Ubuntu 2048x1152 blank screen bug fix · The obvious fix is to remove Compiz and make Metacity the default window manager. Compiz must not be the default until it works.

Labels: freedom, software, usability, user interface

  ¶ 09:09 1 Comments Links to this post

  Compiz still breaks Ubuntu installation in Lucid Lynx alpha 2 -- black screen workaround · This critical bug results in a black screen on login when the screen resolution is 2048x1152. It's in my notes from 2009-10-31.

The workaround is to uninstall compiz-gnome and restart the Gnome display manager. Switch to console 1 with ctrl-alt-f1 and enter these commands:

sudo apt-get remove compiz-gnome
sudo service gdm restart

Labels: design, software

  ¶ 06:23 0 Comments Links to this post

  (Google) Blogger's SFTP publishing option excluding images On the subject of blog hosting, I notice that Blogger's SFTP option excludes pictures by default.  Images should be hosted with the rest of the blog content, but they go to blogspot.com, as you can see in the post-by-email example.

Labels: hosting, publishing, web

  ¶ 22:17 0 Comments Links to this post

  Posterous -- not for serious use That previous post about posting to Blogger by email was for someone proposing to use Posterous.

Posterous is good for quick throwaway sites, and for people with no time and no access to technical help.  If you want to put something serious on the web, don't use it.  Like most blogging sites, it offers custom domains, but not real web hosting, so no referrer logs, and little control over the details of hosting.

The same goes for the more popular publishing options on at Google's Blogger.  I use Blogger's generic hosting option using SFTP.  I used to recommend it, but it is being shut down.

Labels: hosting, publishing, web

  ¶ 22:08 0 Comments Links to this post

  posting draft posts by email with Blogger in Draft [demo] [I received the following by email to this blog's not-very-secret posting address, edited it to insert the bracketed text, then approved it for posting as a demonstration. If you want to send something, you'll need a dot in that address where there's an underscore shown. -- William Merriam]

This is a test post by email with a screenshot attached.

[Here's the text from the screenshot.

Email Notifications
BlogSend Address    

wmerriam@gmail.com
Choose from contacts

Enter a comma-separated list of up to 10 email addresses to have your blog mailed to whenever you publish.

Posting Options
Email Posting Address
(Also known as Mail2Blogger)

wmerriam.secret_phrase@blogger.com

Use this address to post text and images (up to 10 MB in size) directly to your blog.
Publish emails immediately
Save emails as draft posts
Disabled

Mobile Devices    

Add mobile device – Learn more about mobile devices

SAVE SETTINGS

]

Labels: hosting, publishing, web

  ¶ 21:18 0 Comments Links to this post

  typical PBworks link spam on the OpenID RPX developer wiki These spam links were added to JanRain's PBworks site about RPX (an authentication tool using OpenID) on 2009-10-25, and haven't been spotted yet. The change is invisible to the PBworks diff tool: it says "Only formatting differences exist between the two versions." A more sophisticated spammer would add an innocuous textual change at the same time.


This is a screenshot of two revisions of the front page compared with ediff, an emacs diff tool, with the cyan highlight showing the spam. It has been there for 80 days. It will be removed when I point it out. I'm recording it here as an example.

The wiki doesn't enforce nofollow, so there's a strong incentive (PageRank and similar metrics of "importance") to add link spam there.

Labels: design, freedom, marketing, software, spam, web

  ¶ 04:47 0 Comments Links to this post

  a chat with Dell US sales about Ubuntu on netbooks This morning, seeing that the Dell Mini 10v was still being offered with Ubuntu 8.04 LTS (Hardy Heron), I decided to try Dell's live chat feature for the first time.  This is part of the chat transcript.

05:22:25 AM Customer William Merriam

I'm looking at netbooks with Ubuntu. It says 8.04. Is that right?

That's 18 months old, 3 releases ago.

The Dell sales agent says it's the latest version and describes Ubuntu as "freeware" -- so it can be upgraded free of charge to the next version.

05:27:18 AM Customer William Merriam

That Ubuntu information page is 18 months out of date. It doesn't inspire confidence. It doesn't bother me, because I know it can be upgraded, but that can be hard to explain to someone who's trying to choose what to buy.

The Dell sales agent describes Ubuntu as "quite hard to use" and recommends XP or Windows 7.

05:29:32 AM Customer William Merriam

I know what Ubuntu is like to use. I use it and support it by remote access. I would like to be able to suggest it as an option in the UK and the US.

The Dell Ubuntu page makes Ubuntu look like it's not a real option. It compares the April 2008 version of Ubuntu with the October 2009 version of Windows. That's hard to explain to people.

Are there any plans to update it?

[vague promises to look into it]

05:32:20 AM Customer William Merriam

It's the same on the "configure" pages. http://configure.us.dell.com/dellstore/config.aspx?oc=dncwfa2&c=us&l=en&s=dhs&cs=19  [Dell Mini 10v with Ubuntu 8.04]

anything else?

05:33:23 AM Customer William Merriam

There's another problem. It's about how Dell computers are delivered with Ubuntu. They're set up with a boot partition. That too is long out of date. The boot partition is too small, so actually upgrading fails. It can be upgraded by installing from scratch, but that upgrade failure is a serious fault.

It would be reassuring, in addition to updating the version, to specify how Ubuntu is installed, so that customers know they're not going to have that problem upgrading. The fact that the Ubuntu version on delivered netbooks hasn't been updated in 18 months suggests that the problem is still there.

My question has been passed on to the marketing department.

I gave the agent full marks in the feedback form that followed the chat session.  It's not her fault that the Dell site and software are out of date, or that salespeople are not told anything about free software other than that it's "quite hard to use".

Labels: corporation, freedom, hardware, marketing, software

  ¶ 08:05 0 Comments Links to this post

  Ubuntu on ebuyer's "Extra Value Pentium Dual Core E5400 Business PC 2.7GHz, 4GB DDR2, 750GB SATA HDD, DVDRW, NO O/S" I've just bought one of these and installed Ubuntu 9.10 Karmic Koala x86 desktop.

details from the product page:

£219.98 inc vat
£191.28 ex vat
manufacturer #: 7873-1008
quickfind code: 173624
48 in stock for next day delivery. 35 reviews

There's a problem with suspending to ram in Ubuntu Karmic. I got a kernel-oops after pressing the keyboard suspend button and resuming with the power button.

Your system encountered a serious kernel problem.
Your system might become unstable now and might need to be restarted.
You can help the developers to fix the problem by reporting it.
[Report Problem] [Close]

There's no obvious way to disable the button. I'll try setting it to "Hibernate", meaning suspend to disk:

System → Preferences → Power Management

Suspend to disk seems to be working well.

Labels: freedom, hardware, software

  ¶ 23:19 0 Comments Links to this post

  competition -- Ashley Chow and her father dot com · differing attitudes to competition and incentives, by Ashley Chow and John Chow

2009-10-11 0038 UTC by Ashley Chow:

3 Blog Nights “Why I Chose BCIT” Contest

Oct 10th, 2009 by Ashley

So… my team at BCIT and I produced a commercial for BSYS (Business Info Systems) class. Lots of sweat and blood and endless amounts of editing have been put into this project. And since 3 Blog Nights has a contest going for basically what we did the commercial on (apparently 3BN stole the idea from whoever came up with the idea for BSYS), we decided to enter!

Now we’re trying to get as many votes in as we can. But first, watch the commercial. Trust me, you won’t be disappointed.

[embedded video]

Sure hope you weren’t disappointed ;) Now, please visit this link http://3bn.bcit.ca/entries/#8185 to vote for our commercial! A Macbook Pro is on the line here! Ask all of your friends to vote for it too. :)

And as for incentives… it’ll be lots of appreciation :) Thanks so much!

2009-10-24 1757 UTC by John Chow:

Vote for Ashley Chow and You Might Win a Macbook Pro

from John Chow dot Com by John Chow

Ashley Chow and her marketing team at BCIT decided to enter the school’s 3blog Nights video competition. Students from all over the campus were invited to submit videos explaining/promoting why they think BCIT is the best school in BC. People can then vote for their favorite video and the one with the most votes will win a nice prize. In this case, the winner gets a new 13″ aluminum uni-body Macbook Pro.

Vote for Ashley’s Team and You Might Win a Mackbook Pro!

Here’s the deal. Ashley’s team is made up of six members. It’s pretty hard to divide one Macbook Pro among six students. If they win, they plan to sell the laptop and divide up the cash (staving students always need cash). I plan to buy the laptop off them and give it away to one of you. Before I can do that, Ashley and her team needs to win this competition. This is where you and your vote comes in. Watch their video and then go vote for it. It just might win you a brand new Macbook Pro!

Deadline for voting is Oct. 26 at 7:00 PM PDT – Go Vote Now!

(2009-10-27 0200 UTC)

2009-10-26 0158 UTC by John Chow (on his mailing list):

My daughter, Ashley and her marketing team at BCIT decided to enter the school's 3blog Nights video competition.

...

That was 2 hours ago and 24 hours before the deadline (according to the post).  The rest of the mailing list message is essentially the same as the blog post.

So John Chow had a different idea for an incentive.  I wonder if he ran it by his daughter.

Labels: education, marketing

  ¶ 04:12 1 Comments Links to this post

  thin spaces -- Joe Clark on typography and software choice Does my thinsp look fat in this browser?

Joe Clark:

Talking with the taxman about thin spaces

Guess what: Firefox nerds can’t figure out why anybody would want to use a thin space

I would guess again.  The source for that factoid was talking about his failure to communicate with the Firefox nerds -- or Firefox developers, to be precise.  A lot of us nerds just use it all day.

[...]

Once again I see that nobody produces better copy for the Web than I do. It isn’t solely your fault: Your tools may fail you even if you aren’t using Windows.

Clark quotes graphic design student Golden Krishna writing on 2009-09-30:

Cooper Journal: I have seen the shadow of the moon

I'm excited. In the first week of my summer internship at Cooper, I couldn't wait to get my hands on a test project for a PDA system.

...

Unexpected barriers are also faced when platforms created to run interactive experiences don't allow for the implementation of basic visual solutions that have been used by graphic designers for generations. Touch screen hardware, operating systems and browsers still often restrict the use of basic design solutions that have sometimes been in use for hundreds of years.

I recently spent an hour chatting with Firefox developers trying to convince them that their browser should properly display the thin space character. The thin space, used by typesetters long before computers, can enhance the readability between words and typographic elements like ampersands or em dashes, or it can be used to improve spacing between words in oddly fitting lines of justified text. Since kerning is not a real option for body text on the web, a thin space has even more importance in web design.

[caption] When given the HTML entity for a thin space ( ), Firefox 3.0 for Mac not only displays the thin space incorrectly, but also uses a visually worse and unexpected wider space (Firefox 3.0 also uses its own font-smoothing technique that makes the typeface appear bold).

The thin space works on some browsers in some versions, but did not work on my Mac version of Firefox. At the end of our conversation, the developers conceded that my version of Firefox failed to accurately display the thin space, but maintained that this particular age-old typographic detail, well, didn't matter because they couldn't wrap their minds around what it might be used for.

I wouldn't recommend starting a chat with Firefox developers about an old version of Firefox.  Firefox 3.0 was officially superseded 3 months earlier on 2009-06-30 by Firefox 3.5, which had had more than a year of public testing and entered beta on 2008-10-14.

It's a shame the conversation isn't quoted.  I suspect the Firefox developers (not necessarily those available to speak to Mr Krishna for an hour) know all about what to do with a thin space, and care a great deal about how text is displayed.

The test suite mentioned by Joe Clark...

space ] [
hair space ] [
thin space ] [
zero width space ]​[
en space ] [

... seems to be rendered adequately by Firefox 3.5.3 on Ubuntu Jaunty and Karmic, though you need an extra package to see the fonts:

sudo apt-get install msttcorefonts

[or]

sudo apt-get install ttf-mscorefonts-installer

You can then see the result better here:

Spaces Test Suite for Web Typography — Jon Tan 陳

This is a series of examples of different types of typographic spaces using the core web fonts for user agent and operating system comparison.

I don't know what to make of the monospace (fixed width) fonts' various space widths, but I suppose that's how they're meant to look.

Presumably Apple's advice for accurately rendering nicely written web text on Mac OS X would be to use Safari -- and to hell with extensions and security.

I wonder how the current version of Firefox on Mac OS X displays thinsp, and whether it's OS X's fault.  I wish Mr Krishna luck in finding some Apple developers to spend an hour chatting with.

Here's my advice to Firefox users finding poorly rendered spaces: turn off "allow pages to use their own fonts":

browser.display.use_document_fonts;0

Better still, do it now, just in case.  Read everything in your chosen font from now on.  Web designers hate that. 

I appreciate Joe Clark's "nobody produces better" web copy, but this almost-blog doesn't have to be beautiful.  I still compromise with ASCIIisms like double spaces and double hyphens.

Labels: browser, design, publishing, web

  ¶ 00:04 1 Comments Links to this post

  problems with Linux on a Mesh computer from ebuyer -- MESH5060131133362 I've just bought this Mesh computer from ebuyer.  It has an Asus P5KPL-AM EPU motherboard, and doesn't work properly out of the box with Ubuntu Karmic.

It didn't work at all until I opened it and connected the hard drive cable.  The cable can't be dislodged by rough handling during shipping.  It just wasn't connected properly.

There is network corruption after booting, and poor performance on a 100 Mb/s network.  ¶ 01:39 0 Comments Links to this post

  show notes for Security Now 217: The Broken Browser Model twit.tv's page for shownotes for Security Now 217 at the official TWiT wiki is currently blank (2009-10-12 update: notes have been added), and the site has recently been down for hours.  Here are my rough show notes, with some nit-picking comments.  Some of these notes are almost quotes, edited for clarity.

Playing SN-217.mp3.

"Security guru" Steve Gibson is talking to Alex Lindsay, who's filling in for Leo Laporte.  Gibson is arguing that browser security design is broken.

02:12. [intro]

Moxie Marlinspike

New Tricks For Defeating SSL In practice -- BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf

see also:

Null Prefix Attacks Against SSL Certificates -- null-prefix-attacks.pdf 

Wildcard certificate spoofs web authentication • The Register 2009-07-30

IE, Chrome, Safari duped by bogus PayPal SSL cert • The Register 2009-10-05

04:06.  [advert]  ... thanking one of our sponsors...

06:23.  [back to the show]

09:00.  [back to the main subject] a fake PayPal certificate

affected all Microsoft Windows browsers; not fixed after 9 weeks.

10:15.  Mozilla fixed it in Firefox 3.0 and 3.5 "within a couple of days".

12:49.  null prefix vulnerability

14:29.  At the moment, Microsoft Windows users cannot trust any Windows browser other than Firefox.

~41:00.  wireless security: man-in-the-middle attacks on wireless ethernet.

50:46.  The page that you receive has a submit button that you assume is an https address, but the bad guy in the middle who's filtering your traffic changes the https address to http.

54:25.  Many sites don't give you an https form.  They give you an https query.

54:35.  Normally, literally www.paypal.com -- the page you look at is not already secured, typically

This is true of many poorly designed sites, but not PayPal and other big sites that pay attention to security.

An astute user could detect that they did not receive a secure page in return.  First of all, by that time, it's too late: the man in the middle has their password.  Moxie Marlinspike also came up with a solution for that: use a golden padlock favicon.  We're used to seeing that little padlock and equating it with security.  This is not going to fool somebody who is hyper-vigilant.  Most people aren't.

58:43.  There's no provision for the browser insisting that https is used universally with PayPal, for example.

not strictly true.  NoScript provides it, but it's not in Firefox by default, and this feature needs some work.

59:49.  for example, Google Mail.  If you just go to gmail.com, you get a non-secure page

untrue.  It redirects to https.

You log in, and you are briefly secured, but Gmail drops you back to a non-secure connection.  If you manually go "https://gmail.com", then Google will respect that you asked for a secure connection, so it will leave you that way.  Now they have an option to say "I always want a secure connection whenever I'm logged on to Google, but that's only happened in the last couple of months.

Over 14 months ago, on 2008-07-24, it was announced: Official Gmail Blog: Making security easier.  It was rolled out to all users soon after that.

1:17:47.  the browser's real security indicator, not a little padlock in the address bar

The extended validation certificate and the way it's indicated in Firefox and other browsers  answers this point to some degree.

1:23:00.  and to deal with the problem of vigilance.  It comes down to the user being responsible at this point, and I'd really like to offload that to the browser.  For example, imagine a Firefox add-on, which, for sites that we use a lot, like PayPal, Amazon, Facebook, Twitter, forces https for every address if the server can accept it.

NoScript can nearly do this.  It can force https on a site, but the means for the server to tell it when it will work is not there yet.

Labels: browser, design, privacy, security, usability, web

  ¶ 08:26 0 Comments Links to this post

  Never give your email password away.

Labels: privacy, security, web

  ¶ 19:35 0 Comments Links to this post

  ideas for Blogger via Google Moderator 3 years after Steve Yegge's Blog Or Get Off The Pot, Blogger is asking for feature suggestions.

The revision control idea is not as popular as I expected.

simple (wiki) revision control, like Knol's version history

http://steve-yegge.blogspot.com/2006/03/blog-or-get-off-pot.html

"people have a right to see how my ideas changed over time, after they yelled at me or made brilliant observations..."

ideas mentioning Yegge

Labels: publishing, web

  ¶ 20:34 0 Comments Links to this post

  a web version of 'Taking Your Talent to the Web' Jeffrey Zeldman in comments:

@Chris Harrison [cdharrison.com]: Thanks! I’ve moved your cropped PDF to my server, and replaced my PDF with yours. All links in the blog post now point to the cropped version. You are awesome.

@Manuel [cvam.com.ar]: A “Taking Your Talent to the Web” WIKI, allowing community members to annotate each page of the book with updated examples, screen shots, etc., would make a nice next step.

Jenny Gray [stylecabinetonline.com]: How kind of you to say.

There's no mention yet of a licence or a site.  The current version has the usual "all rights reserved" message.

Jeffrey Zeldman again in comments:

Thank YOU, Dale Cruse [drinksareonme.net -- Creative Commons by-nc-sa licensed]. It was a brilliant idea. :)

It's a rather late idea, but better than life plus 70 years.

Labels: copyright, design, freedom, publishing, web

  ¶ 13:05 0 Comments Links to this post

  "Features planned for OpenOffice.org 3.2" -- notes from the wiki talk page I don't follow OpenOffice.org development closely. I just watch the wiki. User:Gerald (who?) has just added this text for inclusion on the features page. The information is apparently gathered from the bug tracking system.

Features planned for OOo 3.2 - Status 10 April 2009

Please move this collection of new features planned for OOo 3.2 to the main "features" page if you consider it appropriate

- based on Child Workspaces & issue list with target milestone 3.2 -

• Overall
  • Performance improvements
  • Text rendering based on Cairo
  • Implementation of ODF 1.2 Metadata
  • Begin of support for opentype and Graphite Smart fonts
  • XHTML export filter update / XHTML import filter (?)
  • Support for Quicklook on OS X
• Writer
  • Rotating of images in Writer
  • Stemming and morphological capabilities for Thesaurus
  • Better OOXML import / begin of .docx export
  • Notes for a range of text
• Calc
  • Bubble chart implementation for charting module
  • Improvements in Autofilter, DataPilo, Conditional formatting, ODFFormula
• Impress
  • 3D Slideshow transitions for Linux and MacOS X, OpenGL transitions in Impress (Mac OS X)
  • Animations in SWF export
  • Highlighting in presentation mode
• Base
  • Search and replace capabilities to SQL-Editor
• Math
  • Baseline alignment of formulas in starmath module

Labels: software

  ¶ 13:34 0 Comments Links to this post

  security warning: Gmail Labs inserting images I'm trying Gmail's new Labs feature for adding in-line pictures. Official Gmail Blog: New in Labs: Inserting images

Firefox gives a security warning:

You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.

It shows this as a modal dialog when warnings are turned on and you're connected to Gmail by HTTPS (TLS), and you insert an image from "My Computer".

The warning will continue on the URL bar (address field) --

Your connection to this web site is not encrypted.

and the status bar --

Warning: contains unauthenticated content

until you start a new session.

It's hard to find what is being sent unencrypted. The problem is that something -- however unimportant -- has presumably been sent in clear, and the user has to be warned about it. It's a usable security and privacy problem.

Labels: privacy, security, usability

  ¶ 08:20 0 Comments Links to this post

  I'm testing Blogger hosted on dreamhost.com via sftp. You need real hosting for access logs.

Labels: hosting, statistics

  ¶ 08:45 0 Comments Links to this post

  about this blog I'm thinking of keeping some notes here. Some more carefully written stuff might appear at http://merriam.blogspot.com/ and/or my typepad site.  ¶ 05:45 1 Comments Links to this post