OK, we need to talk about OREOs ... and how they impacted my view of product iteration.

(Sometimes I hate being a software developer.)

A package of Space Dunk oreos

I'm sure you've seen the Cambrian explosion of Oreo flavors, the outer limits of which were brought home to me with Space Dunks - combining Oreos with Pop Rocks. (And yes, your mouth does fizz after eating them.)

Putting aside the wisdom or sanity of whoever dreamt up the idea in the first place, it's clear that Oreo is innovating on its tried-and-true concept – but doing so without killing off its premier product. There is certainly some cannibalization of sales going on, but ultimately it doesn't matter to Nabisco because a) regular Oreos are popular enough that you'll never kill them off completely, and b) halo effect (your mom might really love PB oreos but your kid hates them, so you now you buy two bags instead of one!)

In software, we're taught that the innovator's dilemma tends to occur when you're unwilling to sacrifice your big moneymaker in favor of something new, and someone else without that baggage comes along eats your cookies/lunch.

Why can't you do both?

There are a number of different strategies you could employ, from a backend-compatible but disparate frontend offering (maybe with fewer features at a cheaper cost, or radically new UX). What about a faux startup with a small team and resources who can iterate on new ideas until they find what the market wants?

But the basic idea remains the same: Keep working away at the product that's keeping you in the black, but don't exclude experimentation and trying new approaches from your toolkit. Worst-case scenario, you still have the old workhorse powering through. In most cases, you'll have some tepid-to-mild hits that diversify your revenue stream (and potentially eat at the profit margins of your competitors) and open new opportunities for growth.

And every once in a while you'll strike gold, with a brand-new product that people love and might even supplant your tried-and-true Ol' Faithful.

The trick then is to not stop the ride, and keep rolling that innovation payoff over into the next new idea.

Just maybe leave Pop Rocks out of it.

I had the Platonic ideal of peanut butter pies at my wife's graduate school graduation in Hershey, PA, like five years ago. (They were legit Reese's Peanut Butter Pies from Mr. Reese himself.) I've chased that high for years, but never found it again. The peanut butter pie Oreos were probably the closest I've gotten.

Sexism in tech is alive and well

Honestly, I thought we were past this as an industry? But my experience at Developer Week 2024 showed me there's still a long way to go to overcoming sexism in tech.

And it came from the source I least expected; literally people who were at the conference trying to convince others to buy their product. People for whom connecting and educating is literally their job.

Time and again, both I (an engineer) and my nonbinary wife (a business analyst, at a different organization) found that the majority of the masculine-presenting folks at the booths on the expo floor were dismissive and disinterested, and usually patronizing.

Hear the tale as old as time

Also, the sheer number of static code analysis companies makes me thinks there's a consolidation incoming. Not a single one of three could differentiate their offerings on more than name and price.

“[Random AI] defines ...” has already started to replace “Webster’s defines ...” as the worst lede for stories and presentations.

I let the AI interview in the playbill slide because the play was about AI, but otherwise, no bueno.


The way to guarantee durability and failure recovery in serverless orchestration and coordination is … a server and database in the middle of your microservices.

I’m sure it’s a great product, but come on.

Apple Vision Pro review: magic, until it’s not - The Verge

Apple Vision Pro review: magic, until it’s not - The Verge

It is incredible that all of this works with just a single button click, but all that scaling complication also explains the bad news: you can only have a single Mac display in visionOS. You can’t have multiple Mac monitors floating in space. Maybe next time.

Re: Apple’s convoluted EU policies

It's surprising how often D&D is relevant in my everyday life. Most people who play D&D are in it to have fun. They follow the rule - not just the letter of the law, but the spirit.

But every once in a while you'll encounter a "rules lawyer," a player who's more concerned with making sure you observe and obey every tiny rule, punish every pecadillo, than actually having fun.

All the worse when it's your GM, the person in charge of running the game.

But there's one thing you learn quickly - if someone is trying to game the rules, the only way to win (or have any fun) is play the game right back.

For smaller/mid-tier devs, if you're only offering free apps you should probably just continue in the App Store.

But for larger devs who might run afoul of the new guidelines where apps distributed outside the App Store get charged a fee every time they go over a million users?

Oops, Apple just created collectible apps, where if you have Facebook (and not Facebook2), we know you got in early. Think about it: Same codebase, different appId. The external app stores can even set up mechanisms for this to work - every time you hit 999,000 installs, it creates a new listing that just waits for you to upload the new binary (and switches when you hit 995K). Now your users are incentivized to download your app early, in case becomes the big thing. Lower app # is the new low user ID.

If I'm Microsoft, I'm putting a stunted version of my app in the App Store (maybe an Office Documents Viewer?) for free, with links telling them if they want to edit they have go to the Microsoft App Store to download the app where Apple doesn't get a dime (especially if Microsoft uses the above trick to roll over the app every 995K users).

Even in the world where (as I think is the case in this one) Apple says all your apps have to be on the same licensing terms (so you can't have some App Store and some off-App Store), it costs barely anything to create a new LLC (and certainly less than the 500K it would cost if your app hits a million users). Apple's an Irish company, remember? So one of your LLCs is App Store, and the other is external.

To be clear, I don't like this setup. I think the iPhone should just allow sideloading, period. Is all of this more complicated for developers? Absolutely! Is the minimal amount of hassle worth saving at least 30% percent of your current revenue (or minimum $500K if you go off-App Store)? For dev shops of a certain size, I would certainly think so.

The only way to have fun with a rules lawyer is to get them to relax, or get them to leave the group. You have to band together to make them see the error of their ways, or convince them it's so much trouble it's not worth bothering to argue anymore.

Yes, Apple is going to (rules-)lawyer this, but they made it so convoluted I would be surprised if they didn't leave some giant loopholes, and attempting to close them is going to bring the EU down on them hard. If the EU is even going to allow this in the first place.

ArVid: how Russians squeezed 4 hard drives into one VHS tape in the 90s – Jacob Filipp

ArVid: how Russians squeezed 4 hard drives into one VHS tape in the 90s – Jacob Filipp

The details of a Russian expansion card from the 90s that allowed you to use a VHS tape as a storage medium.

We randomly went on a rabbit hole last week in the car about how VHS and VCRs actually work - incredible technology.

These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy

These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy

“The big curiosity is what medium a Furby uses to record audio,” one employee wrote. “I would assume that since it can ‘respond’ to certain audio cues that it would use storage similar to a digital answering machine or straight computer memory chips. Anybody know?”

Others said “Furby is only a $35 toy and is not that sophisticated. As a previous [listserv] posting pointed out, the ‘learning’ the doll does is programmed into it so that the longer you use it the more it ‘knows.’”

A great reading of newly FOIA'd documents from the folks at 404 Media. I definitely understand the impetus to understate existing rules about banning personal electronics from NSA spaces, but doesn't it also smack somewhat of security by obscurity?

It's always fun to get messages worrying about people FOIA'ing documents in documents you FOIA'ed.

I'll be hitting the lecture circuit again this year, with three conferences planned for the first of 2024.

In February, I'll be at Developer Week in Oakland (and online!), talking about Data Transfer Objects.

In March, I'll be in Michigan for the Michigan Technology Conference, speaking about clean code as well as measuring and managing productivity for dev teams.

And in April I'll be in Chicago at php[tek] to talk about laws/regulations for developers and DTOs (again).

Hope to see you there!

Who holds a conference in the upper Midwest in March???

Apple Vision Pro hands-on, again, for the first time - The Verge

Apple Vision Pro hands-on, again, for the first time - The Verge

Apple keeps emphasizing that the Vision Pro isn’t meant to isolate you from the rest of the world, and the display on the front of the headset is designed to keep you connected to others.

I don't care if it isolates me? I don't want to be wearing it constantly, anyway.

If I'm perfectly honest, the killer VR app for me is working. If I can use a head-mounted display for a large screen for an existing computer (and get rid of the gigantic monitors of my workstation / use them when working away from home), I'm in.

Just ... not for $3.5K.

I mean, I would also probably play games on it, but not dramatically more than I do now (which is maybe 1-2 hours a week across all platforms, if I'm lucky?)

Number Go Up

by Zeke Faux

A good deep-dive into the crypto world. Faux does a great job of explaining how crypto (doesn't) work, and the various frauds/scams. Definitely the best book-length treatment currently out there, and an excellent gateway drug to Web3 Is Going Just Great.

Give the Lewis book the widest possible berth. That man legitimately thinks that his simplified narrative version of SBF perfectly encompasses how SBF’s actual human brain works. He also seemed unable to comprehend that SBF was straight up lying to him at points while also lying by omission. Simply wild ironclad belief in one’s own power of perception. Hard pass.

Hey everybody, in case you wanted to see my face in person, I will be speaking at LonghornPHP, which is in Austin from Nov. 2-4. I've got two three things to say there! That's twice thrice as many things as one thing! (I added a last-minute accessibility update).

In case you missed it, I said stuff earlier this year at SparkConf in Chicago!

I said stuff about regulations (HIPAA, FERPA, GDPR, all the good ones) at the beginning of this year. This one is available online, because it was only ever available online:

I am sorry for talking so fast in that one, I definitely tried to cover more than I should have. Oops!

The SparkConf talks are unfortunately not online yet (for *reasons*), and I'm doubtful they ever will be.

WordPress 6.2.1 changelog:

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue

As a reminder, from Semver.org:

Given a version number MAJOR.MINOR.PATCH, increment the:
1. MAJOR version when you make incompatible API changes
2. MINOR version when you add functionality in a backward compatible manner
3. PATCH version when you make backward compatible bug fixes

As it turns out, just because you label it as a "security" patch doesn't make it OK to completely annihilate functionality that numerous themes depend on.

This bit us on a number of legacy sites that depend entirely on shortcode parsing for functionality. Because it's a basic feature. We sanitize ACTUAL user-generated content, but the CMS considers all database content to be "user content."

WordPress is not stable, should not be considered to be an enterprise-caliber CMS, and should only be run on WordPress.com using WordPress.com approved themes. Dictator for life Matt Mullenweg has pretty explicitly stated he considers WordPress' competitors to be SquareSpace and Wix. Listen to him.

Friends don't let their friends use WordPress

Bidding WordPress adieu

We got past it (and got the API into core, where it has been [ab]used by Automattic), but it left a sour taste in my mouth. WordPress development was supposed to be community-driven, and indeed though it likely would not exist in its current state without Automattic's help, neither would Automattic have been able to do it all on its own. But the community was shut out of the decision-making process, a feeling we would get increasingly familiar with.

A mostly-fond farewell

A farewell to a CMS that taught me how to program, and eventually how to know when it's time to move on.

The Internet is eating the world: Pokemon Go and digital’s disrespect for the physical world

The clichéd technical model of “move fast and break things” should have some limits, and situations where people are dying need more foresight than “we’ll figure it out as we go along.” Otherwise, how do we determine the appropriate death toll for a new tech service before it needs to ask permission rather than forgiveness? And before you dismiss that question as overbearing/hysterical, remember that actual human beings have already died.

Tech continues to eat the entire world. Maybe we should try not that?

One of my pet peeves is when people/corporations speak as there's a legal right to a use a given business model. "Well, if it were illegal to train AIs on copyrighted material, we wouldn't be able to afford to do it!" Yes ... and?

Talking to computers

The proper way most systems should be set up for, say, a medical insurance claim is that you fill out everything electronically so the data is in the right place and then an actual human can make an actual human judgment on your case. In practice, however, you fill out the form and the information whisks away to be judged by a computer using a predetermined set of rules.

If you're very, very lucky, there might be a way for you to appeal the computer's ruling to a human being (regardless of outcome/reason) — but even then, that person's power is often limited to saying, "well, the computer said you don't pass."

I bet this is a story where the computer says "no"

AI will definitely fix all of this. One of my favorite go-to lines whenever I encounter a dumb bug or computer doing something stupid is, "but we should definitely let computers drive cars by themselves."

Electioneering - Covering Election Day with data, maps and print

It's always a good idea to test your code — and I did. I swear.

My problem did not lie in a lack of testing, but rather a lack of testing using real numbers or real data. For readability purposes, the election results data numbers are formatted with a comma separating every 3 numbers, much in the way numbers always are in non-financial or -computer contexts (e.g., 1,000, 3,334,332).

That's still a lack of testing

I thought I was soooo smart linking to everything, except now all the links are dead and useless.

FauxDB: Faking it by making it

There is one thing that any aspiring programmer must realize when they set out to replace a tool: YOU CAN'T REPLACE A TOOL AT THE HEART OF A MULTI-MILLION DOLLAR CORPORATION ON YOUR OWN. I knew this academically but, as is often the case when setting out on these adventures, my brain chose to heed that advice only when it was convenient to do so.

I often live by the mantra, "If someone else can do it, that means it's possible." It works well something like 75 percent of the time — it prevents me from feeling daunted when facing large projects, but it can be turned around as well.

Listen to your programming brain, not your programming heart

10 years later, the projects for the GameTimePA URLs are still live and running, but the main newspaper's domain isn't. But they're pointing to the same server!

Live journalism: Pushing to York Fair

Show people what journalism is, what interactive journalism can be. Show them it’s not all “a reporter shows up, talks to people, goes away and later something appears on the website/in the paper.” Show them that journalism can be curation from the public, soliciting input and feedback instanteously, that comes together in a package with our deep knowledge and library of photos of the area.

And I thought, “Damn. That sounds like FlappyArms.sexy, except actually relevant to journalism. I gotta get in on that.”

Flap those sexy arms as you fly to read more

User-submitted photo galleries

It was what you’d call a “hard-and-fast” deadline: Our contract with Caspio for database and data services was changing on July 1. On that day, our account — which to that point had been averaging something like 17GB transferred per month — would have to use no more than 5GB of data per month, or else we’d pay to the tune of $50/GB.

Our biggest data ab/user by far was our user-submitted photo galleries. A popular feature among our readers, it allowed them to both upload photos for us (at print quality) to use in the paper as well as see them online instanteously. Caspio stored and displayed them as a database: Here’s a page of a bunch of photos, click one to get the larger version.

We had to come up with something to replace it — and, as ever, without incurring m/any charges, because we don’t have any money to spend.

Find out how we did it (spoiler: we used computers)

My first big in-house migration to save money!

Computers will not replace reporters, except when they will

No one is saying that all stories, or even most will be written by computers, but it’s not difficult to imagine that a good number of them will be simply because most stories today have significant chunks that aren’t deeply reported. They’re cribbed from press releases, interpreted from box scores or condensed from the wire. If we leave the drudge work to the computers, we can free up reporters to do things that computers can’t, and actually producing more, better content. It’s quite literally win-win. The primary losers are those companies who will buy too deeply into the idea that they can generate all their content automatically.

We've been arguing about AI stories since 2014

I still wholeheartedly think that entirely generated content is essentially useless to end-users.

Using robots to improve photo upload workflow

What we wanted was an easy way to get photos from any device (photographers frequently work using only their phones or tablets, because it’s one less and/or lighter piece of equipment they have to lug around versus a laptop) and push it to three places — the web, print and our archive. The simplest solution seemed to be getting the file into our system and then moving it around from there.

Enter Dropbox. It’s extraordinary how even free services can do what used to require expensive services that were frequently more unreliable. Using the free 2GB Dropbox plan, we made sure that all of the devices were syncing to the same account, as well as to the “new” automater machine.

Find out how we synced on no budget

This would be much easier nowadays, as you'd just have a cloud-based Digital Asset Management system, but the budget would also be MUCH higher.

Only as secure as you make it

Again, I understand the basic impetus behind this line of thinking. But it fails on two levels, both of them human. One: If you make it in the employee’s best interest to not share vital strategic or business information with a competitor, that employee (provided he/she is acting rationally) will not do so. This worry is, at heart, an admission that a company is not providing its employees with the proper incentive to act against the company.

Security depends on how much you can trust your users, not how well you can lock them down.

Unfortunately, the ubqiquity of surveillance capitalism has pushed people strongly in the direction of control over trust.

A screenshot of a fake review saying

The one "published" joke I've ever had was when I submitted a joke review for Codekit 3. Proud of it to this day, even more so because mine was the only joke that got through from the beta-testers.

It's game time: Using Google Docs as a CMS

This problem was compounded when we decided on the scope of the project Our high school football coverage is run by GameTimePA, which consists of the sports journalists from the York Daily Record, Hanover Evening Sun, Chambersburg Public Opinion and Lebanon Daily News. The four newsrooms are considered a "cluster," which means that we're relatively close geographically and tend to work together. Since the last preview, however, GameTimePA had expanded to include our corporate siblings in the Philadelphia area, meaning we now encompassed something like 10 newsrooms stretching from Central Pennsylvania to the New Jersey border.

And we're all on different CMSes.

How ever will this dilemma be solved? I bet they use code

Automation is supposed to help, not hinder

These are what we’ll call sensible (though regrettable) redundancies. But the problem with technological innovation is that we think that any problem, with enough sufficient amounts of tech wizardry thrown at it, will disappear.

The flaw with this philosophy is that, much as with medicine and side effects, sometimes the troubles with the cure are worse than the problem it was trying to solve.

You can't have sentience without self-doubt

This seems especially true in the age of AI.

Rarely is the question asked, "Is our children tweeting?" This question is likely nonexistent in journalism schools, which currently provide the means for 95+ percent of aspiring journalists to so reach said aspirations. Leaving aside the relative "duh" factor (one imagines someone who walks into J101 without a Twitter handle is the same kind of person who scrunches up his nose and furrows his brow at the thought of a "smart ... phone?"), simple (slightly old) statistics tell us that 15% of Americans on the Internet use Twitter.

(This is probably an important statistic for newsrooms in general to be aware of vis-a-vis how much time they devote to it, but that's another matter.)

For most journalism students, Twitter is very likely already a part of life. Every introduction they're given to Twitter during a class is probably time better spent doing anything else, like learning about reporting. Or actually reporting. Or learning HTML.

I know this idea is not a popular one. The allure and promise of every new CMS or web service that comes out almost always includes a line similar to, "Requires no coding!" or "No design experience necessary!" And they're right, for the most part. If all you're looking to do is make words appear on the internet, or be able to embed whatever the latest Storify/NewHive/GeoFeedia widget they came out with, you probably don't need to know HTML.

Until your embed breaks. Or you get a call from a reader who's looking at your latest Spundge on an iPad app and can't read a word. Or someone goes into edit your story and accidentally kills off a closing </p> tag, or adds an open <div>, and everything disappears.

Suddenly it's "find the three people in the newsroom who know HTML," or even worse, try to track down someone in IT who's willing to listen. Not exactly attractive prospects.

Heck, having knowledge of how the web works would probably even help them use these other technologies. Not just in troubleshooting, but in basic setup and implementation. In the same way we expect a basic competence in journalists to produce their stories in Word (complete with whatever styles or code your antiquated pagination system might prescribe), so too should we expect the same on digital.

Especially in a news climate where reporters are expected as a matter of routine to file their own stories to the web, it's ludicrous that they're not expected to know that an <img> tag self-closes, or even the basic theory behind open and closed tags. No one ever did their job worse because they knew how to use their tools properly.

I'm not saying everyone needs to be able to code his or her own blog, but everyone should have a basic command of their most prominent platform. It's time we shifted the expectations for reporters from "not focused entirely on print" to "actually focused on digital."

Thanks to Elon, no asks if our children are tweeting anymore. There's a big advantage in learning how to use all your tools properly, even if it doesn't seem like it.

Why I can't have nice things

People who have seen new technology come into use view the technology only in terms of its functionality, a means to an end. Cellphones (and smartphones) are not their lifeline to life itself, they're a means of communication. Sure, they'll learn how to Facebook on the go, post Instagrams to Twitter and message their unruly teen to make sure he gets home before curfew, but if you took it away they'd still survive. They've got paper address books, landlines and actual (still digital, usually) cameras that aren't grafted onto a phone.

Nobody over 35 reads blogs anymore

I remember being vehemently anti-smartphone and then, after I caved and bought an Android, anti-Apple. Now I'm pretty much anti-everything new, except I also want the fastest, prettiest devices. I'm basically the worst.

[Latest technology] is [expensive / confusing / worrisome]

Hoo boy! As a [technology writer/reporter without a story idea/old person], I've seen my share of changes in life. But [new product] is about to completely alter [area in which new technology will have extremely slight impact].

[witty teaser to get you to read more]

Replace "Nicholas Carr" with "John Hermann" and this was accurate through about 2023.