Preposterous postings

     

Click here to download:

If_you_want_to_know_where_I_am.zip (424 KB)

Disclaimer: personal views abound.

I've recently been playing around with Google Latitude (the few folks I'd use it with are privacy-conscious enough that they don't, so it's boring), and I've tried the PicPosterous iPhone app. I've also been a close observer of what's going on in W3C's geolocation Working Group.

It strikes me that, as they ask for users' locations, many applications (native and otherwise) start with, well, bad manners. Take PicPosterous: That application wants to turn on the iPhone's location system before I've had any interaction with the app at all. What is it going to do with my location? I don't know. Is it going to track me? I don't know. Is it going to keep a trail of where I am forever? I don't know. Or take Google: When I start up Latitude, I expect to deal with location data. That's ok. But I don't expect Google Reader to start tracking me down just because I signed in to a different, location aware service from the same company.

That kind of unexpected behavior really smells like spyware. It makes me want to turn off the GPS (and the other location services) most of the time -- which, of course, makes the legitimate location-aware services a pain to use.

Dear developers: Build your applications so they don't look like Spyware. Don't surprise me. Be predictable. Put me in control.

• Don't locate the user unless he's said so. Take PicPosterous: The purpose of the location gathering is geotagging a picture. Why not pop up a quick dialogue that says "I'd like to geotag this picture. Shall I?" And why not locate me only when a picture is taken? All that would go a long way toward building some trust in the application's behavior. Or take Google Reader (or Latitude): Why not give me a setting "update my location whenever I use Google applications", with default "off"?
• If you're an application that needs to track my location (say, you're a turn-by-turn navigation tool, or you're Google Reader and I've told you to find me), remind me. Give me a little button to turn off your location function. Again: Don't surprise me, and put me in control of what you do.
• Tell me what else you do with the data, in plain English. Start out with what the latest draft of the geolocation API spec has to say, and be very clear when you do anything else. Even better, give me an option.

Now, to the user agents: I like minimalistic user interfaces, and I think that a distribution of concerns where responsibility for secondary use rests with the Web application is a sane design approach. But however much I like a simple, non-modal "locate me / don't locate me" dialogue when I'm asked for my location: Privacy doesn't end at that first click.

• Even when I click that "remember for this site" option, I'll probably forget about it in a while. You better ask me again when I haven't visited the site for a while.
• A web application might behave badly. Remind me whether someone's locating me right now (how about a little pulsating crosshair?), make it a no-brainer for me to figure out who knows where I am, and make it really easy for me to stop sharing location data -- with any of them, or with all of them.
• Give me an option to lie about my current location.

Extension developers to the rescue?

Mark Pilgrim responds to Nah Mendelsohn's notes on HTML 5 with this remark: Draconian error handling enforced at runtime does not scale to the complexities of modern-day web applications. Ensuring well formedness becomes increasingly difficult when content is dynamically cobbled together from multiple sources, some of which are beyond your control (user generated content, third-party ad servers, and so on).

 To paraphrase: "Web application development is incapable of delivering valid XML. Therefore, we need a more lenient (and more complex) parser. Forget about enforcing syntax."

 Now, the class of bugs in Web applications that Mark describes is precisely what leads to cross site scripting attacks all over the place. And the more lenient (and complex, and informally specified) the parsing rules, the more likely it would appear that it becomes even more difficult for Web application developers to avoid cross-site scripting bugs, and that it becomes even more difficult to write code that (e.g.) filters user-supplied HTML to some safe subset.

 I guess the redeeming point here is that my argument uses XHTML as a baseline, and that HTML5 - with its defined error handling - improves predictability over the concoctions that parse HTML today.

Seen in Google Reader:

I'm not even going to start enumerating ways in which this ad is ironic.

... when I read my blogs. Does anyone know why?
 

Luxembourg's grand-ducal palace originally was its city hall. Therefore, it's actually a rather small building - particularly tangible during the guided tours that it's open for during summer. Unfortunately, no photography is allowed inside.
 
(Reposting with fixed white balance.)

Via BoingBoing comes a pointer to an article on Ed Fredkin in the April 1988 issue of The Atlantic.

Fredkin's argument, in a nutshell: If physics can be described as a cellular automaton (with a rule that turns into the first mover), then the universe might very well just be that guy running a simulation somewhere, to answer a question about a cellular automaton that he can't answer, except by running the machine.

But what does "might be" mean here? Is the universe a cellular automaton running on a computer or can it just be described as one? That's where the article's author, Robert Wright, gets uncomfortable.

Around sundown on Fredkin's island all kinds of insects start chirping or buzzing or whirring. Meanwhile, the wind chimes hanging just outside the back door are tinkling with methodical randomness. All this music is eerie and vaguely mystical. And so, increasingly, is the conversation. It is one of those moments when the context you've constructed falls apart, and gives way to a new, considerably stranger one. The old context in this case was that Fredkin is an iconoclastic thinker who believes that space and time are discrete, that the laws of the universe are algorithmic, and that the universe works according to the same principles as a computer (he uses this very phrasing in his most circumspect moments). The new context is that Fredkin believes that the universe is very literally a computer and that it is being used by someone, or something, to solve a problem. It sounds like a good-news/bad-news joke: the good news is that our lives have purpose; the bad news is that their purpose is to help some remote hacker estimate pi to nine jillion decimal places.

Parting thought: Does it even matter, to someone who can be described as a pattern in that cellular automaton?

Centralized URI shorteners have every possible risk of being slashdotted (or overtweeted, you choose) -- they effectively add another layer of centralized infrastructure that can then run out of resources. Put differently, URI shortener infrastructure seems to scale differently than twitter's, and the result isn't always funny.
 
(Today, David Weinberger's pointer about Lego and the cluetrain was the victim.)

Today's weather looks just about right for the occasion: The Perseids meteor shower is expected to peak tonight. The forecast: Occasional rain, and solid clouds.

   

Click here to download:

Take_some_flowers_and_be_so_ki.zip (674 KB)

One of the amazing things in a small village nearby is this flower bed, with a large sign inviting passers-by to cut their own. There's a price list and a little box for the coins. That's it. I don't know whether it all ends up making economic sense for the owners. But it's certainly a view to behold.

August is slow season at work, so some time to take photos: I spent this Friday taking entirely too many snaps, partially of the Place de l'Europe (pictured here), and partially of I M Pei's Musée d'Art Moderne. Go have a look!