Wow — rofecoxib (Vioxx) was taken off the market today due to increased “cardiovascular events” (heart attacks and strokes, mainly). Chris Rangel has a good little ditty today on the deshelving, noting that it’s just part of a cycle that starts with overhyping, continues on to hemorrhaging health care dollars, and ends with multibillion dollar tort lawsuits. Makes doctors and lawyers happy to be part of their respective professional communities…

si dailies, atlanta 1996

It makes me happy to have finally gotten off my ass, found good mylar sleeves, and packaged up all my copies of Sports Illustrated’s daily 1996 Olympic magazine. I ended up having two complete sets, and as many as seven or eight of some issues; now, they’ll all go into storage to give to my kids some day. (And, of course, there’s that magazine issue in the lower right hand corner, which makes me very happy to own!)

I’m not quite sure how I missed Typographica’s thread from November on the best font for programming, but I did. There are a slew of great suggestions in there, including Mark Simonson’s Anonymous, Bitstream’s Vera Sans Mono (screenshot here), and Lucas de Groot’s TheSansMono. I’m always looking for something that’d be easier on the eyes… time to play a bit!

I just realized that I forgot to post the requisite how-long-did-it-finally-last update for my iPod. So, the answer is 7 hours and 50 minutes. I still don’t understand, but have decided to just go with the flow. I’ll hang onto the replacement battery, but not install it until this battery tanks again. (By my estimate, that should be between a few days and a few weeks from now!)

SpamAssassin 3.0 is out! Notable in this release is the inclusion of a check against the Spam URI realtime blocklists (a huge help in the fight against spam), use of Sender Policy Framework tests (a huge help in the fight against fraudulent return address information), better integration with databases for storage of preferences and filter information, and a move into the Apache Software Foundation. If you run a mail server, you’d be doing yourself and your users a favor by hopping over and grabbing it.

And now, for an update to last night’s iPod story:

After 2 hours, and a battery indicator that flickered between two and three bars of remaining life, I decided to plug the damn thing into the charger and go to sleep. This morning, at 8:57 AM, I unplugged it, hit play, threw it into my backpack, and came into work. Right now, it’s four hours and 13 minutes later, it’s still playing, and the battery indicator is still showing four bars of power left. And I’m truly, completely baffled.

Remember — the only thing I’ve done is taken the back off of the iPod! Is it possible that the battery life can somehow be affected by whether or not the back is attached? I don’t see anywhere obvious that the battery could be shorting against the aluminum; what else could I be missing?

This is just freakish, and as sure as I am that I can’t explain what’s happened to the battery, I’m equally sure that the moment I decide that maybe I don’t need the new one and send it back, the seven-minute lifespan will return.

I don’t understand my iPod.

I have a first-generation, 10 gigabyte iPod, and over the past year, the battery life has been getting worse and worse. I decided to pretty much give up on it as a portable device about two months ago, when I disconnected it from the charger (into which it had been plugged for the prior 10 hours), started walking to work, and seven minutes later, it died with a low-battery warning. At that point, Shannon and I bought a cigarette-lighter power cord for it and relegated the device to a road-trip role in our lives.

Earlier this week, I happened upon a posting about an affordable extended-life replacement for the battery (I’d love to give the author credit by name, but he or she doesn’t really make a name accessible anywhere obvious!), and after a little hemming and hawing, I decided to give it a shot. I placed the order yesterday.

Given that, of course today was the day that Anil decided to email me a link claiming that all you need to do is open the iPod up, disconnect the battery, and reconnect it, and like magic, the battery’s long life would be restored. I cursed a bit, knowing that my replacement is about 10 hours away from delivery to my doorstep, but tonight I decided that it couldn’t hurt to give the unplug/replug method a try. I opened the little guy up (not as easy as I’d thought it would be!), but then realized that I hadn’t turned the iPod on to see what the current battery state was. I’m a scientist, after all; what kind of scientist would I be without data from both before and after the battery disconnection? So I powered the iPod up.

And therein lies the second surprise of the day. It’s now been almost three weeks since we’ve used the iPod — that was our last roadtrip — and since then, the device has been sitting in a drawer. Under normal circumstances, that would mean I could expect about three or four minutes before power-off… but of course, today doesn’t seem to be normal. It’s now been 75 minutes since I hit play, and the battery indicator shows three bars remaining.

No, really — I don’t understand.

I see that now, our country has upped the ante, moving from shitting on people’s basic rights to trying to prevent the Supreme Court from defending people’s basic rights. Americans can complain all they want about the downward trajectory this place is on, but when push comes to shove, all these policymakers were either elected by us or appointed (and approved) by the people we elected. And if we continue to elect and approve asshats who’d rather pillage the Constitution than read it — or worse, not vote, and let others choose our fate for us — then we’re to blame.

Wow, jetlag sucks. My brain thinks it’s 4:30 AM right now, and my coordination seems to be following suit.

From San Fran, a few skyline images from the Maritime National Park:

san fran skyline
skyline across the bay from san fran

Shannon and I escaped to San Francisco for the next few days; we had an eventless flight out here (thank God for inexpensive, direct mid-week flights from Boston to San Fran, curse God for out-of-control kids and their “I want my kids to think I’m cool, so I’m not going to discipline them” parents sitting near us on said flight), and collapsed in a heap last night when we realized that, in our brains, it was actually past 3AM.

Today, Fisherman’s Wharf, the Golden Gate, and whatever else we can find to enjoy this beautiful weather! And with the clouds and rain that’s in the forecast for Boston, it looks like we hopped over to the Left Coast just in time…

It seems that, with today’s appearance of Mozilla Firefox Preview Release 1, we have the first general-availability build of Firefox that integrates the fix for the annoying-as-hell cookie problem. (For those who don’t remember, or are too busy to click through that link, the problem is that most Mozilla browsers limit you to a certain number of cookies before they start deleting them, meaning that you end up having to log back into your bank sites, news sites, and whatnot on a seemingly-random basis.)

There’s an important note about that fix, though: without doing a few manual config changes, you’ll only see a marginal improvement. The old Mozilla way of doing cookies was that you were limited to a total of 300, and this fix increases that number to 1000, a number that should get you a few more days’ worth of browsing before your website logins start expiring. That being said, the official specification states that “cookie support should have no fixed limits,” and that browsers “should strive to store as many frequently-used cookies as possible.” A way to approximate that behavior would be to increase the maximum number of cookies to the highest the pref allows (network.cookie.maxNumber, 65535); this should change the behavior back to that which you’d expect from cookies. (If you don’t know how to increase it, take a look at the MozillaZine guide to the about:config window.) I’m not sure how Firefox will handle the increased number, stability-wise — for all I know, the limit was there because the cookie-handling code isn’t comfortable dealing with more than a thousand — but I can tell you that not having to dig my wallet out to find my bank card number every week will make me a lot less annoyed.

Looking at my last three posts — damn, am I a geek. I need to get out more… :)

This morning, I awoke to an email from El Oso telling me that the link to my archive list was broken; sure enough, it was, and that was totally confusing to me, seeing as I had made no recent changes to the structure of my site. It bugged me the whole way to work, and despite being in clinic all day, between patients I kept sneaking a peek at the relevant bits of code to see if I could figure out the problem. I wasn’t able to find anything overwhelmingly wrong, though, other than the fact that the the archive index page was just plain horked.

After clinic, I dug in a bit deeper, and finally found a post over at WebmasterWorld that seemed to describe the problem I was seeing — and happily, it made it seem like the problem was a bug in Apache (and specifically, the version of Apache to which I upgraded two weeks ago), rather than some dumbassed configuration error on my part. I came home and put together a test case that reproduced the behavior I was seeing, and then submitted it to the maintainers of Apache as a bug. We’ll see what comes of it; in the mean time, I threw together a workaround so that my archives can shine once again!

(And of course, if there are any Apache wizards reading this, feel free to take a look at the test case and point out where my understanding of mod_rewrite and mod_dir completely sucks; while I feel that there’s likely to be a bug here, I also recognize that there’s just as likely to be an idiot with a poor understanding of Apache on this side of the keyboard.)

In doing some email maintenance today, I noticed that American Airlines didn’t have my current address information. I meandered over to their website to update it, and after submitting my changes, I got an error saying that they were unable to validate my apartment number. I tried everything I could to get it to accept my full address, but alas, the only success I found was when I submitted my address without an apartment number. At that point, I noticed that despite me entering a 5-digit ZIP code, the confirmation page contained a ZIP+4. That means that they do some sort of back-end processing of the address to generate the nine-digit ZIP code; from the error I got with the inclusion of an apartment number, I assume that the back-end also includes some sort of verification that my address actually exists in a big property database, and that that database doesn’t recognize the fact that my building is divided into apartments. As a result of that deficiency, their database contains an incomplete address for me, which benefits nobody at all. This all highlights the fact that, if you’re designing a web-based application and testing the data that people enter, you need to make sure that that test achieves its goal of providing better data without also setting up situations wherein the data becomes worse. That means one of two things: either your test needs to be 100% reliable, or you need to provide a method for people to clarify their entry when the test fails. And since the first option is nearly impossible to achieve, you’ll find that the second option is way more important.

It makes me sad when ostensibly tech-savvy writers completely miss the point of a technology they’re covering.

MX Logic, a company that provides both products and services touted to increase email protection and security, released a report this week that says that email spammers are now using the Sender Policy Framework in an effort to “dodge both legal and industry-backed efforts to curb spam.” A few news outlets — Information Week, CNet News, The Inquirer — all picked up the report and ran with it, implying that the SPF standard is more or less a failure at what it was designed to achieve.

What’s the problem? It’s that SPF wasn’t designed to eliminate spam! The standard exists so that when you receive a piece of email from a certain return address, your mail program can check to see whether or not that address is a forgery or the real deal. As a result, the goal of SPF isn’t to eliminate spam, it’s to implement trust — you are better able to trust that the email you receive is from who it says it’s from. A quote from the official how-it-works page sums it up nicely:

SPF aims to prevent spammers from ruining other people’s reputations. If they want to send spam, they should at least do it under their own name. And as a user, SPF can help you sort the good from the bad. Reject mail that fails an SPF check. Use it to help your spam filters make a decision. Have confidence that mail that SAYS it’s coming from your bank, your credit card company, or the government really is!

As for that latter bit — helping filters make decisions about the likelihood of an email being spam — the key is in the implementation. And while I can’t speak about all spam filters, I can say that the filter I use, SpamAssassin, does the right thing. If an email fails the SPF test (indicating a forgery of the return address), then SpamAssassin considers it more likely to be spam. But on the other hand, if an email passes the SPF test (indicating that the return address is likely to be legitimate), SpamAssassin doesn’t add or subtract anything from the likelihood of it being spam — it’s a wash.

And now, for the important bit, and the bit being left out by the news coverage: when spammers use SPF to try to increase their legitimacy, all they do is verify that the site they’re using to send their junk is real. That means that those fighting against spam (filter authors, lawmakers, whoever) are then able to take action against that site without fear that they’re netting an innocent bystander, and that’s a good thing for everyone.

Oh, yeah, and one more thing the press neglected to mention: the report that forms the basis of the news was issued by a company which sells spam filters. The more doubt they can plant in the effectiveness of other solutions, the more business they can drum up for themselves… seems like a fine reason to shout loudly that SPF isn’t working, but also doesn’t make it any more true.

Now a week into using Movable Type 3.1, my biggest observation about changed behavior isn’t with MT itself, it’s with MT-Blacklist. The newest version — the one distributed with the Plugin Pack and the only version compatible with MT 3 — no longer has an option to scan your site for blacklist matches, an omission which makes it a good deal harder to clean up after comment spammers.

The old MT-Blacklist would let you search your site for comments that matched your blacklist, and present them all to you so that you could delete them and rebuild the relevant pages. That workflow made sense; frequently, you would get 50 new comments from the same spammer, and in order to get rid of all of them, you’d only have to let MT-Blacklist process one, loading the relevant strings, finding the other 49 comments which matched, and deleting the whole lot of them. That functionality is gone — the new MT-Blacklist handles checking individual messages great, but has no function that lets you check the site for any new blacklist entries and handle matches in bulk.

Maybe I’m missing something; the docs aren’t done for the new version yet, so it’s very possible that I’ve just overlooked the golden link that will do what I need. Alas, if I’ve overlooked it, it’s not for a lack of searching, and at this point I’m dealing with spam one-by-one, and growling the whole time. And in looking through the MT support forums, it appears I’m not the only one!

Seriously, How to Pick Up and Carry Your iMac G5 might be the dumbest technical note I’ve ever seen published by a computer manufacturer. Are they really saying that someone might be slow enough to be unable to figure out how to carry a computer, but would be quick enough to figure out how to use the Apple knowledge base to pose the question? It boggles the mind.

This morning, while perusing all the postings my aggregator gobbled up overnight, I noticed that a bunch of people posted links to, specifically affiliate links. appears to be a sweepstakes being run by the guys from, allowing people to register to vote in the November election and aiming to give $100,000 to one person who registers through the site. They’re also going to give $100,000 to the person who refers the eventual winner, hence the affiliate links from everyone.

I figured that it would be a no-brainer to go over and sign up; while I’m registered to vote, I’m not averse to winning money by encouraging others to do so. Then I took a look at the signup form, though, and started thinking twice about the whole deal. They ask for my email address, physical address, and phone number, and make sure to have a statement above the form saying that they only need it to contact me if I win (sounds good). But then they ask me to agree to their Terms & Conditions, which says that by registering for the site, I “may sign up to receive email from Eight Days, Inc. (Sponsor),” and that I “can remove [myself] from the email list by following onscreen instructions” (sounds a bit more suspicious). And then came the kicker: under the personal information section of the T&C, I’m referred to the Eight Days, Inc. Privacy Policy, “available at Sponsor’s web site,,” but going to that site, there’s no privacy policy anywhere to be seen or found. Even a Google search turns up nothing.

And that’s the ball game; they ain’t getting my personal information. You’d figure that a site that’s trying to encourage people to get out and exercise their civic duty would exercise a bit of its own…

Update: After an email interchange with James Hong, one of the founders of HotOrNot and VoteOrNot, a privacy policy is now in place at VoteOrNot that seems strong enough to make someone feel comfortable giving up personal info. James also let me know where to find the policy on the HotOrNot site — it’s in the tiny little scroll box on the page that lets you submit a picture for rating. Seems odd to hide it like that, but then again, it does say that they will “provide this personal information to third-party service providers who help us maintain our Service and deliver information and services to you and other users of our Service.”

giant cutter-thingy

No, really, this is the coolest machine I think I’ve ever seen. I really, really have to know what it’s used for (well, other than the obvious cutting-like things).

Update: Rafe, ever the diligent researcher, passed on this link showing that the behemoth is actually an excavator, and this Jamie Zawinski discussion thread in which someone linked to a Lego version of the thing. Awesome!

I’m in the midst of moving this site to another server; if you can see this message, you’re seeing the new site! Things should settle out in the next 24-36 hours, at which point I’ll start playing around with a bunch of the new Movable Type 3.1 stuff.