I’ve been interested in the micropayments space for quite a while. The web is full of content that is great and helpful, but the barriers to actually paying for it are pretty high. Using something like PayPal, as many sites do, is problematic because PayPal’s fees are high, and it takes a LOT of clicks (and typing) to make the donation.

My feeling has been that what we need is a company that lets you put a few dollars in an account, and then with a few clicks, donate a few cents to whatever you’re interested in supporting. It appears, however, that someone has likely beaten me to the punch, at least potentially. Flattr is a recently released project based out of Sweden, which takes this Micropayments problem and makes it dead simple for the end user.

How does Flattr work? You begin by setting up a Flattr account, at this time either by requesting an invite or getting an invite code from a friend. Then, you seed your Flattr account with funds, it’s worth doing several months at a time to avoid being too heavily dinged on processing fees. Choose how much money you want to give per month, from €2 to €100. From there, you just keep an eye out for “Flattr This” buttons, which you can see at the bottom of this post (and every post on my blog), or in my sidebar. Your monthly Flattr budget will be split evenly among everything that you’ve Flattred.

If you’re a content provider, then Flattr does require that you Flattr things every month in order to qualify to earn any revenue, which I see as being more of a way to seed the system. However, I don’t see it as a big problem, you should always be able to find something to Flattr. If there is a weakness to Flattr right now, it’s that the Beta status, and particularly the slow ramp up of the invite system, weakens Flattr’s ability to reach critical mass and usefulness. I’ve put Flattr up on my blog on hopes of earning even a small amount of revenue (my goal is to make my blog at least pay it’s own expenses), however, I suspect most of my readers have never heard of Flattr, but even now, having read about it, that doesn’t make it trivial for you to sign up and begin using Flattr.

Some people I’ve spoken to about Flattr feel that the equal disbursement Flattr does every month isn’t ideal, they want to be able to add ‘weight’ to their Flattr’s, giving some people more than others each month. Frankly, I think that overcomplicates the problem (Flattr only allows you to Flattr something once per month, that something can be a Blog or an individual entry. Flattring an entry doesn’t preclude you from Flattring another entry or the blog however). The beauty of Flattr is that you just don’t need to think about what you’re donating. I’ve allocated €2 per month for the time being, and if I want to Flattr something, I don’t need to decide how much to give. It’s a one-click process, requiring no more thought than ‘That was awesome, I want to donate to that.’ It’s this unthinking simplicity, and the ease of budgeting the static amount per month, that makes Flattr appealing to most users.

That said, I don’t think that Flattr is the end of the story of Micropayments on the web. It seems great for many uses, but I think there is room for those more…thoughtful…disbursements where you do want to decide how much to donate. However, I think Flattr has a lot of potential, and I sincerely hope that they can continue to grow and thrive.

The Electronic Frontier Foundation is again doing a fund drive trying to bring in more money. This time, however, they’re running a little contest. Whoever raises the most money for the EFF by June 30, 2010, will win two tickets to Defcon 18 this summer.

I’m a supporter of the EFF, because they work hard to protect rights that are important to me. I’m a blogger and a coder. I have interest in [maintaining fair Copyright], avoiding draconian surveillance, and fighting against the abuse of patents.

I’m not going to claim the EFF is perfect, but their work is mostly centered around ensuring that we use our technology for freedom instead of having it used against us, and issue deeply personal to me. Plus, I’ve always been heavily into information security, and would love to attend Defcon.

I would immensely appreciate if you, my reader, would be willing to donate even a few dollars to support the EFF, and potentially get me a trip to Defcon this year. Even if I don’t win, the work the EFF will be able to do with even a small donation is important, and your tax-deductible donation would be a great help.

As has been all over the web, Gizmodo paid an unnamed source $5000 to get their hands on a prototype iPhone that an engineer had left at a bar six weeks or so ago. The source had apparently tried to contact Apple several times to return the phone, and Apple had remotely killed the phone almost immediately after it had gone missing. Since then, a lot of people have comedown hard on Gizmodo, and their parent company, Gawker Media, for “Checkbook Journalism”.

First off, I don’t think that Gawker did anything wrong, per se. They saw an opportunity to get a story, and they did what it took to get that story. Unfortunately for Gawker, the incident happened in California.

Why’s that a problem? Well, in the State of California, taking possession of lost property, is the same thing as stealing it. Fucking ridiculous.

Admittedly, in the State of Washington, you could be accused of theft if you didn’t make due diligence to return the goods. In California, you are legally required to turn the goods over to the Police for a period of time, in Washington I don’t see any such requirement, but I’m possibly missing something.

One this is clear. Gizmodo hasn’t broken trade secrets law. The moment the new iPhone left Apple’s property, even if it was disguised, Trade Secret protection vanished. However, Gizmodo did quite clearly under my understanding of California statutes regarding theft take possession of stolen property, and given the ridiculous sum they paid for it, they knew what they were doing. No way Gawker would have cut a $5,000 check if they didn’t think it was a legitimate scoop. For that reason alone, Gawker could be in pretty bad legal trouble if Apple chooses to press charges.

Which they have. On Friday, California’s Computer Task Force, REACT, searched Giz Editor Jason Chen’s house, taking possession of every computer and storage device they could find. Kicked in his front door to serve it, since he and his wife were out to dinner at the time.

Now, it’s entirely possible this was an illegal search and seizure, because of Chen’s status as a journalist and the fact that his home was his office. Of course, as the story above points out, that may not be a valid argument, but it would be intersting if all the evidence that has been collected is non-admissable.

This is a story to watch. Surely, Gizmodo’s behaviour was pure douchebaggery, but Apple builds such a mystique with their privacy, that it’s little surprise that Gawker (or someone else) would go through this sort of trouble. Frankly, I don’t think things are going to go well for Gawker Media on this one. Apple’s pissed, and California law seems to be on their side. However, I do think Gawker and Gizmodo will be able to use this situation to further bloody Apple’s nose with bad PR. And that’s where the fallout from this is going to be most interesting.

It’s time for one of my rare Wednesday Meme posts! Yeah…I know.

On Planet Ubuntu the last few days, people have been taking the Nerd Test and posting their results. I was curious, so I gave it a shot.

Now, at the time I did this, everyone was only posting scores in the 60s and 70s, so I felt I had to verify on the newer Nerd Test 2.

I knew I was a nerd, but I didn’t think the number would be quite this high…

Earlier this month, as you’ve likely already heard, a panel of Federal Appeals Court Judges issued a decision in favor of Comcast, ruling against Net Neutrality. For now, Comcast (of whom I am not, but my parents (and sisters) are, a subscriber), has promised not to modify their existing network policies that are meant to only throttle ‘heavy’ users (I don’t think they’ve provided a solid definition of ‘heavy’). While the FCC still wants to regulate Broadband, and is in favor of Net Neutrality, this decision stands to set legal precedence crippling the FCC’s ability to do that.

Why is this important? Because currently in the US, Broadband infrastructure is largely controlled by classic media companies, usually Cable providers, who still view the Cable TV business as their primary source of income. However, media consumption patterns are changing dramatically. I watch virtually no television anymore that isn’t time-shifted (there are two reasons my wife and I have Cable TV at this point: 1. A few shows aren’t available for online streaming (MythBusters mainly), or aren’t available in a timely fashion (South Park). 2. My wife likes to turn on MTV or VH1 for Reality TV background noise to relax or when doing other things), I DVR much of what I do watch, or I stream it on Hulu, if possible. For a very small amount of content (primarily BBC shows that don’t come to the US for months, and then tend to be cut up to 15 minutes shorter. I’d pay for iPlayer access, if you’d let me BBC) I will acquire copies through other means, however, I prefer to stream, since it provides at least some advertising revenue for the content producers. That has another set of problems, but I’ve addressed them before.

And that’s ignoring the made-for-the-Internet content I watch. Like Revision3, or The Guild, or my beloved Dr. Horrible. This is content that was made for the Internet as it’s distribution mechanism. Much of it is content that would never make it to more traditional media platforms, which is a shame because much of it is pretty fantastic. With Net Neutrality rules in place, we have a huge potential for a renaissance of media. Without it…well, it’s going to be difficult to move forward.

Generally speaking, I believe that government intervention in business is a bad thing. My problem with the recent health care reform bill (ignoring the fact that it displays a complete lack of understanding of the reality of the high cost of health care in this country), was that I don’t believe the government can possibly be as efficient as private industry. As a state employee, I see countless signs of governmental inefficiency on a daily basis. However, there are places (and admittedly, Health Care could be one of these places) where regulation is warranted. There is a huge amount of regulation over utilities (electrical, water, etc), and other scare resources (RF Spectrum, ie, why the FCC exists in the first place). And that’s important.

I’m of the opinion that we need to begin treating bandwidth as a governmentally-regulated utility, akin to electrical and phone service in the US. This has it’s weaknessed, a lot of electrical companies are struggling because electrical rates on the open market have climbed faster than their ability to raise prices to compensate (incidentally, an event caused by loosing government regulation), however, it does help ensure that important services remain available and affordable. Not that Internet access is more important that electricity (though my father, who works as a bill collecter for a power utility has had people pay their cable bills before their power bills on occasion), but lack of affordable bandwidth is going to become an issue.

Perhaps we need formal legislation to empower the FCC to enforce network neutrality. Perhaps the states could take the lead and begin enforcing this within their own borders first (which my anti-Federalist leanings would love to see). At the end of the day, we’re struggling. Our largest bandwidth providers are also content providers, and their interest is going to fall in line to protect that business, even as the Internet evolves around them.

Recently, Google’s CEO Eric Schmidt made the all to common claim that the only people who need to worry about privacy, are those who are doing something wrong. This is something I’ve heard all to often, and I’ve made it a point to have people who do say it to me read Cory Doctorow’s novel, Little Brother.

So, to Mr. Eric Schmidt: Fuck you. Privacy is immensely important to anyone who has anything to lose, and we all have something to lose.

Admittedly, we sacrifice privacy all the time for convenience. Every time we make a web search, our IP is stored with that search for some (usually undisclosed) amount of time. When we store our e-mail on an external server (Yahoo! Mail or GMail), we let the provider scan the e-mail for all sorts of purposes, from spam filtering to advertising.

And, by entrusting this information to third parties, we empower them to turn over our information when required, say by a subpeona or a PATRIOT Act request. Ultimately, it’s hard for me to blame Google, since their hoarding of this information is covered in their terms of service (which most people don’t read), and some of that information is necessary for them to do their jobs, and to provide the level of service that they do.

The problems with Google’s statements however, the fact that they don’t view being the stewards of our data as a responsibility (not just not to lose it, but to keep it safe). The fact that they don’t even address that users should be aware of the implications of putting all this information online.

And it’s not just Google. Facebook is another huge offender in this respect. The Huffington Post this week had a story cataloging amazing Facebook faux pas, from kids finding out about parent’s divorces by a Facebook status update, to complaining about and insulting their boss (who happened to be a Facebook friend). And yes, recently Facebook took some steps to revise their Privacy settings, but in many ways they’ve made things worse for their users, making the defaults such that user’s are likely to reveal more not less.

While the biggest threat to personal privacy is the ignorance of the users, who often don’t think about how much information they’re providing, these major service companies that try to integrate into nearly every aspect of a user’s life need a more enlightened attitude toward protecting that data. If you want to support a group working to push these sorts of issues forward, consider joining the EFF. I made my first donation this year, and I plan to make it annual.

Mattt Thompson recently released this really cool jQuery script called Chroma-Hash, which visualizes a user’s password as they type it as a series of colored bars. The idea is that this will allow a user to see when their password is wrong, rather than simply submitting the form, and hoping for the best.

In light of recent discussions on the internet, which Bruce Schneier covers very well on his blog. Keeping track of passwords is hard, and typing in strong password, and knowing you’ve done it correctly, is difficult when masking in enabled. But, there are good security reasons.

Read Schneier’s posts, and the source material. The basics of the issue is that, if password masking does nothing else, it reminds the user that, “Hey! This is secure information!!!” But, also, typing is passwords is hard, and it’s really frustrating when you get it wrong. Chroma-Hash is an interesting experiment at solving this problem, by keeping the password hidden, while still providing visual feedback about what it is.

Mattt posted an example on his github page, and shared the source, but his blog post above talks the most about the current implementations limitations. That it uses MD5 (known to be weak to certain classes of crypto-attacks), and theoretically, someone watching someone put in their password could try to reverse engineer a password based on the characters that are being entered. These attacks are, in my opinion, extremely unlikely, but it is something to keep in mind.

Thompson mentions some potential improvements to the method, such as using SHA-1 instead of MD5 (given that the MD5 code is about 7k of the 9k of JavaScript, I don’t think it’s worth it, at least not without being able to include the hashing algorithm externally), or salting the input, or a few other things. My plan, as it stands, is to keep pace with Mattt’s repository, so that the YUI3 version will be functionally identical to the jQuery version.

The YUI3 version is up on github now, and I put up a YUI3 example page as well.

As an aside, while my YUI3 implementation is a tiny bit tighter than Mattt’s jQuery one, the difference in library size is really impressive. It looks like YUI3’s loader is able to load about 25k less worth of library script than jQuery. I’ve really got to commend the YUI team on how well they’ve been able to keep file weight down, as well how great the loader does at loading no more than is strictly needed.

As I work on refreshing our primary suite of web-applications on top of modern web-technology, I’m trying to replace our existing table-based form layouts with a more descriptive layout based on fieldsets. However, I’m having a hell of a time with Internet Explorer (I’ve been testing in 7 and 8, though I’m sure 6 has these issues, but luckily, most of our users are on at least IE7 by now).

First big issue, is that IE doesn’t render the CSS for Legends correctly. This has been documented before, but I have a few extra takes on it. One of the things I’m trying to do with my fieldsets, is have one large banner along the top, but no other borders. The CSS looks like this:

fieldset.ronetForm 
{
    border: none;
    border-top: solid 30px #d9e1e8;
    width: 99%;
}

fieldset.ronetForm legend 
{
    background-color: #d9e1e8;
    font-weight: bold;
    text-align: left;
    vertical-align: middle;
    line-height: 30px;
    padding: 0px 5px 0px 5px;
    border: solid 0px #d9e1e8;
}

This will result in a 30 pixel medium gray border along the top that the legend (fieldset title) will sit in cleanly. Here is what it renders like:

• Firefox -
• IE 7 -
• IE 8 -

My favorite part is that the code renders better in IE7 mode than IE8 mode. In order to get the fieldset to render the same in IE7 and IE8, I had to modify the CSS for this:

fieldset.ronetForm 
{
    border: none;
    border-top: solid 30px #d9e1e8;
    width: 99%;
}

fieldset.ronetForm legend 
{
    background-color: #d9e1e8;
    font-weight: bold;
    text-align: left;
    vertical-align: middle;
    line-height: 30px;
    margin: -30px 0px 0px 0px;
    *margin-top: 0px;
    padding: 0px 5px 0px 5px;
    border: solid 0px #d9e1e8;
}

html:not([dummy]) fieldset.ronetForm legend
{
    margin-top: 0px;
}

First, I move the top-margin on the legend up 30 pixels, then reset it using the ‘star’ hack for IE7 and below, and then use the html:not hack (which works for all non-IE browsers I’ve tested) to reset the margin for non IE browsers. One-hundred and twenty bytes added because of a rendering bug. Awesome. What’s worse, there is no way to get rid of the white border between the fieldset’s border and the legend. At least, not that I can find. If anyone has a solution to this, I’d really appreciate it. For now, I’m probably going to have to do special styling for IE, because those white margins are really distracting.

There is, however, another issue I’ve run into with IE and how it handles fieldsets. In my JavaScript, I periodically want to put a paragraph at the top of a fieldset. For fieldsets, the W3C standard does require that the legend be the first non-text dom child of the fieldset. This is a little silly, because this is valid HTML 4.01 Strict:

<fieldset>
 Text in Fieldset
 <legend>Title of Fieldset</legend>
 <p>Content of fieldset</p>
</fieldset>

But this is not:

<fieldset>
 <p>Text in Fieldset</p>
 <legend>Title of Fieldset</legend>
 <p>Content of fieldset</p>
</fieldset>

I’m pretty sure this is to allow for the whitespace text elements that the DOM insists on adding between nodes if you have any formatting in your document, which incidentally is one place where I completely agree with IE breaking away from the standard. I don’t need whitespace only DOM nodes all over my DOM.

But! How is this rendered?

• Firefox -
• IE 7/8 -

So, since it occurs before the Legend, IE puts it outside the legend, and Firefox (and WebKit and Opera) all put it inside the legend. Now, this is non-compliant HTML. So, the browser is entering a failure mode to render it, so it’s hard to say that what Internet Explorer is doing here is wrong. However, when the browser enters a failure mode, I would generally expect the browser to try to do what I intended, even if I was doing the wrong thing, so I would say that IE does the incorrect thing here. Honestly, I think that HTML 5 should be relaxed to allow the legend tag to occur later in the DOM, but currently the spec calls for the legend before any flow content.

As I said, I ran into this problem while working on JavaScript. I was trying to use YUI3’s Node utility to prepend my newly created paragaph to the fieldset in question. A more complete version of this can be viewed in this gist.

Y.get('#test_element').prepend('<p>This is new content.</p>');

As demonstrated above, in IE, this is going to render outside the fieldset, not what I intended. So, I had to use the insert command. Incidentally, the insert call does not work quite as documented. I’m reporting it as a bug, and will likely hack together the support, but anyway, I can do exactly what I want as the tool stands.

Y.get('#test_element legend').insert('<p>This is new content.</p>', 'after');

Fieldsets are a tricky situation. Their use is more semantic, and they can create some nice form layouts when used and styled correctly, but Internet Explorer’s rendering of them has so many problems, which IE8 either failed to fix or actually made worse. I still recommend using fieldsets, though what you’re capable of doing stylistically is a lot more limited than it should be. With any luck, this issue will be addressed by Microsoft before the next release of Internet Explorer.

The last couple of weeks have featured some really excellent videos from Yahoo!’s Nate Koechley on Semantic HTML and Unobtrusive JavaScript. One was at MIX in Vegas, a Microsoft conference, but the other was at Yahoo!, and has been put on YUI Theater. I’ve gone ahead and embedded the video below.

Utlimately, I’ve always been a fan of semantic HTML. Was I not simply using default templates for this blog, I’d have strived to do them in a semantic fashion. I am working on this upgrade, but other things have taken their priority. However, in the code that I design, I strive for a meaningful layout and semantic accuracy. It probably helps that with my recent return to MUDding, and therefore to hanging out online with Blind-folks, the ability of the Semantic Web to aid Screen Readers is more apparent to me.

This video was nothing I’d never seen from Yahoo!, but it underscores part of why I’m so in love with Yahoo!’s attitude toward the web. The feeling that you always need to offer some experience, even if it’s not the prettiest experience, is a powerful one particular when paired with the principle of Progressive Enhancement. Now, admittedly, there are other companies that also follow this tenet, but I know of plenty of websites, including those I use regularly, that simply won’t function without JavaScript (and fairly modern JavaScript at that), and I’m unsure how they function for the blind.

It’s an interesting choice, to choose not to support a given demographic for whatever reason, and while I fully support people’s ability to do so, I also believe it’s not terribly difficult to simply do things in a standards compliant and semantic fashion, which can certainly ease the process of offering more universal support.

There is one place where my benevolence doesn’t extend however. Recently, Washington State University re-did their homepage, which I think is a major improvement. The flash-object in the center of the screen is dynamically loaded at runtime using the swfobject library to detect flash, and provide good content even if Flash isn’t available. I’ve been working on a JavaScript widget that would support my video embeds more cleanly on this blog using swfobject, but again, other things…

This did raise the ire of a web developer or two on campus who had installed flash-blocking add-ons into Firefox. The issue is that SwfObject detected that Flash was available, but the Extension stepped in and prevented the flash from loading, replacing the nice noscript/noflash version of the page with ugly ‘click here to play flash’ mechanisms. My argument, and the opinion held by the head of the team that designed the site, is that people who’ve chosen to handicap their web browsers in this sort of way (which isn’t to say there aren’t reasons you’d want to), can deal with the consequences of such decisions. Ideally, these extensions would provide some mechanism to detect their presence, and if they’d object to Flash being loaded (given that most of these extensions allow whitelisting), but until such a time as that happens, I believe the implementation we have is the best we can. However, I am open to suggestions.

As I no doubt suspect a few people other than myself noted last week, my site was basically completely down for the last week. This was, to say the least, incredibly inconvenient, since I was without e-mail, unable to post to this blog, among other things.

My hosting is currently through MJZ Hosting, a very small company with pretty amazingly low rates. I’m paying less than a dollar a week for 1 GiB of storage and 30 GiB of traffic every month. An extra five dollars a year, grants me SSH access. I have as many Databases as I want. As many subdomains as I want. And as many e-mail addresses I want. It’s an amazing deal. And it works.

Most of the time.

Apparently, the story is that Matthew, the owner of MJZ Hosting, has been in the hospital for a few weeks (I share this, because he did). While he had people who should have been able to reboot the server, they were apparently completely incommunicado all last week, costing Matt several customers. Now, I’ve not left MJZ Hosting yet. But, I did have a potential client that had tried to contact me last week. While I don’t expect that bridge to have been burnt, it was still a bit of a wake-up call.

My website has been up somewhere around 99.9% of the time since I started hosting it with MJZ back around 2004. This is more than acceptable to me, when the downtime is spread out, but this last week has left me questioning whether I’m going to be continuing with MJZ when my contract is up in a few months. On the one hand, reliability is important, particularly when I’m beholden to someone else (even if they have been really good to me over the years), so I’m going to at least be considering other options.

In the meantime, I’m going to pick up where I left off. With roughly four posts a week, of things that I hope my readership finds useful and interesting. With any luck, we won’t see any more substantial downtime.