LinLog

I read an interesting article on the drawbacks of DNS over HTTPS (DoH) the other day.  This comes on the heels of the news that Mozilla is rolling out DoH to all Firefox users by default. 

I'd never really thought too much about DoH.  In general, more encryption is usually better, so my initial thought was "it's probably a good thing", but that's about as deep as it went.  After reading a little more about the down sides, I'm less convinced.  I still think it's a probably good thing that DoH exists, but I'm note so sure that it's a good idea to push everyone toward it.

My main reservation at this point is that DoH seems architecturally wrong.  It introduces a way to do DNS queries that's not really compatible with the old way and it's not clear to me that it offers any really big wins.

Of course, I'm not saying that DoH has no benefits or use-cases.  There are definitely cases where it can be useful and add another layer of privacy.  But it kind of reminds me of PHP "security" features like safe_mode in the sense that it does solve a legitimate problem, and does so in a way that "works" (for certain definitions of "works"), but solves it at the wrong layer and in a way that can interfere with other legitimate things.

As this blog from the PowerDNS team discusses, DoH is not a panacea in terms of privacy.  Yes, it adds a layer of encryption, and that is definitely useful in some cases.  But it doesn't do anything to address the myriad other ways in which your online activity can be tracked.

Of course, that depends very much on whom you want to stop from tracking you.  Obviously it does zero to stop advertisers or website operators from tracking you - they do their tracking at a much higher level.  It also doesn't stop your ISP from tracking you - even if everything else is encrypted, you can't stop your ISP from knowing the IP addresses you visit.  I mean, that's just how the web works.  And from an IP address, you can usually determine the website pretty easily.  And, of course, your DoH provider still has access to all your DNS requests, so you better make sure you trust them.

For me, personally, the bottom line is that DoH doesn't give you anything that you don't already get with a half-way decent VPN provider.  Granted, the VPN provider is then your single point of privacy failure, so you better make sure you pick a reputable on (I like and recommend Private Internet Access).  But a VPN covers pretty much everything you can do at the network level, not just DNS for web requests.  Of course, you still need browser privacy plugins to block tracking at higher levels in the stack, but sadly that's necessary either way.

Author's note: This is based on some notes and links I started collecting in November of 2015.  The bulk of the commentary is actually relatively new - from last year, August 15th, 2019 - so it's not too out of line with my current thinking.

As might be clear from my review of Bertrand Meyer's Agile!: The Good, the Hype, and the Ugly, I've been rethinking the whole agile development craze that has swept the industry.

There are a number of good presentations online questioning the "agile" movement.  For a more provocative point of view, I recommend Erik Miejer's One Hacker Way talk.  Dave Thomas, one of the "pragmatic programmers", also has a good talk on the topic. There's also a good one by Fred George on the hidden assumptions of agile.

My current thought (note: we're back to 2019 now) is that "agile" has become pretty much a meaningless buzz word.  Pretty much everybody is "doing agile" now - or at least claiming they do.  It's come to mean "anything that's not waterfall".  And we all know that "waterfall" doesn't work, which is why everyone is doing "agile".  (Side note: Winston Royce, in his paper that initially described the waterfall process, actually says that it doesn't really work.  But, of course, that didn't stop people from trying.)

Not that agility is a bad concept.  It isn't - being flexible is a good thing.  Responding to change is almost a requirement in most shops.  The values in the Agile Manifesto are all good things to emphasize.  But none of that amounts to a process.  It's just a loose collection of principles and ideas that are useful, but aren't a road-map for how to build software.

That's why, in practice, most shops that "do agile" are using some variation on Scrum.  And while I have no problem with Scrum per se, it's hardly the be-all and end-all of development processes.  In fact, the main problem with Scrum is probably that it's not a software development process - it's more of a project management framework.  It doesn't have a whole lot to say about the details of how to code, how to test, how to manage defects and other quality issues, how to manage releases, etc.  It's up to each shop to figure that stuff out for themselves.

Of course, that's not bad.  Every business is different and you should expect that you'll have to adapt any process to a certain extent.  Scrum is useful in that it gives you a framework for tracking what needs to be done and creating a feedback loop to improve your process.  But you still have to actually use that feedback loop to improve your process, i.e. you have to do the hard work of self-improvement.  Simply going through the motions of what the "agile consultant" says you should do it's going to cut it.  As with everything else in life, there are no shortcuts.

Author's note: Welcome to another episode of "From the Archives". This is the stub of an article that I wrote twelve years ago, on April 25, 2008. At the time, KDE 4.x was freshly into stable release. I was a use and fan of KDE at the time, and there had been a lot of hype about how awesome version 4 was going to be. My initial reaction, however, was...not so great.

This is actually slightly relevant because I have resurrected the GUI on my "home desktop", by which I mean my "home server". This is the box sitting under my desk in the basement that runs Ubuntu 18.04 and runs various web and media server software. It does have a GUI installed, but I hadn't really used it in years - in part because GNOME didn't really work well on it. This isn't super surprising, since it's an old box with just the integrated graphics chip. But it's got more than enough memory and processing power for the workload I want it to do, so there's not really any point in upgrading.

Anyway, due to the current CONVID-19 pandemic I'm now working from home and sitting at that desk all day every day, so I decided to fix up my desktop. Part of my cleanup process was to axe GNOME and install the Trinity Desktop Environment (TDE). This is a project I just recently discovered and immediately fell in love with. It's essentially a fork and continuation of KDE 3.5. It's since evolved into its own thing, apparently, but it's still noticeably KDE-like, so I'm very comfortable in the UI. Just like the original KDE 3.5, TDE is powerful, intuitive, generally pleasant to use, and works quite well on my not-so-new system. It doesn't have the fancy graphical bells and whistles, but I never really cared much about that anyway. I would definitely recommend it to any old-school KDE 3.x fans.

Anyway, here are my thoughts from the time. To be fair, I haven't used "real" KDE to any extent since this, so I'm sure all of my complaints have been addressed. But then again, I don't really care. I'm happy with TDE. Enjoy!

Kubuntu 8.04 was released yesterday (note: again, this was twelve years ago). That means it's upgrade time for me again.

This time around, Kubuntu comes in 2 varieties: the "rock-solid" KDE 3 version, and the KDE 4 remix. I had been intending to get on the leading edge and install the KDE 4 version. However, just to be on the safe side, I decided to give the live CD a try first. And after messing around with it for half an hour or so, I'm glad I did.

Bottom line: I think I'm going to wait for KDE 4.1. Or maybe 4.2.

I just don't care for 4.0.3. It definitely looks different...but not better. I just didn't see any new features that looked even remotely interesting, let alone compelling. The splash screens were kind of nice, and the plasma widget effects on the desktop were pretty neat, but that's about it.

There seemed to be a lot more down sides. Of course, I'm not sure how many of these are KDE 4 issues and how many are Kubuntu issues, but I found them annoying either way. Here's my list:

1. The window style for the default desktop theme is unbearably ugly. It's too dark and too monochromatic. I guess somebody must like it, but it really bothers me.
2. Where's the control panel? I don't see it and the context-sensitive configuration panels don't have all the options in them.
3. In fact, where the heck are the other options?
4. What the heck happened to Amarok and the other applications? The UI is completely different and it feels like half the features are missing.

I could go on, but why bother? There's just no reason for me to upgrade at this point.

Author's Note: Well, folks, it's time for another episode of "From the Archives"! The show where I take those old draft blog posts that I never published, flesh them out and add this lame intro, and then publish them so that I don't have to bother coming up with new content!

Today's post is my review of my very first smart phone, a Palm Centro. Of course, it was only sort of smart, because I was too cheap to pay for a data plan, which was kind of pricey at the time. Still, I really liked that phone. On the next upgrade (because Verizon was still doing the "upgrade every two years for an absurdly low price" thing in those days), I actually ended up downgrading to a dumb-phone. In retrospect, that was a mistake. But it's OK, because two years later i finally got a real smart phone (I believe it was the Samsung Galaxy Nexus) and never looked back.

Anyway, I figured this might be an interesting bit of retrospective trivia. This post was written on December 1, 2008, so cellt phones have obviously changed a lot since them. Enjoy!

Well, early last month I had my cell phone upgrade day. I dropped into the Verizon Wireless store on election day and picked out new phones for Sarah and myself.

For the first time since we signed up with Verizon, I got 2 different phones. For Sarah, I eventually settled on the Samsung Sway. Her requirements were pretty basic (camera, text and picture messaging, downloadable games and ringtones) with the one exception that she didn't want a clamshell design. Our last 2 phones were clamshells and she wanted something more like our first phone - a stick phone. Of course, they don't really make stick phones anymore, so I figured the sliding design of the Sway would be close enough. So far, she seems to like it well enough. The only problem is that Verizon, in their infinite suckiness, seems to have disabled the ability to set MP3 ringtones from files stored on the microSD card. Typical customer-hostile behavior.

I, on the other hand, totally geeked out this time and got a basic smart phone. I'd been going back and forth for a while, but I ended up going with the Palm Centro. So far I absolutely love it.

The Centro may be the low-end model (as compared to, say, the Treo), but it gives me pretty much everything I've always wanted in a cell phone. The reason I chose a smart phone was that I was tired of being limited by what Verizon decided I should be able to do. With a feature phone, you are limited not just by the hardware, but also by your provider's firmware. If Verizon decides you shouldn't be able to create custom ringtones or copy files over OBEX, you're out of luck. But a smart phone is just a very small computer - that's the main selling point. You have enough control over the system to add features and do some customization.

Let me start with the things I don't like about the Centro. There aren't many.
1) The single most annoying thing is the battery cover. It feels a bit flimsy and is hard to get off. This wouldn't be a problem, except that you need to get to the battery relatively often.
2) Relating back to point 1, you need to open up the battery cover to get to the microSD port. At least you don't need to take the batter out, but it's still annoying. The fact that the Centro has a side door for the card which you can't open with the battery case on just adds insult to injury.
3) Again, relating back to the battery, is the fact that the phone will actually crash on occasion. I haven't had any problems with the bundled software so far, but a few add-on programs have caused the phone to lock. And, of course, the only fix for that is to reboot the phone by taking out the battery.
4) Three words: non-standard data port. Seriously, what's wrong with micro USB? Plus, my data cable has a habit of falling out if I move the phone around the desk. Maybe that's just me.

Those are my only real non-fixable complaints. There are some other annoyances, but many of those are actually fixable by installing additional software. I'll get into a few of those must-have toys and utilities in another post. (Author's note: it's now 12 years later, so yeah, that's not gonna happen.)

So what do I like about the Centro? Pretty much everything else. On the hardware end, it's fairly nice. The touch screen is very handy and the QWERTY keyboard, despite being extremely small, is actually surprisingly easy to use. Yet despite the decent screen size and keyboard, the Centro still isn't that much bigger than a feature phone. It also has something I've never seen before - a physical switch to set the phone to vibrate mode. Still not entirely sure whether I like that or not, but it's certainly different.

On the software side, you actually get a fairly decent set of base programs to work with. The included PIM software - calendar, address book, todo list, memo app - actually isn't too bad. They also throw in a copy of Documents To Go, which can open MS Office files and PDFs. Unfortunately, the PDF viewer kind of sucks, but the Word document viewer seems pretty decent. And, of course, I was able to install a NES emulator, which is awesome to have right on your phone.