Category Archives: techie

A Fancy Business Model

If you read the tech news, you’ll see a number of headlines about Apple considering an acquisition of The Fancy.

This site has a particularly interesting marketplace business that I haven’t seen covered in the press… but if you Google “buy button” and scope it to “thefancy.com” you’ll see some interesting results. Namely: comment after comment from users stating that the item they wind up buying is not the one pictured (and this is just from searching “buy button” – there are undoubtedly many forms this complaint could take.)

The model goes something like this:

  1. Someone posts something they like (they “fancy”)
  2. Other users are given the option to offer it for sale.
  3. If accepted, the product appears for sale, complete with an “Add to Cart” button.

It’s a simple system. The problem is, the item that you’re buying isn’t always the item that’s pictured. The Fancy knows this, based on the small wording at the top (red underline added by me):

But, overall it’s presented as if you’re buying what’s pictured – and people do.

This particular example is no longer marked as buyable on The Fancy site, but I clicked through a few of the results of the previous Google search, and several of them still are.

Full disclosure: I work in the social shopping space. But, we have never really explored this model.

Covariance and Contravariance

The concept of covariance and contravariance is fairly straightforward for basic datatypes, but it gets a lot less intuitive when you start dealing with generic collections. I recently, finally, got my head around it.

Here are some simple cases with simple classes in C# (for brevity, I’m leaving out the rules for basic datatypes). A covariant conversion is when you convert from a derived class to a class that it inherits from. It requires no casting and makes logical sense:
string foo = "foo";
object o = foo; //you can assign an string to an object

A contravariant conversion is the opposite, and assignment requires a cast (which could throw an exception if it can’t be converted):
object foo = "foo";
string s = (string)foo;

Enter Collections

Though it’s obvious that you can convert a string into an object, shouldn’t you also be able to do this?
var strings = new List<string>();
List<object> objects = strings;

The short answer is no. Though converting from string to object is covariant, converting from a List of strings to a List of objects is not. A cast won’t compile either.

Want to see why? You can actually try it for yourself with an array, because an array is covariant (considered by some to be a mistake):
string[] strings = new string[2];
strings[0] = "foo";

object[] objects = strings;
objects[1] = new Object(); //things go BOOM.

This throws an OverflowException because you just tried to put an object into an array of strings. So, when Microsoft implemented generic lists, they didn’t allow you to expose yourself to this mistake, and they catch it in the compiler. That’s where covariance gets tricky.

In fact, contravariance gets tricky as well. To steal part of Eric Lippert’s example here, shouldn’t this compile? (Assuming Giraffe inherits from Animal)
void Foo(Giraffe g) {...}
Func<Animal> action1 = Foo;

This code is trying to make the assertion that the Foo method, which accepts a Giraffe as a parameter implements a delegate which accepts an Animal as a parameter. The problem is, if you actually called action1 with an Animal aside from a Giraffe, Foo wouldn’t be able to handle it and would produce an exception.

But, aren’t there other cases that don’t cause problems?

There are, which is why a number of changes were made to C# 4.0.

In our list/array example… what if you never added elements to the list? Wouldn’t the covariant conversion be safe? You’d never be able to add an object to an array of strings. The answer is yes, which is why the IEnumerable interface is marked covariant. This is perfectly valid (same example as above, swapping out List for IEnumerable):
var strings = new IEnumerable<string&gt();
IEnumerable<object> objects = strings;

IEnumerable is now considered covariant since it’s interface only exposes methods related to reading.

Similarly useful capabilities were added with regard to contravariance (example taken from here):
static string GetString() { return ""; }
Func strFun = GetString;
Func objFun = strFun;

The last line used to throw an exception, however this is actually a safe operation – any caller expecting an object to be returned will also be able to handle a string.

“Easy” Problems

In software, you wind up spending most of your time solving easy problems. Problems that have been solved before and, thanks to Google, have solutions available in an instant. Thousands of well-defined, no-risk, completely solvable problems.

Virtually everything having to do with a user interface, if you’ve seen it done before, is “easy.” Gmail has a drag-and-drop attachment feature, so clearly that problem has been solved. Facebook has a live-scrolling ticker of events – piece of cake, just do what they did. Also, anything that has an open source solution is easy. Thank you Solr/Lucene, search is easy. Thank you Hadoop, doing computations on huge datasets is easy. Thank you Ruby on Rails, building complete websites can be done in 15 minutes.

I actually do think all of these things are easy, to the extent that “easy” means you’re going to be able to solve them without needing to hire an expert and you won’t need to dust off your old Algorithms textbook at any point in the process. But there are a few things “easy” doesn’t mean:

Easy != Fast

Just because you know how to do it, that doesn’t mean it can be done quickly. We all know how to mow a lawn. Can you do 10 acres in 5 minutes?

Depending on the problem you’re solving, usually one of two reasons explains why Easy != Fast

1. The problem is clear, but tedious to solve

Building a sign-up form is simple – some text boxes, and a submit button. Of course, what sign-up form would be complete without validation, autocompletion/correction, tooltips, markers for optional/required, anti-bot/spam protection… and each of those things is easy too, but you’ve just got a lot of lawn to mow. (photo from: smashing magazine)

2. The problem is solved by a 3rd party tool, and it’s got it’s own… problems

Solr does, in fact, make it very easy to build a search engine that produces fast, relevant results. Now, bone up on schema.xml, db-data-config.xml, the various query parsers and their associated syntaxes, then review what the best/current libraries are for whatever language you’re using. It’s true, you don’t have to write any algorithms. You’ve also saved yourself time over building this thing from scratch – no question. But, you’re still about to spend a considerable amount of time on this.

Easy != Well Defined

There are still the fundamentals of software engineering at play. The example of the registration form above was also partially an tale of vague requirements.

“We want a sign up form just like foo.com has” is the easiest way to spec a feature – you just point to something else and say “do it like that.” Even though that may seem less vague than “we want a sign up form”, unless you truly understand the thing you’re referring to you may have accidentally added more requirements than you meant to. Did you notice the foo.com has a live, password strength calculation and doesn’t let you sign up unless the password is strong enough? Did your developer just lose a few hours researching the best plugins/schemes for that, then implementing them, all to build something you didn’t actually need?

Easy == Solved, but what does Solved mean?

Google makes billions of dollars on CPC ads. Paypal makes billions of dollars in processing payments. They each have plenty of competitors doing the same things, so the technologies behind processing CPC ads and sending payments are surely mature, and these are cases of solved problems.

But how much time and effort do these companies spend fighting fraud every day? Google has an Ad Traffic Quality team. Paypal has a Fraud Investigation Team.

Sometimes a solved problem only looks that way because there is a metric ton of ongoing work making it appear that way.

Want to know why Nordstrom has beautiful, consistent photography of all of their products on their shopping pages, with the ability to zoom in on, and see a product at multiple angles? Solved problem: simply unbox every single thing you sell and photograph it the exact same way from the exact same angles. After that little exercise, adding a zoom feature is pretty straightforward.

Piece of Cake

I don’t object to using the word “easy” in software. It’s useful to acknowledge that something has minimal technical risk. But, be careful when it creeps into discussions about scheduling or operations. Time is not measured in units of difficulty.

Gmail’s new scrollbars subtly prevent me from sending mail.

In the last 2 weeks, I’ve noticed on several occasions I’ve thought I’d sent mail only to find it sitting as a “Draft” in Gmail. I began to think there was a horrible bug in Gmail and was having flashbacks to the days of figuring out why Outlook would leave mail stuck in your outbox.

Today I figured it out. It’s the scrollbars.

When you start replying to the message, assuming you scroll down a little into the body (which I seem to do often on my laptop’s screen, but less often on a desktop screen) the “send” button scrolls off. But, it’s not obvious that you’ve lost the send button, because there is still a top row of buttons. I wind up, subconsciously, clicking the “back arrow” button as the closest thing to “send” or “reply.”

If the scrollbars were the traditional browser-standard ones, it would be obvious to me that I’m in a frame that had scrolled down. For example, it’s obvious inside the message pane itself. As it stands now, I don’t even notice that a row of buttons has scrolled off of the page, since only part of the page is scrolling, and it’s doing so very subtly.

Windows Resource Monitor

Windows has always made it very easy to see what your CPU is doing, and how much memory you’re using, via Task Manager. However, the bottleneck in many cases is disk I/O, and it’s not nearly as obvious. Though you could add additional I/O-related columns in the task manager process list, I/O isn’t summarized in a graphical form. Windows Resource Monitor does it though, and it’s actually a click away once you’re in Task Manager:

If you fire it up, the UI is oriented around the resource you’re looking to monitor – CPU, Memory, Disk, and Network. The Disk panel has graphs of Disk Queue Length, which you’ll recognize if you’ve used Perfmon before as one of the most useful counters for spotting I/O bottlenecks:

After discovering it, I dropped a second drive in my machine to do builds on. There is still a lot of activity on the C: drive that I’ve yet to pick through, but moving the builds to a different drive has made a noticeable difference in the responsiveness of my system while the compiler is running.

Howto: Copy a Certificate out of IIS and into a Coyote Traffic Management Sever

No one probably wants to read this, but I couldn’t find the full end-to-end walkthrough on the internet, so I figured it should be there. Here are the steps (please suggest a faster way if you know of one!):

1. Export the Certificate using the MMC Snap In Tool (instructions found here but summarized below.

There are a bunch of ways to export a certificate, each of which misses various parts that you’ll need. This makes sure you get the cert chain and the private key:

  1. Start > Run type in “MMC” and click OK
  2. Go into the File Tab > select Add/Remove Snap-in
  3. Click on Certificates and click on Add.
  4. Select Computer Account > Click Next
  5. Select Local Computer > Click Finish
  6. Click OK to close the Add/Remove Snap-in window.
  7. Double click on Certificates (Local Computer) in the center window.
  8. Double click on the Personal folder, and then on Certificates.
  9. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
  10. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
  11. Choose to ‘Yes, export the private key’
  12. Choose to “Include all certificates in certificate path if possible.” (do NOT select the delete Private Key option)
  13. Enter a password you will remember
  14. Choose to save file on a set location
  15. Finish

2. Convert the binary pfx file into a .pem file with openssl (tip here, but reproduced below)
openssl pkcs12 -in publicAndprivate.pfx -out publicAndprivate.pem

3. Strip the password out of your private key
openssl rsa -in publicAndprivate.pem -out private.pem

4. Put the password-less private key into your .pem file
Open your “publicAndprivate.pem” file, and replace the private key section (marked with —–BEGIN RSA PRIVATE KEY—–) with the contents of your private.pem file.

That new file now has your cert, and password-less private key for uploading into a Coyote box. There may be a faster way (openssl may have a different combination of flags) but that did it for me.

The Facebook F8 story that no one seems to be writing…

If you develop Facebook applications, or have a website you’d like to integrate with Facebook connect, you have undoubtedly seen at least some of the videos from the F8 Conference this weekend. By and large, I found the announcements impressive, the technology decisions smart, and the overall direction of the platform to be very exciting. Plenty of stories have been written about these initiatives and the impact they’ll have on the internet at large.

But, here’s a story that I haven’t seen written (or at least, hasn’t bubbled up in Hacker News): a lot of this stuff doesn’t actually work. All of the developers must know this. The forums have been down since launch. In some of the talks they admitted that although these features are live right now, they are not yet documented (ie. you can’t use them). And, there’s my favorite: they released the Like button for the web… which works everywhere except on Facebook.

The Like Button


With the announcement of the social plugins, I was immediately interested in getting the Like button up and running. This was, after all “just one line of HTML” per the presentations, so it should have been brain-dead simple. For the Like button (just one part of the Social Plugins inititative which is just one part of the overall announcements) I encountered the following interesting things:

  1. It was live on CNN.com… sometimes. Various times throughout the last few days the button was there, then it was broken and had an error screen where the people’s faces would be.
  2. If you use Facebook Connect already, you’re going to have to upgrade to the latest libraries to make use of the Like button. Not only is this upgrade undocumented, but where you used to find documentation for the old version, you now get redirected to the new documentation home page. So, even if you wanted to see how things used to work, you need to do some digging.
    This search result, which used to take you to the documentation for this method, now redirects you to the home page of the new documentation.
    You will eventually find that the new library has not reached feature-parity with the old one, and some of the features you used to rely on have not yet been implemented.
  3. The Like button itself does not work on Facebook applications. If you write a facebook app, or want to put some FBML on a Boxes tab, etc… the Like button does not work there. <fb:like /> produces nothing.

Facepile

I thought the Facepile plugin made for a great pitch. Imagine going to a site and seeing your friends who are on it before you even sign up! A great way to increase conversions. The problem is, again, that it doesn’t actually work.

The Facebook developer forums were up earlier in the week, just after F8, but very few people could log into them. There were literally a handful of posts in the entire forum about all the new features that had just gone live. There was, if I recall, only one thread on Facepille. First post was that it didn’t work, and there were a few responses that were effectively “+1“.

Facebook Connect

Log in to sites around the web with your Facebook password. Pretty handy when it works – one less password to remember. When it doesn’t work? Pretty disastrous. Facebook Connect was up-and-down regularly throughout the last few days. It didn’t even work on the Facebook forums. Most of us were locked out (they had a backup signin mechanism, but that wasn’t working either). Just remember if you’re going to build a site and support Facebook Connect, having it as your sole authentication provider is a bad decision. Consider it a nice-to-have that might ease the friction of people signing up, but this is not a 99% SLA uptime universal login system.

Fixes Coming Soon?

I’m sure Facebook will get all of this cleaned up in time, I’m just surprised the degree to which they’ve been allowed to skate for 5 days without seeing stories pop up. When popular software companies put out sub-par products, the media slaughters them. The most popular site on the web is getting a pass.