Diane Trout

I'm surprised this seems to have gotten valid debian packages with a minimum of fuss for a package where I couldn't find a recommended release archive.

Upstream is in mercurial at http://hg.mozilla.org/services/server-full (and server-core, server-storage, server-reg). I don't know mercurial very well and git doesn't pull from the other DVCSes, so I wanted to use bazaar -- unfortunately for some reason the bzr-hg plugin was having trouble pulling directly from the http server. However I discovered I can make a bzr branch from a local hg repository.

1. hg clone http://hg.mozilla.org/services/server-full upstream/server-full

2. hg tags

   to find their tagged release version



3. bzr branch -r hg:<hg spec> upstream/server-full syncserver

4. python setup.py sdist --dist-dir ..

   to build the "orig" tarball the debian tools want

5. ln -s SyncServer-1.0.tar.gz syncserver_1.0.orig.tar.gz

6. copy over my old debian directory & update changelog

7. debuild -S

8. Edit MANIFEST.in a few times to add in whatever components were in the build tree but not in the archive built with sdist

Of course I haven't tried installing anything yet. So who knows if this'll actually work. The main thing that'll bite me is tracking the changes I made to the MANIFEST.in and setup.cfg files to get a tar.gz file built with sdist that matches the build tree. (sdist adds an egg_info section to setup.cfg)

I've been thinking a lot about SOPA & Related efforts to control the internet by Big Media + Federal Government.

I'm pretty sure the reason the feds want they want to disrupt the ability of the network to form functioning distributed decision making organizational structures as that's a core threat to their reason to exist.

There's been a variety of Darknets being developed now as alternatives to the white market network. The downside is the organizations with the most reason to put large amounts of money into them now are primarily organized crime.

Also if you have a distributed network that allows psudeonymity you will have spam, criminals, and 4chan on it. So one key question is which is worse? A network under the control of a government that aims to block groups it dislikes from organizing or a network that allows criminals to organize?

I wanted a module to strip out potential XSS injections.

I looked at the set of allowed HTML on the LJ post and was came up with this idea.

use BeautifulSoup to parse the submitted html, remove all tags that aren't in a safe html whitelist. And then for img & a tags process the url and require they start with an allowed set of protocols. The main downside is that <img src=/foo.png/> wont work. you have to list the http:

This seems like a good method for sanitizing user input while allowing some html -- but how can you really know you're protecting against all the possible ways to inject a hostile payload. There's some really funky techniques for tricking the browser at http://ha.ckers.org/xss.html

( Read more... )

Do you, reader, think its a good idea to cross post to multiple social networks and let the reader deal with duplicates?

Or would it be better for the representation of ones social network be incomplete on any particular site. (E.g. some people are only on facebook friends, or twitter followers, or G+ circle members.) So post deduplication is handled by only subscribing once on ones preferred service..

Or alternatively the poster could just pick one site and post there and make everyone check multiple sites to keep up with everyone they want to pay attention to.

Poll #1769734
Open to: All, detailed results viewable to: All, participants: 9

How annoying is social network post duplication

Thanks to crayon physics I'm now going to have visions of spinning crayon logs as I try to sleep. I suppose that's better than worrying about X,Y or Z.

So does anyone have a good desktop client for viewing ones LJ friends page?

One of the things I learned about me and social networking tools I learned from getting things done.

Have as few in-boxes as you can manage. The thing that was nice about twitter & facebook is they provided APIs for downloading their stuff into client side applications so I didn't have to remember to go look.

(OTOH, the Ubuntu default social networking application has some issues).

I still have trouble trusting large entities. On the other hand I feeling lonely and feel like I should at least make an effort to interact with a wide world.

Poll #1760483 Where to blog?
Open to: All, detailed results viewable to: All, participants: 13

Should I start using LJ again?

The EVE Blog Banter Special Edition: The Ladies of New Eden Asked a question, why does EVE Online only have about 5% of its player base as women.

I don't think I can answer that in general, but I've played EVE I've wanted to like it, and yet I keep going back to World of Warcraft.

I can think of 3 thing that make a difference to my game play.
( Read more... )

A utility that grabs all your posts, all your commands, and all your user pics. Does require python, and my brief code review seems to suggest its using md5 digest authentication. (Instead of plain text).

http://hewgill.com/ljdump/

I saw rumors that the current LJ owners were trying the javascript affiliate re-writing code again. This is a link to a pdf where I know one of the authors. The link text is the simplest version of the amazon link that works correctly. I'm curious if the link one lands at differs from it.

http://www.amazon.com/Introduction-Testing-Applications-twill-Selenium/dp/B001O7HEPW/

Answer: Yes they are doing it, though its even subtler. When I clicked on the link in this post and for a moment I saw a redirect in the url bar. So I dumped my port 80 network traffic.

The first HTTP request. (Note the Host: outboundlink.me entry)

( raw headers )
which contains my initial url.

(I did remove the Cookie: header from these posts.

I am curious what the parameters tag, linkCode, camp, and creative mean.

http://www.amazon.com/dp/0596514832/thepolychromatpa Link to Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast using joedeckers affiliate code.

Making Sense of Privacy and Publicity

A "rough crib" of her keynote at SXSW about the struggles of what we mean by wanting privacy, and why people post things publicly.

There's been a number of recent serious privacy violating issues from big companies, Google Buzz, and Facebook both trying to set the defaults to "public". (Not to mention LJs link rewriting scandal).

Its difficult to fully control your data if its hosted in google or facebook or pretty much anything not on a computer you physically own and now how to administer. Although I could manage to run my own flickr/twitter/blog/wiki thing, the average user, probably would find it difficult.

Also the large centralized services make it easier to know where to look for information about your friends. There's usually more complexity associated with knowing how to use distributed tools, but is increased control over what you reveal worth it?

I was having a brief vision of some kind of web app that'd have a drop down for you called "View my site as (list of your known contacts)"

There's still more room for thinking about this.

There's something surreal about having my girlfriend control what music is playing on my phone through a browser on her laptop.

The new E71 firmware has an internet radio application built in, so I pointed it to my home squeeze box server, where she was then able to log in and control what was being streamed to me.

I was trying to fix a badly done phone patch job and acquired some of these



According to the instructions, the plastic connector may cause eye and skin irritation and if you poke your eye with it flush your eye with large quantities water.

If you inhale it, "no need for first aid is anticipated". However if you swallow it, don't induce vomiting but do drink two glasses of water.

Somehow I think inhaling a something roughly the size of peanut M&M might require a bit more than first aid.

So here it is MLK day, and I have the day off, so having recently moved, I went back to unpacking.

And for a time I was able to force myself not to find the ideal place for all those books, just get them out of boxes and onto shelves.

But then I had to go get myself distracted by Wikipedia: Library Cataloging and classification. Where I got to read about the differences between the Dewey decimal system and the library of congress system.

And then I learned about the Universal Decimal System and that they have a summary of about 2,000 classifications in Browseable form

Now I need to resist the temptation to install some library cataloging software and go stick call numbers to all my books.

We finished cleaning out the old apartment and turned in the keys. I was a bit sad as it was a nice, albeit too expensive, apartment. Hopefully life as a homeowner will be manageable.

Mostly finished moving. We still have to clean out the old place, and the long process of unpacking. But at least I have working broadband again and finished setting up the bed.

It was very confusing, the internet moved a couple of days before the rest of my stuff, so I couldn't tell where home was... Was it where my IP was or was it where my bed was?

Today we painted our new bedroom, It took most of the day to TSP and lay down two coats. I got the job of edging along the top of the wall, which involved lots of climbing up and down the step stool to get more paint.

While we were waiting we also managed to wash the previous owners someone smelly refrigerator out.

Unfortunately for me I found some muscles that have been ignored for a long time, and so in addition to being really tired now, I suspect I'm going to be in a lot of pain tomorrow.

On the plus side, the room looked really nice when we left.

On the downside, we can see how the carpet looks rather worn, and with my new homeowner powers I keep thinking I should replace it.

About a year ago Caltech installed a 200 kW solar array on top of one of the parking structures, its the largest solar installation in the city of pasadena. Recently I saw that they had a "building dashboard" showing how much power they produced.

On sunny days in winter they're producing about 514 kWhs per day, which is roughly how much I used for an entire AC heavy month.

The part that's scary, is they'll cover that KWH to other units, like dollars of electricity, or pounds of coal, or... gallons of gas.

That 514 kWh could have been generated from just under 15 gallons of gas.

It boggles the mind how much energy we use going to and fro.

So Charlie Stross posted about the British "digital economy bill", a blow job for the largest media corporations allowing permanent disconnection from the Internet. (After 3 copyright infringements)

It is likely this provision requiring that ISP monitoring and disconnection accused users is part of the secret ACTA treaty, currently being negotiated.

Of course since the treaty is being negotiated in private, we don't know what companies are actually behind it. (I suspect Disney).

As a result I should return to my total boycott of anything released by members of the RIAA or MPAA.

If you love the Internet, you should complain to your congressperson about ACTA, and try to boycott the major media providers, and/or consider participating in some part of The Free Culture Movement.

And to think it only took 2 days to recover from packing my bookshelves. Still quite a bit more to pack, and I need to get an estimate for movers at some point soon.

Hopefully the loan paperwork will be finalized soon.

Does anyone have any advice on how to pick a home inspector for southern california?

Thank you all for your congratulations.

Its fun looking at the post times of all the messages. It appears I have full 24/7 "friends who are awake" coverage.

The sellers agent responded and my offer has been accepted. It took him a bit to respond as there was a "death in the family".

Next up, he has to "open escrow" and I have to hand over a large sum of money.

And then next the challenging part -- packing.

Back on the 12th I put in an offer on a condo, I was thinking of making them wait a bit so I could then haggle further, but after looking at the other options in the area, I realized that their counter was in actuality a fair price, and I further realized that the reason I was worried I couldn't afford it was because I was confusing interest rate and APR in my little excel sheet.

The end result is I signed their counter and emailed it back sunday night. But I haven't heard anything from the sellers. I did check with my agent and she'd received the signed offer and had forwarded it to the agent. (And called, and texted him)

But no response.

We wonder what's going on with them. *sigh*

Although house hunting does have the advantage of much more of it can be done via email than apartment hunting, there's a lot more opportunity for disappointment.

Thank you all for answering my survey.

Basically thanks to living in an area rich with Overlay Area Codes there's a good chance most people around me have mandatory 10 digit dialing. In some places the 1 prefix is required for calls that are billed as long distance, sometimes it's always required -- however the 1 prefix is rarely harmful.

As a result if you're able to use your mobile phone book to call out over a land line it's pretty likely to work if you enter things with the 1 + 10 digit format for phone book entries. (The only issue might be if the mobile phone caller id to name mapping would match an incoming 10 digit number to the 11 digit number in the phone book.)

Because of the feature of the 1+10 -- that it's the string likely to work on both mobile and land line phones, I've always wondered why PBX systems aren't using 1 as the indication a person is trying to make an outside call. Most of the office PBX I've used are set to dial internally, unless you dial 9 first for an "outside line", however there's no technical reason why 1 couldn't do the same job, and would have the advantage that you can always dial the same thing, regardless of what type of phone you're using.

For my own small scale PBX purposes I realized I could solve how to differentiate between "external numbers" and "internal extensions" by using digits for external and sip addresses like "desk@server" or "diane@server" as my internal phone numbers.

Alternatively VoIP hard phones support on hook dialing like a mobile phone, so I don't have to parse the digits being dialed one by one, I can parse the whole 3, 4 or 10 digit blob. However that requires that the user hit a "call" or "send" button to indicate they're done keying. Though as a big advantage using on-hook dialing gives you the chance to check what you typed in before the call connects.