Author Archives: Scott Selikoff

Facebook: Now with *More* Ads

Posted on by
Reply

Most people familiar with my UI work know I’m all about preserving screen real estate. In other words, I like to design the most streamlined interface with as few unnecessary buttons and glitter as possible. Why do I need a pretty graphic taking up 1/4 of my screen when I could using it for something else?

I all ready had my doubts about Facebook’s current ad system which included such user-requested buttons as “More Ads” as shown below:

Facebook - More Ads

Talk about a waste of space, can’t imagine why anyone would click on the button. That’s like a person requesting more commercials while watching TV.

But the genius development/marketing team from Facebook have done it again. Yes, from the makers of such buttons as “More Ads” I give you the redesigned (currently optional) Facebook interface:

Facebook - New Interface

I’ve cut out the middle and obfuscated it a tad (if you don’t know the meaning of the word ‘obfuscate’ and you’re a developer, go look it up, you should). Notice it now has much larger ads, that instead of being integrated into your profile stick out a lot more with nothing above/blow them. Also, there are two by default instead one! This *new* more wonderful interface may worry some people that Microsoft’s acquisition of Facebook is beginning to show, but don’t worry, the “More Ads” button has not been lost!

Computers as Infallible in Pulp Culture

Posted on by
Reply

I was watching an old episode of Star Trek the original series the other day and was intrigued that they portrayed computers as infallible, pure logic devices. In the episode, Kirk’s on trial for his life/command because a computer record shows him making a mistake. Throughout the episode there are numerous comments such as “the computer cannot be wrong” and “if the computer said you did it, it must have happened”. You can also see other such representations in old Twilight Zone episodes and movies.

A few questions come to mind:

  • Was the basis for believing computers to be infallible based on fact or fiction?
  • Were computers significantly more stable than those today?
  • Is the belief of computers being infallible still held today?

For the first question, I can find some factual basis for this belief, namely the existence of logical programming languages such as Prolog and later-day semantic programming languages. In such systems, you program a set of ‘facts’ and ‘relations’ and the system using them to build a knowledge basis out of what it knows. Given the large search space and computational complexity of such systems, the work is still more theoretical in nature and rarely used in modern day software systems. Logical ideas may be a component of some systems, but the actual code is written in more expressive languages like Java, C++, PHP, etc. The question still remains whether these earlier authors know about logical programming, or really just made up the idea that computers are infallible (or will be in the future!) to fit their scenario. It would be interesting to interview the TV/movies writers from this era that are still around to determine where these notions came from.

For the question of stability, I would say yes, computers back in the day were probably a lot more stable in part because the complexity of such systems was extremely low. Also there wasn’t the notion of having separate hardware, operating systems, and applications; in many cases the companies sold the devices as one piece (much in the way Apple still does), so that reliability was much easier to control and maintain. These days accessing your bank records via an online website may involve dozens of systems all running general purpose hardware and operating systems, any of which can easily fail or make mistakes if not properly configured and managed. It’s like trying to hook up a Windows-only digital camera to a Mac only on a much larger scale.

The last question of whether or not computers are seen as infallible today remains a question open for wide debate. As a software programmer I have an interesting perspective on the topic, in that I know what can go wrong in systems. Most people who listen to the news know that their information may not be safe (see credit card theft or even just lost laptops with social security numbers on them), but the data can be corrupted from far less malicious problems like concurrency and device failure. That’s why most (but not all) systems use fault tolerant solutions; if a computer or hard drive fails, the system can detect and recover from this failure. Unfortunately for anyone who’s ever been affected by a computer glitch in one of their accounts, myself included, calling for customer support can be daunting. Representatives are trained only to believe what the screen in front of them tells them and will rarely take your word for it should you argue the computer is wrong. I can recall one conversation with a company that deleted my 3 year old account and then claimed that I never had an account with them. The only thing that finally convinced the representative to believe me was that while the computer records showed I had no account and never had one, it also said I had a history of support calls about my account. Once they realized the inherent contradiction of me making phone calls for 3 years about a non-existent account they started to believe me, but prior to that point treated me as if I was making things up. I’ve heard other horror stories from the field of other customer support representatives (Verizon: for example) who, when faced with such a contradiction, will stick to whatever the computer screen says, even when common sense dictates it is wrong.

As most people know I am a daily reader and advocate of The Daily WTF which posts real stories (many of which you can verify) about what goes wrong in the world of technology. Based on their posts, it paints the picture of an industry which often holds software together with glue and bits of string.

As we move forward with increasingly complicated software systems (J2EE, .NET, Flex), it seems inevitable that computer systems will be less and less stable. If so, I can only take comfort in the idea that perhaps the public will be more aware how fragile systems are and start trusting individuals over computers. It’s often been said computers can only do what you tell them to do, and if you have developers who don’t fully understand the user experience, you end up with systems that do not work properly. On the other end of the spectrum, there’s increased reliance on using computers for passports, face detection (especially in government terrorist detection systems), and a myriad of bio-related information systems. In that regard, good luck trying to get a plane when the computer has incorrectly invalidated your passport.

Note: One thing I left out of this discussion is the topic of security. Computers today are far less stable than they were originally perceived to be. For example, in that same Star Trek episode it is discovered that someone altered the computer records to frame the captain and that only a handful of people on the ship were capable of such an action. We now know even a 13 year-old is capable of hacking large systems, but that is in part based on the inherent insecure nature of many of the systems, especially the Internet. I see security as a planning and deployment problem, one capable of being solved if the developers spend the time to address it (which they rarely do). In regards to the growth of the Internet, the protocols that won out were the easiest to setup and maintain, not the ones that were the most safe. With the increased bandwidth we all have now (cable/phone modems versus 1200 baud modems), it is my hope that a truly secure Internet will become available down the road.

Question mark ‘?’ characters as text in JDBC

Posted on by
1

Many people wonder how insert strings containing question mark characters into their database queries via JDBC. For those unfamiliar with the problem, ? is a reserved character in JDBC queries for parameterizing inputs. For example, if you have run the same query searching for a user but each time with a different name, JDBC offers you the ability to precompile and save the parameterized form of the query with ?’s, thereby saving the overhead of creating lots of new database statements. First, let’s frame the problem. Consider the following code:

PreparedStatement ps = conn.prepareStatement("SELECT * FROM widgets WHERE note LIKE '%long?'");
ResultSet rs = ps.executeQuery();

Description: This code searches for all widgets with note field that ends in the phrase “long?”, such as “This is how long?”.

Your first thought might be why make this a PreparedStatement at all (which supports parameters), you could just as easily do it with a Statement (which does not support parameters). Under most circumstances, it is a good coding practice to use PreparedStatement over Statements, even if you don’t have any input parameters. It allows you add parameters easily such as:

PreparedStatement ps = conn.prepareStatement("SELECT * FROM widgets WHERE size > ? AND description LIKE '%long?'");
ps.setInt(1,100);
ResultSet rs = ps.executeQuery();

Question: Will this code compile and run?

The answer is that it will compile, but under most circumstances (depending on the JDBC driver) it will not run. Why? The answer highlights just how dumb JDBC drivers really are. In short, they don’t really understand anything about the data they are parsing other than “I see a question mark, let me replace it with something!”. In this example, the user replaced the first ? with an integer, but did not replace the second question mark. In this regard, the JDBC driver will throw a runtime exception prior to sending the code to the database. Also note this code will have the same problem whether you are inserting the value ‘%long?’ into the database or reading it; as I said the JDBC driver knows very little about the query you’re constructing other than its find and replace mentality.

There’s a number of solutions available although my favorite is the following:

PreparedStatement ps = conn.prepareStatement("SELECT * FROM widgets WHERE size > ? AND description LIKE ?");
ps.setInt(1,100);
ps.setString(2,"%long?");
ResultSet rs = ps.executeQuery();

Notice I don’t need the single quotes around the parameter, JDBC will do this for me. This is better not just because it solves our original problem, the code will now run, but we’ve parameterized a messy string query! Solving the problem and enforcing good code practices is a win-win. What might throw you for a loop is you’ve increased the number of question mark ?s in the code by one. Whereas before the second ? in the query was a character representing text to be searched on, the second ? now represents a parameter JDBC should replace. It could be replaced with our target string ‘%long?’ or something without a question mark at all such as ‘horse’. Part of the advantage of parameterizing your inputs in the first place is you don’t have to worry about such situations if a user enters a question mark as a value.