Flash, you sneaky bastard!

Flash, the popular multimedia platform that helps make websites more interactive, has cookies separate from your web browser’s cookies. They’re called local shared objects (LSO) and they may be a security hole–like all things Flash

There are a number of directories where the flash cookies may be stored. For example, on Mac OS X, LSOs are stored in two locations:

• ~/Library/Preferences/Macromedia/Flash\ Player/#SharedObjects/
• ~/Library/Preferences/Macromedia/Flash\ Player/macromedia.com/support/flashplayer/sys/

And there are more possible! For a detailed list, check the list of locations on Wikipedia’s LSO entry.

You can manually navigate to these locations and delete nasty ad-tracking/malware-hosting objects; however, while deleting unwanted cookies is worthwhile, it’s not a good long-term solution. I recommend you update your Flash settings (this interface also allows you to delete your LSOs) now! There are several tabs to look through, but don’t worry–it’s quick. Make sure you deny access to your camera and microphone! For finer grained control, the Firefox extension Objection helps track and eliminate Flash cookies.

Whatever your strategy, I wish you luck!

Get notifications when concerts come?

Does anyone know of a website or method to be notified when your favorite artist is coming to town?

For example, I’d love to see Mike Doughty, Ben Folds, and They Might Be Giants in concert, but I always miss the ticket sales. I’ve tried to check their websites periodically, but I forget for a few months then miss the show. I’ve listened for announcements on the radio, but I do not listen to the radio consistently enough. Most recently, I’ve subscribed to RSS feeds from my favorite artists and this method is working, although I feel it is suboptimal.

My brother just mentioned a similar experience where he missed seeing the guitar-thumping virtuoso Andy McKee. (If you don’t know what I mean when I say “guitar-thumping virtuoso,” check Andy out below.)

While not the pressing issue in the world, not receiving relevant and timely updates for artists seems to be a common issue. Is there a solution? Show your 1337ness and help me out. Any tips would be appreciated!

Designing Based on Data

After my last Usability course this semester a designer/peer, Andrea Richeson, were chatting. She asked me if the course had changed the way I think about designers. I did not have a good answer at the time because I fancy myself a bit of a designer: I’ve created several websites (MPC, SE, SSE, SethHolloway.com) and I constantly build/tinker in both virtual and physical spaces. Beyond considering myself a programmer and designer, I found usability testing to be an amazingly practical part of creating something for people. The methods are similar to my favorite software development methodology: agile development–get the requirements, do a small piece, fix what is broken and ensure people like the effort so far, repeat. After some reflection I can say the course did not really change my view on design, it gave me a framework for evaluating and altering design based on user data.

Fresh out of the class with a solid understanding of the art of usability testing, I was taken aback while reading a New York Times article about a designer who left Google and went to Twitter. He left Google because of their rigid adherence to trusting data. I am confused how a designer could disagree with trusting data. If you do not like this approach, you don’t believe in (1) the way they collect data or (2) trusting the users. The article does not explain how Google collects their data nor does it explain the designer’s disdain, but from what I read I think Google’s approach is perfect.

Google receives millions of unique visitors per day and they are known for changing elements on the page (think of the whimsical, dynamic elements like logo changes and the “Feeling Lucky” button), so it is not hard to believe that Google would put up different designs of the same page. Now, a fraction of the millions of users sees one design and another fraction sees the other design. From the web server’s standpoint, data collection is fairly easy–especially with AJAX-enabled dynamic pages: just stream events to the server for logging. Later, a human can analyze the data and make decisions. With sample sizes in the thousands, statistical validity is almost guaranteed!

The approach is wonderful: people’s behavior determines the best design for the job and the data is collected without the user’s knowledge. What’s better than getting people’s feedback without their knowledge? Hidden camera shows have always exposed wonderful insights, but we can only get at the truth when people let their guard down.

That is how I imagine the data is collected and the approach seems infalible, thus I must conclude that the designer does not believe in trusting users despite the flawless data collection methods. Even outlandish designs can yield positive results. I’m sure I’m missing nuances, but I side with Google. I believe in designing based on data because it keeps us moving towards usable, pleasing designs.

Wicked awesome new theme

Lane isn’t the only one changing his theme! After upgrading to the impressive new Wordpress 2.7 I found the beautiful Gears theme and edited it to fit my tastes. I hope you enjoy the updated look. Integrating Google Analytics into the new theme took a couple tweaks, similar to putting Analytics into the default theme. If you need help adding Analytics to Gears, send me a message and I’ll try to help.

So, what do you think? Is Gears, as customized by yours truly, not wicked awesome?

Let Google do the heavy lifting!

I love Google. They represent so many positive ideas about technology and offer an amazing suite of tools. Gmail is fantastic. I adore Google Calendar. Google Scholar is the only site I need for research. Google Reader is the best RSS feed reader on the market. Google Docs works a like a charm and is infinitely handy. I have entrusted my workflow to Google and had positive results. They’ve taken over the heavy lifting and ushered in an era of browser-based productivity that I agree with wholeheartedly. I’m excited today to use yet another Google server: I added Google Analytics to the site

In last week’s Introduction to Usability course we discussed good and bad websites, and one student selected Google Analytics as a good website. The Analytics page provides all the necessary statistics on your sites traffic including their IP address and corresponding location, the number of unique visitors, and timing. It was characteristically Google: clean, easy to use, and hugely useful. I had no idea the service was free!

Inspired by the class I checked into Google Analytics further and signed up. I added http://www.sethholloway.com to the service and they generated the necessary javascript–they even told me where to place it (though I already knew enough HTML to insert the scripts)

Here’s the generated javascript:

<script type="text/javascript">
  var gaJsHost = (("https:" == document.location.protocol) ?
                   "https://ssl." : "http://www.");
  document.write(unescape("%3Cscript src='" + gaJsHost +
                          "google-analytics.com/ga.js'
                          type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
  try {
    var pageTracker = _gat._getTracker("UA-7555904-1");
    pageTracker._trackPageview();
  } catch(err) {}
</script>

And the only change necessary to gather statistics from across the blog is contained in header.php. From your WordPress admin panel click Appearance->Editor->Header (header.php). Then locate this bit of code and insert the generated code where I placed the comment below:

<?php if ( is_singular() ) wp_enqueue_script( 'comment-reply' ); ?>

<?php wp_head(); ?>

//PASTE GOOGLE ANALYTICS CODE HERE AND REMOVE THIS LINE

</head>
<body>
<div id="page">

That’s it! So simple! So useful! If you haven’t already signed up for Google Analytics, do it now. The service is free, incredibly helpful and easy to use; even better, installation will take you less time than heating up that Hot Pocket!

Do we need AV software?

Do we need AV software? It is naive to think that safe practices will protect you–there are simply too many ways to get into a system. You need something to protect your computer, and good AV software won’t hurt.

I was reading a lifehacker article asking readers about antivirus (AV) software. The range of knowledge conveyed in the comments is ridiculous. Some users claimed they never had a virus. There are known botnets with over a million machines. I doubt that all million machines are owned by a single individual, which means there are multiple users who are either willingly allowing someone to use their machine, or the multiple users are unaware of the heist. With the sophistication of modern viruses (rootkits, automatic replication, dynamic signature changing, etc), it is silly to claim you would even know if you had a virus.

A couple users claim that there had never been a virus for Linux. I don’t even know where to start on that one. Definitely false. Any script kiddie could gain access to a Linux system that had not been hardened. There are a number of measures a system administrator can take to mitigate threats on Linux, but not every Linux user is a sys admin. Services like ssh being on by default increase the risks greatly. The power of a Linux command line and access to powerful development tools make subsequent attacks easier to launch.

People seem to define virus strangely. Some viruses like vundo trigger a lot of pop-ups, but won’t necessarily crater your system. Other viruses that do not brick your machine are passively collecting information, waiting for further instructions, or launching attacks. You don’t even have to open a file to be at risk. You don’t even have to be online; infected USB keys (and other input devices) can infect a computer that isn’t online.

It’s not just dumb users either. Viruses come from your friends and people you trust. Elaborate social networking hoaxes are being performed everyday, and everyday they get more convincing. Malware distributors have some of the most professional websites online. Their UI and interface design mimic trusted providers so a quick glance will not immediately reveal a problem. You have to realize and appreciate the ingenuity of the nefarious Internet warriors–they’re smart, creative, and talented.

Comparisons have shown that no one piece of antivirus software will catch all viruses, so your best bet is to

1) be safe:

• Don’t open links in emails. Type the URL into the address bar on your own.
• Be mindful of what your friends are sending you. Would Suzy really send you a link to get rich quick?
• Avoid the worst of the web (pornography, gambling, warez)

and 2) run a few different tools:

• AVG (or avast!) – Antivirus
• PeerGuardian 2 – IP Blocker
• Ad-Aware – Antispyware

So do we need AV software? Yes. You can never be totally safe, but you can mitigate your risks. Use common sense, a few tools, and perform frequent backups. Good luck!

Get Things Done: Related work… or Why don’t tech sites use modern technology?

As I perfect my PhD workflow I’m learning a lot. I’ve gotten much more efficient at finding related work and target conferences; I’ve improved my writing and organizational skills; I’ve found a number of tools that make my life easier (for example I use Google Docs to track references and write drafts so that I can view them from any Internet-connected computer). However, now I’m at the point where I know my topic and I need to stay current on the research. From what I can tell, most academics do this by reading the program from conferences related to their work. That’s fine as a backup, but there’s got to be an easier way! Why not automate the delivery of related articles or entire conference proceedings?

As a dedicated RSS fan (RSS feeds are a great way to keep up with the latest news!) I would love to subscribe to my 10 conferences and have them publish to my reader as soon as the proceedings are available. However, IEEE and ACM do not publish papers or articles via RSS! I understand conferences are big money makers so you may want to make people pay for the content, but I get emails and magazines from IEEE that I could receive instead as an RSS feed. Groups that represent the height of technological research are 10 years behind the times!

Thanks to blogs, twitter, facebook, and the raft of immediate media, everyone is a publisher. IEEE and ACM seem to be following the print newspaper style which is not 1) economically feasible or 2) good for spreading your brand. Don’t try to horde content in hopes of making more money. I get more interesting research from Wired than I do from IEEE because IEEE withholds the work. (That’s hyperbole of course–my job is to cruise for papers and UT has an amazing infrastructure in place for doing so–however, Wired does make it much easier to find interesting technology).

Until I find another way, I plan on setting up Google alerts (sent to my RSS reader) to notify me of conference proceedings and/or make related work searches into RSS feeds (i.e. get a notification when a new rolling alarm clock is discussed). Does anyone else see the irony in all this? Has anyone found an easier way to stay up to date with research in your area?

Keep up with what I’m keeping up with

For anyone that is not my “friend” in Google Reader you can still see posts that I find interesting/useful: https://www.google.com/reader/shared/11451882993897049685

The page is automatically generated, up-to-date, and anonymous for the surfer, so feel free to check it out. Alternatively, set up the always useful Google Reader, friend me, and we can see one another’s shared posts. It’s a great way to let other people sift through the stories and share the gems.

A few interesting links

Happy Black Friday to all! I hope Thanksgiving went well and that your Black Friday goes smoothly–the only thing I bought was purchased online

Over the past couple weeks I have found some interesting links; hopefully you agree.

As I move closer to graduation, the job hunt is on my mind. Here’s 13 ways that social media can help: http://davefleet.com/2008/11/13-ways-social-media-can-improve-your-career/

Wonderful post on how to write effective email: http://thinksimplenow.com/productivity/15-tips-for-writing-effective-email/

I’ve maximized the viewable space in Firefox to my choosing. Here’s the extreme case and how to truly maximize the viewing area: http://www.ghacks.net/2008/11/19/setup-firefox-to-use-minimal-screen-estate/

Do bloggers do any real work? Read and find out: http://www.avc.com/a_vc/2008/11/do-you-ever-do.html

2008 has been an expensive year so I’m planning to choose gifts from the heart rather than the wallet. This link had a few inexpensive gift ideas (I like the reusable water bottles in particular): http://articles.moneycentral.msn.com/SmartSpending/FindDealsOnline/great-gifts-that-arent-gift-cards.aspx

Lively is shutting down. I am sad because I believe virtual worlds are a valuable tool; if Google can’t do it right, who can? http://www.lively.com/html/landing.html

More managers need to read this one. Guy Kawasaki’s amazingly humane, common-sense tips on how to lay people off: http://blogs.openforum.com/2008/11/18/the-art-of-laying-people-off/

Use gift cards before companies go out of business

In these tough economic times we’ve heard about companies laying off employees and closing. The news has been so frequent that I’m already somewhat desensitized; however, there are some angles that I had not considered. Case in point, gift cards to companies going out of business are now use-it-or-lose-it. Andrea and I got several gift cards for the wedding and I generally get gift cards for Xmas and birthday, so I have a few saved up. Here’s a list of companies that are in trouble, so look to spend those certificates!

The Gap
Kmart
Sears
Office Depot
Circuit City
Dillard’s
Starbucks
Hallmark
Wilson’s Leather
Linens ‘n Things
BJ’s
Victoria’s Secret
Mervyn’s
RadioShack
Albertsons
Old Navy
The Bon Ton
Boscov’s
The Children’s Place
Ross
JCPenny
Blockbuster
Things Remembered
Rite Aid
Pep Boys
Staples
Michaels
Pier 1
Rack Room Shoes
Nine West
Jo-Ann Stores
Borders

Source: (original email that did not copy cleanly, so I found it online here) http://www.giftcardblogger.com/gift-card-alert-linens-n-things-going-out-of-business/