Posts Tagged: Rants

May 12

Stop making it so hard for me to give you my money

Shut up and take my money!

I sent the following letter to shinywhitebox’s customer support today after trying to buy iShowU HD. iShowU HD is a terribly-named but genuinely good piece of Mac software. Unfortunately, the experience of buying it almost made me give up in frustration.


Dear shinywhitebox,

You guys made it really difficult to give you my money today. I was trying to buy the $69.95 iShowU HD Pro / Stomp bundle, but I couldn’t for about 15 minutes.

Using Safari 5.1.5 for Mac, I registered, then tried PayPal—it went to a sandbox account which I couldn’t log into. I tried my Visa and it was declined (the card is fine and I double checked the info). I tried Kagi but it only has iShowU for sale. Not inspiring a lot of confidence here.

I looked on the Mac App Store but it’s $30 more for both. That’s hard to swallow.

I started the process on the website over again in Chrome, because I had clicked several times on iShowU HD’s Add to Cart button but because of lack of feedback I thought it wasn’t working—instead it kept incrementing the quantity counter on the right, up to 5. Even though I had changed it to 0 and clicked Update before I tried my first purchase attempt, when I tried to start over in Safari the 5 still appeared.

Anyway, there was no record of the user I created. So I created it again (I guess it’s only created on successful payment). This time the card worked, and I was presented with the products I had just purchased.

Well, the names anyway. There were no download links. If I just purchased the software, you should present the download links immediately, even if I can easily find them on the website.

I checked my email and found two duplicate “Your new account details” emails—one from “LocalTestSupport” and another from shinywhitebox Support. The final third email did, in fact, have download links.

In the final email, there was a typo:

Load the app at least once (you’ve done this already right? cos you downloaded them demo … right? :-)

No, I had deleted the demo because I had tried to do the software update before all of this and it failed. It was probably a year old and I chalked it up to something breaking in the interim.

Guys, you make a great app, but you made it so hard for me to get a registered copy of it that I wonder how many potential customers you bounce in the process.

p.s. Your contact form declined my perfectly valid .name email address. If you care about customer feedback, you should make email optional anyway.

Update from Neil Clayton at shinywhitebox: Neil responded to this by email with a detailed reply that covered most of the issues I raised. It looks like I was somehow funneled to the test server, but he was unsure how it happened (and, I assume, will investigate). Besides that, he has:

  • Created a ticket to add download links to his emails.
  • Fixed the typos.
  • Removed the email validation on the contact form.

No word on the price discrepancy of the Mac App Store versus the website, or the different product offering on the Kagi store, but thanks to Neil for taking the time to address some of these concerns.

Like this post? You might also like Coalmine, my centralized error tracking service for your apps. Coalmine captures errors and all kinds of helpful debugging information, notifies you, and makes it all searchable. Check it out!

Mar 09

2009 Dice Career Fair in Seattle

Fun fact: Last month I was laid off from my job at a startup, along with about half the company. Now, I’ve been sending out resumes and interviewing, and although I’ve never been to a career fair before, I figured I might as well go just in case. Why not, right? Well, I’ll tell you why not.

The thing ran from 11 AM to 3 PM, and I got there around 10:45 only to see a very long line forming. The line stretched longer and longer leading up to 11; at least 100 people were there when it opened.

As we slowly shuffled up to the registration table, I came to the realization that there were a grand total of four companies at this so-called “career fair”. FOUR. In the e-mail about the event, they had a list of companies but I thought it was a representative sample—not the entire list.

Isn’t there some agreed-upon or understood minimum number of participating companies for these things? When the entire career fair could fit inside a hotel room, as opposed to a ballroom, I think it’s time to call it quits.

The utterly depressing thing is that almost every candidate there was a middle-aged man in a suit. These are guys that have families to feed, all competing over what amounts to scraps… the desperation was pretty palpable.

Anyway, I just left.

Like this post? You might also like Coalmine, my centralized error tracking service for your apps. Coalmine captures errors and all kinds of helpful debugging information, notifies you, and makes it all searchable. Check it out!

Oct 08

Stop validating e-mail addresses

Because you’re doing it wrong. At least, that’s what I’ve discovered to be the case with,, and a number of other sites.

My personal e-mail address has a .name top-level domain. Dot-name, of course, being one of the 280 (at present) valid TLDs. Your rinky-dink regular expression that checks (com|net|org|gov|mil) does not cut it.

This morning I tried to order a book from Borders. I couldn’t. They didn’t like my e-mail address. I also tried to change my password. Couldn’t.

Ultimately, I had to change my e-mail address in order to do anything. Now all of my personal e-mail goes to one address, and all the Borders mail goes to another that I use for technical mailing lists.

Look, e-mail addresses are complicated. More complicated than you think. See Phil Haack’s enlightening blog post on the subject if you don’t believe me.

Did you ever consider why you are validating e-mail addresses in the first place? It’s in the customer’s best interest for an order confirmation e-mail to get to their inbox. Why do you put two text fields to confirm an address? It’s to help prevent the user from making dumb mistakes, right? The fact is there’s no need for rigid validation—either the e-mail gets there or it doesn’t.

If you must validate, do this instead: /.+@.+/. That’s guaranteed to be future-proof, and people like me won’t write you ticked-off e-mails telling you to fix it. ;-)

Like this post? You might also like Coalmine, my centralized error tracking service for your apps. Coalmine captures errors and all kinds of helpful debugging information, notifies you, and makes it all searchable. Check it out!

Mar 07

Whatever you do, don’t install Windows Vista

Windows Vista isn’t as bad as Windows Me, but compared to 2000, XP, and Server 2003, it’s a disaster.

In the last few years I’ve grown to prefer OS X, but don’t let that fool you—I’ve used every Windows since 3.0. I actually liked XP quite a bit; however, Vista is not XP. There are just too many problems with Vista to ignore, and as it stands now, you should not install it under any circumstances.

Most of the problems center around User Access Control (UAC), Microsoft’s new ACL-based security strategy. ACL is a broad concept used in web applications and programs like Apache to determine user access rights. The idea is that rights cascade from most general role to most specific role, such that user ‘jsmith’ may be in the same ‘users’ usergroup as ‘rjones’ but have more or less control than ‘rjones’ does.

The problem is that Vista’s ACL implementation is the worst I’ve ever seen.

The Mac ad with John Hodgman pretty much nails it. Every time you want to do something in Vista, no matter how seemingly trivial, it stops everything to nag you, “Do you want to do this?” Sometimes, you have to go through two different prompts just to approve it. That would be fine if the prompts were infrequent—say, when you are installing a program, changing the system configuration, or when you run a new program (but only the first time). Instead, it prompts you constantly, incessantly, not remembering your previous selections. It’s as if Guy Pearce from Memento was handling your security.

You might say, “People complained when Windows was insecure; now Microsoft adds system-level security and you’re still complaining.” But the problem is users, not the fact that they weren’t prompted nonstop every time they tried to use their computer. And as with every other frequent prompt, users will begin to ignore the UAC nags. Users don’t read prompts. Actually, users don’t read much of anything unless it’s directly related to what they’re trying to do. But the way to combat that is not to prompt them constantly, teaching them to ignore yet another warning. It’s to make the warnings as infrequent as possible, so that the user realizes that something out of the ordinary is happening.

If you really hate it, you can turn it off, right? Oh, naive user. Turning off UAC altogether removes all prompts—including the ones that Windows requires to perform certain tasks. Do you know how annoying it is to attempt to rename or delete a Start Menu item, only to have Windows shrug off your command with a terse, “You need permission to perform this action”? Or to type “net stop apache2″ in the console in order to restart Apache, and have Windows dully tell you, “System error 5 has occurred. Access is denied”?

Simply put, the UAC implementation in Vista is braindead. And unless their QA department has completely dropped the ball, I think Microsoft knows it. I think they decided that shipping was more important and that they would fix the most glaring bugs with the first service pack (a reasonable conclusion, I suppose, after six years of development). The problem is, we fools that adopted early have to fight with our computers in order to do anything.

But UAC isn’t the only headache in Vista. Among the others:

  • Frequent explorer.exe crashes
  • Desktop and explorer windows not refreshing—ever!—unless manually forced to do so
  • Like XP, a complete inability to customize the Aero skin with my own colors
  • Settings, often with older programs made for XP, not being remembered (likely related to poor backwards compatibility with UAC)
  • My Recycle Bin disappeared from my desktop altogether, even after a reboot—turns out it set itself not to display all on its own

A UAC kludge to save your sanity

There is something of a fix, though. If you’ve installed Vista Business or Ultimate, you can keep UAC turned on but tell Windows to shut up, er, auto-approve all prompts. The application you want is secpol.msc and detailed instructions on using it can be found at

A word of warning, though: if you have a hard time managing your own security, don’t turn off UAC. I’m not responsible for any changes you make to your computer. ;-)

Like this post? You might also like Coalmine, my centralized error tracking service for your apps. Coalmine captures errors and all kinds of helpful debugging information, notifies you, and makes it all searchable. Check it out!

Oct 06

The Zend certification exam

A couple of months ago, Zend unveiled the new PHP 5 version of their certification exam, which they promised would focus less on syntactical issues and trick questions and more on testing if you actually understood how to program pattern-based, object-oriented code—or knew enough about it to fake it, anyway.

The importance of a well-known, respected PHP certification is pretty simple: there are lots of crappy PHP developers out there. From my experience, most of the people that do job interviews can’t tell good code from bad, so having some kind of recognizable certification is a way to say there’s a pretty good chance you won’t spew out a bunch of ugly, unmaintainable code that someone else will just have to rewrite a year after you leave.

Well, I just finished taking it, and I suppose it’s appropriate that it’s Halloween because there were plenty of tricks on the test. Roughly one-third of the questions seemed to be along the lines of, “Assume you are an idiot, and you enjoy wasting your time doing stupid things. Here is an example of one of the many stupid things you might try. What would happen?” For example, what would happen if you had a PHP 4-style constructor and a PHP-5-style constructor in the same class? What is the difference in the return values (not the output!) of print versus echo?

Questions like these are bad because they rely solely on educated guesses about PHP’s behavior—after all, most people will not have tried to do things like this. That would be fine if PHP were consistent, but one of PHP’s biggest flaws is its complete lack of consistency. You can never really predict how PHP will react to an exotic code sequence without just trying it and finding out, because there are very few rules that apply across the board. Sometimes PHP will try to discern what you meant and other times it will error out. Occasionally, and most egregiously, it will fail silently.

Not quite as bad but still annoying is the third of the exam consisting of questions about functions that most PHP programmers rarely or never use. When’s the last time you wrote a custom stream, for instance? And perhaps like any good programmer who commits inane things to memory and never uses an IDE or you have memorized all of the parameters of all functions, ever. Can tell me exactly what a “1″ in this particular argument position does? And if you want this particular behavior, should it be a constant in this spot or a Boolean value?

Now, to be fair, the entire exam isn’t like that, and if you’ve been adding in your head I’m only up to two thirds. The final third of the questions is actually quite reasonable and covers object-oriented programming concepts in PHP, basic design patterns, implementation of interfaces versus abstract classes, multiple inheritance, E_STRICT compliance, and so on. These are good—they actually test if you understood how PHP 5 works on a broad level, and understanding broad concepts is far more important as a programmer than memorizing the effect of little-used parameters and the return values of things that you would never want the return value for—even if you’re testing knowledge of a specific language.

We took the test on paper (I had been told it would be on a computer and scored instantly), so I have to wait a week for my results. I have been programming in PHP for seven years now (starting with version 3 in 1999) and strictly in version 5 for the last year and a half. I also attended an excellent, mostly-English 8-hour prep session by Christian Wenz as part of the 2006 Zend PHP Conference. Tellingly, Christian again and again said things like, “You’ll never encounter this in the real world, but it might be on the exam.” Despite all that, I frankly have no idea if I’ll pass or not.

As I was leaving, I rode the elevator with a fellow test-taker. “I feel like I’m back in high school,” he said, “and I just failed the SAT.” Tell me about it.

Update: I passed.

Note: None of the specific questions I’ve written here are actual questions I encountered as part of the exam. However, they are similar in nature for the purposes of example.

Like this post? You might also like Coalmine, my centralized error tracking service for your apps. Coalmine captures errors and all kinds of helpful debugging information, notifies you, and makes it all searchable. Check it out!