the kind of quick one-line responses that were a major design goal for me. Trees are probably better for public forums such as Slashdot, where discouraging context-free one-liners is a good thing, but for a smaller homier environment such as a personal site I think linear works better. Also in keeping with making such “quickies” easier, registering is very quick, and it’s very easy to post anonymously if even that’s too much trouble. In fact, it’s easier to post anonymously; you just leave the username and password fields empty. You can post either in plain text or HTML, and the comment system figures out on its own how to handle it so you don’t have to check any extra boxes or anything.

That last part actually deserves its own paragraph. The part of the code that I’m most proud of is the HTML-munging engine, which checks that only specifically-allowed tags and attributes are used, automatically closes open tags, etc. It’s all quite flexible and configurable, too. As I was writing it, though, I realized that it’s absolutely trivial to auto-detect whether a chunk of text is meant as plain text or HTML. You’re going to laugh. All I do is look for an HTML tag at the beginning. That’s going to give you the right answer 90% of the time even if the user didn’t read the posting help, and if someone does manage to fool the heuristic then it’s no big deal. It’s no more likely an error than selecting the wrong mode explicitly, and they’ll probably make either mistake exactly once before they do read the posting help and/or learn to preview first. No real harm done, and it makes posting just a tiny bit quicker.

So I’m done, and I think it’s cool, but you probably won’t see it here right away. I’ll probably install it here the next time I feel a particular need for feedback – the sort of situation where I’ve used mailto: links in the past – but I’m just too lazy to deal with moving it over until then.


Someone on #infoanarchy pointed me to a little advocacy piece on OpenACS bashing MySQL, by Ben Adida. I found it rather offensive in a few ways, so I thought it might be worth writing up an explanation.

Ben’s definitions of the “ACID” properties associated with database transactions – actually originating here – are a little self-serving. These four properties can be considered either in a generic sense, or in a sense very specific to the SQL standard in which certain language structures relate to these properties. To see why this distinction is important, consider the following excerpt from the definition the author uses for “consistency”:

The database is transformed from one valid state to another valid state. A transaction is legal only if it obeys user-defined integrity constraints. Illegal transactions aren’t allowed and, if an integrity constraint can’t be satisfied the transaction is rolled back.

The definition so far is correct, but not very precise. What kinds of integrity checks are we talking about? Here are some possible answers:

  • Single-value checks, such as range/length checks.
  • Arithmetic/formulaic multi-value checks, such as equality or greater-than/less-than comparisons, checks involving sums or minimum/maximum values, and so on.
  • Procedural checks, which require the database to interpret user-defined subroutines involving many values to determine whether they’re consistent.

Many people would be satisfied with the first definition, and (IMO rightly) consider anything further to be the application’s responsibility rather than the database’s. Arithmetic/formulaic checks are nice to have as a convenience or performance enhancement, and are not too hard for the database to implement, so it’s fairly reasonable to expect that they’ll be available. Procedural checks, however, require either that the database implement its own internal general-purpose programming language, or that it provide a way to call external subroutines expressed in some other language. The latter approach carries with it a potential risk of a total database crash if the external subroutine contains a programming error, requiring further safeguards and complexity. Basically the cost of requiring procedural checks is extremely high either way; only someone accustomed to their presence in the SQL standard (and therefore unaccustomed to dealing with that level of consistency in the application) would consider it a necessary part of a definition. Nonetheless, that’s exactly what Ben Adida does:

For example, suppose that you define a rule that postings in a discussion forum table must be tied to a valid user ID. Then you hire Joe Novice to write some admin pages. Joe writes a delete-user page that doesn’t bother to check whether or not the deletion will result in an orphaned discussion forum posting. Oracle will check, though, and abort any transaction that would result in you having a discussion forum posting by a deleted user.

The same sort of intuitive vs. SQL-specific distinction can be made with regard to the scope of a transaction (the unit to which ACID characteristics apply). One fairly intuitive approach would be to say that a single statement in a query language constitutes a transaction. This is sufficient for many people. However, some people might insist that the only allowable definition of a transaction must allow user-defined transaction boundaries spanning multiple query-language statements…like SQL. Again, Ben takes the “hard line” without justification – either with respect to the OpenACS project’s requirements or otherwise.

Later on, Ben criticizes MySQL for lacking subqueries, stored procedures, or triggers. These might be legitimate criticisms, but they have nothing to do with satisfying ACID requirements. These features can be used as performance enhancers, or perhaps (too often) as crutches for lazy DB-application programmers, but their absence does not make MySQL or anything else “not a database”. If a database can provide adequate performance and programmer convenience some other way, that should satisfy anyone whose value lies in generic skills rather than SQL-specific minutiae.

Next, Ben comments that MySQL has only table-level locking, which hurts performance. That’s odd, because his preferred alternative (PostreSQL) has throughout its life been plagued by even worse locking-granularity issues than MySQL, and that’s a large part of the reason why MySQL has the greater mindshare. In any case, complaining about lack of a performance-related feature without explaing its effect on actual performance is either irresponsible or dishonest.

Lastly, Ben concludes with this gem.

MySQL is just a glorified filesystem with a SQL interface.

MySQL might not be a “real database” according to some standards, but it’s sure as hell not a filesystem. I guess the comparison to a filesystem is supposed to be disparaging, because filesystems are so simple, right? Wrong. Filesystem people just understand that interfaces should be simple even if implementations are complex. They don’t feel a need to shroud their work in obscure jargon and umpteen layers of unnecessary crap to make their work seem more difficult than it really is – like database folks do. If you assigned ten filesystem programmers and ten database programmers to implement one item of each category, the filesystem guys would probably write a better database and the database guys would almost certainly fail to finish writing a filesystem at all. I’ll take the “glorified filesystem” over the SQL-compliant but much-less-useful database any day, and it seems that many others would too.

Random Stuff

Brad Templeton explains why “post-human intelligence” is more likely to appear in apes than in machines or in humans themselves. If we are lucky, our pets may keep us as pets.

Microsoft has always been known for being soft on viruses, worms, and other forms of malicious code, but who ever thought they’d be actively encouraging people to develop the skills that people would need to create .NET viruses? This seems particularly ill-timed, considering that February is supposedly “fix security bugs month” at Microsoft.