Coding Horror

Playing video on a computer has always been a crapshoot. You must have the correct video codec installed, the same video codec that the clip was encoded with. If you don't, the video won't play. You'll have to find, download, and install the proper codec first. It's even more of a problem on the web, where users can run any combination of operating system and browser. Just take a look at all the choices in Yahoo's web-based Media Helper:

As the old saying goes, we love standards: that's why we have so many of them. Here are a few of the more popular video codecs you're likely to encounter out in the wild:

• Windows Media Video
• QuickTime
• MPEG-1
• MPEG-2
• MPEG-4
• x264

It doesn't seem like such a large list, until you consider that there are dozens of variants for each codec. What version of QuickTime? What version of Windows Media? Which MPEG-4 implementation? And this is only a partial list of the popular codecs. Imagine a poor user trying to view a RealVideo clip in this day and age.

That's why we call it codec hell. It makes the current format war between Blu-Ray and HD-DVD look like a walk in the park.

In this hostile environment, it's no wonder that YouTube elected to cut the gordian knot of video codecs: they chose Flash Video, which "just works" on most computers. Even if Flash isn't present on your computer, it's an easy in-place browser download, unlike, say, a QuickTime install. It's the same reason Google Video switched to Flash in September 2005, long before Google purchased YouTube. Tinic Uro explains:

The .FLV file format uses the KISS (keep it simple stupid) approach. It offers neither the high fidelity or the flexibility of file formats like QuickTime or Windows Media. But it does what it does well: playing back simple video streams with some meta information.

The availability of a common, simple video playback format across all browsers and platforms has ushered in a new era of video sharing on the web. And that's a very good thing.

But we've paid an extraordinarily heavy price for this universality: Flash Video quality is, in a word, hideous. Let's compare the Transformers Movie trailer, which is available in a variety of different video formats.

YouTube version:

Windows Media Video streaming version:

QuickTime streaming version:

QuickTime 480p version:

The Flash Video version of the Transformers movie trailer is a bottom of the barrel, least common denominator experience. It is painfully bad. But I'd also argue that quality is largely irrelevant for most video content on the web. Having video you can embed, play, and link everywhere-- without worrying about whether the video will play back properly on someone's computer-- is far more important than quality alone. Flash Video "just works", and it's never more than one click away from 98% of the web browsers on the planet. It'll never win any quality awards, but it's still recognizable as video. Therefore it wins by default.

The codec wars are over, at least for web clips. Flash Video is the new internet video standard. Sometimes worse really is better.

That said, I do wish we hadn't cut out ten years of video codec progress to get to this point. When watching YouTube clips, I sometimes feel like I'm watching ancient Video for Windows clips circa 1993. Here's hoping the Flash developers can incorporate more modern, higher quality codecs without re-introducing codec hell along the way.

The standard login form is everywhere. It's unavoidable. And it's a giant pain in the butt.

As much as we see login forms every day, you'd think we would have mastered them by now. Unfortunately, we haven't. Here's what I've observed users doing, over and over again:

1. Move the mouse to the username field.
2. Click the mouse button.
3. Type a username.
4. Move the mouse to the password field.
5. Click the mouse button.
6. Type a password.
7. Move the mouse to the login button.
8. Click the mouse button.

Every time I watch someone do this, a little part of me dies inside. And I see it all the time.

I'm not just talking about casual users like our parents. I'm talking about our fellow software developers, and other users who work with the computer for most of the day. People who really should know better.

What kills me about this is all the needless, painful transitions between the mouse and the keyboard. Your fingers are already on the keyboard while you're typing-- just add a little Tab and Enter to the mix! I'm no keyboard Nazi. All I want is to save users a few precious seconds as they slog through the endless logins during their work day. And it's so darn easy, too:

1. Type a username.
2. Press the Tab key.
3. Type a password.
4. Press the Enter key.

See? Wasn't that nice?* Now it's your turn to play Keyboard Appleseed and spread the word so your fellow coworkers can spend less time logging in-- and more time getting actual work done.

* Although this is the accepted standard behavior for login forms, it is possible for incompetent developers to screw this up. But that advice doesn't apply to the developers reading this blog.. right?

As software developers, we're great at communicating with computers. But we're typically not so great at communicating with other people. Esther Schindler's recent interview with Steve McConnell illustrates how this aspect of our personality tends to work against us:

Marketers, sales staff, and upper management all tend to be better negotiators than technical staff, so when marketing (or whoever) says "get it done," technical staff ends up losing that negotiation. But it isn't really the technical staff that loses. The business loses, because it sets up a situation in which it pretends for months or years that it can do something that it can't.

We present our best estimates, but we aren't assertive enough to stand up for them.

Because we don't fight for our estimates, we get negotiated down to an untenable position:

Executives and managers tend by nature to be more assertive than rank-and-file technical staff, which is not a problem. The problem is that they assume, incorrectly, that technical staff will be assertive with them if they need to be, and that isn't the case. Technical staff often feel that they're being very assertive, but an objective observer would probably say the technical people cave in far too easily.

Business executives with non-technical backgrounds don't have any objective ability to judge the analytical validity of an estimate, so they probe the person they're talking with to see where they hit that person's point of discomfort, and they make an assessment based on that. Technical people who don't push back hard enough, soon enough, are implicitly sending a message that they can do more than they really can. When I talk with executives, I emphasize that they need to account for the fact that technical people are intimidated by them. Most executives assume the people around them are as assertive as they are, but that isn't true – there's a reason that they're executives!

Assertiveness doesn't have to mean loudmouthed and obnoxious. Nor is assertiveness "getting all up in someone's face". Assertiveness is, quite simply, the ability to convey your position to others as an equal participant in the conversation. Dr. John Welford explains:

To be assertive is not, as some people imagine, to be overbearing and aggressive, but to be straightforward, open and honest. It means that you relate well to people, able to express your needs freely, take responsibility for your feelings and stand up for yourself when necessary. In conflict situations you seek, where possible, to reach a 'win-win' outcome, in which the needs of all parties are fully acknowledged.

I'm reasonably assertive, to the point that I've found myself interceding on behalf of my teammates. But I really shouldn't do that. I should encourage them to stick up for themselves, instead.

If you'd like to be more assertive, I recommend starting with Dale Carnegie's classic book How to Win Friends and Influence People. Dale's central thesis is truly timeless: show a genuine interest in the people you meet, and you'll find it reciprocated tenfold. It's the kind of book you should re-read every year, and it's short enough to make that possible.

Beyond the Carnegie book, it's clear that being technologically savvy isn't enough. It's important to cultivate your negotiation skills and assertiveness, too, if for no other reason than to avoid being easy meat at your next salary review. One of my friends took the initiative to sign up for a public speaking class. Improv classes would also work.

What are you doing to improve your assertiveness?

You might read a post on this blog and decide I'm full of crap. That's fine. I often am full of crap. I encourage you to leave a comment explaining why you feel this way. And, while you're at it, feel free to point out any errors or inaccuracies in anything I've written. This kind of simple, immediate, highly visible public dialog is why I believe so strongly in comments as an essential part of blogging.

But sometimes a mere comment isn't enough. Maybe you have your own blog. Depending on the depth of your feelings on the matter, you might want to write an entire post on your blog explaining, in great detail, specifically why I'm full of crap. Then you'd publish your post for the world to see. But how do you know that I, the target of your vitriol, have read your post? How do you know that I can even find your post? You could email me directly, but that feels a little too intimate. Or, you could leave a comment linking to your response, but that feels like additional work.

The answer lies in trackbacks. Trackbacks are a way of relating conversations across websites. After you publish your post, you send a trackback to my post. This is usually handled automatically by the blogging software. The trackback links our two posts together. I get notified of any trackbacks to my posts, so I can follow the trackback to read your response. Furthermore, trackbacks are public, just like comments. So any future readers can also follow our conversation thread by directly navigating from my blog to yours with a single click. Tom Coates created a little diagram which illustrates this process:

They're a great idea. Unfortunately, trackbacks are so horribly and fundamentally broken that they're effectively useless.

The original trackback specification was published by Six Apart in summer 2002. It's very basic. The trackback URL is published in the metadata embedded in every blog post:

<rdf:Description
rdf:about="https://blog.codinghorror.com/the-programmers-bill-of-rights/"
trackback:ping="http://www.codinghorror.com/mtype/mt-tb.cgi/666"
dc:title="The Programmer's Bill of Rights"
dc:identifier="https://blog.codinghorror.com/the-programmers-bill-of-rights/"
dc:creator="Jeff Atwood"
dc:date="2006-08-24T23:59:59-08:00" />

You simply HTTP POST a bit of data to the trackback URL of the post you're commenting on, like so:

POST http://www.codinghorror.com/mtype/mt-tb.cgi/666
Content-Type: application/x-www-form-urlencoded; charset=utf-8
title=He's+full+of+crap&url=http://www.bar.com/&blog_name=Foo

See? Simple. And it works great. In one swell foop, you've created a coherent conversation that flows across two totally different websites!

Well, it was great. Until the spammers realized two things:

1. how high the pagerank is for popular blogs (7+)
2. how trivially easy it is to abuse the trackback mechanism because trackbacks have no authentication mechanism whatsoever.

CAPTCHA has completely solved my comment spam problem. But distinguishing between humans and machines is useless on trackbacks, which are all machine entered by definition. I've fought the good fight against the rising tide of trackbacks with various blacklists over the last three years, but as this blog grows more and more popular, I'm clearly losing the war. Malicious spammers can batch register dirt-cheap domain names and write scripts to mass-POST these URLs all over the blogosphere far, far faster than I can ever hope to blacklist them. Every day starts with a depressing routine of adding 4-8 new spam URLs to my blacklist.

Yes, there are distributed blacklists like Akismet. Yes, you can put all your trackbacks into a moderation queue and spend 5 minutes every day deleting them all manually. Yes, you could retrieve the linking page and make sure it contains the promised link to your post. But these are only slightly larger band-aids over a massive, sucking chest wound. These aren't sustainible solutions. We have a much deeper problem. Trackbacks, as we currently know them, are dead, kaput, expired.

It's an absolute travesty, and I completely blame Six Apart's initial trackback specification. How could they forget the rich history of email spam we've had to deal with for the last ten years? Trackbacks, as a result of Six Apart's incredibly naive initial design, are now a total loss. That's what happens when you design social software without considering the impact of malicious users from the very beginning.

Now, hopefully you'll understand why I've disabled all trackbacks for this blog as of today.

But I still believe in the concept of trackbacks. I want to read your response to my posts, whether it's on your site, or mine as a comment. So rather than relying on direct peer-to-peer links, I'm exploring the use of external indexing services. I experimented with using Google searches to find all the pages that have linked to the URL of a post, but I wasn't happy with the results. For now, I've replaced the automatic trackback with a bit of JavaScript from Technorati which automatically lists any blogs that linked to a particular post. It's not quite as egalitarian as I'd like, because you have to join Technorati to participate. And it's another unwanted external dependency which I'll have to deal with. But it's the best I can do for now.

And please, if you're designing social software, try to avoid repeating the many mistakes of our forefathers. Again. Design from day one with the assumption that a few of your users will be evil. If you don't, like Six Apart, your naivite will make the entire community suffer sooner or later.

Eric Lippert is one of my favorite Microsoft bloggers. He's one of those people who reminds you that Microsoft, despite all its problems, still employs a lot of incredibly thoughtful, near-genius programmers. Take a look at his greatest hits:

• How many Microsoft employees does it take to change a lightbulb?
• Error messages: diagnostic is preferable to prescriptive
• Teching the Tech Tech*
• Grile #6: Comment Rot
• Aargh, Part Six: One More Thing About Comments
• How Bad Is Good Enough?
• What's up with Hungarian Notation?
• Thirty Years of Backwards Compatibility
• You Want Salt With That? (one, two, three, four)
• Five-Dollar Words for Programmers: Idempotence, Orthogonal
• Breadth is sometimes better than depth

But really, it's hard to single out any one post. I could go on and on with the hyperlinks. Eric has the singular gift of all great communicators: he can make any topic interesting.

Unfortunately, every time I visit Eric's blog for yet another Fabulous Adventure in Coding, my eyes are assaulted by the unholy combination of purple and Lucida Sans Unicode:

Ow. Ow. Ow. Seriously. Ow. Why?

I'm reminded of a certain Harold who is also quite fond of purple.

I understand we all have our own personal quirks. But it's been over three years now. I'm staging an intervention, right now, right here. Your content is incredible, Eric, but the presentation is killing your poor readers' eyesight. It's time to let go of the purple crayon. Have pity on your sad, weary-eyed readers. We're begging you.

We're not asking you to give up your individuality. You can keep the Tilley Hat.

* even Eric's throwaway comments are worthy of entire blog posts.