Bring It On

It looks like my previous post caused Robert Scoble to go on a rant with Not enough RSS subscribers, Drazen says.

Judging by the first few sentences, I'd say Robert either read my post in a hurry or read it only partially. No reason for that - my feed is full text and should fit his taste. OK, let's see... (the text in italics is Robert's, the rest is mine)

 Ahh, ye olde “where’s the ROI?” argument, only in new clothes.

Indeed, yes - but this is not my stance. The ROI argument will come up from marketing and only hard numbers will help them decide. What I am asking is (at the very bottom of the post) that all bloggers help spread the word more so that common folk start using RSS the same way they use email today.

 Let’s study the problem. Let’s say we surveyed 1,000 people. Let’s say that only 3% read RSS feeds. So, that’s 30 people, right?

Not many, right? Well, here we go.

Of those 30 people, I’d bet 25 also have a blog of their own. We call those “influencers.”

I have a feed, but I am far from influencer. There are thousands if not hundreds of thousands of people like me. But maybe you think most of your readers are influencers?

Anyway, let’s say that each of those people have 1,000 blog readers. Now, that’s not uncommon. I know a few people who read my blog who have 250,000 readers A DAY on their blogs.

So, that’s 25,000 people.

Not really :) Even though I have a university math degree I do not need it to see that you are assuming a lot. In order to multiply the numbers you'd have to assume that each of your readers have 1000 distinct readers. And that these 25000 people are somehow special (except from being tech savvy they might be completely average for all we know).

So let's turn things around. What if 500 out of your 1000 readers have blogs. But what if these readers and their readers subscribe to the same 100 blogs or so, plus a few (literally) distinct readers for each of them? That would be just a few thousand of people. What if we (bloggers) are all in a big echo chamber?

Oh, and remember who reads me? Walt Mossberg. So, is that one reader or millions? Don’t know who he is? You should do your homework.

I know who Walt Mossberg is. That is still one reader. He isn't some kind of magical spokesman for you. If he does mention you it will greatly increase your visibility, just like your link to me greatly increased my visibility. But that's all. If my blog is not interesting to people (and it won't be unless they are software developers) they will read the post you pointed to and leave.

Another way to look at it? [...]

A year ago Buzz was in a major USA national newspaper. I won’t name it here, but it has millions of circulation. He had somewhere around 50 downloads. When I linked to his product? He had 400.

So, go ahead and tell me that the blog/RSS audience doesn’t matter.

Wrong conclusion, on two accounts. First of all, people that still buy paper newspapers are most likely not potential customers for Buzz. Your readers on the other hand are most likely perfect potential customers. So the numbers can't be compared. Second, I did not say that RSS does not matter. Far from it. I use it as a consumer (almost all the content that comes to me is in the shape of RSS) and as a "publisher" through this blog. The point is that RSS audience is not big enough yet and we must all work so that it grows to an order of magnitude more readers.

[...]  Go ahead. I dare you.

You should never say something like this to a Serb :), we always accept the challenge even when there's no way we can win ;) Joke aside, let's do something more concrete.

Robert, you are undoubtedly popular blogger. I will repeat it again - your old feed has 18 thousand readers (on NewsGator). Surely you should be able to influence these people if just a bit. Here's what I'd like you to do - kindly ask your readers to send me their blogrolls (as OPML or links to OPML) to weblog at drazen.dotlic.name (email slightly obfuscated to protect from the spammers) with a subject "blogroll challenge". If they are using NewsGator that should be very easy to do.

I will write a utility that will process the blogrolls and present the stats for everyone. Then we can continue this discussion. OK?

If you ask Robert Scoble about the importance of having an RSS feed you might get this: These companies should fire their Webmasters. Is RSS really that important (that it warrants firing people that don't use it)? How do we measure the popularity of RSS?

Well I have found a method. Admittedly it's not scientific, but should give us a good feeling of scale if nothing else. On the other hand, you know what they say: there are lies, damn lies and statistics so definitely do take this with a (large) grain of salt.

The data I am about to summarize here comes from NewsGator and my own blogroll. The reason why they should be a good reference is that after recent acquisitions they should be present on all platforms and have quite a good server sync story. If you haven't noticed, NewsGator has started exposing in the Web edition the number of people subscribed to a particular feed. Unfortunately their API does not surface this data yet so I will manually pick some representative feeds and classify them in groups. Let's start with more popular feeds and move on to less popular ones...

1. Robert Scoble: 814 on the new feed, 18314 on the old one (apparently many folks haven't moved to the new feed)
2. Popular websites and mainstream tech news sites like Slashdot, Wired, CNET: between 1500 and 2000
3. Very influential techies like Joel Spolsky: about 2000
4. Personal weblogs of influential techies - Scott Hanselman, Mike Gunderloy (Larkware), Eric Sink, Don Box, Chris Sells, Raymond Chen and even Rory Blyth ;): about 500-800 [sorry for not mentioning other influentials, like I said since API does not expose the data I am doing this by hand)
5. Personal weblogs of non-influentials and less popular mainstream sites - many, including myself: 2-10
6. Assorted feeds that have only 1 subscriber - since I'm reading it that must be me: JobsiteUK, VMWare (!)

What do we see? A long tail, sort of. There are few surprises like Scoble having about 10x more subscribers than Slashdot, VMWare having only 1 (me!) and sites like Freenews that cover news related to my ISV (second biggest in France, millions of users) that belong to group [5] with only 4 subscribers.

But besides from that, most (popular) blogs have about 500 subscribers (again, on NewsGator, not overall). Even if non-scientific, I'd say this clearly shows that blogs are still in their infancy. 500 readers? That's nothing compared to hundreds of millions of people using the web and probably hundreds of thousands visiting popular Web sites.

Based on these numbers, I don't think people should be fired for not exposing RSS feeds. There simply is not enough data out there to support this. I think we ([I hate to use this term, but don't have better] blogosphere) should put more effort into educating wider audience about the benefits of RSS and thus give more viable data to support the introduction of RSS feeds.

For those that do not know, this site is hosted on my home computer. You know, do-it-yourself white box with Windows XP Pro, nice multimedia machine hooked up to the TV in the living room. Except that this one is on all the time and has IIS installed and running along MSDE (both are needed for the weblog [.Text] and for the SCM [Vault]).

The machine is quite old for a geek like me ;) but for the needs of my wife (email, surfing, cooking recipes and such) is good enough, plus it serves the weblog and SCM just fine. It's an Athlon XP 1500 with 1GB or PC133 RAM (I bought it when it was really cheap), NVidia GeForce 4200 (obviously I don't game on this any more), RAID 0 Strip of two Quantum 40GB drives (thus one logical 80GB drive) and a NEC-3500 DVD burner (the only relatively new thing, got it a year ago for birthday).

The good side of hosting Web related content myself is that I can install whatever I want, whenever I want. I can experiment, rollback when I screw up, backup more than once a day...

The bad side is that when something does go wrong, I don't have a reserve. I do have another computer (quite powerful laptop that I primarily use, I wrote about it in a previous post) but it's not suitable as a Web server.

One of my hard drives in RAID starting acting up two hours ago. After a bit of fiddling with IDE and power cables I managed to boot up the machine, but I don't know how long this will last nor the reason (drive or the motherboard). There is a high possibility that the next time I restart I will not be able to boot the machine (luckily I generally never restart). This shows that RAID 0 stripping has a big downside - if one drive fails, the whole strip fails. There is a speed advantage though, but modern drives are already faster than RAID 0 strip of two old Quantums.

If this blog goes offline then you can safely assume that I'm having a hardware failure. Looks like it's time for upgrade whether I like it or not... My wife will kill me :((

Notepad2 is a small, fast and elegant replacement for notepad. Besides from small functional improvements you could say that Microsoft has practically abandoned the built-in editor for Windows. Even though notepad2 is not actively updated any more it is already very good and completely free. In fact many would like to completely replace notepad with notepad2 so that whenever and wherever you type notepad.exe you'd get notepad2.exe.

The naive approach is to try to replace the file under the Windows installation directory, but this approach has flaws (what if new Service Pack comes?). On the other hand, you probably know of at least one cool application that is able to completely replace another built-in Windows counterpart - Process Explorer does that to taskmgr.exe.

Why not do the same to notepad? Let's see first what Process Explorer does - it pretends to be a debugger for taskmgr.exe. How do I know? By using another excellent SysInternals freeware that everyone should have on their machine called Autoruns. One of the categories of, well, intrusive behaviors that Autoruns detects is Image Hijacking. This is how this category looks on my machine at the moment:

This is no hack. Matt Pietrek has referenced the MSDN docs that go in more detail in this post. Things boil down to this - you can tell Windows (by a few simple registry entries) that whenever you start abc.exe you actually want your xzy.exe to start and debug abc.exe. This is nothing more than an interesting way to reroute execution of any EXE on the system, exactly what we need! There is only one thing - you can't point to notepad2.exe as a debugger for notepad - if you do that, notepad2 will be executed each time with notepad.exe as a parameter.

As almost any other problem this one is also solved by another level of indirection. What we give to Windows as debugger is a small app that will accept real path to notepad2 as it's first parameter, will ignore second parameter (that will be notepad.exe that we are supposed to “debug”, Windows passes it to us) and will pass third parameter (if found) to notepad2. The complete source code for this utility I called ImageHijack follows (note that you must compile it as /t:winexe to avoid console window showing up)

using System;
using System.Diagnostics;
namespace ImageHijack
{
  class Program
  {
    [STAThread]
    static void Main(string[] args)
    {
      bool hasDoc = args.GetLength(0) > 2;
      String procToStart = args[0];
      Process p = hasDoc ? 
        Process.Start(procToStart, String.Format("\"{0}\"", args[2]))
        : Process.Start(procToStart);
      p.WaitForExit();
    }
  }
}

Build this and put the exe somewhere in your path and then add the following to the registry (change notepad2 path to where you keep it, of course):

That's it! The ImageHijack.exe can be used to hijack even more apps if you want. If you ever forget which app is hijacked and which one is not, just run Autoruns and it'll tell you.

P.S. Yes, I am aware that this is also potentially attack vector for viruses and such.Like any other tool it can be used for good and evil.

Both Jeff Atwood with his Avoiding Undocumentation and Wesner Moise with MSDN Undocumentation rise valid points - MSDN can sometimes be mysteriously cryptic or shallow regarding an API or a class. This is generally often the case when new technology comes out and the docs stay “broken” until we all learn a bit from using it.

However if you compare MSDN with other companies' documentation you'll find it to be of supreme quality. This unfortunately does not say much about Microsoft documentation as much as it tells a sad story of a pathetic state that most other companies keep their API docs in. This truly is one of the biggest problems developers face today - new libraries and APIs are issued almost every month but not much effort goes into documenting them properly.  Still, if I have to choose I'd take MSDN docs over any other, any day.

Nevertheless, what I encountered today was unfortunately something worse than useless documentation - incorrect documentation. I converted a web project from 2003 format into 2005 format and found the resulting file/folder reorganization a bit weird. The conversion wizard was quite detailed in its report and did the job quickly and correctly.

Strictly following the docs, I moved some files around and messed up; the project wouldn't compile any more. Took me half an hour to figure out that the documentation is not to be trusted and that I should simply run the conversion again and not touch anything. It worked - the project compiled fine. If you're interested, it was the part where docs explain what happens to the global.asax file in 2.0 that is incorrect - hopefully they'll fix it in SP1.

I wrote about Dog Soldiers about a year ago in the post that praises British horror. The same director Neil Marshall is back with another great horror The Descent.

The Descent is done in the greatest tradition of horror movies, just like Dog Soldiers were. Remember how in most if not all horror movies it's the girl that escapes/kills the monster in the end? Neil gives us only female characters this time so it's a no brainer ;)

The film has been criticized because it takes about half of it's running time until mayhem begins. I don't think that is a big deal, in fact the tension slowly rises into one of the most furious 45 minutes I have seen in a long time and the second half more than compensates for the slowish first.

Highly recommended for horror fans.

A few friends have asked me why did I choose Ruby over Python for example (Perl was luckily not mentioned at all). After all, it's not like I'm Ruby on Rails convert (haven't even looked at it) and Python is coming to the .NET platform (that I openly support).

Well, I can't really say. Somehow, Ruby looked cleaner than Python but I haven't been able to quantify that.

However, today I ran into a funny issue with Python that left me completely stunned... You know how try/catch/finally works in C#/Java? Or begin/rescue/ensure in Ruby?

As expected, Python supports try/except/finally too. But get this - you can't use except and finally. Yup, only one of them. And get this - the reason supposedly is that Python interpreter would not know which one to execute first - except or finally (I guess finally was not big enough hint, nor dozens of examples of usage in other languages).

I'm glad I picked Ruby ;)

Just watched a great documentary from 1982 about the team that created the first FORTRAN compiler (via Lambda the Ultimate). It's only 12 minutes long and well worth your time.

What I found immensely amusing is that at the very end one of the creators proudly states how that project was one of the few with the longest life out there - the compiler as such was used (presumably) unchanged for about 20 years! So if you were a programmer at that time you could have spent half of your entire working career  using FORTRAN and the same compiler.

Contrast that to today's everyday tasks - it might happen that you need to use C++, XSLT, SQL and Python on at least two platforms using about the same number of C++ compilers, XSLT processors and Python interpreters, plus at least two Transact-SQL variants. All this for a task that takes a few days to finish. Imagine the effort needed for a complete product...

Life has been so much simpler before.

You'd think Microsoft has learned the lesson. For years, they've gone unimaginably far to preserve backward compatibility and help even software vendors that ignore the specs. We could have always relied on Microsoft not to break our apps unless there was a really, really good reason for doing so (Raymond Chen's blog is full of interesting examples of this).

Well, they seem to think that there is one reason to rule them all - security. Microsoft's reputation in this field has not quite been stellar in the last few years. Someone decided to put an end to this and prove once and for all that Microsoft, when focused and committed, can do an excellent job with security. Thus we got Secure CRT (C Run Time library).

(Beavis and Butthead voice) “He said 'C runtime'. Heh. Hehehe. Hehehe.“. Who cares about C runtime in 2005? Just about everyone, implicitly. Even if you don't make a single call to C runtime you will be dependent on it if you make calls to C++ runtime because many functions in the C++ Standard Library will delegate most of its functionality to C library whether you like it or not. Python relies on C runtime, Ruby relies on C runtime, heck - Windows itself relies on (admittedly older version of) C runtime.

Now that it's established that we should actually care about what Secure CRT is all about I present to you one of the stupidest moves from Microsoft in a long time - in an effort to help everyone making CRT secure (noble goal), Microsoft will break practically all applications in runtime (assuming they are recompiled with the latest Visual Studio 2005 i.e. C++ compiler version 14).

The problem is that this is a runtime issue, not a compilation issue and is very hard to work around. In fact, Microsoft's own C++ Design-Time Breaking Changes has the following to say on this issue: “Work Around: None Available”.

What is the issue? I'll quote Microsoft on this one (taken directly from the document I just linked to above)

Many existing functions now validate their parameters and will call the invalid_parameter_handler when an invalid parameter is passed

This is good, no? Instead of blindly expecting the developer to do the right thing, Microsoft will do the work for you and validate all parameters you send to C runtime library functions. But what's this invalid parameter handler you might ask? That my friend is Microsoft provided function that will invoke Dr. Watson and terminate your app. Not good. Developers, developers, developers might be pissed (I know I am).

To be fair, there is a work around - if you want, you can set the invalid parameter handler to be your do-nothing function and you'll get the old behavior. But this is clumsy and requires me adding code to all apps plus it's hard for 3^rd party vendors that ship DLLs - should they set their own invalid parameter handler, or expect your app to do so? These handlers cannot be chained and the call to set a handler is not thread safe. Every DLL that sets this handler will overwrite someone else's and you can't even know if there was a custom handler set before. This is bad, bad, bad.

What you will see as a result is that many software vendors will opt to do nothing and will not move to Visual Studio (C++) 2005. I don't think this benefits anyone.

Call to action for Microsoft - please fix this in Service Pack 1. There is a simple way to work around this issue - provide a compile time switch that will affect the behavior so that one of the options is do-nothing. There are many benign calls to runtime with invalid parameters that can be handled by returning an error code, not terminating an app.

If this is what secure is supposed to be, I don't want to be secure. I want my apps that have been working fine for 10 years to continue to work.

Let's summarize several of the problems with just released Visual Studio 2005 that have been exposed on some blogs and then quickly spread over to big media:

1. Wesner Moise runs into an ICE (Internal Compiler Error); this looks like a legitimate bug and is very unfortunate if it happens on clean installations (Wesner explains in a later post that it could be related to an upgrade from older betas, but I'm skeptic); the main reason I moved on to C# from C++ was the reliability of compiler and I'd hate to see C++ complexity spill over to C# - after all, generics are less complex 
2. Frans Bouma reports legitimate bug with the IDE; this one is less of a problem as long as compiler can swallow the code but it still needs to be fixed
3. Roy Osherove proves that sometimes it's not good to jump the gun and reports a problem that does not exist; apparently namespace handling in VB/C# could be tricky for some people

So, out of three, we have one legitimate IDE bug, one somewhat questionable compiler bug and one misunderstanding. Not bad and definitely not as bad as some media would like you to think.

However... I can confirm from my own experiences with beta 2, RC and now RTM versions that the quality has not been as high as I'd like, but such is life with date driven releases. Here's an example of “lack of polish” that's highly visible - immediately after the setup of SQL Server 2005 is done you will get an option to run a Surface Area Configuration tool. Idea behind this is good - improve security of your server by running only what you need. Just to be sure, I clicked on Read more about configuring the SQL Server surface area and got this

The link stayed broken like this. Note that I installed practically everything so it can't be due to a help file missing or such. On the other hand, the tool itself worked just fine.

Conclusion? Visual Studio 2005 (can't tell yet about SQL Server 2005) is somewhat a rushed release. This time it would be really nice if Microsoft would issue a service pack as soon as possible. There are indications that this will indeed happen by the middle next year.

In the meantime I'll use 2005 - too many good things are in and I got used to them already - there's no gong back. On the other hand, if you can afford/are forced to wait or simply want “others to debug it for you” that's fine too.