Git Flow: it’s child’s play

Posted on by
Reply

At work, we’re moving over to use Git Flow. (A moment of background: Git is a “version control system”, a way of keeping a history of all the changes you’ve made to a file or files, in much the same way as one might have “important_spreadsheet_20120103.xls”, “important_spreadsheet_20120104.xls”, “important_spreadsheet_original.xls”, and so forth – but with much less clutter.)

It’s sometimes hard to visualize what’s going on with Git when you’re unfamiliar with it, and not everybody is familiar with the concept of a Directed Acyclic Graph, so to help get everyone up to speed, we ordered a Tinkertoy set.

There are probably better ways to spend Monday morning at work than putting together a Tinkertoy model of a Git repository, but I can’t think what they might be.

Publishing platforms and cross-publishing

Posted on by
Reply

I am currently publishing with WordPress. Entries are cross-posted to various other places, including LJ and DW. This addresses several basic desires I have for a publishing platform:

  1. That I can write using one consistent set of tools, and not have to keep three or four or more targets in mind when I’m writing;
  2. That all of my writing (and any images and so forth I might publish) is in one convenient central location for backups and storage;
  3. That I can publish things publicly, note things privately, or write to a group of friends and acquaintances without difficulty;
  4. and that I can fiddle endlessly with the fine details of implementation but that the general functionality just works and does what I want.

It’s also convenient that I can also use the publishing platform I get paid to work on, since it means that such fiddling around with fine details of implementation is, as I like it to be, both my hobby and my profession.

Ultima 7, once again

Posted on by
Reply

After a long hiatus, Ultima 7 is now available to purchase again, from Good Old Games. It includes all four…well, let’s call them “episodes”: The Black Gate, Forge of Virtue, Serpent Isle, and The Silver Seed. They can be played easily on modern systems (with a number of modern improvements to the experience, although with the original graphics and so forth) using Exult.

One more giant drain on my spare time: coming up!

Happy New Year! Make some mistakes.

Posted on by
Reply

I’m not the first person by a long shot to say that the “good enough” is the enemy of the “at all”. I’m probably not the last to get around to believing it, either. One of these days, I probably will remember it.

I’m a perfectionist. I hate doing things wrong, or doing things poorly. This is a common flaw among computer folk, at least, and it leads to some outstandingly bad code and design decisions – what “wrong” and “poorly” mean can get pretty myopic if you’re not careful, and you end up with a huge pile of rubbish built to handle every case that you can imagine but that frequently doesn’t handle any of them well. It’s been important for me to recognize what “good enough” means, and aim for that rather than some imperfect view of perfection.

But that has the same pitfalls! If “good enough” is the ideal, then there must be a “perfect” good enough, right? Finding exactly the right compromise solution is now just as important as finding exactly the right overall solution, and in some ways that’s even harder to decide on and simply do.

It’s important to do things wrong. It’s important to do things poorly. Doing things wrong and doing them poorly means you’re doing them at all.

I hope that in this year to come, you make mistakes.

Because if you are making mistakes, then you are making new things, trying new things, learning, living, pushing yourself, changing yourself, changing your world. You’re doing things you’ve never done before, and more importantly, you’re Doing Something.

So that’s my wish for you, and all of us, and my wish for myself. Make New Mistakes. Make glorious, amazing mistakes. Make mistakes nobody’s ever made before. Don’t freeze, don’t stop, don’t worry that it isn’t good enough, or it isn’t perfect, whatever it is: art, or love, or work or family or life.

Whatever it is you’re scared of doing, Do it.

Make your mistakes, next year and forever.

–Neil Gaiman

iMania

Posted on by
Reply

The Apple iPad, like many apple products before it, has polarized people. Some people love it, some people hate it. Some people will use it everywhere, some people honestly can’t imagine a single use.

As with many products before, I fall somewhere in the middle.

On the plus side: It looks like a beautiful piece of hardware; every report I have read says that using it is a dream come true to any fan of the various iTouches. Fast, integrated, smooth, and with beautiful user interface decisions; top of the line hardware and (more polish on) groundbreaking software combine to make an unbelievable platform, and one which the vast majority of people will find satisfies their needs and exceeds all their expectations.

On the minus side: Apple has made, and will continue to make, an intentionally crippled and limited device in the name of a better overall user experience. While I wholeheartedly agree with their goals – make it accessible to the common man! – it is simply not what I, as a power user who is otherwise well in the target market, need in many respects.

Any number of minor concessions would solve this problem for me – and these are the same issues I have with any “trusted computing” sort of platform. It is not my best interests that Apple is trying to protect here, either as a developer or as an individual user. It is theirs, and it is not in their best interests to allow me to, for instance, decide whose software I actually trust.

No, I’m not trying to run Linux on the thing. It runs a perfectly acceptable *NIX operating system already, and in fact has a fantastic GUI (for almost every purpose) and software installation procedure (for almost every case) already. I just want to run my instant messenger and Pages. Even just the ability to background one application (with – yes, I realize this – the appropriate time and attention put in to making the experience smooth and complete) would make a huge difference in the overall usability.

I’d really like to run Processing on it. It’s just such a perfect platform for art-programming, and there’s nothing else quite like Processing for that.

But that’s all. I don’t want a pony.

Subject Alternative Enlightenment

Posted on by
Reply

So there’s this thing called an SSL certificate. Everyone (or at least the vast majority of anyone who is ever likely to read this) knows about SSL, or HTTPS, or at the very least the browser lock symbol.

Another time I’ll talk about a bunch of nonsense regarding the details of SSL and some of the strange things that have come out of it, but for the moment, one specific thing stands out.

Part of an X509 certificate is an optional piece of metadata called a Subject Alternative Name, or SAN. If you take a peek at an SSL certificate that provides one, you’ll see something like this:

Certificate:
    Data:
        [...]
        Subject: C=US, ST=CA, L=Cupertino, O=Apple, Inc., CN=*.example.com
        [...]
        X509v3 extensions:
            [...]
            X509v3 Subject Alternative Name:
                DNS:specific.example.com, DNS:example.com, DNS:*.example.com

Normally a client connecting to https://example.com/ will get a domain mismatch certificate error, because the CN *.example.com does not either exactly or via wildcard match example.com. However, a large number of clients also examine the list of SAN DNS names to validate the domain; since example.com shows up in that list, no error will be displayed.

Every major browser – IE, Firefox, Opera, Safari, and even the venerable Netscape Navigator have supported SANs since at least 2003. Surprisingly, Internet Explorer has supported them since Win98 (yes, that means they work in IE6, for those keeping count). Many mobile devices also recognize them – certainly the newest crop of WebKit-based and Android mobile browsers, but also things like Symbian 9.2+ and Windows Mobile 5 and 6.

Furthermore, SANs can be used to cause certain mail clients to stop complaining about connecting to a mail server that services multiple domains under one IP. Since these same mail clients are often configured to recognize an internal CA, rolling up all the possible names into the SAN list on a single certificate can save a pile of headache.

Why hasn’t this been more widely advertised and well-known? Because many certificate authorities are more in the habit of selling encryption than verification, and so would very much like to charge you for every single line in the certificate and every single reissue of the same certificate with slightly different metadata (say, a different set of SAN entries, in this case) rather than charging you for their performing trusted due diligence to ensure that you are who you claim to be and that you have the rights you claim to have over the subjects (in this case, domain names) in question.

Thanks a lot, “trusted” authorities. Way to instill confidence in your services.

There are a few respectable exceptions, of course, and a few web-of-trust CAs which perform the services for free or for reasonable, nominal charges. The web-of-trust CAs tend to have less or no native browser support, which makes them less suitable for general purpose commerce, but for those in the know (or a known browser demographic) they can be a fantastic alternative.

I’m currently a fan of DigiCert for business use, and StartCom for personal use. As a side note, many domain registrars (such as Gandi) also provide a free basic 1-year SSL certificate with purchase of a domain name.

sound zen

Posted on by
Reply

A few music and making-music links to start off the weekend.

(the original web zen, in case somehow you hadn’t run across it already)