A Blog.

In software, you wind up spending most of your time solving easy problems. Problems that have been solved before and, thanks to Google, have solutions available in an instant. Thousands of well-defined, no-risk, completely solvable problems.

Virtually everything having to do with a user interface, if you’ve seen it done before, is “easy.” Gmail has a drag-and-drop attachment feature, so clearly that problem has been solved. Facebook has a live-scrolling ticker of events – piece of cake, just do what they did. Also, anything that has an open source solution is easy. Thank you Solr/Lucene, search is easy. Thank you Hadoop, doing computations on huge datasets is easy. Thank you Ruby on Rails, building complete websites can be done in 15 minutes.

I actually do think all of these things are easy, to the extent that “easy” means you’re going to be able to solve them without needing to hire an expert and you won’t need to dust off your old Algorithms textbook at any point in the process. But there are a few things “easy” doesn’t mean:

Easy != Fast

Just because you know how to do it, that doesn’t mean it can be done quickly. We all know how to mow a lawn. Can you do 10 acres in 5 minutes?

Depending on the problem you’re solving, usually one of two reasons explains why Easy != Fast

1. The problem is clear, but tedious to solve

Building a sign-up form is simple – some text boxes, and a submit button. Of course, what sign-up form would be complete without validation, autocompletion/correction, tooltips, markers for optional/required, anti-bot/spam protection… and each of those things is easy too, but you’ve just got a lot of lawn to mow. (photo from: smashing magazine)

2. The problem is solved by a 3rd party tool, and it’s got it’s own… problems

Solr does, in fact, make it very easy to build a search engine that produces fast, relevant results. Now, bone up on schema.xml, db-data-config.xml, the various query parsers and their associated syntaxes, then review what the best/current libraries are for whatever language you’re using. It’s true, you don’t have to write any algorithms. You’ve also saved yourself time over building this thing from scratch – no question. But, you’re still about to spend a considerable amount of time on this.

Easy != Well Defined

There are still the fundamentals of software engineering at play. The example of the registration form above was also partially an tale of vague requirements.

“We want a sign up form just like foo.com has” is the easiest way to spec a feature – you just point to something else and say “do it like that.” Even though that may seem less vague than “we want a sign up form”, unless you truly understand the thing you’re referring to you may have accidentally added more requirements than you meant to. Did you notice the foo.com has a live, password strength calculation and doesn’t let you sign up unless the password is strong enough? Did your developer just lose a few hours researching the best plugins/schemes for that, then implementing them, all to build something you didn’t actually need?

Easy == Solved, but what does Solved mean?

Google makes billions of dollars on CPC ads. Paypal makes billions of dollars in processing payments. They each have plenty of competitors doing the same things, so the technologies behind processing CPC ads and sending payments are surely mature, and these are cases of solved problems.

But how much time and effort do these companies spend fighting fraud every day? Google has an Ad Traffic Quality team. Paypal has a Fraud Investigation Team.

Sometimes a solved problem only looks that way because there is a metric ton of ongoing work making it appear that way.

Want to know why Nordstrom has beautiful, consistent photography of all of their products on their shopping pages, with the ability to zoom in on, and see a product at multiple angles? Solved problem: simply unbox every single thing you sell and photograph it the exact same way from the exact same angles. After that little exercise, adding a zoom feature is pretty straightforward.

Piece of Cake

I don’t object to using the word “easy” in software. It’s useful to acknowledge that something has minimal technical risk. But, be careful when it creeps into discussions about scheduling or operations. Time is not measured in units of difficulty.

In the last 2 weeks, I’ve noticed on several occasions I’ve thought I’d sent mail only to find it sitting as a “Draft” in Gmail. I began to think there was a horrible bug in Gmail and was having flashbacks to the days of figuring out why Outlook would leave mail stuck in your outbox.

Today I figured it out. It’s the scrollbars.

When you start replying to the message, assuming you scroll down a little into the body (which I seem to do often on my laptop’s screen, but less often on a desktop screen) the “send” button scrolls off. But, it’s not obvious that you’ve lost the send button, because there is still a top row of buttons. I wind up, subconsciously, clicking the “back arrow” button as the closest thing to “send” or “reply.”

If the scrollbars were the traditional browser-standard ones, it would be obvious to me that I’m in a frame that had scrolled down. For example, it’s obvious inside the message pane itself. As it stands now, I don’t even notice that a row of buttons has scrolled off of the page, since only part of the page is scrolling, and it’s doing so very subtly.

Windows has always made it very easy to see what your CPU is doing, and how much memory you’re using, via Task Manager. However, the bottleneck in many cases is disk I/O, and it’s not nearly as obvious. Though you could add additional I/O-related columns in the task manager process list, I/O isn’t summarized in a graphical form. Windows Resource Monitor does it though, and it’s actually a click away once you’re in Task Manager:

If you fire it up, the UI is oriented around the resource you’re looking to monitor – CPU, Memory, Disk, and Network. The Disk panel has graphs of Disk Queue Length, which you’ll recognize if you’ve used Perfmon before as one of the most useful counters for spotting I/O bottlenecks:

After discovering it, I dropped a second drive in my machine to do builds on. There is still a lot of activity on the C: drive that I’ve yet to pick through, but moving the builds to a different drive has made a noticeable difference in the responsiveness of my system while the compiler is running.

No one probably wants to read this, but I couldn’t find the full end-to-end walkthrough on the internet, so I figured it should be there. Here are the steps (please suggest a faster way if you know of one!):

1. Export the Certificate using the MMC Snap In Tool (instructions found here but summarized below.

There are a bunch of ways to export a certificate, each of which misses various parts that you’ll need. This makes sure you get the cert chain and the private key:

1. Start > Run type in “MMC” and click OK
2. Go into the File Tab > select Add/Remove Snap-in
3. Click on Certificates and click on Add.
4. Select Computer Account > Click Next
5. Select Local Computer > Click Finish
6. Click OK to close the Add/Remove Snap-in window.
7. Double click on Certificates (Local Computer) in the center window.
8. Double click on the Personal folder, and then on Certificates.
9. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
10. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
11. Choose to ‘Yes, export the private key’
12. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
13. Enter a password you will remember
14. Choose to save file on a set location
15. Finish

2. Convert the binary pfx file into a .pem file with openssl (tip here, but reproduced below)
openssl pkcs12 -in publicAndprivate.pfx -out publicAndprivate.pem

3. Strip the password out of your private key
openssl rsa -in publicAndprivate.pem -out private.pem

4. Put the password-less private key into your .pem file
Open your “publicAndprivate.pem” file, and replace the private key section (marked with —–BEGIN RSA PRIVATE KEY—–) with the contents of your private.pem file.

That new file now has your cert, and password-less private key for uploading into a Coyote box. There may be a faster way (openssl may have a different combination of flags) but that did it for me.

If you develop Facebook applications, or have a website you’d like to integrate with Facebook connect, you have undoubtedly seen at least some of the videos from the F8 Conference this weekend. By and large, I found the announcements impressive, the technology decisions smart, and the overall direction of the platform to be very exciting. Plenty of stories have been written about these initiatives and the impact they’ll have on the internet at large.

But, here’s a story that I haven’t seen written (or at least, hasn’t bubbled up in Hacker News): a lot of this stuff doesn’t actually work. All of the developers must know this. The forums have been down since launch. In some of the talks they admitted that although these features are live right now, they are not yet documented (ie. you can’t use them). And, there’s my favorite: they released the Like button for the web… which works everywhere except on Facebook.

The Like Button

With the announcement of the social plugins, I was immediately interested in getting the Like button up and running. This was, after all “just one line of HTML” per the presentations, so it should have been brain-dead simple. For the Like button (just one part of the Social Plugins inititative which is just one part of the overall announcements) I encountered the following interesting things:

1. It was live on CNN.com… sometimes. Various times throughout the last few days the button was there, then it was broken and had an error screen where the people’s faces would be.
2. If you use Facebook Connect already, you’re going to have to upgrade to the latest libraries to make use of the Like button. Not only is this upgrade undocumented, but where you used to find documentation for the old version, you now get redirected to the new documentation home page. So, even if you wanted to see how things used to work, you need to do some digging.
   This search result, which used to take you to the documentation for this method, now redirects you to the home page of the new documentation.
   You will eventually find that the new library has not reached feature-parity with the old one, and some of the features you used to rely on have not yet been implemented.
3. The Like button itself does not work on Facebook applications. If you write a facebook app, or want to put some FBML on a Boxes tab, etc… the Like button does not work there. <fb:like /> produces nothing.

Facepile

I thought the Facepile plugin made for a great pitch. Imagine going to a site and seeing your friends who are on it before you even sign up! A great way to increase conversions. The problem is, again, that it doesn’t actually work.

The Facebook developer forums were up earlier in the week, just after F8, but very few people could log into them. There were literally a handful of posts in the entire forum about all the new features that had just gone live. There was, if I recall, only one thread on Facepille. First post was that it didn’t work, and there were a few responses that were effectively “+1“.

Facebook Connect

Log in to sites around the web with your Facebook password. Pretty handy when it works – one less password to remember. When it doesn’t work? Pretty disastrous. Facebook Connect was up-and-down regularly throughout the last few days. It didn’t even work on the Facebook forums. Most of us were locked out (they had a backup signin mechanism, but that wasn’t working either). Just remember if you’re going to build a site and support Facebook Connect, having it as your sole authentication provider is a bad decision. Consider it a nice-to-have that might ease the friction of people signing up, but this is not a 99% SLA uptime universal login system.

Fixes Coming Soon?

I’m sure Facebook will get all of this cleaned up in time, I’m just surprised the degree to which they’ve been allowed to skate for 5 days without seeing stories pop up. When popular software companies put out sub-par products, the media slaughters them. The most popular site on the web is getting a pass.

I had seen a screenshot of this on imagechan and assumed it was fake. I just tried it, and indeed it is real:

I had never heard of this before, but if you’re looking for the equivalent of perfmon on your Mac, or trying to troubleshoot a misbehaving process, they have a sharp-looking GUI tool to help with it called Instruments.

http://getexceptional.codeplex.com/

This release adds the ability to use the plugin as an HTTP Module, so it will automatically report all unhandled exceptions without requiring any additional code – just one line of configuration in web.config.

Sucks-Rocks is a neat site which does a basic web search for the term(s) you specify, and tells you if the things people say about it are generally positive (ex. “X rocks”, “X is sweet”) or negative (ex. “X sucks”, “X is lame”).

I was curious on what people thought of Netbooks, since my feeling is that they’re pretty useless.

Interestingly, the search results for “netbook” and “netbooks” are completely different. “Netbook” is highly rated (9.6) and “Netbooks” is not (5.6). I assume this is because when people use the singular form, they’re talking about a Netbook they own (ex. “My netbook rocks”) vs. the plural which is from bloggers like me who’ve never used one (ex. “Netbooks suck”).

That makes me curious as to whether or not people find them useful after buying one. Or alternatively, if the results are being skewed by people who generally commend the thing they’ve dropped a few hundred bucks on so they don’t feel so bad. That phenomenon is part of what makes high-end electronics reviews so hard to interpret. It’s tough for someone who just spend $3k on a plasma TV go online and say the picture is “just ok.”

Now that Dodgeball is gone, here’s a short guide on how you can replicate the Dodgeball experience in BrightKite.

Friendship

The notion of friendship is more complicated than Dodgeball’s. First, in order for people to see your exact location, you’ll need to make them a trusted friend. Also, how you receive their checkins and posts is configurable on a friend-by-friend basis. If you want to receive all checkins from all friends via SMS, you’ll need to choose “Edit Friendship” for each user and set that. So, in short:

1. Make each of your friends “trusted”
2. Choose to receive their posts and checkins via SMS

Strangers

There are a bunch of features that deal with meeting new people, and being alerted when other BrightKite users are in your vicinity. This is configurable under Account Settings -> Notifications -> Nearby Notifications. You can theoretically use this single area to control notifications from all of your friends, but because it’s location-centric (“only let me know when people check in within x kilometers from me”) the only way to replicate Dodgeball’s behavior is to configure your friends on a user-by-user basis, above. So, that’s how I do it.

SMS

They have very similar SMS commands to Dodgeball, including the @ notation for checking in and ! notation for posts (nearest equivalent to the Dodgeball “shout out”).

Locations

The way they do locations (ex. @viceroy) is similar to how Dodgeball did it in the old days – that is, they validate that they know the location you’re requesting in a database before allowing the checkin. You can create custom-named places (called “placemarks”) like this: search on their site for the thing you want to check in to, by address (ex. “1501 Pike Pl Seattle, WA 98101″) on the resulting page you’ll be able to add that address as a Placemark and give it a friendly name (ex. “Pike Place Market”). When you’re out somewhere you can also type “MARK friendlyname” to create a placemark for your current location. I think those methods only create a placemark for you but they have a hack for creating public placemarks as well.

Cool New Features

It had a few things dodgeball didn’t…

• You can define a “Quiet Time” when you don’t want to receive SMSs… good if you have friends who check in at the airport at 7am.
• Rather than having everyone check in at the same place, on person can checkin and the others can just text “JOIN username” to replicate their checkin.
• It has a full iPhone app that’s pretty sharp
• You can add pictures to your checkin, which go into the friendstream and also, optionally, can be sent to flickr.

Why not…

• …Google Latitude? They currently don’t support iPhones, nor (to my knowledge) do they offer a basic SMS interface for people with older phones.
• …Twitter? It’s not location-centric and your posts go to everyone who follows you.
• …Loopt? Was, at least for a while, very iPhone-centric. It looks like it’s on more phones now though. I just haven’t heard much about it recently. Also, when I was using it the model seemed a bit different. You didn’t “check in” so much as you opened it and it broadcasted your location. There were options to post messages though.
• …FourSquare, from the creators of Dodgeball? We’ll see what it’s about when it’s released, hopefully soon.