IT360 Notes – Ajax in the Real World Part 2

Part two of the seminar. Lots of code I won’t paste. Also explains some of the tools used.

  • firebug at getfirebug.com
  • allows you to expand the DOM at the bottom pane, the active element is then highlighted at the viewing pane
  • also good for css because you can look and see the css for a particular element at the side pane and where it’s inherited from (note to self, get firebug for this reason)
  • console lets you see the XHRs including headers and params, also gives you the latency and what objects and files made the request
  • can insert debug logs for firebug using console.log() call, be sure to strip this out later
  • firebug’s console is interactive which lets you test things more easly
  • using divs is a nice way to attach styles to items, to hide individual items, etc
  • cache files can be important to take load off the database where applicable, downside is it can slow down propagation of data to other users
  • PHP specific: fopen locks files, might have issues when someone reqs cache file at same time you write
  • be wary of XSS, injection, etc
    • validate anything that gets passed to the database
    • ensure that if a user can display code to another user, it prevents scripting which would otherwise allow the same cookie permissions as your site
Continue Reading

Amazon the history revisionist

News has been making the rounds that Some E-books are More Equal than Others. Funny to see an Animal Farm quote referencing 1984, but I digress. The piece by David Pogue explains how Amazon issued a compulsory recall, no user intervention required, on copies of 1984 sold by a particular publisher. To the best of my knowledge this is the first automatic recall, let alone from Amazon, and since then Amazon has claimed that they won’t force you to return your books in the future.

What happened? Well, MobileReference was selling copies of Orwell’s 1984. In some countries the work is public domain. Unfortunately pdregistry.ca is presently down so I can’t say with authority whether it’s public domain in Canada, but I believe it is. Judging from their package of 3,000+ classics for $50, MobileReference took from the public domain and improved on it, then sold their improved versions. The problem is the book isn’t public domain in the United States, where their Kindle edition was sold.

Once Amazon was contacted by the American rightsholders they decided to institute a recall. They refunded users and deleted their books. The problem is the recall wasn’t voluntary as every other recall to date.

When a product is recalled it’s usually because there’s a danger to it. When someone steps on a patent or copyright holder’s toes, it’s usually up to the owner to file a lawsuit, and then they can claim the ill-gotten (or in this case mistakenly-gotten, I chalk MobileReference’s mistake up to ignorance or negligence rather than malice) gains. Now, that usually happens because it’s difficult to replace a product with a legitimate one, or to reassign gains. What could Amazon have done here? Maybe reassign the commissions to the rights holders? Maybe reassign the commission and replace the infringing book with a legitimate one?

It seems that Amazon has already promised that they won’t delete the infringing books. Maybe they’ll replace them, if they can figure out how to preserve bookmarks. Maybe they’ll just change who the royalties go to. Maybe they’ll just stop sales and tell the rights holders to pursue remuneration through the courts.

Are automatic recalls unfair? It’s hard to say. It certainly is a lot less harmful all around than lawsuits but publishers and authors shouldn’t forget that consumers are rightsholders too. If there’s an automatic recall it damn well better put the buyer’s needs first.

Continue Reading

IT360 Notes – Wikinomics keynote

Writer of the Wikinomics book, Don Tapscott is giving this presentation. His book is on mass collaboration. He’s from New Paradigm. His book was given out with the expensive passes. All non-reserved seating is used. There’s about twenty people standing five minutes prior. Thirty-something two minutes prior to start.

This has a lot of notes.

  • Book has been on US&Canada non-fiction best seller list for 15 weeks.
  • Don is chief exec of int’l thinktank New Paradigm founded in 1993
  • Research in tech, productivity, completed multi-million dollar IT and Competitive Advantage report
  • Trying to convince us that tech is the heart of change in large corporations
  • social networking growing, new blog every second, Time selected collaborator as person of the year, but it’s all so 2006
  • We’re in new mode of production
  • four big drivers:
    • technology, web today isn’t daddy’s internet, changes include access modes. The object of interest is the “thing”: phone, fridge, pen barcode reader that price compares.
    • it’s fast now. Wifi is growing. Eg. One Zone. Bell Canada didn’t expect the power company and San Fran telcos didn’t expect the Google. Google’s business model doesn’t include wifi, why did they do this?
    • geo-spatiality. Geotagging. Browse the physical world. Related searches to your location. Check out Plazes. Or Socialight. Put a sticker on the bakery, when your friends go by they know you like that place. IntelliOne is cool: using cellular signals to figure out where you are roughly. Can be used to figure out speed of traffic. Maptuit does traffic routing.
    • Going online at online casino, you are going to have the best online experience you have ever had.
    • True multimedia. Not just pictures and text. Add Skype. TIOTI: Tape It Off The Internet. Look at PS3. Very realistic graphic. 3d animation could be new paradigm of media. Old web was static HTML, presentation, new web is distributed computing, programming. New web is as much about sharing content. Metadata is now important. Tags. Problems with lack of consistency. Once was said we’d only need five computers. He was off by five: we need one. Not desktop, webtop. New web moves IT to the web. God might have created the world but he didn’t have an installed base. Easier to start new with web2.0 designed to collaborate than to tack sharing onto old base.
  • The net generation. People currently under 29 roughly. Thought children were prodigies, then realized it’s a common trait. Conclusion from ~300 kid study: no fear of tech, natural as breathing.
  • Echo generation bigger than baby boom generation, marginally.
  • Time on the net takes away from time on tv. Huge multitasking trend. IM+news+collaborating+gaming at once. Processes information differently. Kids are authorities on web2.0. Not as big of a generation gap: compare your ipod to your kids’. Generation lap: kids lapping parents in tech race. Check interview on newparadigm.com. E-mail is already dead. Kids only use it for formal tech. :) Question was asked: When do you use email? Response was: Something like a thank you note, something sort of formal.
  • Generation wants choice! Customize everything! Don’t be like the auto industry that missed the tuner market. Scion vs Ford. Scrutinizers – they check everything eg images for signs of photoshopping. Integrity!
  • Kids don’t get their news from the Daily Show. Daily Show isn’t funny unless you know the news. Gets news online.
  • Collaboration allows you to know people online.
  • Online do you collaborate, or learn, or entertain yourself? Net gen does all at once but doesn’t always realize it.
  • senior exec asks net gen what to do to make company attractive. Kid answers “make the place more fun.” Google vs factory.
  • Social revolution? Check flickr vs webshots on alexa. XML based community eclipsed old websites. Community over in-house content presentation.
  • Check out Wikinomicists of the World Unite. Within hours of the facebook group’s creation, had ~120 users and critiques of the book (first 2 chapters were posted)
  • Economic revolution. Collaboration costs used to be higher. Ford used to have a glass factory because it was more expensive to collaborate with others than to own factory.
  • Theme #2 is openness. “The naked corporation.” Fitness is no longer an option, it’s mandatory. Integrity must be baked into your bones. Transparency allows others to build trust in you for you.
  • IBM shared IP with linux, saved billions in upkeep costs, came up with solid platform
  • World isn’t flat, it’s a skewed binomial. Look at east asia’s growth. Japan disproportionately contributes.
  • New principals on how to run company: peering, openness, something, act globally
  • Harnessing mass collaboration, 50 year old mining company peers, opens, shares data. Used to keep throwing money at prospecting. Frustrated by lack of results. “If I don’t know where gold is, who does?” Published geodata on internet, held contest, gave $500k to contest for “Do I have gold? If so, where is it?” Found $3.4 billion when 77 contestants used new ways of analyzing data to tell him.
    • peered: let anyone submit
    • open: told people he doesn’t know where gold is
    • acted globally: opened to the world
  • What can you create in a way like linux and wikipedia? Linus Torvalds doesn’t know. DBs are boring, who would create an open one?
  • Second Life’s content is 99% user generated
  • Compare unauth mashup of Grey Album to hacking of Lego Mindstorm. Lego didn’t sue children, Lego opened up mindstorm. Lego made prosumers.
  • Biggest new development is the amazon cloud. 200,000 people building apps on it. Mom and pop can use its open api to create value.
  • Don forgot to turn his smartphone off, got a call an hour into it.. Then another 30 seconds later. :)

I can’t stay for questions and answers, have to rush to DNS security presentation.

Continue Reading

Block printing at the hacklab

Alex is here to lead us in a print workshop. My previous printing experiment failed with intaglio style printing. I meant to try imitation letterpress but didn’t get around to it. Alex is showing us block printing and she knows what she’s doing. Here I try to liveblog what she’s doing. It’s not going to be complete so you’ll want to watch the video too, and probably search for block printing on instructables.

PC290107You can see her laying down markings in pencil. The marks are slightly bigger than the blocks we’ll be using. After she marks them, she uses a syringe to lay out drops of water along the lines. You can see in the photo that the water is beading. She fixes that by scoring over the lines so the water can absorb. After that, she can tear.
Once the paper is torn up she tosses them into a flat tupperware container that’s filled with water. Note that this paper actually has cotton in it, it’s not entirely wood pulp like printer paper. You soak it to get the sizing out, which is a starchy glue thing that keeps it stiff. Warm water works best for this. With that out you can use less force in order to press the paper and leave the indent, also known as the “kiss” of the block. The water also resists the oil so you get a cleaner print.

Now, she mixes the paint. Some tips: You don’t need printer’s ink, and you don’t need to use paint thinner or mineral spirits to clean up. In fact paint thinner or mineral spirits in the kitchen is a bad idea unless you want to be poisoned to death. We’re using oil based paint with an extender. It’s cheap. To clean up we’re using tough-on-grease palmolive. It’s also cheap. Also note that we’re using a dye based paint, not powder in an oil suspension. You can’t mix the two.  After that we’re using corn oil as a cheap alternative to printer’s medium. You might notice that cheap is a theme here. Mix and scrape and tweak to get the desired viscosity. Once that’s done it’s time to ink.
The next segments I’ve conveniently got available in video form! Apologies for the shakycam and poor framing. They were taken on impulse using my point and shoot camera. If we do another workshop we’ll bring a real video camera.

Blackjack is one of the most popular casino games played, and at online blackjack games you can experience the thrill of playing the game.

It’s best to use a roller than can go over the entire block at once and take as much time as you need for this part. Alex takes her time here, explaining that a lucite roller works, or you can use a rubber one. She explains that attention to detail is probably the most important part. You will get some ink splatter away from the raised edges. Leave that for a photocopier-like effect. She thinks that’s cool, like an underground zine. Sponge it off if you want it to look perfect. Not for Alex, though. If she wants perfect she uses a laser printer. It looks like this is where you get creative and can decide things like if you want to ink the edges of the block so that you get a border when you’re pressing down with the barren.
Finally, we’re ready to do the actual pressing. Alex takes some paper out of the soak tank and blots it from both sides with a towel. She leaves it damp. She lays the paper on the inked block, then takes her time and presses it with the barren several times with even of a pressure. Watch the end of the first video for a better explanation of what to do.
Alex demonstrates this in the first video using a laser etched wood block. The second part we do the same thing but using a laser etched acrylic block. The last video explains cleanup.
Cleanup without the solvents involves a lot of scraping. Alex would first scrape off most of the ink onto tin foil if she wants to use it later, but this time she uses newsprint since it’s going to be thrown out. Eventually she just can’t scrape off any more and she’s left with a fine film. She pours on some corn oil. This dilutes the oil paint and lets her spread it around again. She can polishes it off using crumpled newsprint. After that, she uses grease busting dish soap to clean the remnants off.
All of this is very cheap to do. The tube of extender cost $45 and is the most expensive part. The barren was ten to fifteen dollars at any art store. The lucite roller was about twenty dollars. The tube we used here is still more than a third full and it’s been used for seven years. The oil pant you can find on sales for cheap. The spreaders come in three and six packs from hardware stores and cost only a couple bucks. Best of all, this all can be done in a kitchen, just like the video shows.
Whew. And that’s the end of the liveblog attempt. Take a look at Owen’s photo set on flickr and my gallery below. I have photos for the first few steps which Owen missed, and he’s got photos that I couldn’t take while I was recording video.

Continue Reading

IT360 Notes – DNS Holes

One of the fastest growing areas on the Internet is online casinos, and http://www.mobile-casinos.ca is at the forefront of providing a good service.

I came 5 minutes late to this presentation due to the keynote running late. Oops. Starts out with DNS 101 explaining the very basics of a DNS server.

  • information gathering
  • dns DoS, dns usually not as hardened but it’s very important and taking out dns effectively makes a network inaccessible
  • example of dns ddos: botnet of zombies smurfs you. Your network is toast.
  • dns cache poisoning puts bad data into zones file
  • trick a server into accepting bad information and cache it
  • future requests receive incorrect info
  • eg poison wellsfargo.com
  • can be done by weaknesses in code, ddosing the next higher server in chain, but requires injecting bad data and pretending to be a trusted server
  • dns exploits, server rooting
  • old BIND has lots of exploits, #1 executed exploit group is against BIND, if you’re using BIND be sure you’re on BIND8, currently latest is 8.4.7
  • how to protect:
    • patch your servers
    • repeat: patch your servers
    • limit recursive queries to only internal users
    • limit zone transfers and dig information
    • set up tertiary dns servers outside of your network
    • secondary and tertiary dns servers for users not on same network
  • why to limit recursive lookups to internal networks? No reason to help others, that is no benefit to you, but it can be abused and used to steal bandwidth.
Continue Reading

NanoNote is like my second chance at a Zaurus clamshell

I’ve never seen open source hardware target the mainstream until the OpenMokoteam partnered with FIC to release the Neo 1973. Before that, it was just about all hobbyist electronics kits or Verilog code for FPGAs. Oh, and 3d printers, which are awesome. Yesterday I found out about the 本 (běn) NanoNote, an open palmtop.

I was only a little surprised when I found out that Qi Hardware, the company behind the NanoNote, was founded by former members of the OpenMoko team. They’ve already made commitments to copyleft software, community driven software development and upstreaming their Linux improvements. This gadget is particular intriguing to me because I did a fair bit of OS coding for school using OS/161 as a basis, which has a 32-bit MIPS kernel. I might actually be able to contribute to the OS. If not, I could certainly contribute to application development.

This device, with its 32 MB of RAM, doesn’t take aim at the netbook market so much as the gadget market. Think Sony Mylo, or GP2X, or the Nokia Internet Tablet series. It’d be a welcome replacement to my Nokia 770. For one thing I imagine I’d be able to IM a lot more easily with it.

Choosing which online casino game to play is not made easy when you logon to mobile casino games.

What’s possible? Hard to say. Even for a thin client the machine is very limited. Don’t expect to be able to view websites as well as you can on your iPhone. Do expect something a lot more hackable than a PDA. I missed out on the Zaurus clamshells that I wanted so badly in 2005, but I might save up to grab one of these NanoNotes. Maybe not the 本, maybe I’ll wait, but I would love to play with one. The 本 will ship in fall. I hope that Qi releases their projected price soon.

Take a look at a list of the Zaurus software index for ideas of what’s likely to hit the NanoNote first. My guess is an emulator will be the first port, probably for either the NES or the Commodore 64.

Continue Reading

IT360 Notes – Ajax in the Real World Part 1

This is a three hour tutorial from Kris who is pushing his Ajax book. It will go over, from start to finish, the creation of a sidebar chatbox that’s database driven and Ajax enabled. I’m not going to type up pieces of code but I will note concepts.

  • Firebug is a firefox extension that allows you to see a bunch of get requests
  • Get started with a few of the scripts that he uses, not necessarily Ajax but some DOM related.
  • likes to create shortened functions like gebid() to shorten the call to document.getElementById()
  • first part of creating an ajax app is to create a reusable engine, for example in javascript
  • good thing to set up: a queue of requests to go to the server
  • maybe use a wrapper to use XMLHttpRequest if available and ActiveXObject(”MSXML2.XMLHTTP”) if not
  • XMLHttpRequest known as XHR from now on (ow, my thumbboarding.. thumbs)
  • You can disallow a submit button to submit, make it call a JS
  • Requires use of a server side scripting language to interface with the db, of course. Suggestion of the day is PHP.
  • starts to go over example now, use of php to construct a xml file
  • be sure to make dimensions of elements that’re deleted and remade similar, especially if their sizes can change.. Or just hide/unhide
  • don’t need to have an action attribute to the form tag since all it does is fire a lot of javascript items
  • disable javascript and try your pages to see if your page is usable albiet limited. It can be made usable, or at least put up a warning message.
  • 5 minute break
Continue Reading

CrisisCampTO

Yesterday was the first CrisisCamp in Toronto. I heard about it from Jacqui Maher‘s presentation at CUSEC, and I decided to attend not really knowing what to expect. It turned out that there were six projects to tackle, and I tried to help with the machine translation project.

The idea was to provide an easily accessible translator for people on the ground. At the time the project started there was no Google Translate project that worked back and forth between for English and Haitian Creole. I think it was Chris that got a translator working based on moses after it’d been fed a corpus of every piece of Creole that he could get his hands on. The CCTO team’s job was to put together a web front end, and an API.
We were asked to write in python. There was no binding for the frontend, but Google had just made their Creole translator accessible. For testing purposes, we’re using their AJAX frontend. After a couple false starts with mod_python and Django, Brian and Kevin rewrote using the Twisted framework. It’s a little more obscure but it’s going to be easier to plug in other mediums like SMS.

We did in eight hours what a more organized team could’ve done in one. It’s hard to feel like I contributed anything other than two false starts and a bit of test code, but I’m still glad I went. I got to participate in creating what I think will be useful on the ground, even if I didn’t add much traction. At the very least I got to learn what it feels like to have a deliverable and a deadline but no spec.

Continue Reading

The EC-GC spoof is toast, whodunnit?

(I remember when Telus shut down thousands of websites to take down their union’s website. Serverloft might have just done the same. The Seattle Post-Intelligencerhas an article on the takedown of the Yes Men site. I did find an article from straight.com which claims to have the original complaint. The IP address in the complaint there is the same one that ec-gc.ca is currently hosted on. Ole Tange is the contact for PiWeb listed in the IP address for that whois.

At first I was convinced that Serverloft did in fact pull the plug on PiWeb’s netblock. A slashdot comment gave me pause. After all, the message from Mr. Tange is on a website controlled by the Yes Men, and his contact details are publicly available. As of this writing, the PiWeb status page makes no mention of related downtown. Maybe the Yes Men took down their own site as a PR stunt. Here’s a paste from the disputed website.

Website suspended

Serverloft blocked the IP-range for this server because of the content of the client’s website and would only unblock the IP-range if we suspended the website. The website was used in a spoof by The Yes Men.

Serverloft blocked the IP-range without a warrant and without calling us and thus affecting servers hosting 4500 of our customers’ websites until we ourselves discovered the problem, and convinced Serverloft to unblock. Serverloft did send us an email explaining that they would not unblock the IP-range until the websites were taken offline. The email was sent 5 minutes after they cut of the access to the mail server, so we only received the email after the 4500 websites were back online.

Convincing Serverloft that their systems had blocked access on purpose was hard because Serverloft frontline support claimed that all their systems were working fine and they therefore assumed that the problem was a configuration problem on our server. They refused to help troubleshooting the issue.

Serverloft could simply have called us and asked us to deal with the situation. We would then have asked the Canadians for a warrant. If the Canadians had shown us a warrant we would have taken down the site immediately. As others have pointed out the Canadians could probably just have gone through CIRA and have the domain suspended, which would not have affected any of the other 4500 websites.

As we cannot go through every single page that our customers put on their websites we anticipate a similar situation may arise again. We have therefore asked Serverloft to revise their procedures so we at least would get a phone call before they cut our connection. They have so far refused to do so. They have answered:

your net was blocked because of hosting phishing sites. I’ve attached the information, we have, below our signature. I’m sorry, but we cant call every costumer for abuse. In some cases we’ve to respond very fast and have to block the net or server.

While I appreciate Serverloft respond fast, it is no good if the collateral damage is more than 1000 times as big. Had they called I am sure we would have found an arrangement that would satisfy both of us.

For more information: contact Ole Tange <ole@tange.dk>

The only other website I can find running on the listed IP is good-cop15.org, which is also the default vhost for that IP. It’s a site about the Copenhagen conference and links to the Yes Men hoax. Judging from the reverse lookup on the address it’s probably a virtual machine, quite possibly run by the Yes Men. It turns out that there is actually a Bruce Moore at CCIRC, but he wasn’t on duty when I called. Ec-gc.ca isn’t on any phishing list that I can find so that charge was overblown.

I don’t particularly like the Yes Men. They go from satire to impersonation. I’d have loved to see CIRA close down their ec-gc.ca domain but the domain dispute takes a long while. I can understand the letter from the CCIRC. The Yes Men website will do the most damage now, not in the time after CIRA is through with its dispute process. I find it very plausible that the Canadian Government would send such a request.

I also find it very plausible that Serverloft would issue a knee-jerk takedown. It’s relatively common for service providers to take down material immediately after a complain, especially among low margin resellers. From the WHT opinions, it sounds like that fits Serverloft. If that IP address was limited to a virtual machine run by the Yes Men, and Serverloft was okay with risking their reputation by acting on the complaint rather than following up with PiWeb, they could have at least minimized damage by only nullrouting the VM’s IP address.

There’s enough negative material on WebHostingTalk that I wouldn’t want to use Serverloft regardless of the outcome of this case. I’d like to see some official statement from PiWeb on an official channel before I believe the details though.

Update Jan 2nd 2010: It looks like Ole Tange has updated his personal website withdetails of the takedown.

Continue Reading

So long SugarSync, hello Dropbox

I’ve had some problems with SugarSync. My Leopard install died, and I also reformatted my Windows 7 machine to go from RC1 to the copy of RTM I received through MSDNAA. Now I can’t add my “new” machines to SugarSync because I’m at my two machine limit. Worse still, I can’t have my “new” machine take over and restore from their synced folders automatically. If I want to get all that stuff back I have to download them one by one over the web front end. I’d be better off if I rsync’d everything to one of my servers.

I put in a support request on the forum but got no reply. I could put in a support ticket, but I won’t bother. I’m just going to switch to dropbox.

What’s that you say? “But dropbox doesn’t have Windows Mobile support!” Well, I’m not convinced that SugarSync has it either. I installed their client and it crashed on launch. No error message, it just dies. I put in a support request and I’m told to reinstall. Okay, I use Remove programs, delete the CAB file from my downloads, clear my browser cache, redownload and reinstall. The issue persists. I reply to the ticket, and I’m told to reinstall. I use Remove programs, dig through the registry with Resco Registry Editor, delete any key that looks related, delete the CAB file, clear my cache, redownload and reinstall. The issue persists. I reply to the ticket.

What do you think I’m told in response? Yeah, reinstall.

SugarSync now has no advantages to Dropbox for me. I can see how the Magic Briefcase is useful for recovering files after a crash, but not the machine specific folders, and I might want to keep backups of folders without sharing them over all computers. I’ve already seen that their support is poor, so it’s time to try the other guys.

Continue Reading