I don’t miss XML

I don’t miss XML. XML would only be a quarter bad if it didn’t introduce the ambiguity of trying to decide whether data should be an attribute of an element or the value of an element.

1

<element attribute="attribute-value">value</element>

It would only be half bad if it didn’t introduce the unwieldy syntax of triangle brackets and an end-of-element closing syntax that use more triangle brackets and a second copy of the element name. It would only be three quarters bad if the syntax for comments didn’t also use triangle brackets, along with a few hyphens and a required closure at the end of each line.

Today I migrated a web site from Express 2.5 to Express 3.0.0rc3. This is a non backward compatible version change. Express has a Migrating from 2.x to 3.x wiki page, but it doesn’t quite leave you prepared for the more time consuming incompatibilities that you’ll need to fix. I’ll enumerate some of these differences here. Note that some of these issues may be ironed out in later releases of Express.

How Dropbox and the App Store are a counterpoint to Web Apps

About five years ago a colleague and I were lamenting the fragmentation of identity and storage caused by the new crop of web apps. You could edit a Powerpoint-like presentation at one site, a photo at another, and check on your calendar at a third site. Each site required a separate login, and your content was stored in some unique new format in a cloud database that you couldn’t extract your data from. We saw a case for abstracting identity and storage to make life easier and less confusing for users and to help with archiving content beyond the life of the web site (e.g. 280Slides, which is now a member of the dead pool). We were focusing on fixing identity using OpenId-like solutions, but we also thought the answer to cloud storage might be to provide a standard storage service that all the web apps could use.

This week I turned paper delivery back on for T-Mobile and all my credit card statements. I didn’t do this to save the US Postal Service from extinction. I did it because these businesses’ statement ePickup services weren’t delivering an adequate level of service. I call their electronic statement services ePickup because instead of delivering the statements they send you an email notice telling you to go pick up your own statement. Read more about ePickup in my previous post.

In the case of T-Mobile I’ve turned on paper delivery for two reasons:

• I got caught out when I migrated my service from T-Mobile to T-Mobile last year and changed the primary account holder’s name. Statements for previous months were no longer available on their site and I was not able to verify excess charges.
• T-Mobile’s web site is painfully slow.

Unlike T-Mobile, all my credit card providers have fast, convenient web sites. But because of the inconvenience of ePickup, I don’t end up retrieving my statements in a timely manner. The time that consumers are given to dispute a charge is now down to two months. To allow me enough time to review charges and go through the potential process of disputing charges with merchants and then the credit card issuer I’ve opted back into paper delivery.

Despite now receiving these statements as paper, I still periodically retrieve electronic copies and file these away on my computer for archive purposes. I also eventually shred the paper copies to reduce the risk of identity theft (almost 65% of identity theft cases start with stolen paper statements, bills and checks).

Update

2012/08/15 T-Mobile updated their site and you can now download your statements as PDF files. The problem is these PDF files are not standard PDF files. They are XFA (XML-based form) PDF files. These files contain document-building logic and XML data that generate the actual pages on-the-fly when you open them. They take 30 seconds to open, prompt you to ask if you want to save changes each time you close the document, and are not renderable in the myriad of PDF readers that are not built for the desktop by Adobe. This includes Preview on the Mac.

XFA is horrible technology produced by Adobe at a low point in it’s sanity (at around the same time they chose to buy Macromedia and Flash, by the way). It’s surprising that any company would evaluate this technology and choose to proceed with it’s deployment. T-Mobile did just that and has also stopped making it’s statements available as HTML. This means there is no way to get a proper PDF file from their site. All the more reason to keep getting paper.

Sophos ran an article this morning describing how “two typosquatting sites, Wikapedia.com and Twtter.com, have been forced offline and fined £100,000 ($156,000) each by a UK telephone regulatory agency.”

We’ve all mistyped URLs and encountered typosquatting domains attempting to profit from these fat-finger errors. A good way for you to prevent this happening is to bookmark the pages you visit most often and never type their URLs. This is particuarly import for financial institutions or anywhere else where you are likely to enter a valuable userid and password. Use these bookmarks rather then typing the URLs or clicking on links that have been emailed to you.

A good percentage of users don’t practice organized bookmarking. Users would benefit from a cleaner or more automated approach to adding and using bookmarks for all the sites they log in to, or at least the higher value sites. They need to be further educated to never click on URLs sent by email or obtained other sources, and to only access these services from the bookmarks.

For the forthcoming Mountain Lion release of Mac OS X, Apple is advancing their support of iCloud and introducing the Notification Center. Third party app developers will not have access to iCloud and the Notification Center unless they release their software through Apple’s App Store.

Developers may not want or be able to use the App Store for any number of reasons:

• The app cannot comply with Apple’s sandbox rules,
• The app requires a complex installer or launches a daemon,
• The economics of handing 30% of software sales price to Apple don’t make sense to the developer.

This move will particularly hit larger software developers such as Adobe Systems that are not in a position to use the App Store. As these features become more mainstream, Adobe will be put at a competitive disadvantage.

It may be that access to iCloud and the Notification Center are being restricted for security reasons, but I can’t see why this would be true. Any app today can access Growl, so why wouldn’t any app be allowed to access the Notification Center? As I’m unclear on Apple’s motivation here, it may be premature to draw conclusions. But it sure feels like this can be added to the growing list of Apple’s anticompetitive moves. If this only affects companies such as Adobe then I would not expect a backlash because large companies tend to attract little sympathy.

I covered passwords in enough detail in this post. You’d think most companies would have got the message by now and the only companies with stupid password rules would be those with legacy sites. You’d think.

T-Mobile

Today T-Mobile introduced their new stupid password rules:

1. Must be at least 8 characters long
2. Must contain both letters and numbers
3. Must contain both uppercase and lowercase letters
4. Cannot contain spaces or special characters (!, @, $, %, ')

Sigh.

Apple’s greed has passed the threshold for anticompetitive behavior that makes them evil. No company wants to compete in an open market, but Apple is going the extra mile to eliminate competition.

This I conclude from three distinct moves:

1. Apple long ago blocked third party document innovation on their devices
2. Their new iBook format is built as proprietary extensions on the shoulders of ePub
3. Any content produced with it’s new, free iBooks Author tool can only be used on Apple devices

You wouldn’t think Apple would need to limit competition with earnings results such the ones they announced today, but I guess when you’re big, the only way you can grow your value is to bite off new markets to own.

There’s little point in adding to the discussion on SOPA (and PIPA), particularly since the protests from this past Wednesday have been so effective. If you don’t yet understand what is wrong with SOPA read this or watch this.

This is part four of a series on e-delivery:

1. Why do banks still have no way to send us confidential messages?
2. Statement E-Delivery is Broken
3. Solving E-Delivery: Fundamental Requirements
4. Solving E-Delivery: Solutionscape

In my previous post I looked at the requirements for an e-delivery solution. That post hinted at the need for standards so that businesses could future-proof whatever solutions they adopt. I discussed the existing cloud-centric solutions in a bit of detail in my post Statement E-Delivery is Broken. In this post I dig a little deeper and look at what constraints and trends businesses should consider and how they should future-proof their solutions.