A free karaoke game
Created by accident, all who find you would destroy you. Can you escape?
The Register columns are getting better and better at web security related content.
In one single article, Dan Goodin managed to:
Just a little addition of mine: despite PayPal’s safe browser nonsense, the browser which can save you from XSS exploitation is only one.
In other news, Remond - The Independent Voice of the Microsoft IT Community, formerly known as the Microsoft Certified Professional Magazine, joined the party of the ASP/MS SQL Server sites SQL Injected to serve JavaScript malware.
Considering the wide coverage this epidemics enjoyed in the past week, I wonder what a “Certified Professional” usually reads aside Microsoft EULAs…
I can’t believe all changes that are happening inside OLPC. The foundation is announcing the dual boot with Window$ and the great news is that “Microsoft will just charge 3USD!” ??? WTF!, I think that nobody is remembering when Steve Jobs offered Apple OSX free of charge! .
One of the goals of OLPC was to introduce new security features, most of them described in the BitFrost spec. An “educational” platform must be secure, and how is possible to promote a very insecure OS. Often is good to have different options but we have to keep in mind that the target users are not people that have been using computers for years, kids needs to learn and create, don’t be wasting time thinking about Anti-Virus and licenses. Virus will be happy to expand through the mesh-network…
Another point (and the most important to me) is about the user interface, the bad idea is try to run Sugar over Windows, that’s not make sense. Thanks God OLPC will continue supporting Linux as main platform and Sugar as main user interface.
The good news after the big changes in OLPC, is the foundation of Sugar Labs by Walter Bender and supported by the main developers of Sugar and contributors. This foundation will focus on providing a software ecosystem that enhances learning on the XO laptop as well as other laptops distributed by other companies, such as the ASUS Eee PC.
Now we can say that OLPC is a laptop project supporting a really educational one called Sugar, and Sugar Labs improving this wonderful interface and keeping in mind the original statement: An educational project.
We easily forget, and I have been guilty of this many times, that technology serves business and not the other way around. YAML? Are you kidding me? Computers are fast and disk storage is cheap so I really am not interested in such minor efficiencies. Using indentation to distinguish hierarchy in data? That is very risky! This is not a programming language like Python that is guaranteed to be run through a compiler. In the data you must have explicit declaration of syntax NOT implicit. Again, if you are thinking like a developer your brain says "hey, I can save those angle brackets and not have to type them" or "I can save that closing tag so I don't 'waste' my precious time." Please ... those angle brackets and that closing tag make the data demarcations explicit. That is more important than a developer saving five keystrokes per line.
Two cool posts this week on my son Max's blog.
The first was a stop-motion animated movie he made as an assignment for French class with his friend Alice. It highlights the oppression of women in Algeria, and I think it is wonderful, both in its compassion and its technical skill. He made it with iStopMotion, a clever Mac tool that overlays successive frames with the current live view from the camera so that you can carefully animate your models.
On Thursday, he was at the Boston Apple store opening, getting a green monster t-shirt and special edition iPod sock. He's got lots of pictures of the event in his gallery.
This way, ready to copy and paste:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
Background:
It already takes a lot of resources to recall that to see the
host key fingerprint you need to run something called 'keygen'.
Then ssh-keygen doesn't support --help:
it will try to generate a new key instead. We're in 2008. There
should be a law against this sort of behaviour.
To figure out how to see the host key, you need to dig through a
long manpage with no examples section. ssh-keygen does
have commandline help, but does not implement any switch to invoke
it (check the getopt invocation in the source code if you don't
believe me). It will however show commandline help when given an
unrecognised option, so it will mutter but at least give you love
if you ask for it:
$ ssh-keygen -♥
ssh-keygen: illegal option --
Usage: ssh-keygen [options]
Options:
[...]
After figuring out that it's -l -f, you still have to go and fish the file wherever it is. And luckily we had the recent Debian openssh problems, so now I can get the fingerprint of the RSA file only and be done with it.
But thanks to this blog entry, no more of that, at last.
For a recent university seminar, I wrote a haskell program to render and edit iterated function systems (IFS), which generates a certain class of fractals, namely self-similar sets. I think the result is quite nice, so I’m sharing the code.
With FrakView you can view a rendering of the attraktor of the IFS, whith a choice of two algorithms (a straight forward, and a probabilistic), configurable depth and anti-aliasing. You can also modify the IFS by dragging the colored boxes with arrows you see on the screenshot. For the academically inclined, there is also support to visualize cylinder sets and otherwise explore the coding space of the IFS a bit.
The program is written in haskell and uses gtk2hs, the gtk bindings for haskell. It might be interesting for other gtk2hs programmers to see how FrakView solves some issues: For example, it uses the CoroutineT monad transformer I recently blogged about – check out the pausingForM_ function in GUI.hs. Also, the current state of the screen is in one algebraic data type (ScreenConfig) that supports equality checks, so when the user interacts, the code recomputes the new ScreenConfig (using getRenderer), but only redraws the screen if it differs from the previous. This is much easier and more robust than having to decide for each possible user interaction whether it changes what’s on the screen.
You can get the source from the FrakView darcs repository.
For those of us that use PHP and Eclipse PDT there is a pair of Enhancement Bug reports that we might want to vote on. As of right now the enhancement road map for integrating Mylyn with PDT per PDT road map is PDT 1.1 which of course answers the questions posed by both bug 176804 and bug 178350.
The question gets answered as far as road map in comment 8 of the 178350 bug. For those of us that cannot wait and can deal with lack of Mylyn focus on methods and etc comment 4 of bug 178350 explains how to use Mylyn currently with Eclipse PDT.
Thus, while we have to wait for the results of one of the most voted on enhancements, we can use some Mylyn features now in Eclipse PDT 1.0.
Whoa, this security bug exposed by Luciano Bello (Ola!) is one of the worst I’ve ever seen.
Time to regenerate your key with the updated openssl 0.9.8c packages.
This seems to be Debian specific patch that caused this bug.
Further instructions should be posted on a special Debian key rollover page and the Debian wiki.
Update: key rollover is hard. :/ `ssh-vulnkey` was missing for awhile and only recent updates to openssh-server seem to regenerate the keys for me.
There are obviously some things we need to remind if we don’t want something like the OpenSSL debacle to happen again. It doesn’t mean we need to throw stones nor to rush into changing our processes without thinking. However, there are already some things that should be obvious but unfortunately are not.
All in all, this incident has a great impact on Debian’s image. If we don’t react accordingly, adapting our processes and our system to match what our users expect from us – and they expect the best – they will turn away from us. With very good reasons to do so.
Update : It seems OpenSSL does have a bug tracker. Thanks Kurt for pointing me to it.
Launchpad offers many things to developers, and open source software developers in particular. One of these things is the ability to host Bazaar branches. For those that have looked a little deeper, they will have noticed that there are four types of branches in Launchpad: Hosted; Mirrored; Remote; and Imported. Hmm, this isn't really what I was intending to talk about at all, but I'm going to go with the flow.
Hosted branches are those where Launchpad is the primary public location of the branch. Hosted branches are normally created by pushing a branch directly to Launchpad. Before you do that though, you need to have registered on Launchpad, and supplied an SSH key. This is how Launchpad knows who you are. There are two ways you can push a branch to Launchpad: one is via SFTP; and the other using the Bazaar smart server (bzr+ssh).
As an example I'm going to use my alias-command bzr branch. The complete SFTP location would be sftp://thumper@bazaar.launchpad.net/~thumper/bzr/alias-command, and the smart server one bzr+ssh://thumper@bazaar.launchpad.net/~thumper/bzr/alias-command. These are a bit unwieldy, so we extended the lp type urls for bzr to support writing if the launchpad plug-in knows who you are. In order for you to do this you use the lp-login command. bzr lp-login will tell you the username that is currently set. If you have not done this yet, you'll see a message like "No Launchpad user ID configured." I set mine by saying bzr lp-login thumper. This stores thumper as the launchpad_username in the bazaar.conf file. This also means I can use bzr push lp:~thumper/bzr/alias-command to push to my hosted Launchpad branch.
Mirrored branches allow you to have your branches stored publicly in some location that you control, and you let Launchpad know where this is. Launchpad will then update its copy of your branch every six hours. This is handy if you don't have an SSH key, or you have a slow network connection, or you just like having your branches available on your own server.
Remote branches are a bit different. Remote branches were sort of created out of necessity. Some people were registering mirrored branches with unreachable locations. Some of these were possibly by mistake, but quite a few were obviously inaccessible. But more strange is that those branches were linked to bugs or blueprints. There was obviously a desire to have branch meta-data there, but not actually allow Launchpad to get access to the branches. So we have remote branches. You cannot get a copy of a remote branch from Launchpad as Launchpad does not have a copy of it.
Imported branches are those branches where Launchpad get the code from either CVS or Subversion, and puts it into a Bazaar branch. I was really wanting to talk about this as I saw two projects recently where we are importing code that I didn't know about. One is my favourite music player, Amarok, and the other was MPlayer. Just out of curiosity I looked at both of these branches on Launchpad. The Amarok one has 12195 revisions as I'm writing this, and the last revision was 11 hours old, and MPlayer had even more revisions, at 26761. However that isn't even the cool bit. What is really nifty is you can go bzr branch lp:amarok or bzr branch lp:mplayer to get the code. Just to check I did just that, and got a copy of the amarok source. It was the first bit of C++ I had looked at in a long time (it used to be all I did).
Anyway, that was what I really wanted to say. Oh yeah, and bzr rocks.
So going alone to the cinema yesterday was not a first, but going alone and being alone in the room certainly was, and an unexpected one.
This was, as far as I know, the premiere in Alicante of Enloquecidas, which is certainly not that of a remarkable film, but which was entertaining enough, and provided some very good laughs.
What is wrong with this city?!
(Update: hm, seems I’m mistaken about the “premiere” bit. Oh well.)
I was invited to come to FOSSCamp this year, and of course I accepted. Travel from São Paulo to Prague was quite long (home to hotel time around 20hs), but it paid off: hotel is great, (un)conference is nice and lots of hackers to talk. It was great to discuss how your desktop and mobile device will work in future 
Unlike other events, this is not a conference, thus the name “unconference”, instead of fixed schedule with talks, we have lots of meeting rooms with good infrastructure (wifi, enough power sockets, tables…) that we can use to discuss about various issues.
Yesterday (Friday, May 16th) was the first and I participated in some desktop-oriented discussions. Some highlights:
0 
Lots of "Web 2.0"pundits like to argue that it is just a matter of time before Web applications make desktop applications obsolete and irrelevant. To many of these pundits the final frontier is the ability to take Web applications offline. Once this happens you get the best of both worlds, the zero install hassle, collaborative nature of Web-based applications married to the ability to take your "apps on a plane". Much attention has been given to this problem which has led to the rise of a number of frameworks designed bring offline capabilities to Web applications the most popular of which is Google Gears. I think the anti-Microsoft sentiment that courses through the "Web 2.0" crowd has created an unwanted solution to a problem that most users don't really have.
Unlike David Heinemeier Hansson in his rant You're not on a fucking plane (and if you are, it doesn't matter)!, I actually think the "offline problem" is a valid problem that we have to solve. However I think that trying to tackle it from the perspective of taking an AJAX application offline is backwards. There are a few reasons I believe this
I suspect this is the bitter truth that answers the questions asked in articles like The Frustratingly Unfulfilled Promise of Google Gears where the author laments the lack of proliferation of offline Web applications built on Google Gears.
When it first shipped I was looking forward to a platform like Google Gears but after I thought about the problem for a while, I realized that such a platform would be just as useful for "online enabling" desktop applications as it would be for "offline enabling" Web applications. Additionally, I came to the conclusion that the former is a lot more enabling to users than the latter. This is when I started becoming interested in Live Mesh as a Platform, this is one area where I think Microsoft's hearts and minds are in the right place. I want to see more applications like Outlook + RPC over HTTP not "offline enabled" versions of Outlook Web Access.
Now Playing: Jordin Sparks - No Air (feat. Chris Brown)
I've spent all of my professional career working at a large multinational company. In this time I've been involved in lots of different cross-team and cross-divisional collaboration efforts. Some times these groups were in the same organization and other times you would have to go up five to ten levels up the org chart before you found a shared manager. Surprisingly, the presence or lack of shared management has never been the key factor that has helped or hindered such collaborative efforts.
Of all the problems I've seen when I've had to depend on other teams for help in getting a task accomplished or vice versa; there have been two insidious that tend to crop up in situations where things go awry. The first is misaligned goals. Just because two groups are working together doesn't mean they have the same motivations or expected end results. Things quickly go awry when one group's primary goals either run counter to the goal(s) of the group they are supposed to be collaborating with. For example, consider a company that requires its technical support to have very low average call time to meet their metrics. Imagine that same company also puts together a task force to improve the customer satisfaction with the technical support experience after lots of complaints from their customers. What are the chances that the task force will be able to effect positive change if the metrics used to reward their tech support staff remain the same? The funny thing is that large companies often end up creating groups that are working at cross purposes yet are supposed to be working together.
What makes misaligned goals so insidious is that the members of the collaborating groups who are working through the project often don't realize that the problem is that their goals are misaligned. A lot of the time people tend to think the problem is the other group is evil, a bunch of jerks or just plain selfish. The truth is often that the so-called jerks are really just thinking You're not my manager, so I'm not going to ask how high when you tell me to jump. Once you find out you've hit this problem then the path to solving it is clear. You either have to (i) make sure all collaborating parties want to reach the same outcome and place have similar priorities or (ii) jettison the collaboration effort.
Another problem that has scuttled many a collaboration effort is when one or more of the parties involved has undisclosed concerns about the risks of collaborating which prevents them from entering into the collaboration wholeheartedly or even worse has them actively working against it. Software development teams experience this when they have to manage dependences on their project or that they have on other projects. There's a good paper on the topic entitled Managing Cognitive and Affective Trust in the Conceptual R&D Organization by Diane H. Sonnenwald which breaks down the problem of distrust in conceptual organizations (aka virtual teams) in the following way
Two Types of Trust and Distrust: Cognitive and Affective
Two types of trust, cognitive and affective, have been identified as important in organizations (McAllister, 1995; Rocco, et al, 2001). Cognitive trust focuses on judgments of competence and reliability. Can a co-worker complete a task? Will the results be of sufficient quality? Will the task be completed on time? These are issues that comprise cognitive trust and distrust. The more strongly one believes the answers to these types of questions are affirmative, the stronger one’s cognitive trust. The more strongly one believes the answers to these types of questions are negative, the stronger one’s cognitive distrust.Affective trust focuses on interpersonal bonds among individuals and institutions, including perceptions of colleagues’ motivation, intentions, ethics and citizenship. Affective trust typically emerges from repeated interactions among individuals, and experiences of reciprocated interpersonal care and concern (Rosseau, et al, 1998). It is also referred to as emotional trust (Rocco, et al, 2001) and relational trust (Rosseau, et al, 1998). It can be “the grease that turns the wheel” (Sonnenwald, 1996).
The issue of affective distrust is strongly related to lacking shared goals while working together as a team which I've already discussed. Cognitive distrust typically results in one or more parties in the collaboration acting with the assumption that the collaboration is going to fail. Since these distrusting group(s) assume failure will be the end result of the collaboration they will take steps to insulate themselves from this failure. However what makes this problem insidious is that the "untrusted" groups are often not formally confronted about the lack of trust in their efforts and thus risk mitigation is not formally built into the collaboration effort. Eventually this leads to behavior that is counterproductive to the collaboration as teams try to mitigate risks in isolation and eventually there is distrust between all parties in the collaboration. Project failure often soon follows.
The best way to prevent this from happening once you find yourself in this situation is to put everyone's concerns on the table. Once the concerns are on the table, be they concerns about product quality, timelines or any of the other myriad issues that impact collaboration, mitigations can be put in place. As the saying goes sunlight is the best disinfectant, thus I've also seen that when the "distrusted" team becomes fully transparent in their workings and information disclosure it quickly makes matters clear. Because one of two things will happen; it will either (i) reassure their dependents that their fears are unfounded or (ii) confirm their concerns in a timely fashion. Either of which is preferable to the status quo.
Now Playing: Mariah Carey - Cruise Control (featuring Damian Marley)
Disclaimer: This post does not reflect the opinions, thoughts, strategies or future intentions of my employer. These are solely my personal opinions. If you are seeking official position statements from Microsoft, please go here.
Recently there were three vaporware announcements by Facebook, Google and MySpace each describing a way for other web sites to integrate the user profiles and friends lists from these popular social networking sites. Given that I'm a big fan of social networking sites and interoperability between them, this seemed like an interesting set of announcements. So I decided to take a look at these announcements especially given the timing of them.
Marc Canter does a good job of describing the underlying theme behind all three announcements in his post I do not compromise where he writes
three announcements that happened within a week of each other: MySpace’s Data Availability, Facebook’s Connect and Google’s Friend Connect - ALL THREE had fundamentally the same strategy!
They’re all keeping their member’s data on their servers, while sending out tentacles to mesh in with as many outside sites as they can. These tentacles may be widgets, apps or iFrames - but its all the same strategy.
Basically all three announcements argue that instead of trying to build social networking into their services from scratch, Web sites should instead outsource their social graphs and "social features" such as user profiles, friends lists and media sharing from the large social networking sites like Facebook, MySpace and Orkut.
This isn't a new pitch, Facebook has been singing the same song since they announced the beta of the Facebook Platform in August 2006 and Google has been sending Kevin Marks to every conference they can find to give his Social Cloud presentation which makes the same pitch. The new wrinkle to this time worn tale is that Google and Facebook [along with MySpace] are no longer just pitching using REST APIs for integration but are now preaching "no coding required" integration via widgets.
Now that we know the meat of all three announcements we can go over the little specifics that have leaked out about each forthcoming product thus far.
Dave Morin gave the first official statement about Facebook Connect news in his blog post Announcing Facebook Connect where he wrote
Trusted Authentication
Users will be able to connect their Facebook account with any partner website using a trusted authentication method. Whether at login, or anywhere else a developer would like to add social context, the user will be able to authenticate and connect their account in a trusted environment. The user will have total control of the permissions granted.Real Identity
Facebook users represent themselves with their real names and real identities. With Facebook Connect, users can bring their real identity information with them wherever they go on the Web, including: basic profile information, profile picture, name, friends, photos, events, groups, and more.Friends Access
Users count on Facebook to stay connected to their friends and family. With Facebook Connect, users can take their friends with them wherever they go on the Web. Developers will be able to add rich social context to their websites. Developers will even be able to dynamically show which of their Facebook friends already have accounts on their sites.Dynamic Privacy
As a user moves around the open Web, their privacy settings will follow, ensuring that users' information and privacy rules are always up-to-date. For example, if a user changes their profile picture, or removes a friend connection, this will be automatically updated in the external website.
The key features to note are (i) a user can associate their Facebook account with their account on a 3rd party site which means (ii) the user's profile and media shared on Facebook can now be exposed on the 3rd party site and (iii) the users friends' on Facebook who have also associated their Facebook account with their account on the 3rd party site will show up as the user's friends on the site.
The "dynamic privacy" claim seems pretty vague if not downright empty. All that is stated above is that the user's changes on Facebook are instantly reflected on 3rd party sites. Duh. Does that need to be called out as a feature?
On the Google Friend Connect page there is the following video
The key features to note are (i) a user can associate their
Facebook account OpenID with their account on a
3rd party site which means (ii) the user's profile and media
shared on Facebook account a small set of social
networking site can now be exposed on the 3rd party site and (iii)
the users friends' on Facebook the small set of
social network sites who have also associated their
Facebook account OpenID using Google Friend
Connect to connect their account on the 3rd party site
will show up as the user's friends on the site (iv) the user's
activities on the 3rd party site are broadcast in her friends' news
feeds.
One interesting thing about Google Friend Connect's use of OpenID is that it allows me to associate multiple social network profiles to a single account which may not even be from a social networking site (e.g. using my AOL or Y! email to sign-in but associating it with my Facebook profile & friend list).
Google Friend Connect seems to be powered by Google OpenSocial which is Google's attempt to commoditize the functionality of the Facebook platform by making it easy for any social networking site to roll its own Facebook-style platform by using Google's standard set of REST APIs, Javascript libraries and/or hosting services. In the above video, it is mentioned that Web sites which adopt Google Friend Connect will not only be able to obtain user profile and friend list widgets from Google but also OpenSocial widgets written by 3rd party developers. However since Facebook announced the JavaScript Client Library for Facebook API way back in January they already have the technology in place to offer something similar to Web site owners if this capability becomes in demand. More important will be the set of functionality that comes "out of the box" so to speak since a developer community won't form until Google Friend Connect gains traction.
By the way, it turns out that Facebook has banned Google from interacting with their user data using Google Friend Connect since it violates their terms of service. My assumption is that the problem is Google Friend Connect works by building an OpenSocial wrapper on top of the Facebook API and then exposing it to other web sites as widgets and to OpenSocial gadget developers via APIs. Thus Google is pretty much proxying the Facebook social graph to other sites and developers which takes control of safeguarding/policing access to this user data out of Facebook's hands. Not good for Facebook.
The only details on the Web about MySpace's Data Availability seems to be second hand data from tech bloggers who were either strategically leaked some details/screenshots or took part in a press release conference call. The best source I found was Mike Arrington's TechCrunch post entitled MySpace Embraces DataPortability, Partners With Yahoo, Ebay And Twitter which contains the following excerpt
MySpace is announcing a broad ranging embrace of data portability standards today, along with data sharing partnerships with Yahoo, Ebay, Twitter and their own Photobucket subsidiary. The new project is being called MySpace “Data Availability” and is an example, MySpace says, of their dedication to playing nice with the rest of the Internet.
A mockup of how the data sharing will look in action with Twitter is shown above. MySpace is essentially making key user data, including (1) Publicly available basic profile information, (2) MySpace photos, (3) MySpaceTV videos, and (4) friend networks, available to partners via their (previousy internal) RESTful API, along with user authentication via OAuth .
The key goal is to allow users to maintain key personal data at sites like MySpace and not have it be locked up in an island. Previously users could turn much of this data into widgets and add them to third party sites. But that doesn’t bridge the gap between independent, autonomous websites, MySpace says. Every site remains an island.
But with Data Availability, partners will be able to access MySpace user data, combine it with their own, and present it on their sites outside of the normal widget framework. Friends lists can be syncronized, for example. Or Twitter may use the data to recommend other Twitter users who are your MySpace friends.
The key difference between MySpace's announcement and those of Facebook & Google is that MySpace has more ground to cover. Since Facebook & Google already have REST APIs that support a delegated authentication model, MySpace is pretty much playing catch up here.
In fact, on careful rereading it seems MySpace's announcement isn't like the others since the only concrete technology announced above is a REST API that uses a user-centric delegated authentication model which is something both Google and Facebook have had for years (see GData/OpenSocial and Facebook REST API).
Given my assumption that MySpace is not announcing anything new to the industry, the rest of this post will focus on Google Friend Connect and Facebook Connect.
When it comes to social networking, it is all about network effects. A social networking feature or site is only interesting to me if my friends are using it as well.
The argument that a site is better off using a user's social graph from a big social networking site like Facebook instead of building their own social network features only makes sense if (i) there is enough overlap in the user's friends list on Facebook and that on the site AND (ii) the user's friends on the site who are also his friends on Facebook can be discovered by the user. The latter is the tough part and one I haven't seen a good way of bridging without resorting to anti-patterns (i.e. pull the email addresses of all of the user's friends from Facebook and then cross-reference with the email addresses of the sites users). This anti-pattern works when you are getting the email addresses the user entered by hand from some Webmail address book (e.g. Hotmail, Gmail, Y! mail, etc).
However since Google and Facebook are going with a no-code solution, the only way to tell which of my Facebook friends also use the 3rd site is if they have also opted-in to linking their account on the site with their Facebook profile. This significantly weakens the network effects of the feature compared to the find your friends on your favorite "Web 2.0" site which a lot of sites have used to grow their user base by screen scraping Webmail address books then cross referencing it with their user databases.
Short answer; it doesn't.
Long answer; the first thing to do is to make sure you understand what is meant by Data Portability and Social Network Interoperability. The difference between Data Portability and Social Network Interoperability is the difference between being able to export your email inbox and address book from Gmail into Outlook or vice versa (portable) and being able to send an email from a Gmail address to someone using Outlook or Hotmail (interoperable).
So do these new widget initiatives help portability? Nope. Widgets give developers less options for obtaining and interacting with the user data than APIs. With Facebook's REST API, I know how to get my friends list with profile data into Outlook and my Windows Mobile phone via OutSync. I would actually lose that functionality if it was only exposed via a widget. The one thing they do is lower the bar for integration by people who don't know how to code.
Well, how about interoperability? The idea of social network interoperability is that instead of being a bunch of walled gardens and data silos, social networking sites can talk to each other the same way email services and [some] IM services can talk to each other today. The "Use our data silo instead of building your own" pitch may reduce the number of data silos but it doesn't change the fact that the Facebooks and MySpaces of the world are still fundamentally data silos when it comes to the social graph. That is what we have to change. Instead we keep getting distracted along the way by shiny widgets.
PS: The blog hiatus is over. It was fun while it lasted. ;)
Now Playing: Fugees (Refugee Camp) - Killing Me Softly
Heh, in the 11 or so hours since my last blog post I've received two emails from people going "yeah BA is crap!"
Well the flight itself was fine. The plane was nice. The entertainment system was pretty decent. The UI was all touch screen based, which made it less clunky than Qantas'. Food-wise, I thought the dinner tray was pretty loaded with stuff.
Only problem is that the flight was running about 10 minutes behind schedule, then had to hang around in the air at Heathrow for about 10-15 minutes, so we didn't make our connecting flight. BA bumped us to the next one without any problems, so now we're chilling out in the spiffy new terminal 5 BA lounge for an hour. I guess an hour just doesn't have enough fat in it for a connection.
Terminal 5 is pretty shiny in general. Hopefully our bags won't get lost.
Here are the last 7 days tweets by OpenX. Community contributions “Erik Geurts posted his 2001st post on the OpenX Forum. He’s made a huge contribution to the OpenX community as an independent consultant and forum moderator since he joined in 2004. THANKS ERIK!!! ” “Random statistic: We have 25 active community translators and so many [...]
Title: Sangre de mi Sangre (Blood of my Blood), or Padre Nuestro
Overall rating: A (strong accept; will champion film)
Reviewer’s confidence: Y (I am knowledgeable in the area, though not an expert.)
General review:
By weaving together four deep instances of detachment, this well-organized film demonstrates how to derive immigrants from persons mechanically and vice versa. These derivations are intuitively obvious and should not bear any tedious demonstration. Yet, perhaps because they are so painfully obvious, they are often neglected—I often neglect them—when interacting with an immigrant. This neglect injures life, liberty, and the pursuit of happiness as we eat immigrant food, wear immigrant clothes, inhabit immigrant tenements, take immigrant transport, learn immigrant business, have immigrant fun. For example, just the other day I had the urge to run down some jaywalking immigrants as they crossed Canal Street in front of my bike. Or was it in Times Square?
This cinematic pearl thus serves as a rational reconstruction of motion, a timely and entertaining reminder that immigrants are people and people are immigrants. It points the way to a wide variety of practical applications, such as snapshotting the dialects of the Spanish diaspora, establishing my love for New York, and advocating open immigration alongside free trade. I recommend that y’all go see it (in New York this week and Los Angeles next week). Especially if you know how many passports Jason Bourne has. Less if you feel cheated at the end of “The Perfect Human”.
Comments for other reviewers:
Several reviews criticize this movie, on two fronts. On one hand, the story is too clear. The plot is too plotted, the morals too moralistic, and the characters too characteristic: “As a character Pedro never develops beyond a credulous, good-hearted cipher.” On the other hand, the story is too obscure: “As you watch the movie, questions accumulate… Little about the connection between Pedro and Magda makes sense.”
These fronts answer each other. (Pondering the questions develops the characters.) This movie is not simplistic and complicated but simple yet complex. Drawing “characters directly out of Hispanic-cliche central casting” reduces distraction, like studying continuation-passing style (named the canonical program transformation by Olivier Danvy). If “Sangre de mi Sangre”, taking advantage of a conventional narrative structure as this review tries to, manages to pull tropes out of the ashes of an I-94 form in Williamsburg, then so much the better for a mechanical derivation and its inverse: as those viewers fixated on “impoverished Mexican illegal immigrants” show, it is all too easy to forget that we are all in the image of immigration. A moving target, so to speak.
Questions for the authors:
Why does this trailer credit neither the actress Paola Mendoza nor the actor Eugenio Derbez?
Do you have a shoe fetish?
Randall Stewart of Cisco Systems gave a talk titled SCTP, what it is and how to use it, discussing the Stream Control Transmission Protocol (SCTP). A paper that was displayed on the overhead projecter before the talk began summarized:
"Integrated into FreeBSD 7.0 -- first standardized by the Internet Engineering Task force (IETF) in October of 2000, in RFC 2960 and later updated by RFC 4960. SCTP is a message oriented protocol providing reliable end to end communication between two peers in an IP network."
Randall explained that SCTP is an alternative protocol to TCP, UDP. To describe SCTP, he suggested you start with TCP features, including: reliable retransmission, congestion control, flow control, connection oriented, and selective acknowledgements. You then add to it more features, including: "association" 4-way handshake, framing and ordered service, multistreaming, multihoming, and reachability.
From the “Not Linux or Open Source, but good to know” department comes this little screed on trying to meet with people for important meetings in multiple timezones, organizations and calendaring programs.
——————————
Scenario: Try to schedule users for a meeting who are in a) Provo b) Waltham c) Nurenberg d) France. Mix includes 3 companies, 4 operating system choices and 3 calendaring programs/standards. Wackiness ensues, as they say in the sitcom biz.
Enter meeting organizers such as When is Good, Doodle and TimeBridge. The basic premise is that you go to the scheduling software site and create a meeting and paint or select your available times, and then the site sends you the meeting URL so you can have all the other people select from the times you propose.
For example, if you click on this meeting request, you’ll see I have proposed a set of times over a week, and it’s possible to click your available times and have it sent back to me so I can see everyone’s availability. Larry and Abigail both clicked their availability and this is the result.
While When is Good doesn’t yet support increments of 15 or 30m or less than an hour, it’s been very useful in getting a general idea of when everyone is able to meet up. I use it over the others because I like the interface, I don’t have to register and it will send Blackberry users an html interface, rather than just not working for them. If you need a more complete and incremental interface, I highly recommend TimeBridge.
Got a fave scheduling tool? Let me know about it and I’ll be happy to post it and give you props.
Enjoy,
RossB
Cowdancer is activly developed in debian, that's very nice. it's really a cool tool to build packages for unstable but also for backporting efforts. I'm using it on a daily basis to build debian etch packages of lustre. However three days ago cowdancer stopped working with my etch chroot after an upgrade of my unstable system:
dpkg-source: info: building lustre in lustre_1.6.5~rc3-1.dsc
dpkg-genchanges -S >../lustre_1.6.5~rc3-1_source.changes
dpkg-genchanges: including full source code in upload
dpkg-buildpackage: source only upload (original source is included)
chroot: cannot run command `cowdancer-ilistcreate': No such file or directory
W: cowdancer-ilistcreate failed to run within chroot, falling back to old method
-> Running in no-targz mode
I: using fakeroot in build.
Current time: Sat May 17 12:18:30 CEST 2008
pbuilder-time-stamp: 1211019510
-> copying local configuration
-> mounting /proc filesystem
-> mounting /dev/pts filesystem
-> policy-rc.d already exists
Obtaining the cached apt archive contents
Installing the build-deps
cowdancer: .ilist size unexpected
cowdancer: .ilist size unexpected
Can't open perl script "/usr/bin/dpkg-architecture": Cannot allocate memory
-> Attempting to satisfy build-dependencies
-> Creating pbuilder-satisfydepends-dummy package
cowdancer: .ilist size unexpected
cowdancer: .ilist size unexpected
cowdancer: .ilist size unexpected
cowdancer: .ilist size unexpected
cowdancer: .ilist size unexpected
sh: /tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy/DEBIAN/control: Cannot allocate memory
E: pbuilder-satisfydepends failed.
Copying back the cached apt archive contents
-> unmounting dev/pts filesystem
-> unmounting proc filesystem
-> Copying COW directory
-> Invoking pbuilder
-> Cleaning COW directory
Command /bin/sh -c pdebuild "--pbuilder" "cowbuilder" "--" "--basepath" "/var/cache/pbuilder/etch.cow" failed
After some research I found that a change of cowdancer (something related to .ilist) is responible for this issue. After that I asked on #debian-devel if someone else had this problem and were told that removing an re-creating the chroot will help. But that results in the same error msg. After that I decided to wrote a bugreport against cowdancer, since this is in my eyes a major defect in this software to do not support the latest stable release. I filled this report as RC Bug and got very fast a answer:
severity 481344 wishlist
retitle 481344 provide cowdancer etch backport
[ ... ]
I think this is the wrong way to fix a problem in unstable with a backport of a software. Providing a fallback for older debian releases would be the better way. Is anybody else having this problems?
Two weeks ago, an idea struck me while I was extensively cleaning my room. Of course I had to turn off the computer and my modem since I was rearranging everything totally (I need to setup my internet connection and router in the other room one of these days…). I suddenly got the urge to try not to go online, or even open the computer for 24 hours. Knowing my attachment (read: addiction) to IRC, I believe it would be quite a challenge. And so I went through with it. From 09:00 to 09:00 of the next day, I, abruptly and without warning (sorry, online friends), disappeared from the Web.
And I’m glad I took that personal challenge. I’ve been able to give myself, for a full 24-hours, some time to think about my life, where it has been, and where it’s headed, as well as my goals. It came at an opportune time (just after a very hectic first quarter and right before going back to school) to think and reflect. And I actually enjoyed that feeling of being offline, specially from IRC (though I really missed my friends). That 24-hour, computer-free plan turned into (almost) a week without IRC, though I still needed to check my mail and RSS feeds… maybe next time I can try doing without those as well.
It was a great experience. I wish I could have spent a few days in a some sort of nature retreat like a forest or mountain (not the beach :P). I think every hacker should have a sort of “retreat” like this once in a while, to recharge and refocus and avoid burning themselves out. You may not be churning code in those few days, but it’s time well invested. Important, but not urgent, as Stephen Covey would say. Besides, you can also be productive at that time. Not only was I able to gain some perspective in my life, I was able to also able to think about what free software tools I wish I had at my disposal, or the KDE stuff that I want to do. I was also able to analyze how I spent, or rather, procrastinated, my time each day and where the time all goes (IRC and RSS… I love you and hate you at the same time.). Hopefully that realization would help me spend my time better in the future. Hopefully…
But for now, it’s back to the connected and distracted life. 
Thomas Mönicke and myself have been working on a new version of our akonadi logo. After some talks we decided to do something more in the lines of the logo Thomas made. It toked quite some time to get it like I wanted and a lot of pencil and blender sketching. But after one week rambling with it i think we got it.
Next step was creating a simplified version of the logo that could be printed on T-Shirts. and use 1 or 2 colors .
And finally we needed a cool button people could put in personal webpages, links,small decos, etc.
I hope you guys like I do :)
DIGG
Today I can finally announce that Mango 0.5.2 ist out. Its a GPL'ed software suite based on Eclipse for the publishing industry. Current features include: Complete CRM and Document management, Book management, Catalogue generator and mailing list integration. Feel free to have a look at it on http://www.eiswind.de. Feel free to ask questions.
It seems over recent months that my blog gets comment spam. I imagine any bloggers out there experience the same thing and it is a bit of a pain.
I have three immediate problems with this and blogger.com.
1. Blogger doesn't notify me of all comments at the time they are posted. It notifies me of some, and I have of course configured it to notify me of all comments, but it seems to miss off about 70%. So not only do I not notice the spam, I also miss a bunch of legitimate comments. Please get it together Blogger! Ajax panel configuration is nice, but only if the core functions work.
2. Blogger should/could/might try to stop this spam before it happens. I am not guessing how, but then the company that runs Blogger.com are much brighter than me, and I am sure they have a solution.
3. The interface for browsing comments and deleting many at a time simply does not exist. This would make the task of sifting through, identifying, and delting spam much easier.
Now that I have had my grumble about it, I will offer my small solution. In praise of Google, they do provide a nice API and Python bindings to access all of their services and blogger is one of them. So I wrote a small script to go through all the comments, do a little bit of flagging on dodgy looking ones and offer you a chance of deleting them.
The script is uncommented, has no tests, and I don't plan in any way to maintain it or release it, but for those people suffering the same problems, I provide it here.
It is worth noting that the spam detection is really pathetic, and it could be vastly improved. I targetted it at my particular spam.
Full script available here
"""
(c) Ali Afshar 2008
MIT License
"""
import sys, getpass
from gdata import service
def get_details():
email = raw_input('email: ').strip()
password = getpass.getpass()
return email, password
def create_service(email, password):
blogger_service = service.GDataService(email, password)
blogger_service.source = 'blogger_spam_killer'
blogger_service.service = 'blogger'
blogger_service.server = 'www.blogger.com'
blogger_service.ProgrammaticLogin()
return blogger_service
def get_all_blog_ids(svc):
query = service.Query()
query.feed = '/feeds/default/blogs'
feed = svc.Get(query.ToUri())
for entry in feed.entry:
blog_id = entry.GetSelfLink().href.split("/")[-1]
yield blog_id
def get_blog_comments(svc, blog_id):
query = service.Query()
query.feed = '/feeds/%s/comments/default' % blog_id
query.max_results = sys.maxint
feed = svc.Get(query.ToUri())
for entry in feed.entry:
yield entry
def get_all_comments(svc):
for blog_id in get_all_blog_ids(svc):
for comment in get_blog_comments(svc, blog_id):
yield comment
def rank_comment(comment):
words = 0
for word in spamwords:
words += comment.content.text.count(word)
author = comment.author[0]
has_uri = (author.uri is not None and
# I figure no one who puts a URI would link to a blogger
# profile. They would link to whatever they are spamming.
'http://www.blogger.com/profile/' not in author.uri.text)
print 'Spam words: %s' % words
print 'Dodgy author uri: %s' % has_uri
return bool(words) or has_uri
def delete_comment(svc, comment):
svc.Delete(comment.GetEditLink().href)
def filter_all_comments(svc):
for comment in get_all_comments(svc):
print '--'
t = comment.content.text
print t[:70] + '...'
print '...' + t[-70:]
a = comment.author[0]
print 'Author Info: ', a.name.text
if rank_comment(comment):
print '**** LOOKS DODGY'
else:
print '==== OK'
s = raw_input('Delete? (y/N) ').strip()
if s == 'y':
print 'Deleting.'
delete_comment(svc, comment)
else:
print 'Not deleting.'
# http://codex.wordpress.org/Spam_Words
spamwords = """
4u
adipex
advicer
...
""".strip().splitlines()
if __name__ == '__main__':
em, pw = get_details()
svc = create_service(em, pw)
filter_all_comments(svc)
Today we launched the first Release Candidate of Firefox 3 (yay!). 7 days from now, NASA will be landing a spacecraft on Mars. I thought it might be interesting to compare the two…
| The browser | The spacecraft | |
|---|---|---|
| Original name: | Phoenix | Mars Surveyor 2001 Lander |
| Current name: | Firefox | Phoenix |
| Mission: | Make kick-ass software, promote the open web | Study water, soil, weather at northern polar region of Mars |
| Cost: | Free! | $420 million |
| Performance: | Fast! | Twelve 293-Newton thrusters |
| Powered by: | Mozilla | Solar panels |
| Takes flames: | Alex Faaborg | Ablative heat shield |
| Management: |
