Major webapps driven by speech impediment

More proof that I should’ve done more Emacs hacking way back when…a couple of years-old articles on Paul Graham’s website (Beating the Averages and Carl de Marcken: Inside Orbitz reveal that a couple of high-profile web apps are driven by Lisp engines.
I’m a bit surprised that there’s not a massively tuned SQL engine driving Orbitz, but I should have known better. The flight search problem, though a computationally intense one, is pretty well bounded – you don’t need the flexibility of an ad-hoc query language, you need raw speed.
This also drives home the point that the cost-benefit crossover point between algorithmic improvments and more/faster hardware is pretty far to the right, by which I mean that when faced with a choice you had better spend the first pile of money on engineering time rather than bigger iron.

Google maps and the future of HTTP

By now you’ve probably seen Google Maps – I’m not sure when it debuted but I’ve seen multiple blog references in the past week or so. The service is certainly slicker than what I’ve seen on MapQuest or MapBlast, and I’m sure it will remain popular even after Google figures out how to monetize it. What really excites me about gmaps is not the map technology per se but how it’s delivered. I won’t go into the details here (jgwebber’s blog has a pretty good dissection) but it’s based on loading only the parts of the page that have changed. As Webber points out, the technique differs from Gmail’s mechanism, but the effect is the same. Instead of reloading the entire web page to perform an action, client-side logic retrieves data from the server and inserts it into the appropriate place in the page structure. This results in a much smoother user experience, not to mention reduced network traffic. This idea may not be original to Gmail but I don’t know of another mass-market app that uses it.
The approach isn’t without its drawbacks; it complicates the presentation layer and (potentially) introduces yet another stripe of browser-dependent code. But I think it’s a step in the right direction for web apps, especially those that deal with lots of complex relationships in persistent objects. I’m eager to apply the concept to a project so I can get more comfortable with the design implications.

DVD Case Inserts: Deskjet’s Revenge

To my ever-increasing chagrin, I’m not done with the “Andrew 2004” DVD project. These were supposed to be Christmas gifts, and now it looks as though they aren’t going to make the Valentine’s Day shipping deadline. I’ve overcome – actually, given up on correcting – a couple of audio flaws in one of the movies. The discs are burnt and labeled. But once again, I’ve been undone by the case inserts.
Last year I had a terrible time trying to get the printed image to align properly on the form. This year I switched to new software, figuring that even if I didn’t fix the alignment problem I would at least get away from the bizarre UI of the original package. It took a call to customer support (at least this new package has it!) but I did figure out what’s going on with the alignment. Evidently whatever coordinate system the printer uses doesn’t originate exactly at a corner, so in switching from portrait to landscape I had to recalibrate the software. I did so, and got good results. Final step: print a bunch of copies, stuff them into the DVD cases and make a triumphant (if somewhat belated) trip to the PO to send them on their various ways. Easy like pie!
Of course, this would be the perfect time for my printer to run out of ink, which it did. With six copies left to print. Sorry folks, but it looks like I’m not going to finish this week.

For Love or Money: the Graphing Calculator story

Ron Avitzur of Pacific Tech has posted the story of how PT’s Graphing Calculator application came to be part of the Mac standard software distribution. The idea of an inventor so seized by an idea that he realizes through sheer force of will is a fairly common one, but this is the first time that I’ve heard of someone sneaking into the company that let him go to make it happen.
Vectored from comp.risks, though Slashdot evidently covered the story last week.

RDP on SSH (doo dah, doo dah)

A colleague of mine recently showed me how to get Windows Remote Desktop working over an SSH tunnel. The instructions below assume that you have a target machine set up to accept remote desktop connections and a working SSH tunnel such as stunnel.

  1. On the client Windows XP machine, copy mstsc.exe and mstcax.dll from the WINDOWS\system32 directory to a new directory (like c:\rdp-ssh).
  2. Right-click the new copy of mstc.exe and chose Properties from the context menu. Click the Compatibility tab and check the Compatibility mode checkbox. Choose Windows 98/Windows Me from the Compatibility mode dropdown.
  3. Add port 3389 to your SSH tunnel, mapped to the remote desktop host on the destination side. (Re)start your SSH tunnel.
  4. Start c:\rdp-ssh\mstsc.exe and enter localhost as the hostname.

Windows requires the compatibility-mode change because the remote desktop client normally objects to connecting to localhost, thinking that there’s already a desktop session there.

Blogs gone fallow

So, I’ve not really blogged in almost a month. I come back to find a fresh crop of blog spam, so I finally plugged in mt-blacklist. That means if you leave a comment it won’t be posted immediately – shouldn’t be much of a problem considering the low volume.

DO NOT EAT YOUR iPOD

In the spirit of stupid product warnings, here’s an excerpt from the iTunes EULA:

THE APPLE SOFTWARE IS NOT INTENDED FOR USE IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL SYSTEMS, LIFE SUPPORT MACHINES OR OTHER EQUIPMENT IN WHICH THE FAILURE OF THE APPLE SOFTWARE COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE.

Maybe a holdover from their OS license, but pretty silly regardless.

Where spam comes from, part 379

So maybe there aren’t as many open SMTP relays as there were a couple of years ago, but somehow spam thrives. To get their product out, some spam kings have evidently resorted to hijacking web email-contact pages, or so I’ve concluded from the contents of the jls.cx HTTP logs. Here’s some sample statistics for 404 (page not found) errors:

URL Error Hits
/cgi-bin/formmail.pl 42
/cgi-bin/contact.cgi 26
/cgi-bin/formmail.cgi 23

Straight from the log, here’s evidence of one of the more brain-dead attempts:

198.104.144.39 - - [19/Aug/2004:12:58:53 -0600] "GET /cgi-bin/formmail.pl?email=rockstar@mail.com
&subject=www.jls.cx/cgi-bin/formmail.pl&message=rockstar&recipient=blesss@aol.com[...]

Basically, somebody’s out there trolling for a web page that will automatically send email. In this case, the troller was dumb enough to use GET, which logs all of the details of the request and thus leaves fingerprints all over the log. Most of the other attempts use POST, which hides the details from the log.
Anyway, if you’ve got a mail script page that allows unauthenticated sending of mail, take it down please. The Internet isn’t as nice as it used to be.