After struggling for years with sub-par browsers on small screen devices Apple did a good job raising the bar with Safari on the iPhone and now iPad. Google for some reason stumbled a little out of the gate with the browser on Android – rather than take their existing and proven Chrome they delivered an older and less capable core and it looks like only now with the 4.x generation devices that they’re finally starting to improve things (though that doesn’t help the 80-90% of their existing user base who will never get an upgrade to the latest goodness)

With the initial release of Windows Phone 7 it seemed like Microsoft had fallen into the trap of not treating mobile browsing as a first class experience and they shipped an IE7-like browser. That changed however with the release of v7.5 “Mango” which brought the full capabilities of IE9 (arguably the most standard adherent HTML5 browser) to the platform.

With people paying more attention to the mobile browser evolution and digging into capabilities (such as this review from Sencha) and arguing that the mobile web is not going away any time soon it would be great to see how the "Mango" with IE9 stacks up in these tests against the other two... Would be great to see Sencha or similar run their tests against all three? So far playing around with IE9 in Mango, it seems to do a really good job in most situations but I've not drilled down to quite the level of detail that they have yet.

One thing that had been bugging me with the <audio> tag in HTML5 was that it while it was great at handling single files it doesn’t cope very well with being pointed at a shoutcast/icecast .pls file.

A bit of digging and I found that if you broke open the .pls file and used the actual stream source as the <audio src=”?”> parameter then it was quite happy to play the stream.

As a .pls file can contain a number of source files (subsequent items in a playlist, failovers in case one server isn’t running etc) the code also needed to cope with either an error or the selected stream coming to an end – luckily that isn’t too difficult with the event model supported by the audio tag.

I’ve shared a first cut of the code here on GitHub so feel free to edit/improve and share – for instance my code assumes that the NumberOfEntries parameter in the .pls file is the second line (in some instances it’s the last but one line) so there’s room to make it more robust.

Obviously it can’t perform magic … unless the stream is using a codec that your browser supports it will simply error out, but it does provide a fairly simple way to extend the capabilities of the <audio> tag

I look around my office and I’ve got about a dozen different laptop power adapters – for current and dead machines. Even so I’ve spend the last few days trying to find a power brick to charge one perfectly good machine but neither the dedicated adapters or the three “universal” chargers I have support this particular connection.

I really like the Apple “mag safe” connector but sadly they won’t license that to anyone (or they probably would but it’s not economically feasible). The concept of a universal adapter is a good one but, having gone through the experience of Targus deciding to redesign their tips and stop making tips for new devices for their old chargers, I’m now rather cynical about how much of a solution they actually provide.

So I’ve wasted time and energy trying to track down a simple, yet crucial, accessory – without which I have a very nice, very shiny paperweight. Oh, and a growing loathing for yet another electronics manufacturer who doesn’t even maintain an up-to-date list of what models their own adapters work with online (and even after a couple of days the problem appears to have stumped their support team)

5 years ago I had a similar rant about cellphone chargers and it looks like things are finally settling down there with even Apple selling a micro-USB to iPhone dongle (maybe the iPhone5 will have micro USB only… we can dream!) – laptop, netbook, slate/tablet’s still have a long way to go :(

When we moved to the US we did everything by the book. We produced the reams of paperwork and stood in line in Embassies and at the immigration desk at the airport and tried not to get too frustrated by the inane processes and offhand welcome we got.

Because we like it here we changed visa status from E-3 (Australian reciprocal) to H-1B (and my wife and daughter to H4 – a status which has no employment authorization) and went through even more paperwork (but a lot of duplication) and endured the nerve wracking trip home to sit in a queue at the US Embassy for a 5 minute “interview” to get the new stamps (and then repeated the process for our renewal). At the same time we’re going through the Green Card process so there has been more paperwork, more forms to fill in and the wonderful Labor Certification process (advertising my job to see if we can find someone local to do it… luckily we didn’t, so I get to stay and I’m comfortable in the fact that I’m not stealing jobs from Americans)

As an Employment Based Green Card applicant filed in the EB-3 category though it looks like another 6 years or so before the backlog clears and we get a decision (yes, that’s another 6 years where my wife and daughter can’t work but we don’t even know what the outcome will be) but that’s okay… we’re working through it and keeping our fingers crossed.

But then we see stories in the press about how relatives of the US President manage to get Social Security Numbers even though they are here illegally and have outstanding deportation orders against them and that there is a plan to grant an effective amnesty to 300,000 illegal immigrants and provide them with work permits and you start to wonder if being patient and playing by the rules is the right way to go?!

If the Government is choosing to reward illegal immigrants with expedited reviews of their cases and work permits what impact will that have on the backlog for legal migrants, and the efforts to address the issues faced by H4 spouses and children of H-1B workers who can’t get a work permit until they are approved for a Green Card?

I understand this is a politically charged topic, I appreciate that for a number of illegals there are very compelling reasons and I realize that especially in the current economic situation this is a very contentious topic and there are no easy answers… but for a country founded on migration and defined by the inscription “Give me your tired, your poor, Your huddled masses yearning to breathe free” on the Statue of Liberty it seems like a slap in the face to those who still want to make a home here

If you want to keep your internet traffic secure when using public WiFi or have a desperate need to pretend you’re in a different country to access an online service you’ve probably tried a Virtual Private Network (VPN) service like StrongVPN. As powerful as most of these services are they’re not exactly user friendly and for a casual user they can work out quite expensive.

TunnelBear hopes to change that with an easy to install, easy to configure and, above all, easy to use app. It also starts at a pretty great price – Free!

Currently available for Windows and OSX (hopefully Linux and iOS to follow) it’s a simple install that delivers both the simple dashboard app and the network drivers needed for VPN support and then it’s a case of fire up the dashboard, decide if you want to appear as a UK or US user and hit the “on” button to switch your network connection over to using the VPN. You can change locations or de-activate the VPN just by tapping a button.

For free users you get a monthly allowance of 500MB which should be enough for simple casual needs (and they run promotions where you can bump that allowance up). If you need a bit more – in fact, unlimited bandwidth and double the level of encryption on your connection – then they have a “Giant” plan for US$4.99/mo – less than the price of a coffee at the Starbucks where you’d want to be running this.

Looking forward to seeing this for Linux so I can add it to my bootable USB Key solution.

While I’m a fan of my Kindle (and the Kindle app on my phone) I still have a problem with the whole ebook pricing and licensing model and it’s best summed up with this picture…

So, I can buy a license to read the book I want (admittedly in a very convenient and handy package) for 8 bucks, or pick up a new paperback copy for half that. If I want second hand (and many of the second hand books on Amazon are indistinguishable from new) I pay a tenth of that.

Okay, so the downside is I may have a pay a little for shipping, and wait a couple of days rather than get instance over-the-air gratification but when I get it…. It’s all mine.

I don’t have to worry about a licensing issue making the book I’ve bought disappear. I don’t have to get anyone’s approval if I want to lend a copy to a friend, leave it in a coffee shop for a random stranger or sell it at our local Half Price Books to further my addiction (when I moved from Australia to the US I think books weighed more than any other item we shipped!)

I don’t have a problem with authors getting paid (I want them to keep writing after all!), I understand there are costs with marketing and distributing a book (but when it’s just bytes and electrons it’s a lot less than producing a dead tree format, and no risk on inventory) but this feels like a very one sided step into the future.

With my Zune Pass subscription I get an “all I can eat” subscription plan for music I can consume on my Zune (which also provides in-car listening), Windows Phone and laptop so I don’t worry about the fact I don’t actually own the content (though with Zune Pass you do get 10 credits a month to download to own tracks) and I know that the artists are getting paid behind the scenes

I would love a Kindle subscription service that lets me grab any book I want and read it. Every time I enjoy a book the author (and of course publisher etc) would get part of the monthly subscription (encouraging them to write better books!) and I wouldn’t have this hang-up about not being able to decide what to do with the book when I’ve read it.

I don’t think that eReaders like the Kindle are a fad. I think there is more evolution to come in both the reader hardware and the retail channels as the hardware gets smarter and cheaper and the author/reader relationship maybe gets redefined … but at the end of it all I really hope that the love of reading and the art of writing are what wins out…

Every time you fly now in the US (and other places) you have to run the gauntlet of uniformed, unionized, shelf stackers who are providing the front-line troops for the Theatrical Security Agency and their contemporaries.

You’d think they would stop folks getting to the gate without valid IDs and boarding passes wouldn’t you?

The recent discovery of a traveler managing to board a plane with someone else’s boarding pass got me wondering how simple it was to actually get past security and while you may get turned away before you board a plane it’s just another demonstration of how farcical a lot of this knee-jerk political posturing is.

It turns out back in 2006 someone launched a site to let you print fake boarding passes. Rather than do something about the problem the FBI shut his site down and subjected him to investigation, though all charges were later dropped.

In 2008 – two years later – the TSA had a self-congratulatory blog post about how they’re aware of the problems posed by photoshop and are working to introduce more secure barcodes… in some airports, for some airlines, for flyers who are using mobile check-in, rather than print-at-home boarding passes.

Now, in 2011 while I have seen evidence of these the problem seems to be that the TSO’s are not always sure what to do when presented with one and, even worse, the handheld scanners seem to be in such short supply that trying to use one (as I did recently) requires a wait while they try and get a scanner to the desk or give up and just waive you through.

So, we know the checks for the boarding passes at least to get you airside are a joke, but at least they’re checking everyone’s ID right?

Well… maybe not. In the US if you refuse to show ID or claim to have simply forgotten it then you can still get past, though you’ll be subject to more questions (though in the first example the guy was able to use a library card as ID) so in theory you could bypass that check as well.

Couple these loopholes with the TSAs less than stellar record of stopping folks getting through checkpoints without the means to harm their fellow travelers and we have a pretty sorry state of affairs.

So, what would it take to close these loopholes, or at least tighten things up to require a more sophisticated attack? At the very least every TSO station needs to have the ability to confirm – in real-time – the validity of a boarding pass. Is the passenger who’s details appear on the card match the ID, do the details match the flight manifest, does the type of boarding pass (print-at-home, airline issued) match what the system think has been issued (has the passenger even checked in for this flight) as well as supplemental information like have they checked luggage (an international passenger with just a paperback and no checked luggage for instance should warrant a little more examination), and the system has to be applied across the board for everyone passing the gate.

There seem to be a number of other loopholes – airline staff get by with just a wave of their airline credentials, as do TSA agents even when they don’t appear to be recognized by colleagues. How about a separate “staff” enterance for them to stop them being held up by regular passengers (or causing frustration by queue jumping – I know they need to get to work, but it’s frustrating having them turn up en masse and totally disrupt a lane) and what about the ground staff, both airport and airline personnel as well as the guys delivering bottles of water to the newsagent… what checks do they face before they get airside?

The TSA have an important job to do – keeping travelers safe – but they appear to be expending a lot of effort, even a decade after 9/11, on looking busy rather than actually creating a secure environment…. And it’s Tax dollars and rises in ticket prices that are funding it so the day we stop questioning it is the day we say we’re happy with the way they’re doing their job.

Update: From the comments below it looks like I arrived at the same solution as someone else had  come up with earlier. Recommend you check out the Broofa.com code as they have done more work on making it more performant and robust.

----

A while ago I needed a quick and simple way to generate a GUID in a JavaScript project but most of the examples that I could find were either slow, cumbersome or didn’t always pass GUIDs that would pass verification, so I had an attempt at writing my own that had to be performant, small and robust enough to use in a real world environment at scale.

Well, after generating 50 million GUIDs across all the mainstream browsers (and some pretty obscure ones!) in my other logging system (an internal project, not jsErrLog – though it’s used there as well) I’m happy that it’s behaving well enough to share so with no further ado…

function guid() { // http://www.ietf.org/rfc/rfc4122.txt section 4.4

                return 'aaaaaaaa-aaaa-4aaa-baaa-aaaaaaaaaaaa'.replace(/[ab]/g, function(ch) {

                                var digit = Math.random()*16|0, newch = ch == 'a' ? digit : (digit&0x3|0x8);

                                return newch.toString(16);

                                }).toUpperCase();

}

Regular expressions, nested functions and logical operators… probably the most I’ve every crammed into that few characters though if you’re really obsessive you can crunch it down even further to one line at the cost of readability:

guid=function(){return"aaaaaaaa-aaaa-4aaa-baaa-aaaaaaaaaaaa".replace(/[ab]/g,function(ch){var a=Math.random()*16|0;return(ch=="a"?a:a&3|8).toString(16)}).toUpperCase()};

I travel for business and pleasure fairly regularly and I like to play a little game I call "opting out for freedom" where I don't subject myself to any security measure that isn't applied across the board to every person getting within damaging range of an aircraft.

While I'm not an American, as I live here at the moment it's interesting to watch how the TSA is using a nebulous threat to eat away at the historic protections, and accuse anyone who questions their actions or motives of being a terrorist.

The Constitution of the United States, a document which is supposed to set out the rights for its citizens and ensure that the Government does not abuse those it is elected to govern, includes as part of the Fourth Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated..." … some would argue that the new image scanners and pat downs are a clear violation of that. It's interesting to read the comments from "Blogger Bob's" post when the TSA implemented the new "enhanced pat-downs" and the total lack of meaningful response. More PR drivel from the Theatrical Security Agency.

"Theatrical Security Agency?" you say. "Surely you got that wrong?"

Well, I don't think so. All of their measures are reactive (taking off your shoes, no liquids over 3oz) and even the new scanners (millimeter wave and backscatter x-ray) have been demonstrated to be flawed at detecting the very things they claim to detect (but don't point that out or the lobbyists who work for the firms earning millions of dollars to install these devices will shout you down). Do they make us any safer? I suspect not… in fact I couldn't find a single press release about a successful nullification of a security threat thanks to all these measures.

In fact, it's possible to argue that by concentrating people at checkpoint lines and piling up even mundane confiscated items (like nail-clippers or Utili-keys) the security agencies are creating potential death-traps. Luckily only in fiction so far (though a similar attack has already happened in Russia)

Iain M Banks - Transition

But this is all old news.

Why do I wonder if the TSA thinks Terrorists are stupid?

I've noticed something travelling over the last few months which disturbs me. Because if I notice it without evil intent and simply as a way to make my journey through the enforced conga line of my (currently twice weekly) TSA then you have to imagine that terrorists may have thought this out themselves (after all if they are clever enough to wage international war against America, get paid and trained by America, learn how to fly planes in America they're probably smart enough to spot the obvious)

The new scanners… are all theater. In every one of the airports I've travelled through in the past few months there's one common factor… there is always a way to avoid them. In some airports there are lanes that simply don't go past the scanner, and I've yet to see a person forced to go around to a machine. In other airports there are often lanes where the scanner isn't operating or not staffed so everyone is simply going through the metal detector arch. Even in places where it's in use the "random" selection is anything but… just the other morning I watched the 50+ people in the queue ahead of me get split so alternate pairs were sent through the new imaging device… I was able to save myself the trouble of opting out simply by timing when I stepped away from the conveyor belt after consigning my bag to the xray.

As September 11 2009 proved terrorists aren't always lone wolves (in fact as TWA 847 and 840 or the simultaneous hijacking of 5 aircraft in 1970)… what's to stop a number of people walking past security with the parts to a weapon or the components of a liquid bomb that then get consolidated. Heck, I've even arranged travel before so I could meet a colleague at an airport – in our case it was to exchange paperwork, but once inside the security cordon with some imagination and a decent travel budget, it's probably not hard to muddy the waters though backtracking via the now ubiquitous security cameras would at least help unravel the trail after any such event.

The problem the TSA, and others like them, face is huge. They have to be seen to be doing something but they can never be 100% successful. Politically motivated, doomed for failure, influenced by lobbyists, staffed by minimum wage unionized civil servants they know they are doomed to failure but while the money's there for the taking (and conspiracy theorists would suggest they can be used to wind back civil liberties) they'll keep on doing what they do.

There may be no solution, and there's certainly no easy answer. Redesigning airports from the ground up to provide multiple layers of security, adding Israeli style human filters, implementing 100% coverage with security measures, reducing hand luggage while increasing automated scanning of cargo, stopping the CAI meddling in other counties affairs and stop going to war to support the oil/mineral economy – these will all help… but faced with a determined threat all these prophylactic measures will do is make the terrorist work harder to achieve their goals.

"People willing to trade their freedom for temporary security deserve neither and will lose both." - Benjamin Franklin.

If you have used IIS for any length of time you have probably come across the term FREB. If you don't know what it is then you should read this great introduction to Failed Request Tracing in IIS. It's applicable to IIS7 and above and is a great tool.

At a high level FREB produces an XML file containing details of errors you are interested in - you specify the error code you want to trap, the execution time threshold or a number of other filters - and provides a wealth of information about what was happening under the covers in IIS.

The problem with FREB Tracing though is that it's very easy to end up with a folder containing hundreds or even thousands of error reports - all named a variant on fr000123.xml - and you have no way to quickly tell which where the ones with details of 401.3 errors, or which ones failbed because they took more than 5 seconds to execute.

Well, thanks to the wonders of powershell there's now a simple solution.

Frebber scans the output directory where your FREB logs are stored and copies the files into a new subdirectory (called .Frebber of course) while at the same time renaming the files based on the nature of the error report they contain.

For instance fr000012.xml may contain details of an HTTP 415 error and took 2571ms to execute, so the file would be renamed 415_STATUS_CODE_2571_fr000012.xml

It's a fairly simple script and if you have a look at the XML format inside a FREB report you'll be able to see how to adapt it quickly to your particular needed. Meanwhile feel free to use the example below, and I'd love to hear any comments or suggestions in the comments.

Oh, it does make one pretty big assumption... that your FREB files are going to the default directory. If that's not that case then you will need to modify that line (I might get around to making the script more complete and add parameter for source and destination directories and some renaming selection criteria but right now this works pretty well for me

$frebDir = "c:\inetpub\logs\FailedReqLogFiles\W3SVC1\"
echo "Frebbering...."
$fileEntries = Get-ChildItem $frebdir*.* -include *.xml;
$outDir = $frebDir + ".Frebber"
# Create the directory for the Frebberized files
$temp = New-Item $outDir -type directory -force
# copy in the freb.xsl so you can still view them
Copy-Item ($frebDir+"freb.xsl") $outDir
$numFrebbered = 0
foreach($fileName in $fileEntries) 
{
    [System.Xml.XmlDocument] $xd = new-object System.Xml.XmlDocument
    $frebFile = $frebDir + $fileName.name;
    $xd.load($frebFile)
    $nodelist = $xd.selectnodes("/failedRequest")
    foreach ($testCaseNode in $nodelist) 
    {
        $url = $testCaseNode.getAttribute("url")
        $statusCode = $testCaseNode.getAttribute("statusCode")
        $failureReason = $testCaseNode.getAttribute("failureReason")
        $timeTaken =  $testCaseNode.getAttribute("timeTaken")
        $outFile = $frebDir + ".Frebber\" + $statusCode + "_" + $failureReason + "_" + $timeTaken + "_" + $fileName.name;
        Copy-Item $frebFile $outFile
        $numFrebbered +=1
    }
}         
echo "Frebbered $numFrebbered files to $outdir."