Planet

SHDH Shenanigans

Nigel McNie - 1 hour 57 sec ago

June SHDH yesterday. Brenda has a writeup. I must admit, I also noticed the stares, and the people hurriedly looking away when you looked at them. Ah it feels great being misunderstood and feared ;)

In terms of actual work done, I added apache2 proxying support to autovserver - and did that mostly in the last 10 minutes of being there. I keep spending lots of time talking to everyone else there rather than coding, especially Andy, who is as die-hard open-source as they come. We were talking about cil, his little distributed command line bug tracker, and got on to talking about some kind of "Insta-Project"(tm) thing, that would populate a directory with a README, COPYING, basic debian packaging, a gitrepo (if it doesn't have one, which it should!) and a cil tracker so you can turn those little scripts you want to publish into a project with minimal effort. I'd like to see this implemented some day, though I can't see me having the time for a while because work is so hectic :(.

That's one thing I do like about SHDH. It's a chance, once a month, to go somewhere and code on something I want to work on. Not that I don't like working on Mahara - on the contrary, I love it - but it seems I have a million ideas for things I could do and not enough free time to do them. If I quit my job I don't think I'd ever get bored - at least, not until the moneys ran out ;).

June Mini Happy Dev House

Nigel McNie - 1 hour 57 sec ago

Another MHDH in June. Themed "Hello World in strange languages". Should be a blast, and hopefully I'll get a chance to work some more on autovserver.

Meanwhile, my list of stuff to do at work has got amazingly long again. My current project, which is doing some performance benchmarking, is really interesting. A chance to play with some grunty hardware and see what the limits are. It's not often you get a chance to do such work - most of the time you're just causing the performance problems^W^W^W^W coding *ahem*.

Some Mahara work looms on the horizon as well. Yay!

Mini Happy Dev House May '08

Nigel McNie - 1 hour 57 sec ago

Well the fact that you're reading this means that I've been successful in my SHDH mission - to fix the script that lets me blog! That's why the currymail was so late this week.

I can also upload images via a script too. So adding content to the site is dead easy now, which is the way it should be :)

The SHDH (actually a minihappydevhouse) had quite a few participants, I reckon we had 20 or more, which was a great effort. Good to see so many people hacking, eating or just talking about stuff. Things that happened, in no particular order:

  1. Martin Langhoff was late (of course! He's from South America :)
  2. Andy showed me cil. Command line bug tracking, git style. He's debian packaging it, so hopefully I can start using it for a few things soon. I think the idea has great promise...
  3. I preached to a small crowd about performance of websites, only to be caught out when my site wasn't practising what I was preaching ^_^.
  4. Francois and Andy found out about the sneaky requirement for tabs in Getopt::Declare
  5. Lots of people found out about the OLPC. I presume some hacking may have been done on it. Ben spent his time playing Sim City on it instead.

There was a lot more, I'm sure.

Some MID around the Intel Developer Forum 2008

Mauricio Freitas - 3 hours 36 min ago
Even before the official exhibition opens at the�Intel Developer Forum in San Francisco we can see the big them of mobility going around. Below are just a sample of the devices I could see when entering the main event centre hall.

All those devices are based on Intel Atom:













Below you see a video with Ultra Mobility Group Uday Keshavdas showing three Intel Atom-powered devices that will be on hand this week at IDF San Francisco, including the special Oylmpic edition Lenovo ideapad.

I will be updating this post with each of the MIDs specifications.

Intel Developer Forum San Francisco 2008 Day 1

Mauricio Freitas - 4 hours 10 min ago
This week I am attending the Intel Developer Forum in San Francisco. The activities started yesterday with a "Day 0" series of keynotes for media and bloggers. This was followed by an exclusive Asia Pacific dinner where our group had the opportunity to meet some Intel execs and talk about their respective areas. In our table (four Australian journalists and myself) we had the pleasure of having Steve Smith (Director intel Digital Enterprise) and John Skinner (Director, Eco Technology and one of the Intel guys at the Climate Savers initiative) in our table.

A valuable talk, mostly about computer power usage at home and enterprise. The main thing we took away is how small changes in computer manufacturing (a more efficient PSU for example) or just using appropriate Power Settings on your PC can make a big difference in your power bill - and the environment.

According to Skinner there is a reason for all those free power configuration applications going around - mostly because users are affraid of going into Control Panel and deal with cryptic configurations to get the best configuration for their needs. Those applications provide easy management and encourage people to act on that.

IDF Day 1 is in progress now. The official vision is "[IDF] brings together top Intel technical experts, Intel Fellows, industry thought leaders and leading technology companies. A strong slate of Intel keynotes is one source for insights and inspiration."

The first keynote was delivered by Craig Barrett, Intel chairman. “Technology is a tool to address some of the world’s most pressing challenges related to health care, education, economic development and the environment,” said Barrett, who also chairs a United Nations initiative on technology in the developing world. “No nations or individuals are untouched by these issues. Get involved. Be part of the solution.”
Barrett announced that Intel will award four $100,000 prizes to the most innovative ideas for applying technology to meet unmet needs related to education, health care, economic development and the environment. Ideas will be evaluated primarily for sustainability and innovativeness of the solution. More details on the INSPIRE•EMPOWER Challenge are available at http://www.intelchallenge.com/.

I am really interested on Day 2, which will be all about Mobile Internet devices (pictured below). Day 3 is about "crossing the chasm between Humans and Machines" and we will see Apple co-founder Steve Wozniak on stage.



There's also an exhibition with more than 180 companies from around the world where atendees will have hands-on demonstrations of their newest innovations and future technologies - no access for us until the end of Day 1, and other attendees will get to see this on Day 2.

For developers IDF is offering more than 170 hours of technical training. All technical sessions are led by Intel and industry experts. New this year is an Industry Insights Panel themed "Using Information Technology to Meet 21st Century Challenges and Opportunities." Two Technology Insights, both presented by Intel Fellows, will cover "Next Generation Intel Core Microarchitecture Family of Processors: Screaming Performance, Efficient Power" and "Splitting the Atom: A Peek into the Intel Atom Processor."

Images hosted on Webhost4Life are not displayed inside RSS feeds

Simone Chiaretta - Tue, 08/19/2008 - 20:47

A month ago, when I first updated my blog to Subtext 2.0, a reader commented that:

Images embedded in RSS are not correctly linked

I thought it was due to some problems with the new version of WLW I had just installed. But the link were written with the full absolute url, so that couldn’t be the problem. Then I thought that it was due to FeedBurner that decided to do something strange with my urls, but that was not the case either.

A few days ago, while I was testing the RSS advertising of  The Lounge, I experienced the same problem, and I decided to try and understand the problem. What was happening is that, instead of the actual email, the server was sending a HTML page with “WebHost4Life firewall alert” and a sentence on how to solve the problem:

Set the Security Guard to Medium.

What is this “Security Guard”? Reading the help of WH4L control panel I found out that a month ago they added a new feature to their solution: they are trying to prevent image deep-linking. If the page that hosts the image is not in the same domain as the image, the server returns the error instead of the image. The problem is that the domain of the RSS feed and the domain of the images embedded is always different:

  • when looking at my RSS feed via the browser, the domain is http://feeds.feedburner.com/Codeclimber and the images are on codeclimber.net.nz
  • when reading the feed with a online reader (like Google Reader) the domain is the Google one
  • when reading on a desktop reader, the referrer is nothing (or, if the feedreader is smart enough, it’s the domain of the RSS feed)

To prevent this to happen, the solution is (the numbers refer to the image below):

  1. Go to the Security area of the Control Panel
  2. Select the sub-menu item Security Guard
  3. Click on “Set to MEDIUM” next to the domain for you want to turn off the deep-linking feature (you can also set it back to “STRONG” once they fix this misbehavior)

webhost4life-control-panel

The solution suggested by the support team is to create a sub-domain, place all the images that need to be embedded from other domains, and set MEDIUM only for this sub-domain. But the only images I’ve on my domain are the one I use in my posts, so …

I saw this issue on a few other RSS feed around (can’t remember which one), so I encourage everyone that is on webhost4life to check this settings.

Technorati Tags: ,

Summary of pipe's talk

Brenda Wallace - Tue, 08/19/2008 - 16:59

Stephen Judd has written up a good summary of Pipe's talk on browser/webclient security - read the original for more explanation - but here's his summary mquoted:
<!--break-->

  • Traditionally, security focussed on protecting servers, and assumed that clients were not desirable targets.
  • This isn’t true. Your PC is a desirable target:
    • You use your PC to do things of interest (like online banking)
    • Your PC can be used to attack other PCs.
  • Your browser runs code (JavaScript) from untrusted sources.
  • Browsers carefully run this code in a “sandbox”, with no access to your computer’s disk or to memory outside the browser, in the belief that this will protect your PC from malicious code. This won’t work:
    • First, your browser can do interesting things like make naughty requests to hack into other PCs.
    • Second, there are plenty of things that you do care about in your brower’s memory (like your online banking session) which are totally accessible from within the sandbox.
  • Many sites (wrongly) allow users to inject Javascript into pages other people can see. That Javascript can seize control of your browser when you visit such a site. (This is called “cross-site scripting”).
  • It is no use expecting sites you visit to protect you. Even when the owners are told about cross-site scripting problems, they often can’t be bothered fixing them. Among them are plenty of high-profile sites which you might well visit.
  • That injected Javascript can:
    • “phone home” to a master server;
    • upload any data accessible from within the sandbox;
    • make naughty requests of other computers;
    • download further instructions from the master.
  • There are already automated tools out there to do all this.
  • Conclusion: any time you run a browser with Javascript on, and you visit a site with injected Javascript, your browser is no longer under your control. It will cough up details of any existing secure sessions and make requests elsewhere on behalf of its new controller. YOU ARE PWNED.

i’ve been running with javascript (and other frilly bits) turned off for years – at first because some strange need to check out the accesibility of websites i built and how other sites handles their supposed “graceful degredation”

Websites abound that work mostly without javascript, and then suddenly there is one form amongst a hundred that only submits on change (such as flickr’s recent activity page, that’s the only bit i can’t use without javascript when there’s no really need for it).

Firefox now has some extensions to pick and choose what javascript you run… I’ve used opera for almost 15 years now, and it’s has, for as long as i can remember, let me enabled script (and plugins and java etc) on a per domain basis.

Generally i runs with script off, and enable it on a couple domains, but when i hit a site that claims is _NEEDS_ it, i’ll alt tab over to firefox. If it’s gonna steal cookies / or browser memory, it’ll only find what i’ve got in firefox, and that isn’t much.. still it’s something and i’ve be horribly pissed off to lose them.

So many sites, with nothing really special going on, that use javascript just to submit a form! E.g. twitter's update form. That's a site full of submissions from untrusted people and they make me use javascript.

It’s just plain stupid and shows they don’t understand the inherent risk of that javascript.

Who owns your snapper trail?

Brenda Wallace - Tue, 08/19/2008 - 16:09

That big pile of accumlated data from years of using your snapper card, who owns it?

Snapper card are smart cards in use by wellington buses. You use these for payment for your trips, and all other fares except the one trip cash fares have been phased out, so if you commute you gotta use snapper or start paying a forture / carrying cash.


CC licensed photo by Alan Macdougall

Imagine all the bus trips, the shops you go past, the amounts you spend/topup. Google have proven the value of such information in their targeted adverts. Amassed enough data, it has a value, and who owns it? Can they sell it? Need they tell you if they sell it?

Today the New Zealand Privacy Commision told snapper they ought to revise their privacy policy (computerword.co.nz)

There are incentives to register your card -- being able to see an audit trail and claiming lost funds when you lose your card -- but even if you take the risk and don't register they're still building a good profile of nameless you and your movements.

My own thoughts: We can't be complacent and assume someone else is looking out for our prvacy. While I might trust the folks who run snapper today (and I don't yet), do i know for sure i'll trust the folks who buy them out in 2 years time? For myself I would rather they collected no information at all -- beyond a short period of time (maybe 4 weeks), then I want my data gone, erased, unretrievable and/or completely unable to be matched up with me, because it's proven even the most trusted can screw up. In much the same way no-one can find out who voted for New Zealand First last election (though that's possibly a bad example).

Then there's nothing to lose, and nothing to sell.

culture shock impending

Brenda Wallace - Tue, 08/19/2008 - 13:19

in the first week of September, i'm flying up to Auckland. There's a Girl Geek Dinner there as part of Microsoft Tech Ed. It's free if you have a tech ed ticket, or $90 if you don't.

Microsoft were kind enough to give me a free ticket to the whole conference, so i'm checking them out.

First bit of culture shock was this statement:

Speaker shirts can also be collected from the Speaker Preparation Room. Speaker shirts must be worn at all time. Black trousers or Chino style pants are required – no jeans please!

I don't own either black pants (that aren't jeans) nor Chino style pants. I really didn't think geeks owned these things. Even at my most formal it's jeans + business jacket.

So what to wear?

Google Street View car in Wellington

Mauricio Freitas - Tue, 08/19/2008 - 12:44
I was told today the Google Street View car is going around Wellington. here are some pictures, taken on the move, showing the camera on top of the car, and a couple of side shots showing the Google logo:







Thanks to Evan for sending in the pictures!

Callaghan Files

Rowan Simpson - Tue, 08/19/2008 - 09:58

Last year I went along to hear a lecture by Professor Paul Callaghan, who is head of the MacDiarmid Institute at Victoria University, called “Beyond The Farm And Themepark”.

It was an excellent thought provoking presentation which I recommend to anybody who is interested in NZs place in the world.

Set aside 90 minutes and watch it online here:

Hot Science - Beyond The Farm And Themepark

Here is the description from that site:

Leading science communicator, Professor Paul Callaghan, outlines his vision for New Zealand’s future prosperity in this lecture at Auckland War Memorial Museum as part of The Royal Society of New Zealand 2007 Distinguished Speaker series. Converting most of our forest into greenhouse gas has given us an abundance of grass and a thriving dairy industry. Yet through good fortune and some wise heads, we have, notwithstanding attempts to subdue it, sufficient residual natural environment to claim the label “clean and green”. Our landscape is magnificent and helps define who we are. But this lecture will argue that we have the potential to be a great deal more besides, and that we must be if we are to build the society we want our children to thrive in. It will argue that we can enhance our prosperity through sensible investment in science and technology, coupled with culture change. The first part is the easy bit. The second requires self-belief and a sense of purpose. David Lange once said New Zealand’s destiny was to be a theme park (and Australia’s, a quarry). We can surely think and act beyond that. Indeed New Zealand is such an interesting place to live precisely because we are so capable of determining our future.

There has also been a series of interviews with prominent NZ business people running on Stratos over the last few months.  Unfortunately I think this channel is only available to Sky Digital subscribers, and probably even them most of those will be blissfully unaware of it.  But, the interviews themselves are available on the MacDiarmid website:

The Paul Callaghan Interviews

What do you make of all of this?  Do you agree with his suggestions?  

Or are we happy being well regarded as farmers and tour guides?

Girl Geek Dinners

Brenda Wallace - Mon, 08/18/2008 - 13:49

The August Girl Geek Dinner was a ball of fun - good food, good company, tech talks, geeky music.

There was a bit of a hiccup with the prize draws, as our lovely bar staff put their names in the draw, and then as chance would have it they won 3 of them! Most of these were re-drawn on the night (it wasn't make so clear it was a redraw later, and not a new prize).

The next dinner, we're hoping will be a highschool edition. We're meeting with Tech angels from Wellington Girls High School, and then later yet more groups from around Wellington.

After that, the welly GGD team hopes for another dinner in late october or early november. I'm still hoping to have a robotics theme to this. If you know robotics people, please tell me about them

Testing RSS advertising

Simone Chiaretta - Sun, 08/17/2008 - 22:00

If you subscribed to my blog through an RSS reader you will notice an advertisement at the bottom of this post.

That’s because I’m testing the RSS Room of the The Lounge advertising network: it’s creator James Avery unveiled the RSS Room it only a few days ago and in the next weeks it will be a test period and will show only Lounge related ads.

For people that are reading this post from my blog, here is how it appears on the RSS reader:

thelounge-rss-ad

I’m still tuning it in order to be less intrusive as possible for people reading it with online readers, so let me know what you think of it.

If you encounter any issues with the RSS feed, please report them to me and I’ll forward them to James.

Technorati Tags: ,,

CPAN module

Brenda Wallace - Sun, 08/17/2008 - 17:30

I've uploaded a perl module to cpan - Net::Twitter::Search

i needed it to fix up my twitter bot script - the first twitterbot to start using it is @tenz8 (Microsoft Tech Ed 2008).

The whole perl script that calls thIs module and powers the bot, it available in my git repo. To get a copy do this
1. install git (it's called git-core in debian distros)
2. git clone http://git.shiny.geek.nz/twitter/searchbot/

What i love about perl is mostly cpan! Almost everything you want to do, there's a module that 90% of the work for you.

seedlings

Brenda Wallace - Sun, 08/17/2008 - 17:25

The first of the spring seedlings are ready to go in the garden, but I'm gonna wait another week -- the first reason is i have a horrible head cold and i'm busy feeling sorry for myself. The second reason is all this hail we've had this week is probably not over yet.

see hail:

The seedlings ready are more lettuce, cabbage, snow peas and some green beans.

Xero is going international

Mauricio Freitas - Fri, 08/15/2008 - 20:02
Wellington-based Xero is going international, according to a release in the NZSX and a blog post. Xero is a listed company in the NZX and this is from the official announcement:


Xero wishes to advise that by early 2009 it will release a global version of its award-winning online accounting software.

Xero is choosing to disclose this part of its strategy now in order to openly respond to growing international sales enquiries.

Earlier this week Xero was named as one of the world's Top Ten Best Application User Interfaces of 2008 by Nielsen Norman Group, the US-based analysts and experts in software design.

'King of usability' and award judge Jakob Nielsen commented about Xero: "Making accounting fun? That's an award-winning design."

The award has led to a surge in interest from small businesses internationally asking when Xero will be available in countries outside its initial target markets of New Zealand, the UK and Australia.




Xero is a web-based accounting software-as-a-service platform. Sounds boring, but they managed to create an easy to use, good looking software that works for the company owner and for the accountant.

Beyond the commiter

Brenda Wallace - Fri, 08/15/2008 - 13:50

Drupal is an example of a project with one commiter per branch -- there's is only one person who will be putting code into the DRUPAL-5 branch in CVS. Like wise for all other stable branches.

CVS only has the concept of commiter. All commits on that branch appear to be authored by that one person. The result is, we don't know who wrote what code anymore.

Other version control system have authors. So, while Bob did the commiting, it is recorded that Jane actually is the Author. You can go further and say that Pete did that design work and Sally did the Testing.

Git is my favourite of these.

When a project uses Git correctly, then I can find who wrote what.

Witness right now I have simpletest framework missing some functionality I want (namely assertRaw()). I can copy this from Drupal unit testing classes (based on simpletest) to the Simpletest project as a patch, but Drupal is GPL licenced, and Simpletest is LGPL. I'm not a lawyer. The simplest way of making sure this is okay is for me to holler on irc and say "Hey John, those 3 lines of code you wrote for Drupal can I have your permission copy those to a LGPL project?" -- easy enough to get a Yes and move on. Alas, drupal's CVS cannot tell me who wrote this 3 line function..

(it's 3 lines of code, 11 lines of comments.. <3 drupal's doxygen fettish )

check out the cil project -- it's very new, has only 1 commiter (Andy) but already on ohloh.net you can see 5 contributors. They don't have any access to the main repository and yet their contributions are still recognised.

p.s. No SamV !! No!

Read any great books lately?

Rowan Simpson - Fri, 08/15/2008 - 08:55

Read any great books lately?  If so, what did you do with them when you finished them?

Earlier this year Seth Godin encouraged everybody who had purchased a copy of his latest book The Dip to sell or give away their copy, in an effort to double the number of people who had read it.  It’s a good thought.

So, encouraged by that, I’ve decided to follow my own advice and clear out some space on my bookshelf.

<shameless plug>

This also gives me a great chance to try out the “Sell Yours” feature on Fishpond, where anybody can list second-hand books for sale and they appear on the site along side the new titles.

</ shameless plug>

If any of the titles below sound interesting to you it would be good to give them a new home - they are priced to sell from $9.95 and all at a significant discount to the price of a new copy.  I should also say, by way of promotion, that I’m a bit of a pedant when it comes to keeping books like new, so in most cases you’ll hardly be able to tell it’s not a new copy.

And, if you have a bookshelf full of ideas that could also be shared you might like to do the same (and maybe add a link to your list of items for sale in the comments here, so others can find them).

Books for sale:

A Dagg at My Table: Selected Writings
By John Clarke Better: A Surgeon’s Notes on Performance
By Atul Gawande Bulletproof Web Design: Improving Flexibility and Protecting Against Worst-Case Scenarios with XHTML and CSS
By Dan Cederholm Complications: A Surgeon’s Notes on an Imperfect Science
By Atul Gawande Crimes Against Logic: Exposing the Bogus Arguments of Politicians, Priests, Journalists, and Other Serial Offenders
By Jamie Whyte Defensive Design for the Web: How to Improve Error Messages, Help, Forms, and Other Online Crisis Points
By Matthew Linderman Design Patterns: Elements of Reusable Object-Oriented Software
By Erich Gamma Designing with Web Standards
By Jeffrey Zeldman eBoys: The True Story of the Six Tall Men Who Backed eBay, Webvan and Other Billion-dollar Start-ups
By Randall E. Stross Emergence: The Connected Lives of Ants, Brains, Cities, and Software
By Steven Johnson Everyday Zen: Love and Work
By Charlotte Joko Beck Everything Bad Is Good for You: How Today’s Popular Culture Is Actually Making Us Smarter
By Steven Johnson Extreme Programming Explained: Embrace Change
By Kent Beck Faster: The Acceleration of Just about Everything
By James Gleick Freakonomics: A Rogue Economist Explores the Hidden Side of Everything
By Steven D. Levitt Get Carter: The Hamish Carter Story
By Phil Taylor Getting Things Done: The Art of Stress-Free Productivity
by David Allen Getting to Yes: Negotiating Agreement Without Giving in
By Roger Fisher High Performance Web Sites: Essential Knowledge for Frontend Engineers
By Steve Souders It’s Not About The Bike: My Journey Back To Life
By Lance Armstrong Joel on Software
By Joel Spolsky Losing My Virginity: How I’ve Survived, Had Fun, and Made a Fortune Doing Business My Way
By Richard Branson Mind Wide Open: Your Brain and the Neuroscience of Everyday Life
By Steven Johnson Naked Conversations: How Blogs Are Changing the Way Businesses Talk with Customers
By Robert Scoble New Rules for the New Economy: 10 Radical Strategies for a Connected World
By Kevin Kelly Out of Our Minds: Learning to Be Creative
By Ken Robinson Predictably Irrational: The Hidden Forces That Shape Our Decisions
By Dan Ariely Presentation Zen: Simple Ideas on Presentation Design and Delivery
By Garr Reynolds Rich Dad, Poor Dad: What the Rich Teach Their Kids about Money That the Poor and Middle Class Do Not!
By Robert T. Kiyosaki Sacred Hoops: Spiritual Lessons of a Hardwood Warrior
By Phil Jackson (NBA Coach) Semiotics: The Basics
By Daniel Chandler Simplicity
By Edward De Bono Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency
By Tom DeMarco Something So Strong: Crowded House
By Chris Bourke The Best Software Writing I
Selected By Joel Spolsky The Brand Gap: Revised Edition
By Marty Neumeier The Elegant Solution: Toyota’s Formula for Mastering Innovation
By Matthew May The World is Flat: A Brief History of the Globalized World in the Twenty-first Century
By Thomas Friedman U2 at the End of the World
By Bill Flanagan Ubiquity: Why Catastrophes Happen
By Mark Buchanan Universal Principles of Design: A Cross-Disciplinary Reference
By William Lidwell Web Design for ROI: Turning Browsers Into Buyers & Prospects Into Leads
By Lance Loveday Web Standards Solutions: The Markup and Style Handbook
By Dan Cederholm Where Does the Weirdness Go?: Why Quantum Mechanics Is Strange, But Not as Strange as You Think
By David Lindley Zen Mind, Beginner’s Mind
By Shunryu Suzuki

Note: I listed most of these a couple of days ago and some have already sold.  Plus I have some more on the shelf that I haven’t had time to list yet.  Check the site for an up-to-date list of the titles still available for sale.  And, if the title you wanted is already sold, I’m sorry but I only have one of each to sell - you could always buy a new copy (use the same links above).

i love exploding dog!

Penny Leach - Fri, 08/15/2008 - 03:04
How awesome is this:

NO?:

NO?

I think even after my love affair with Diesel Sweeties, I prefer exploding dog Red Robot to the DS one.