I finally kicked the habit. Tonight I nuked World or Warcraft from my Powerbook.

After having ran the marathon up to level 60, explored the world thoroughly, I attempted to start a new character.

After a few sessions I realized that the game had lost its luster for me. The graphics are gorgeous, mechanics decent, but it lacks the grand events to generate more social interaction or build a real mythology.

Like the time the Alliance raided Orgrimar taking down the server I play on, or the bug that caused a nasty disease to spread throughout the cities, killing even NPCs.

Why aren’t NPCs raiding the towns and cities? A million players grinding through a valley of Yeti, or cave full of baddies should trigger some revenge you would think.

But no.

Instead we are expected to rinse and repeat with the occasional new raid or dungeon being added.

Sure, an expansion pack is coming, but it doesn’t need too.

The game needs to get smarter, not bigger. Faster not more cumbersome.

Recently one of my sites underwent a major overhaul. One addition was the ability to subscribe and unsubscribe to a mailing list.

The typical process usually involved either a mailto link or simple form. Sort of like the Feedburner integration on my blog.

I couldn’t help think, why not use that new magic Web-dot-O (Web 2.0, Ajax) goodness to make things a tad easier for visitors. Less jarring.

After contemplating copying the various javascripts, whipping up a typical perl, php or ruby script to handle everything I realized, Rails has it all.

Actually, Rails is perfectly designed for this task!

Quickly, I created a new Rails application, copied the static site into the public directory and fired up the Rails server. Pleasantly the site appeared as I expected.

After I wrote the controller, views and mailer, sprinkled the Rails javascripts as need in the static html files, everything was ready to go.

So, why not keep the two completely separate?

You can’t submit Ajax calls that are not on the same domain. Web browser security precautions stop the requests. You can make them till you’re blue. Nothing comes back. There are hacks using Apache proxy passthroughs.

Why bother. Rails is so elegantly designed it makes an excellent wrapper for static sites that need a few bells and whistles.

My next step is to create a few more commonly needed functions for static sites.

Maybe I will call this technique Railings? LOL.

Black Friday has come and gone.

There were no 360s anywhere.

The new excuse, stockpiling for the international launch in 2 weeks.

Does anyone buy this crap?

Seriously, the launch leader in the console market managed to have zero inventory on store shelves on Black Friday!?

Right.

Microsoft’s CFO must be looking forward to explaining this debacle to shareholders.

After finishing a particularly grueling day doing CSS browser compatibility coding, I ventured out to see the vast retail wasteland left in the wake of the XBox 360 launch.

Sure enough not a single XBox was to be found anywhere, expect for the insane gamers purchasing them for $5,000 or more on Ebay.

Best Buy actually had the gall to sell the old XBox for $149.

With my amazing wife being a expert retail shopper, I am keenly aware of Black Friday. The mythical day of the year when retailers move from red ink to black in their books.

Microsoft must be keenly aware of this day too. Because they are spinning furiously that they planned this shortage all a long, a PR stunt to drive consumers into a frenzy.

Is this shortage the worst planning in both gaming and Christmas retail history?

Black Friday will determine the truth.

If XBox 360’s are not lining the shelves of retailers Friday morning, for the little Timmy’s mother to purchase, Microsoft will have blown it. Big time!

has a great article on preventing Cross-Site Request Forgeries (CSRF).

Essentially, the principal is that a long random hash that is known by the server is written into a form that is to be posted. An example of this is the following HTML for a login box and form:

A week ago, I swung by the local EB Games and GameSpot, to see what the prospects were for getting an Xbox 360 for my annual Thanksgiving slack-a-thon.

The nice guy at my local EB Games laughed, stating I would be lucky to get one before Christmas. He said they could cover only 40% of their preorders. The same story was repeated at GameSpot.

Figuring most sales had moved online, I checked out the news over the last week. Story after story told the same tale.

Microsoft has supposedly produced less than 1 million consoles to satiate the 2-3 million gamers eagerly awaiting the new Xbox. The rumor being, this is a deliberate tactic to create a higher sense of value and demand, while avoiding a sales spike, followed by a slump.

If this is NOT an attempt to simply cover their asses for being late to production, it the dumbest thing I have ever seen in the game industry.

Microsoft, whom has lost billions buying second place in the console market, purposely slows the saturation of the Xbox 360?

Can I call bullshit!?

They have might have 4 months before gamers will be within the Nintendo Revolution launch window.

Every day a gamer waits for the XBox 360, between launch and that window, is an opportunity for Nintendo to grab second place back from Microsoft.

Why was Microsoft incapable of producing enough units to saturate the market?

This summer at E3, Microsoft was still not coming clean on backwards compatibility. But they heard from consumers and industry pundits loud and clear, backwards compatibility was all but a requirement.

So, Microsoft probably sent the engineers back to the drawing board to figure out how to wedge some form of compatibility into an already locked down design.

Why would Microsoft have not included backwards compatibility into the 360 design?

The boat loads of cash they lost on the first Xbox.

If they left out compatibility, consumers would have to buy all new games. The icing on the cake, or blades for the costly razor they just built.

Compatibility being a late stage hack makes sense, given the news this week that an important UI element in the 360 is not available when operating in compatibility mode.

At the end of the day, it seems Microsoft is true to their stereotype.

A company incapable of wielding their clout, wealth and technical assets to achieve the mythical dominance of yet another industry.

Wouldn’t it be nice if web servers always delivered content correctly? Or web browsers were more intelligent about the content they received?

Tonight, while scooping up the latest release of Firefox, this all too common result occurred, a browser bomb.

Oy.

What century are we in again?

Sort of nostalgic, like displaying HTTP error codes to unknowing users.

Oh, we still do that too!?

Being a developer, who is constantly upgrading to the latest and greatest, on more than one occasion I have forgotten to de-authorize iTunes on the old machine before selling it.

A couple years ago I hit the 5 machine limit without realizing the importance of de-authorization. Apple support cleared my quota, and not so subtly let me know this was an exception, not a policy.

Why doesn’t Apple solve this issue for their customers and support staff?

Simply let authorized users/machines roll off after a set period of inactivity.

In other words, if a authorized user/machine has not accessed iTunes HQ for authorization after 12 to 18 months, simply delete the entry. If the machine attempts to access a FairPlay track, the authorization dialog would appear and a new period would be started.

This would go along way towards making the DRM used in iTunes more palatable, while reducing support issues and customer frustration.

Of course, you could just strip the DRM from purchased tracks, but that might make you a criminal or drug dealer, according to some.

After considering my previous post, I have concluded user defined authentication, in most situations offers some benefits over traditional silo based systems.

Obviously, the user does not have to conform to your ideas of identity, nor remember another pair of authentication nuggets.

When implemented correctly, securing the identity of the chosen authentication mechanism and the destination for authentication queries, it should provide better security against external attacks.

Attackers might discover how to attack the login process, but with the true authentication method differing from user to user, traditional patterns of attack would not hold up across the user base.

If an attack did succeed for one user, it would not necessarily compromise the entire system.

Another possible benefit, in the case of an attack, is potentially more eyes monitoring activity.

To be clear, I am only considering this for web applications. Companies like Apple use a single authentication process across web and desktop applications. Such as .Mac, Store, iTunes, Mail.app and iDisk in Mac OS X.

What if users designated “their” IMAP server as the authentication mechanism for Apple services?

Would Apple and more importantly users be happy with the shared control?

Would Apple be more secure not having to store the shared secret of the authentication nuggets?

How would customers feel, with less burden to remember authentication nuggets, more control over the system that is used to authenticate their identity?

Much more to consider…

Btw, I am already using a system like this in production. So far it works rather well.

One of my latest projects, MailTemplate, provides a serious challenge. I have to wrangle a mix of Objective-C, C and C++ into Universal Binary format by Macworld in San Francisco next year, hopefully.

It has been years since I did any serious C programming. As I contemplate the mountain of work this is going to be, a thought keeps crossing my mind.

Why is C so popular? I understand the long standing entrenched interests and legacy code argument. However with today’s lightning fast computers, the speed argument is quickly fading for most common applications.

I am amazed every time I see yet another implementation of an Array or Dictionary class which falls miles short of Ruby, Python or even Java in most cases.

How many decades before it is replaced with a higher level, more productive language?

How many times do we have to build the wheel?

Thankfully my other projects are based the joyful Ruby and Ruby on Rails.

While listening to the Gilmour Gang podcast the discussion, about content and generating revenue in podcasting, seemed to boil down to what is valuable enough to drive production and listeners.

New content is already generated free of the old school preconceptions.

How do existing content producers repurpose their content for this medium?

Today, content from the old school producers seems to fall into two categories, simple copies or abridged versions.

The value for old schoolers will only come when they add to the repurposed content.

The news story which ran 3 minutes on television or radio, might be 7 minutes in the podcast. The relevant but perhaps peripheral elements restored to the edited version.

They might add comments or a debriefing session with the reporter to the end of the content. Expose the process to the listeners, or perhaps the biases which influenced the content.

Elements of value which were not appropriate for the old rigid formats.

The element old school producers seems to be missing the lack of time restrictions in podcasting.

Consumers of old school media crave freeform content. This is part of what has lead to Tivo’s popularity, and why they are abandoning television and radio.

They want meat, not fat. Don’t bloat content with interspersed commercials or meaningless babble, give them meat.

If you do, they will flock to your brand.

Hot on the heals of The Unofficial Apple Weblog’s article, OSx86: On the cheap with Cinema Display capabilities, comes an article from ZDNet, by way of OSNews.

Apple Mac OS X on x86: a First Test – OSNews.com: “ZDnet has installed the x86 version of Mac OS X and did some preliminary tests. Their conclusion? ‘Mac OS X looks in amazingly good early form on the x86 platform. As far as power consumption and OS performance are concerned, it can already keep up with Windows XP. Application performance clearly lags behind, though, and still needs to improve.’ Now, let’s wait and see if Apple dares to send angry letters to ZDnet too.”

Apple Mac OS X on x86: a first test – ZDNet UK Reviews: “Steve Jobs might not approve, but Apple’s latest operating system can be installed on any x86 hardware. How well does it function? Read our preliminary labs test to find out.”

The comment from OSNews, “Now, let’s wait and see if Apple dares to send angry letters to ZDnet too.”, is plain stupid.

We are not talking about companies or individuals being sued by an overzealous Apple legal department for using the word Mac or iPod in a Google Ad.

This is about professional, for profit businesses, illegally using versions of Apple’s announced, but unfinished products to generate profits for their publications.

Mac OS X for Intel-based Macs is an unreleased product, which is covered under a non-disclosure agreement between Apple, their developers and employees.

The only legal way to access this product, is to hand Apple $999 for a developer transition kit under a strict non-disclosure agreement.

Apple, as a corporation has every right to sue individuals leaking their products, and businesses, like ZDNet, for using leaked products for profit.

This is not a first amendment issue. There is no public right to information regarding unreleased products from any corporation.

I don’t mean to pick up the guys at TUAW, but their latest story on Mac OS X for Intel closes with all too familiar wink and nod.

OSx86: On the cheap with Cinema Display capabilities: “Once again, we must remind you that we don’t condone OSx86 piracy, stealing, or other illegal activities. We simply must point out the scientific value of such a How-To, so you can feel informed.” (Via The Unofficial Apple Weblog.)

This site, along with countless other news and rumors sites, are directly profiting from piracy.

Please don’t feed us that lame and morally hollow closing line, in some attempt to cover your own ass, should Apple come knocking.

In Raleigh, North Carolina USA, we have had on-demand content for a few years. Time Warner Cable offers both pay-per-view and all you can eat on-demand for a growing list of networks.

Today analysts are calling it competitive for CBS, NBC, Comcast and DirectTV to offer pay-per-view? Three or more after Time Warner began offering the same service – only cheaper?

Every single analyst I have read today is attempting to portray these announcements as competition for iTunes. They all miss the key element that make iTune video a winner.

Its about taking it with you, in an elegant usable format!

Not one or these supposedly new offerings will allow consumers to do that. You simply get overly DRM’d content in the same old environment. The living room.

This on top of the fact that Time Warner has been offering on-demand content for a flat fee for years, make today’s announcement of 99¢ time-limited content a non-starter in my book.

I will pay to take content with me on a road trip or flight. I won’t pay to watch reruns of existing content in my living room, and which in may disappear within 24 hours of purchase.

Yes. Apple has DRM too, but in this case FairPlay is exactly that. Enough control for media conglomerates to feel safe, and enough freedom for consumers to use the content they legally purchased where they want.

Perfect is the enemy of done. In this case, Apple has done what these other companies will never perfect.

Yesterday, on Adam Curry’s Daily Source Code, he revealed the music industries decision, at least in Europe, to clamp down on the use of commercial music in podcasts.

This is a sad day for podcasting, with shows like Jan Polet’s Hit Test, no longer safe to produce.

It is no surprise this happened, with all the buzz around podcasting.

What music companies fail grasp, IMHO, is that they have more content today than can be marketed and distributed through ordinary channels.

How many Madonna, Dave Matthews or Ashley Simpson records can be sold before consumers grow tired?

Podcasting allows for micro markets to form around individual artists, thereby increasing a revenue stream.

The great news, is that several pod safe tracks Adam played yesterday were awesome! Now artists whom would never get airplay on mainstream commercial networks are going to be heard by more and more people.

The crutch of the familiar is finally gone! Lets blow this mother out!

What is up with online Mac news sites?

Most do little more than publish press releases, user generated content (forums, rumors, etc.) or each others content.

Tonight when blasting through my RSS feeds, this lovely image popped up.

I am not a zealot, but come on, “The Unofficial Apple Weblog” is running on Microsoft IIS.

Guess it explains why they have a more bitchy attitude than most Mac news sites.

Where are the good mac news sites?

After listening to the Gilmore Gang podcast, in which identity system standards were discussed, I began wondering about how the typical web application provides authentication for users.

Nearly everyone I know despises the plethora of usernames and password they have to remember, for discussion forums, shopping sites, mailing lists and the growing number of online applications people rely on daily.

When I started developing with Ruby on Rails. I found the concept of subdomain authentication and using a subdomain as a username liberating and powerful.

Having built a subdomain authentication system which used, POP3, IMAP, LDAP or MySQL, got me thinking.

Why can’t users define the authentication system they prefer?

Yes. There are logical security considerations.

What makes an applications authentication mechanism more secure than a users own POP3 account login? Or any other source for that matter?

Why does Mail.app mime parsing suck?

Since I write web applications related to e-mail processing, I am amazed that a company like Apple has not addressed the way Mail.app parsing sucks in Mac OS X Tiger.

handles simple messages, like mime/multipart, plain text or rich messages, just fine.

Where ti falls apart is on mailing lists, where complex mime structures lurk, such as multipart/digest or message/rfc822 messages.

The visual symptoms are that individual message parts in these complex types don’t appear correctly in the viewer in Mail.app, bleeding together without displaying even minimal headers, like To, From or the Subject.

Does their parsing code truly suck, or is this a symptom of moving to WebKit to display messages in Mail.app?

Either way, it need to be fixed.

parsing may be better, but I don't care for the aged appearance their rendering engine provides. The default fonts, aliasing and general layout is so 1999, IMHO.

Spam and spyware are such pains for everyone. Yet with all the anti-spyware and spam filtering technology the industry and authorities keep sidestepping the engine that drives the beast.

The companies whom purchase the ads!

For example, buried in this piece about a California man being arrested for running a Botnet:

“Most of the money Achenta made was through deals with advertising service companies who paid him a fee to display their ads in his program. The identities of the companies were not disclosed, nor is it clear if they were aware of the money-making scheme.”

Sure, if consumers didn’t purchase the products advertised we would all be a lot better off.

More importantly, if companies didn’t pay for these ads, there would be no incentive to infect machines and pummel mail servers for profit.

You have to marvel at the idiotic reasoning given above, “nor is it clear if they were aware of the money-making scheme”.

Tracking the success of an ad is the primary function any advertising campaign.

It has been a long time coming, but my new blog is finally here. A whirlwind of activity on my companies projects has delayed this far longer than it should have.

Well, being busy is only part of the long delayed debut. The other was coming up with a design I liked. Does anyone else have trouble designing for themselves? I can design for clients and friends with no trouble. But when it comes to myself, I am never quite satisfied.

The saying, art is never finished, just abandoned, could not be more accurate.

I finally scrapped all the customization of the previous blog software, Typo, which I used. Dumped the custom design and pushed WordPress and an open source theme out into the world.