Spolsky: What's new?
Atwood: Are we recording?
Spolsky: (laughs) We're always recording Jeff! It's all recorded... Well, the way Pamela works, it pops up a little thing saying "Do you want to record this call?"
Atwood: Oh right.
Spolsky: And I had to click 'yes' so maybe the first four seconds or so, you're off...
Spolsky: But then you're on. But I can always cut off a little bit at the beginning if it's not funny enough.
Atwood: That's fine. I wanted to start by thanking Stuart Cam. He wrote us a stackoverflow theme song.
Spolsky: No kidding?
Atwood: He did, which was very cool. He's from Australia. I put him on the beta list which is in Notepad, it's very exotic.
Spolsky: Can you play it? Are you set up with the great playing technology?
Atwood: I am not. But one thing I do want to mention was that while Jarrod was here (that's the guy i'm working with on stackoverflow), he listens to a lot of podcasts including ours and he was letting me audit some of them and... I really decided that I kind of agree with you in that I don't like a long introduction, I don't even really like audio themes. I just think it's sort of unnecessary on some level. I don't know... it seems more polished but then it seems like something you have to fast forward through to get to the 'meat' of the podcast so I'm sort of ambivalent about it.
Spolsky: Yes, Steve Gillmor with his Gillmor Gang , he used to have a fifteen minute advertising introduction with all kinds of... it was just awful! And he would divide his podcast up into four parts and eventually you just learn to fast forward to 16:12 or whatever it was. On every podcast.
Atwood: Oh that's kind of like episodes of like The Sopranos where there's always that introduction, which is cool the first time right?
Spolsky: Right, trying to catch you up.
Atwood: Well not even that but just like him driving to New Jersey. It's like theme song and the credits and stuff. It all just seems kind of unnecessary, it's I don't know, so I kind of like this concept of the warm start, I guess I've warmed up to this..
Spolsky: It's kind of cool when you look at old TV shows - like even sitcoms - they would have these like long minute introductions. They'd play a little rock song and then there'd be the whole story, the whole background story. And by the time those shows go into syndication, the minute long introduction was down to like an eight second version of the same thing.
Atwood: The only introduction I actually remember really liking was Get Smart.
Spolsky: Oh yeah, he's going through all the doors.
Atwood: Yeah, that was great. I think they're remaking that with Steve Carell so we'll see how that turns out.
Spolsky: Alright, is that a new series or like a movie 'Get Smart'?
Atwood: No, a movie version of Get Smart.
Spolsky: So we can get it over with and get the heck out of there.
Atwood: I did want to thank Stuart Cam for recording that. I think we're probably not going to use it for the reasons I outlined, but -
Spolsky: We could play it at the end and then if people want to listen to it.
Atwood: As a fade out... So I now have 234 private beta sign-ups so I think we're probably good on the private beta for now. I mean if you really, really want to be in then you can email me and again that's the rite of passage. Figure out how to email me, evidently a lot of people are able to figure it out which is good. But I think we're probably covered for the initial private beta.
Spolsky: Ok, great.
Atwood: So did you do anything exciting over the Memor-- I forgot it was a holiday, I did the typical programmer thing where I only know it's a holiday when the Google home page changes, that's how I know it's a holiday 'cause Google changed their logo.
Spolsky: Oh yeah, you don't have a job - well I mean you do. Didn't the StackOverflow headquarters have the day off? You got into work and it was locked. Shit! [laughs] What do I do now?
Atwood: It was nice -
Spolsky: Stand out in your driveway in your pyjamas with your cup of coffee in your hand, trying to decide how to get to work.
Atwood: Yes, I gotta say it was nice having another developer here. I had forgotten what that was like, actually it's only been like gosh two months. It hasn't even been that long since I worked basically from home. And somebody actually on Twitter asked me if I could write an article about working from home but I think I'm a very bad role model; I'm disinclined to write about that because I think I have... Yeah: it's a problem for me.
Spolsky: So like too many distractions?
Atwood: Not distractions so much, as like I'm sort of a hermit by nature anyway so this sort of encourages some of my worst anti-social tendencies.
Spolsky: Now there's a lot of these shared workspace places that people are setting up. It's like an office with some desks and you join with a membership.
Atwood: The problem is though I'm kind of a snob about the setup that I need. So I would need actually a place where I could bring my three monitors and my desktop PC. I'm not one of those people who can just take a laptop. I'm kind of a snob about that, I need my mouse, I need my displays a certain way.
Spolsky: I'm sure that they don't have like a "no mouse" rule at these places! I'm pretty sure you could bring in a mouse. I'm betting you could bring in a lot of monitors; you might get some funny looks.
Atwood: There was a really funny group. Gosh, I'm gonna have to look the up later, but they do these sort of funny performance art-comedy things with a bunch of people that coordinate with cameras and stuff. One that they did was they went to a Starbucks and brought a whole bunch of desktop PCs - like full towers - so there's like four or five people sitting there with these full size CRTs, like 19 inch monitors.
Spolsky: Oh, old fashioned. Oh my God.
Atwood: And the people in there are like “What is going on?” It was very funny. So that is what I mentally envision when I go to one of these places. Like I pull up with a carfull of equipment.
Spolsky: Those are hilarious. But you can get one of those desktop replacement laptops with the gigantic... like gamers' laptops with the huge screen.
Atwood: I'm such a snob, though. I'm such a snob when it comes to hardware. I mean, you know I build my own PCs, and it's probably all totally unnecessary, but I really get into it. And yeah, it's tough. But that said, they do have places where you can, what you do is sublet. Like on Craigslist. The best piece of advice I got was to look for cheap office sublets on Craigslist because a lot of places have like an extra room, you know, and you can get a pretty good deal on that. So that's something I eventually may look into. For now I'm just going to be content with the status quo until we get the site up and running to some degree.
Spolsky: Yeah, that makes sense. What you can do is like call an appliance repairmen, pizza delivery guys and stuff like that and you can have a little human interaction: "Could you check the refrigerator, I think the, I don't know, I think some ice cream melted. I might have left it out. The ice cream did definitely melt."
Atwood: You know, in my weaker moments I have actually considered just posting on Craigslist that I want someone to play Rockband with. Although my wife plays Rockband with me quite a bit, but I'm more inclined to invite them over to play Rockband. And Tuesday is a very exciting day because every week they have new songs for Rockband on Tuesday.
Spolsky: Oh really? Do they have old songs? The trouble for me is that all the songs are like too new for me. I've never heard of any of them.
Atwood: Well actually most of the songs are from the seventies. Actually if you sort them by date, there's a lot of songs from the seventies.
Atwood: And it encompasses... Yeah, the sixties gets a little rough, cause that's getting pretty prehistoric in terms of rock.
Spolsky: That is prehistoric. But the seventies, I should know some of those songs.
Atwood: Yeah, so this week on...
Spolsky: Do they have Convoy?
Atwood: Ah Convoy, that's a great song. Breaker Breaker good buddy. That's a classic. I have that ripped from an actual CD set. I'm a big seventies music fan actually. I have like twenty/thirty disks of seventies music.
Atwood: But this week it was The Cars.
Atwood: You know, pop funk, I guess you could say, or pop punk band, The Cars. Their complete album, which is great, cause it has Moving in Stereo and Best Friend's Girl and things like that. I'm a big music fan so it's fun.
Spolsky: What's new ... this week. Oh sorry, go ahead
Atwood: Well I was asking, I wanted to get Fog Creek a copy of Rockband so you guys could have it there, but I didn't know if you guys had room for it.
Spolsky: And then you could live vicariously through us cause we'd just be rockin it out while you're sitting in your house. Trying to teach your dog to play Rockband. Come on, like if you give him a little treat.
Atwood: Are you guys actually moving offices?
Spolsky: We are moving offices, but it's one of those irritating taking forever kind of situations where the contractors won't return my calls. Oh God, I don't even want to talk about it. [sighs]
Atwood: Ok, well one of the things I always liked about, reading about...
Atwood: Well, I know people complain a little bit about the self-promotional nature of some of the stuff we talk about, heh, but I always did really admire the way you treated working environment as sort of a first-class citizen at Fog Creek. You know, you gave a lot of consideration to...
Spolsky: That is true.
Atwood: ...having a pleasant place to work that actually is amenable to the way programmers need to work.
Spolsky: Yeah. There's an article in this month's Inc. Magazine for those of you that have access to a, what were they called? Newsstand? Or maybe a bookstore. You go there and they have these things called magazines and you can buy one that's called Inc. and it's a magazine for small business and I've got an article in there this month about our new office space.
Atwood: Oh cool. Actually kinda read that. That's not available online at all though?
Spolsky: It will be online but in order to encourage subscriptions I assume, or out of incompetence, either one, they don't publish my articles on their website with any kind of schedule or regularity or at any kind of predictable URL. So it will show up on the web, it's just hard to know when.
Spolsky: Sometimes even I don't know, which is why I don't link to them.
Atwood: Well you've talked a little about that in some of our offline calls and I would enjoy reading about that. Because I...
Spolsky: June  issue of Inc. dot com. I can talk about it now, I mean, I'd be happy to tell people we've got...let's see what should I talk about? Like what we're doing to make the office nice.
Spolsky: You know, I actually like looking at a lot of these online office space porno web sites.
Spolsky: My definition, for those that are new, definition of pornography is "looking at pictures of things you can't have." So if you're stuck in some kind of a, you know, cube farm or something, you can go to office snapshots, uh let's see, what's the URL of office snapshots? [pauses for a second] Who cares? Type office snapshots into Google and it'll give you the real URL. Look at that, Officesnapshots.com! And see pictures of all kinds of dot com sites, dot com and software companies and what their offices look like. And some of them are pretty cool. If you look closely though, and if you're really paying attention to this, what you'll discover is that even the coolest offices have cool common areas like foosball room, coffee shop cafeteria, volleyball court, gym, whatever they may have in the common areas. And if you actually get to the areas where the people actually work, they're um, shall we say, not so cool, actually.
Spolsky: So everybody was all passing around these links to the Google Zurich offices, which, just like incredible, like from the third floor to the second floor there's a slide you can use to go to lunch. Like: there's a hole, in the floor, and then there's a slide. And it lands on a nice rubbery cushion area. And so you can slide down there on the way to lunch. On the way up you have to take the elevator. And there's just all kinds of just cool game areas and there's like a dark room with an aquarium and lots of relaxing chairs that you can lean back on, and take naps. It's just a very very cool looking office.
On the other hand I could not find a single picture of the dozens of pictures that they had in the set, showing an actual person at their desk. The only picture I could find, it looked like it was just a big gigantic room with a whole bunch of very small, like four foot desks crammed in there. And people working at basically a typical, typical developer workstation, you know, maybe one computer and two monitors or like that. But not much attention is put on where the people actually work. There's a lot of attention on the common areas 'cause that's kind of a less expensive way to make it nice.
And we did, we tried to do the opposite. We tried to put like a lot of emphasis on where you were sitting when you were trying to be programming. So some of the key features that we're going to have in our new office which we've never had before are mechanical desks where you push a little button and they go up and down to different heights and that allows you to get the height right to begin with for ergonomic purposes, but it also lets you stand up for a part of the day if you want to. Some people have reported that that reduces back pain dramatically if you have back pain from sitting in place all day. Just stand up an hour a day and that helps a lot.
So we've got these desks that move up and down, we've got the ridiculous power strip everybody's got like twenty four outlets at desk height so you can plug stuff in without messing around crawling around under the desk.
Spolsky: What are some of the other features that we have that are pretty nice? We have, and these are, there's obviously things like a shower, coffee bar, lunch room, library, that kind of stuff that's sort of the shared common fun areas which we'll have a whole bunch of.
But, you know, part of our emphasis - obviously - and then the private offices which I have yet to find another company except for Microsoft and Apple, I think, that has private offices for developers.
Atwood: Private offices are definitely nice. I mean I eventually had that at Vertigo and I liked it. But, you know, I'm weird in that I like to decorate.
Spolsky: Uh huh.
Atwood: I know that's going to sound kind of weird.
Spolsky: How did you decorate your office?
Atwood: I had a mobile, I had, actually, I'll link it in the actual summary of the podcast but there's, you know, you remember that meme "Five things you didn't know about me," that whole meme?
Atwood: It was around for a while.
Spolsky: [garbled] so I didn't do that.
Atwood: No one, you're kidding? That's a joke, right?
Spolsky: No, it's true.
Atwood: Are you serious? [laughs]
Spolsky: You didn't want to know.
Atwood: It's so viral.
Atwood: But as part of that, I went ahead and put up pictures of my office space at Vertigo the way it was and you can sort of see it for yourself, you know, a picture's worth a thousand words. But people were very impressed with it for what it's worth. I had a scrolling LED display, I had art, I had a mobile ...
Spolsky: A zipple they're called, right? Zipple?
Atwood: ...and of course my...
Spolsky: Zipple? Zipple!
Atwood: Zipple? What is a zipple?
Spolsky: A scrolling LED display.
Atwood: Oh! I've never heard it referred to as that. But yeah, it was cool. So I very much appreciate, because I like to decorate, I appreciate this stuff and I think it matters, I mean, I totally agree with you that, you know, the environment where you physically sit down and work most of the times is incredibly important to your overall, you know, happiness in the work place so I encourage that. And this officesnapshots site is cool, I'm definitely going to link that up. I didn't even know this existed so that's awesome.
Spolsky: Uh, yeah they've done a pretty nice job and I'm sure we're going to blow all those away when they come to us. I mean there's a lot of bad office space there too. And um, somewhere somebody put up a video of the Yahoo campus the other day and Fake Steve Jobs was making fun of it for just being [Atwood laughs], because they had, and this, once again it was like seven minutes showing their whole beautiful campus, showing all the public areas, you know, the coffee and the lunch, and that kind of stuff, and the gym. Um, and about thirteen seconds at the most showing where people actually worked. And that looked to be those ugly high cubicles.
Atwood: [in disgust] Oh.
Spolsky: Really awful cubicles, go almost to the ceiling...
Spolsky: ...with the oatmeal colored cloth stuff.
Atwood: [in disgust] Oh.
Spolsky: And the people, in order to make their office feel cool, had just like decorated them with a lot of crap. Which basically means a lot of broken old toys and stuff and posters that they've just strung up all over the place. And um, just awful.
Spolsky: Absolutely awful. So uh, it looked kind of like, dark and dismal. But, um, I don't know if that's really true of all the Yahoo work spaces or maybe the programmers have it nicer. I don't know.
Atwood: Did you ever watch the show MTV Cribs?
Spolsky: Yeah. Yeah, I like that show because: why would anybody in their right mind agree to be on that show?
Atwood: [chuckles] Well, the one episode of Cribs that was great, because a lot of it was sort of your stereotypical, "I have tons of money so I'm just going to buy the most ridiculous things I can..."
Atwood: "...and put it in the most ridiculously large place," but it's still fun to watch and some people had good taste and some didn't and it was interesting to see that. The funniest one though was some musician that was actually living with his parents. They did the Crib show of basically his parent's crappy house. [snickers]
Atwood: So it was like, "Here's our crappy grill," and it was like, you know, the ultimate yin, you know [garbled] other stuff.
Spolsky: I think that was a YouTube meme and there was a kid and he's like, "Welcome to my crib," and he's basically showing his bedroom in his parent's house.
Atwood: It was like that but...
Spolsky: It's like, "Here's where the magic is done," and he goes down to the basement where he's got his, you know, his cheapo Casio keyboard. [laughs] That's about it.
Atwood: I think this guy was in like a punk band so it gave him a little bit of, you know, credibility for that particular genre.
Spolsky: To be living with his parents. So, uh, yeah MTV, oh officesnapshots.com is MTV Cribs of the office, the programmers' offices. But it's not uh, you know so far I haven't seen anything that's very inspiring and I haven't seen a whole lot of places that just look like they would be really nice places to actually do your work. Other than, you know, what most people build, which is a sea of cubes or a sea of tables.
And then, uh, if they're like a rich old school company like Yahoo then they've got a nice cafeteria and a nice coffee bar and a nice gym where you can work out.
And if they're like a new start-up company like, you know, one of these Web 2.0 start-ups that has venture capital, then, you know, there's a sort of a loving photograph of the espresso machine [laughs]. You know, that's nice, you got an espresso machine, but you know, kinda lame.
Atwood: Yeah. So I take it you're not enamored of the approach where all the programmers sort of have a huddle where there's more of a communal working area so people can theoretically communicate with the whole pair programming style of...?
Spolsky: Well we do, we recognize that pair programming is very common and it does actually burst out regularly, and so all the desks at Fog Creek are long, straight desks to make pair programming easy and appropriate. I mean, we even pay attention to things like where the legs of the desks are so you can pair program comfortably. And, but what we do have is, you got a bunch of private offices, you want to pair program: you roll your nice Aeron chair out to the hallway, and then, using your legs, you continue to push your chair down the hallway a little bit, and into your friend's office, where you pull up alongside them and pair program.
And if you were to go into our programmers' hallway you'd see just tons of communication, tons of, you know, at any given time there'd probably be two people pair programming, but also a lot of people that are able to just sit and quietly concentrate and get a lot of serious work done because they can close the door when they don't want to communicate with other people.
So I think that there's a feeling that private offices are isolating, and that's just, that's just not true at all. What it means is that you have a little bit more control over when you get interrupted. You don't have to be interrupted just because the person who has a desk next to yours is having a conversation you're not interested in participating in.
Atwood: I totally agree. And I think it becomes a personality issue too. I mean, certain, some developers are extremely introverted and really don't seek that out.
Spolsky: Yeah. Those are the ones that will IM you when they're sitting right next to you.
Atwood: [laughs] Well, here's a funny little aside, did you know my wife...
Spolsky: What if you don't use IM?
Atwood: ...my wife subscribes to my Twitter feed because she feels like that's the only way she can get all the information about what I'm doing.
Spolsky: [chuckles] What are some other programmers... I'm trying to think of some other things that the programmers need that we try to focus on for their actual work space. Obviously, you know, the setup that they get, right now the default is a 30 inch and a 21 inch [monitors]. We found that a 30 inch horizontally next to a 21 inch vertically is about the maximum screen real estate that you can see without seriously damaging your neck.
Spolsky: What do you have, what kind of monitors to you have? You said three.
Atwood: Well I'm a big triple monitor guy, cause I feel like then you have a center.
Spolsky: [grunts agreement]
Atwood: The only trick is you have to have two video cards, which rules out, well pretty much you're done with a laptop. So it's pretty much related to desktop machines which is fine with me. Two video cards, and then I have three...
Spolsky: What size? What size are these monitors?
Atwood: 24. Three 24 inch monitors.
Spolsky: So I think that's a little bit more real estate than we have with the 30 inch plus the 21 inch, I think is what we do. Maybe we do a 30 plus a 24, I'm not sure.
Atwood: You never have enough. I think there's no such thing as enough.
Spolsky: Well the trouble though is that, you know, at some point the monitor is just too far into your periphery to be useful for any purpose other than, I don't know, like what you put? You've got three monitors, let's say I gave you a fourth monitor and you put it to the left of your left monitor. What would you put on there?
Atwood: Well you have limitations in terms of how far you're willing to turn your head, that's for sure. And how far up and down you're willing to move your neck.
Spolsky: I know that sucks, having to move your neck all day long.
Atwood: But within the constraints of normal field of vision, I would say this is pretty much the limit because these are all widescreens so it is actually fairly wide. It could be slightly taller. I think I could to three 30 inch monitors. I'd actually need a bigger desk at that point which is kind of sad.
Spolsky: Well what we like is...if you use a 30 inch monitor, you can bring up your IDE if you're a cool programmer or vim if you're a Fog Creek programmer, full screen and it has like a infinite room for editing and email and all kinds of stuff on your main 30 inch, and then you've always got another monitor that doesn't have stuff on it where you can pop up your web browser that you're using for debugging.
Atwood: [grunts agreement]
Spolsky: So that lets you be sure that you always have an exposed web browser view while you're stepping through the debugger. When you're doing any kind of GUI programming, and a lot of web programming as well, it's important to have dedicated real estate for the app that you're debugging. Because otherwise, like, let's say you're trying to debug the window activation event or the, you know, the window expose, or any kind of, in other words, if you're actually trying to alt-tab between the window you're debugging and your debugger in order to get them both to show on the screen then you're actually introducing changes in program state. Which for certain types of GUI programming may actually make it really difficult to debug things.
Spolsky: That make sense? Like for example the very expose event that you're trying to debug may have been set off by the fact that you alt-tabbed from the debugger into the app.
Atwood: Oh absolutely. And one thing I find very helpful if you're running Windows, there's this neat utility called WinSplit Revolution. And one of the challenges, as I sort of grew into larger and larger monitors and... I wrote a blog entry about this, but I think it's actually kind of a big problem for casual and typical users, much less power users, is you have, you spend a lot more time arranging windows. You can't really maximize anything because it makes no sense. I mean, you're not going to maximize like this officesnapshots website. If I maximize it there's just going to be the obscene amount of whitespace...
Spolsky: [grunts agreement]
Atwood: ...on either side of this little strip of content in the middle. So you spend a lot more time sort of messing around with windows. So what WinSplit Revolution does is it overloads the numpad. So I can press a CTRL-ALT and a directional arrow on the numpad, and it moves the window to that quadrant and there's different, you can press it multiple times to cycle through. So you can sort of "LEGO block" together your windows without dragging and sizing. And it's gotta be horrible on the Mac, where you can only size in the bottom right.
Spolsky: Oh yeah, that is sort of a weakness of the Mac.
Atwood: Yeah, yeah. But historically, I mean think about just the excise, the overhead, of dealing with windows. And I don't mean to single out Apple, cause I think it's just a GUI penalty that everybody pays, that...
Atwood: We weren't really meant to mess around with windows. You were just meant to, you know, work on an app at the appropriate size and have it...
Spolsky: Yeah, managing your windows is definitely something that is never quite...gotten right. And the trouble is that, you know, if you're an app and you try to reinvent it by having your own rules, which every app does at least try to remember its former (X, Y) position and dimensions. Right? Almost every app will come up with its former (X,Y) position and dimensions? But if you just do that naively, if you just say, "I will always preserve my (X,Y) position and dimensions," somebody runs two copies of your app, they wind up directly on top of one another, which is the only thing you could possibly not want. And in fact may actually make you believe, make the user believe, that the second copy of the app hasn't really launched. So that's always annoying.
Atwood: Yeah, there's a couple of things that, and you touched on one, I wish window managers across all platforms were smarter about; e.g. when I open a new browser instance I probably don't want it on top of my other ones, like if there's actual space on the screen that's not occupied by something maybe you could put it there, that would be nice. The other thing that's cool -
Spolsky: The Windows default would be to put it like slightly offset from the previous one.
Atwood: Yeah, I realize there's a lot-
Spolsky: So you could see both title bars.
Atwood: Yeah and there's a lot of ways to do this, I'm not proposing this is the one right way. The other thing I would like to see a lot more of, and Skype actually does this as well as WinAmp, is the, have you seen that thing where as you drag the window close to the edge the border of a monitor, it'll actually sort of snap into place?
Spolsky: Yes, snap-to-edge that's a great thing um -
Atwood: I think all windows should do that. It should just be built in to the operating system on every platform.
Atwood: When I get close to an edge, I mean 99.9% of the time I want it to snap in there.
Atwood: So I feel like we've got a long way to go, and I think as people start getting into larger monitors they're going to run into this more and more often. It becomes really a pain, I mean it's great to have a huge monitor, I mean nobody's going to complain about you know "I have a 40" monitor, how terrible" right?
Atwood: But you spend a lot more time messing around with these windows and it just doesn't feel like work, it feels like -
Spolsky: You know a lot of the Microsoft apps, well actually Visual Studio is the key one that switched to a tabbed interface instead of the old MDI. And MDI is theoretically more flexible because you can put windows anywhere you want, you have great control over where the windows go. Whereas the new version of Visual Studio you basically have a screen you can split it into two or split it into four and each one can have a bunch of tabs in it and actually that turns out to be much more useful than the old MDI style where you had to individually manage all these little itsie-bitsie windows.
Atwood: Oh yeah.
Spolsky: That seems to be the new trend. Paint.NET copied that and that seems to be the way we're kind of going is more towards tabs.
Atwood: I think tabs to a certain extent are better than the solution we had but there's some problems there as well. Before we go too much further I want to figure out how many questions do we have that you feel -
Spolsky: Um, I have two but that's only because I haven't reviewed this week's, but I have two from last week.
Atwood: OK, before we get into that I did want to talk about OpenID because I think you're going to have strong opinions about this.
Spolsky: Ye, ye yeah. OpenID. I'm going to have an opinion on it, I don't know what it's going to be yet. But -
Atwood: OK so as Jarrod and I sat down and started thinking through some of the login stuff and actually a friend of mine, Jon Galloway, who still works at Vertigo, a great guy, recommended that we look at OpenID because well 1) from a selfish perspective of like why even have to write password-handling code, salting code, hashing code, forget-my-password code. Why even have to do anything, why not just outsource that entirely to a third party? And you know I'm very sceptical by nature so I was like OK I dunno, maybe, let me look at this. And when I looked at it I actually went through the sign-up process, got an OpenID, and the problem they're trying to solve is exactly the problem that I was considering which is I don't want to be yet another website that adds yet another cognitive load of "oh you got to create another user name and another password for StackOverflow" that you have to remember or put on a keychain, or have your browser.. It's just more stuff right?
Spolsky: Does anybody have a good way of handling that? Like literally if I go to a website and it needs to be registered, my current way of handling that is Password Safe which Bruce Schneier wrote so I trust that it was good and Password Safe is a little program where you can just store all your passwords in it and it'll even generate nice relatively secure passwords for you for each website and will keep track of them all. Only trouble is I haven't quite figured out a way to synchronize my Password Safe database among all the computers that I use. So if want to go to a new website from home and it's asking me to register, I need to Remote Desktop into my computer at work, run Password Safe, logon to that, use the special password for that and it's just real frustrating. It's a real pain.
Atwood: And that's why I find it amusing 'cause some of the people in the comments, I had a blog post about this and I got some really good comments as usual. One of the themes in the comments was "oh it's no big deal, you just run this password program and you have this encrypted USB key" and I'm like how is that -
Spolsky: A what!? An encrypted USB key that you carry with you?
Atwood: Yeah that you carry with you.
Spolsky: What if these guys get shot? What if it breaks or gets demagnetised or something?
Atwood: I just thought it was amusing that adding all this stuff was viewed as like better than a website, right like I mean -
Spolsky: Well OK, if anyone has a better solution for me than what I'm currently doing, lets do that. Everybody write in next week and tell us what your way is of keeping track of your passwords in all the dinky little websites you visit. Like hammocks.com; I went to buy a hammock - I think some moths ate my hammock last year, I had a nice hammock and I went and got it out of the storage thingy and it was just ripped to pieces. So anyway I go back to hammocks.com and they want me to make a password and a username for hammocks.com! I'm never going buy another hammock! Well actually next year the moths are going eat this hammock too so I'm only going to buy one hammock a year, I don't need usernames and passwords for hammocks.com!
Atwood: Well I agree - [garbled]
Spolsky: So if you have a suggestion for a good way to keep track of your passwords to idiot websites that you're probably never going to visit again -
Atwood: The longer-term solution, that's what I'm getting at -
Spolsky: - for multiple computers.
Atwood: I think the longer-term solution is OpenID.
Spolsky: Yeah, but that requires all these websites to go along with it.
Atwood: Well that's what I'm saying; it's a chicken and egg problem and I think I've decided after working with OpenID I feel it's workable, I feel it's mature enough, there are now OpenID 2.0s, they fixed some of the initial sort of weirdnesses and implemented -
Spolsky: And it already fixed a lot of the early, like there were these initial like uh Passport.com. There were these initial attempts to do something like this that were just not workable in the OpenID way because they were basically Microsoft.
Atwood: Yeah well you get to choose your provider and that actually has a downside as I've found out because some of the providers are kind of sloppy in the way that they work. [laughs] Like they may not use HTTPS which is like really, really bad. [laughs]
Spolsky: What providers don't use? Really?
Atwood: At least one of them, I don't want to name any names but I thought that was odd.
Spolsky: Do tell!
Atwood: But the good providers... So there's really two key things you can -
Spolsky: Name names! Name names! Name names!
Atwood: So let me use your hammocks.com as an example. This is a low value set of credentials right, so you should have no problem attaching this to your OpenID. So you would have an OpenID -
Spolsky: NO! They store my credit card, this is not low value. Low value is like oh would you like to post on Jeff Atwood's blog post. That's low value.
Atwood: Well I think -
Spolsky: High value has my credit card and can buy hammock accessories.
Atwood: OK so well first of all let me make a distinction. You're talking about there's some set of information that would be stored by the OpenID provider, OK? That may not include your credit card so they wouldn't actually maybe not have that information, only the hammock site is. I'm talking about low value stuff like your name, which is fairly public information; your address which let's assume you're getting it shipped to the office, that's public information. You don't really care about this stuff. Not necessarily your credit card but like your date of birth, you know whatever you feel comfortable sharing with your OpenID provider. So when you went to hammocks.com and they said oh create an account, you could if they were OpenID-enabled you would say here's my OpenID URL, OK? And if it's the first time you'd done this with them you do have to enter you know login, password in your provider so you basically get redirected to the provider. The provider takes your password and then at that point they would shunt all this information, it's called attribute exchange - this is where the value comes in in my opinion - they would shunt all your address, your age, whatever (again) basic information you need so you don't have to key it in every single time you go to a website.
Spolsky: Wait, wait wait. Do I have any control over this? So like every website that I go to with OpenID is going to get all my information that I gave some OpenID provider?
Atwood: Again, this is where it comes into having a good provider. So with a good provider you can say OK share this, this, this and this, but don't share this, right?
Atwood: So it's all sort of determined by the provider, that's the downside of OK -
Spolsky: Who are the best providers? Is Google a provider?
Atwood: No, Google is not a provider.
Atwood: The one I like the most at the moment is called I believe it's myopenid.com, I'll make sure I'm saying that correct. [typing] Yes. They do a really good job, I do like myopenid.com, I recommend. So if you want to actually test it, and again it's a chicken and egg problem, but I feel like with StackOverflow I want to be part of the solution, not part of the problem. I don't necessarily want to force people to use OpenID, but this is really I think a better long-term solution for the web and it really could work 'cause it's a distributed version of something like Passport, so people should be more comfortable with it. Not that there aren't flaws -
Spolsky: I'm actually kind of shocked that [pauses] What the heck, I'm looking at this list, I'm really kind of surprised, I thought these people all joined the OpenID consortium, like Yahoo and Google and stuff like that.
Atwood: Well there's a way they can do it. The can become providers but not, I can't remember the exact terminology without the document in front of me, but they hold the credentials but they won't accept them [chuckles] In other words, they'll send -
Spolsky: That's OK.
Atwood: - the sites. So it's very much one-sided depending on how they adopted it. Ideally they would become bi-directional where they would accept OpenID credentials as well as being an OpenID provider.
Atwood: But a lot of sites are like oh we support OpenID but they're really just providers. So all that really means is you can use you know jeffatwood.yahoo.com as your OpenID provider on my blog comments for example.
Spolsky: OK, so why wouldn't we tell people to use something like Yahoo or Google as their OpenID provider?
Atwood: Well you can, I found that Yahoo doesn't really do attribute exchange very well.
Atwood: Which is a big, big value add -
Spolsky: This is depressing you even have to know about this. This is going to break it. If this isn't like standard, if this isn't a simple thing that everybody does in the exactly the same way and that they're all just as good and you don't have to sit around figuring out like what the weaknesses are of choosing who your best... That can just kill it because people will say you know what, if I have to decide I'm just not going to, do it at all.
Atwood: There's definitely a new third party involved 'cause in the old-world way of creating an account like on hammocks.com, the only entities involved were you and hammocks.com.
Spolsky: Right, but I trust Google more than hammocks.com.
Atwood: Yeah, no, and I think absolutely Yahoo does a good job, I don't want to be negative about it--Spolsky: And Yahoo, I trust Yahoo more than hammocks.com. I even trust Microsoft more than hammocks.com. And especially if it's just being responsible for authenticating me and saying "Yes, indeed, this username really is this password." Y'know, in fact, if you just simplified it, strip it down to everything, to nothing else other than, my username is always going to be--I wish it was email address--but fine, let it be a URL, although email address would be easier. And there's just, people like Google are willing to display a page that takes that username, sorry, that email address or that URL, and then prompts me for my password, and if I type it in correctly, they're willing to send some trusted, authenticated, signed widget, schmigeggeot attribute thing to that site saying, "Yes, indeed, this is that person, they have provided a password." So really all it is, is a way to only have one password. And if I change my password on Google, then it's changed on all these other sites. And all that site needs to know is that they are pretty sure that they have [your email] as their logged-on.Atwood: Yeah, and I agree it's got a long way to go, but I think it has a lot of promise, I think it's something I want to support. One, from a selfish perspective of, honestly, we write less code this way. Spolsky: The real question is, do we wanna support it to the extent that we don't have our own password system at all, we require you to go out there and get an OpenID? Atwood: That's pretty much the way it's gonna be. Spolsky: So we may be the very first site doing this!Atwood: Well, you have to caveat that with the idea that anonymous access is gonna be pretty-much, pretty close to a first-class citizen in the StackOverflow world. You'll be able to enter questions, answer questions, and actually even accrue reputation, as long as you have cookies enabled. Spolsky: Right, it's just that if you don't want them to be a little more stable, you'll want to--Atwood: Right, so if all you care about is "Hey, I wanna be totally anonymous," then just disable your cookies and you'll be able to do Wikipedia-type stuff, like edits where basically it's tied to your IP address, because that's all we really have at that point.Spolsky: So the question is, what is the absolute minimum set of steps that somebody has to do? Let's say, probably most people don't have OpenID accounts. Although they might have--y'know, if you can just use your Yahoo or Google account--Atwood: Well, the problem with Yahoo, you have to enable the OpenID side, which is really annoying. So even if you have a Yahoo mail account or whatever, you have to go in and actually say, "OK, now I want to opt in to OpenID." So again, that's why I was a little disappointed in the way that Yahoo did it. Spolsky: Why? If there's anyone listening from Yahoo who knows why that is, could you please call in and tell us? Thank you... firstname.lastname@example.org, just record a little mp3...Atwood: I figure, in the worst-case scenario, it's not that much worse than creating an account on StackOverflow, like we had a traditional create-a-new-account form. It's really not that much more work, and you get an OpenID out of it. Spolsky: OK, but the question is, if it's us creating an account for you, we can make it zero, we can make it easy. Like we control the whole process. Whereas with OpenID, we have to send you someplace, and who knows what the process will be. Atwood: Well, yeah.Spolsky: So we gotta give you this page of instructions, and you're like "Oh, God, I need an OpenID provider, what am I going to do?" And then you're like "If you would like to use this, do this, and if you wanna..." and all of a sudden we're asking you to make decisions, and then you gotta open the instructions in one window, and go to that other site and then you know you're gonna have to find your little password file, where you have all your passwords written down, and add it into there.Atwood: Well, OK, I'm very much a skeptic, and I went in expecting it to suck, and I was pleasantly surprised. Maybe my standards are very, very low, but I did not find it an onerous process, and I am very cranky about stuff like this. So part of it's--I'm going to go on gut instinct: if there's a huge rebellion and nobody ever creates an account because they think an OpenID is the worst thing they've ever seen, then we might rethink that.Spolsky: Well, it's hard to know, I mean--OK, it looks like I don't have an OpenID account, because when I search for my OpenID it looks like I've never made one--we may not know, we may just wind up having half the number of people registering it because the process is just like that much more onerous. Because whenever you have like a seven-step process, it always knocks out a certain number of people. And then if you can make it a five-step process, you suddenly discover that you have four times as many people signing up, because at every step you might be losing half the people. Atwood: Yeah, that's true. I think at this point, it's a risk I'm willing to take, and then we'll revisit it later if it turns out to be a bad decision. But I'm fairly comfortable with it, because (a) we have a really good anonymous experience, like better than 90% of the websites on the Internet, we're gonna have a really first-class anonymous experience, and (2) our audience is kind of a technical audience anyway. I feel like these are the kind of people that really should know about OpenID, I mean, I think it's solving a very real problem on the Internet that programmers should be aware of, and sort-of-- Spolsky: Should be supporting.Atwood: Yeah, should be supporting. And on some level--well even if you say, "OK, I hate it," or "here's the problems with it," well, how can we fix it? I really wanna fix this problem--I feel like it's something programmers should be doing. So there's an element of evangelizing it a little bit as well. But again: try it, really, go to myopenid.com, anyone who's listening to this and says "Jeff, you're full of crap," maybe I am full of crap--Spolsky: I'm gonna do it right now. Alright, here we go, somebody take a--got a stopwatch?
[41:12]Atwood: [laughs] No, no, no, no. I would do that offline.Spolsky: No, I'm doing it right now. "Sign up for an OpenID." OK, I can do that. OK, 42,13, alright, it's downloading, it's SSL. "Your OpenID URL is how sites that accept OpenID know you. You can use your name, or anything you want to be known by." Hmmm... "s" is not available. Oh, "spolsky"'s available. Heh heh heh. Alright, now I need a password. Atwood: Well, that's another advantage, you can typically get names that you actually want, versus like on Yahoo, it's like, how many names are taken on Yahoo? Pretty much every name ever? Spolsky: Yeah. OpenI--oh, sorry, myopenid, username Spolsky, and yeah, I can just click "Generate Password" on--what's it called?--PasswordSafe, which I'm using. And it generates a nice, secure password for me, and it says the site recognized that it's secure. "Enter email address." It's optional, which is nice, that's cool. And the email address just lets you recover your password. "The fine print. Enter the text in the image below." Oh jeez, I can't read it. I can only read the first one. What the hell does that say? Atwood: You gotta read harder.Spolsky: I think it says various--oh look, I can play it out loud. "Can't hear the sound?" No, I don't hear the sound. Oh! Oh my God, these audio CAPCHA's! It's like [funny noises].Atwood: It's actually obfuscated? Even the audio?Spolsky: Yeah. Atwood: Really!Spolsky: Yeah, it's like that movie with Wim Wenders, where he's an angel that's fallen to earth, and he can hear everybody's thoughts, that he's walking by.Atwood: Yeah, I remember that movie.Spolsky: That was terrible.Atwood: They remade that with Nicholas Cage, and it wasn't any better in the remake. Spolsky: Really, what was the movie called, On the Wings of Angels?Atwood: Something--it was very--it was painful. I'm trying to forget it now.Spolsky: Alright, this is a very, very evil CAPCHA. OK, "Check your email." What? But the email was optional! Alright, I think I got one.Atwood: So now the next job--I don't think we need to necessarily do it on this podcast, but find a site that actually accepts OpenID.Spolsky: How long did that take? How long was I doing that?[43:47, thus it took Joel 2:25 to make his OpenID account]Atwood: I dunno, maybe a minute? That's not very much.Spolsky: I didn't get the email, maybe it's in my Junk folder. Yeah.Atwood: And that's the same stuff we would have to do to you, right? If we were to write code, we'd be doing the same exact thing. It's like, why reinvent the wheel so many times? Spolsky: OK, so what happens if I go to this URL which is my OpenID? It just says "Page belongs to you, edit this page." Atwood: You can actually put some identity stuff there if you want to, it can be just a blank page.Spolsky: "Add a persona"?Atwood: "Personas" is a fancy word for attribute exchange. So persona would be information that you want to be transmitted to a site.Spolsky: Ah, I can upload images! Atwood: Yeah, your avatar could be part of that persona, right? So your avatar image, if the site is written correctly, and the provider supports it (myopenid does) it will actually send down that image to the site. So if you're actually setting up a new account on stackoverflow, it would download your avatar automatically. You wouldn't have to...Spolsky: Well, I'm gonna put a picture of Peter Falk.Atwood: Of course.Spolsky: Because he was the star of Wings of Desire, that's the movie we were talking about, where he's just walking around, hearing everything that everybody is thinking. In all kinds of languages, it's really kind of interesting. Takes a while to figure out what's going on. OK, so OpenID. That wasn't so bad, that wasn't the end of the world, I had a little bit of fun.[45:08]
Atwood: See? It's not so bad, I'm telling you.Spolsky: So what's a site I can use OpenID at, that I can try this on?Atwood: Ah. There's the catch-22, there's the chicken and egg problem. There's not very many, there's really not very many. I had to go - I think I found a LifeHacker post that had a few, so I was just experimenting. And you really are at the mercy of A) the provider - but MyOpenID is a good provider - and B) the site that's actually written to work with OpenID to actually do it correctly, and by "correctly" I mean when you create a new account it pulls down all that information through attribute exchange - you're not data-entering, like, your email address, the URL for your website, your avatar image, all that stuff. And we're going to do that correctly on StackOverflow, we're going to pull down a ton of stuff from attribute exchange.
Spolsky: Hey, this is cool. Oh, uh-oh, so I'm trying this now with PB wiki, but then it says "There is no PB wiki account associated with that OpenID; would you like to create one?" and then it wants my name.Atwood: So what your falling into is implementation problems on their side. We're not going to do it that way.Spolsky: Right, right, right - of course. We're just going to be "Hey I know who you are - you're all set"Atwood: YesSpolsky: Although we may want you to add more personal information other than what -Atwood: SureSpolsky: [...] add all kinds of interesting stuffAtwood: We are going to have profile pages on StackOverflow and you're free to put whatever information you want there, but we're going to try to pre-populate the heck out of it with your attributes from OpenID.
Spolsky: So I like MyOpenID. How the heck do they make money?
John Dyer: This John Dyer from Pennsylvania and I have a question about the types of business domains that programmers are in. FogBugz is easily understood by programmers because they're used to tools like this. But what about developers involved in medical or insurance applications? These areas have very complex and detailed rules that are not common to most developers' general life. Joel's developers have to learn the FogBugz application code and the business rules, but the rules are relatively easy for developers to grok. Programmers in other areas face a different learning curve. I suggest that the effort to learn the business rules can be much larger than the application code, so in these situations the one thing that can be controlled is the application code complexity. Having things like complex framework hierarchies and custom compilers can be a detriment because they add considerably to the code. In these situations, isn't it better to code mainly from things like the .NET framework libraries so that there is less to learn?
Spolsky: Yeah, so that's kind of a rhetorical question. But in general in most application areas where programmers are working, it's easier for the programmers to learn the domain than for the users in that domain to learn the programming. In other words, if a programmer goes and works in, for example, insurance and they have to learn actuary tables and whatever the insurance industry stuff may be that they have to learn in order to do their job writing code for that domain. But, usually the programmers are probably more qualified to learn that stuff rapidly than the people actually working in that field would be to learn programming. Now I say usually because I guess medicine is probably a humungus exception where there's stuff that they may just not understand or make take an entire medical degree to know well.
Atwood: Yeah, there was a couple of questions there and some of them were rhetorical but I think it's a good springboard for something I saw recently. Did you see Eric Sink had a nice post about his Ham Radio operators and learning C?
Spolsky: Oh yeah, yeah, yeah.
Atwood: That was really good. My answer to that is not that you shouldn't learn C, but like OK let's take this question as a springboard. Would I rather have programmers that know managed code really well AND the domain that they're working in really well, or would I rather have programmers that know managed code really well and then decide hey I want to learn C just because I can? Like to me, it's much more important to learn the business domain, right, than necessarily C. I mean, I view it as a fixed pie; you don't have infinite time to learn everything there is to learn and, I don't know, I feel like that time should be invested. Learning the business domain is a great place to spend effort like that versus say Eric Sink and Joel Spolsky say I gotta learn C 'cause if I don't I'm not a real programmer.
Spolsky: Wait a minute! You managed to turn this around to whether or not you should learn C! [laughs] We were talking about business domain questions.
Atwood: Yeah, ok so I don't want to totally derail because I know we've talked about this a lot. Knowing the business domain is so important and very few programmers actually do. I know that I spent a lot of time on the apps that I worked on trying to figure out what the heck it was that the customers wanted.
Spolsky: You worked on enterprisey software probably a lot more than I have because you did that for people. But honestly, when you got on a project you often had to learn the business domain and it wasn't that hard, right, when you did?
Atwood: It's not hard in the sense that [sighs] - understanding what people are saying to you is hard because people aren't good at communicating -
Spolsky: Exactly, but what they were trying to say was probably pretty simple if you could just frigging tell what they were saying. It's like "oh this is it, if it's greater than five then 'A' otherwise 'B', that's the whole story?"
Atwood: Yeah, but that's the more important life skill to me than learning C. I figure once you get to a certain degree in programming - as a career - you're good enough at it, honestly.
Atwood: You really need to be good at these other things like communicating with other people, right, being an example of that and learning the business domain. I guess that's my only point, I don't want to turn it my little pet topic but I really enjoyed his article and he totally tricked me with his Ham Radio thing. Oh he's going to agree with me and he tricked me and he actually agreed with you.
Spolsky: Yeah but then you know he didn't really back it up that well which was a shame, but you know I think it's not like, I think in the case of Ham Radio learning Morse Code, this is what Eric Sink wrote is that there's a parallel to be drawn between the Ham Radio people being required to learn Morse Code just because in the old days they used to use Morse Code versus me saying that programmers need to learn C 'cause in the old days they used to use C. I think the key difference between those two is that Morse Code is not the fundamental way radio communication takes place, it's not what's there at a lower level. In other words, the C programming language, although this may surprise some people, but the C programming language is a kind of a way of looking at the programming work that you do every day kind of at a more base, a more theoretical or a more primitive level, understanding the CPU kind of at a simpler level. It's sort of like slow down and let's look at the exact steps that are taking place here. Even if there's nothing more than understanding what exactly is involved in string processing on a CPU. If that's the only thing you learned from learning C was realising what it means for there to be a string algorithm, what it means for copying a string. Why is it that the CPU can't copy a string with the same amount of work as it copies an integer? And format a string -
Atwood: I agree with what you're saying -
Spolsky: So that's the kind of stuff you would want to learn in C. It does have value for a programmer doing C# to learn that stuff, I believe, even if you're only doing C#. In a way it doesn't have value for a radio operator who is never going to use Morse Code and is talking on the radio and what they're talking about is not even being translated to Morse Code by a compiler at some point.
Atwood: That's a totally fair point and a very good explanation of it but let me use your example to illustrate what I was talking about which is: how many times do you run into "ok I don't understand the way this string routine is working" or you're having a performance problem with the string routine where understanding the lower level C would actually be useful versus understanding why the people you're talking to about the app you're supposed to be building can't tell you what you need to actually build the app. In my experience that is a far more common problem and that's really where you want to spend your time learning new skills, if you will, around basic communication, learning how to write well, learning how to speak in a way that's understandable to other people.
Spolsky: Yeah, there's two different... The first is a skill that's useful to a programmer and the second is a skill that's useful to a systems analyst working in enterprise software development where they have to talk to users to figure out what the users want.
Atwood: Wait, wait, so you think there's this wall -
Spolsky: They're different skills for different jobs. No, there doesn't have to be a wall, you might have to do both, in which case both skills will help you.
Atwood: Every job I've ever been in, I had to do both -
Spolsky: Well you know the programmers at Fog Creek, there's a lot of them that really don't have to do both. Although it's weird ok they're working on FogBugz, so they don't have to talk to users. But you've been in jobs that are kind of more enterprisey, in a job that's more producty, product-oriented? There can be an awful lot of people on the team that literally don't have to know anything about what the users want or what the domain is, they can just have something explained to them to implement it.
Atwood: It pains me to hear that.
Spolsky: Y'know, I worked on medical software, that was like my first job, was medical software, and all I ever learned was that if you take--this is what I learned about medicine--and I was able to create very, very useful software. All I learned was that if you wanna figure out the pH that's going on in a cell, like the pH of various areas in a cell, you can put that cell on a slide, put it on a microscope, take a picture of it, at the color of 440 Hz [nanometres], and then take another picture at the light with color 490 Hz [nanometres], and divide those, and that ratio will tell you the actual pH of the cell. Which is bizarre, but true. And I don't know why that works, and I might be missing something--actually, it's 490 divided by 440, not what I said. I think. Anyway, whatever, it gives you something that lets you see the pH in a cell, so if you wanna do an experiment where you're like "What is the effect of blah, blah, blah on the pH in the various parts of the cell," then what you can do is just take a whole bunch of pictures at these two different colors, with these two different colors of light, and go over every single pixel and divide the intensity you get at that pixel. So I've just explained something to you which is all I needed to know about medicine to be able to spend a couple years at Yale Medical School writing code that figured out the pH that was going on in a cell and that's all it took, and that's all the medicine that I had to learn in order to create something that was useful to the researchers there.
Spolsky: If you have any questions you want to ask us, or any suggestions, or if have any ideas for password management - that was my question this week, "How do you manage your passwords, and keep them synchronized on all our computers and stuff like that?" - record a little audio file, MP3 or Ogg Vorbis and send that little email attachment recording to... Atwood: email@example.com, and I predict you're going to be sorry you asked that, you're going to be very sorry, there's a lot of strong feelings on this topic.
Spolsky: Well, maybe we'll get something interesting...
Atwood: Your funeral.
Spolsky: There must be somebody who's doing something better than I am: remote-desktopping in to my computer at work to find out what my password is for hammocks.com. And, uh, we'll see you next week!