Growstuff is a website for people who grow their own food.
Growstuff is a website for people who grow their own food.
You don’t need to change all your passwords
This is probably going to be a wildly unpopular opinion and IDGAF. So many of my non-technical friends are freaking out that I feel the need to provide a bit of reassurance/reality.
First, an analogy.
In 2005 we learned that you can open a Kryptonite U-lock with a ballpoint pen. Everyone freaked out and changed their bike locks ASAP. Remember that?
Now, I wasn’t riding a bike at the time, but I started riding a bike a few years later in San Francisco, and I know how widespread bike theft is there. I used multiple levels of protection for my bike: a good lock, fancy locking posts on the seat and handlebars, and I parked my bike somewhere secure (work, home) about 90% of the time and only locked it up in public for short periods. Everywhere I went I saw sad, dismembered bike frames hanging forlornly from railings, reminding me of the danger. Those were paranoid times, and if I’d been riding in SF in 2005 you can bet I would have been first in line to replace my U-lock.
These days I live in Ballarat, a country town in Victoria, Australia. Few people ride bikes here and even fewer steal them. I happily leave my bike unlocked on friends’ front porches, dump it under a tree while I watch birds on the lake, lean it against the front of a shop just locked to itself while I grab a coffee, or park it outside divey music venues while I attend gigs late at night. I have approximately zero expectation of anything happening to it. If I heard that my bike lock had been compromised, I wouldn’t be in too desperate a hurry to change it.
Here’s the thing: if you are an ordinary Jane or Joe living the Internet equivalent of my cycling life in Ballarat, you don’t need to freak out about this thing.
Here are some websites I use where I’m not going to bother changing my password:
Why? Because a) probably nobody’s going to bother trying to steal the passwords from there, and b) even if they did, so what?
This Heartbleed bug effectively reduces the privacy of an SSL-protected site (one whose URL starts with https://, which will probably show a lock in your browser’s address bar) to that of one without. Would you login to a site without SSL? Do you even know if the site uses SSL? If you’d login to your pet/recipe/knitting/music site anyway — if you’d do it from a coffee shop or airport — if you’d do it from a laptop or tablet or phone doesn’t have a strong password on it — if you don’t use two-factor authentication or don’t know what that means — then basically this won’t matter to you.
(I’m not saying it shouldn’t matter. You should probably set strong passwords and use VPNs and two-factor authentication. Just like you should probably lock your bike up everywhere you go, floss, and get your pap smears on the regular. Right? Right? *crickets*)
So if you’re a regular Jane — not working in IT security, not keeping state secrets, etc — here’s where you really need to change your passwords:
(To do this: use this site to check if the site in question is affected, then if it’s “all clear” change your password. Don’t bother changing your password on a still-affected site, as that defeats the purpose. Oh, and you should probably change your passwords on those sites semi-regularly anyway, like maybe when you change the batteries in your smoke alarm. Which I just realised I should have done the other day and didn’t. Which tells you everything, really.)
Beyond those couple of key websites, you need to do a little risk assessment. Ask yourself questions like:
If your answer is “I’d lose my job” or “I absolutely cannot survive without my extensive collection of Bucky/Steve fanart” then by all means change your password.
If your answer is “Eh, I’d sign up for a new one” or “Wait, even I’d forgotten that site existed” then you can probably stop freaking out quite so much.
DISCLAIMER: I am not an Internet security expert, just a moderately well-informed techhead. Some people, including better-informed ones, will disagree with me. You take this advice at your own risk. La la la what the fuck ever, you’ll most likely be fine.
Seeking a volunteer for 3000 Acres (Melbourne, Australia)
As you might know, I’ve been working on 3000 Acres over the last few months. My time there is almost up and they’re looking for volunteers to continue developing the site. If anyone in the Melbourne area is interested in working with me on this, and then taking it over, please get in touch! It would be a great way to get involved in a tech project for sustainability/social good, and the 3000 Acres team are lovely people with a great vision. Feel free to drop me an email or ping me via whatever other means is convenient, and please help us get the word out.
3000 Acres connects people with vacant land to help them start community gardens. In 2013 3000 Acres was the winner of the VicHealth Seed Challenge, and is supported by VicHealth and The Australian Centre for Social Innnovation (TACSI) along with a range of partners from the sustainability, horticulture, and urban planning fields. We are in the process of incorporating as a non-profit.
Our website, which is the main way people interact with us, launched in February 2014. The site helps people map vacant lots, connect with other community members, and find community garden resources. Since our launch we have continued to improve and add features to our site.
So far, our web development has been done by one part-time developer. We are looking for another (or multiple) volunteer developers to help us continue to improve the site, and to help make our code ready to roll out to other cities.
We’re looking for someone with the following skills and experience:
We welcome applications from people of diverse backgrounds, and are flexible in our requirements; if you think you have skills that would work, even if they don’t match the above description exactly, please get in touch.
We envision this role being around 8 hours a week ongoing (somewhat flexible, and mostly from your own location). Initially you will work closely with our current developer, who can provide in-depth training/mentoring and documentation on our existing infrastructure and processes. Over the next 3 months you will become increasingly independent, after which time you will be expected to be able to create and maintain high-quality code without close technical supervision.
For more information you can check out:
If you’re interested in working with us, please drop Alex an email at firstname.lastname@example.org. No resume required — just let us know a bit about yourself, your experience, and why you want to work with us. If you can show us an example of some relevant work you’ve done in the past, that would be fantastic.
Post offices in the US: a guide for Australians
This holiday season I’ve had a few Australian friends travelling in the US, and something I’ve seen repeatedly on Twitter is, basically, this:
America, Y U NO HAVE POSTOFFICES?!
— lianaskewes (@lianasmooz) January 2, 2014
So, here is a guide for US post offices, aimed at Australians. I am entitled to write this because I had exactly this experience when I moved there. It went something like this.
Me, to office manager: “Hey, where’s the nearest post office?”
Office manager: “Uh… I think there might be one at [distant location]. Or you could take the bus to [other distant location] I guess.”
Me: “Isn’t there one closer? Like, walking distances? This is a busy urban area, after all!”
Office manager: *puzzled look* “No, you have to take the bus…”
Then I caught a bus out to some forsaken quasi-industrial wasteland and found a grey-painted bunker with a USPS logo on it, where one poor worker stood behind a screen and a queue of dejected people lined up to collect or mail parcels.
A sad change from the Australia Post outlets I’m used to, which are in convenient retail locations no more than a few minutes’ walk away, have bright decor, and try and sell you things like calendars and gifts and travel whatsits and office supplies and generally are quite upbeat. Not to mention fairly quick service — I was in and out of my local one in 5 minutes, right before Christmas.
And let’s talk about how many post offices there are. Each map, showing search results for “post office near…”, shows approximately the same area — they were all taken at the same zoom level on Google Maps.
Here’s where I used to live, in one of the most densely populated urban areas in the US:
Here’s where I currently live, in a country town in Australia:
Here’s what most Australians, living in capital cities, would be used to:
In case you can’t make it out, every small dot on that map is a post office, too, albeit sometimes a licensed Australia Post outlet combined with another business; Google only puts full sized pins for a few of them.
Actually, I fudged the search a little bit, and when I explain why you’ll understand something about the US postal system. See, when I searched for “post office near san francisco” I got lots of small dots, too, which made it look like there were lots of post offices. But when I dug deeper it turned out that most of them weren’t actually post offices, but were “mailing offices” or UPS or other courier shops, or other retail outlets that just sold stamps. I had to specify “USPS post office near san francisco” to get the actual official ones, and I’m still not sure it’s accurate; the USPS locator gives me 34 hits for within 5 miles of 94105 (the zipcode of where I used to work in SF), some of which don’t seem to show up on Google Maps — but note that this is a larger area than is shown on the map above, and that Melbourne still has far more, despite 1/4 the population density.
However, the proliferation of non-post-office hits on the Google map is the key to understanding why Australians get confused when trying to find a post office in America. The point is: most of the services an Australian thinks you’d get at a post office — buying stamps, sending mail, packaging parcels, etc — happens elsewhere. You simply don’t need to go to a post office except in extraordinary circumstances. At least, not if you’re affluent and have good Internet and technology at hand; like so many crappy, underfunded, inconvenient US government services, people buy their way out of using them if they can.
So, here’s the actual advice for Australian travellers looking for a post office in the US.
So in short: ask “where can I buy stamps/packaging?” or “where can I mail this letter/parcel”, and the answer will be something other than a post office. Hope that helps!
I’ve been kind of rubbish about posting life updates over here, so I just thought I should make a note that I’m planning to move to Ballarat by the end of the year. Why? Well, my current housemates are going their separate ways and it was either find two new ones, or get a place by myself. Ballarat has cheap rent (not much more for a full house than it currently costs me for a room in a share house), fast internet, is only an hour or so from Melbourne by public transport (I expect to be back pretty regularly, maybe every week or two), and I can have a proper veggie garden.
For those not from around here: Ballarat is a small city of ~80,000 people near Melbourne, and was at the centre of the Victorian gold rush and also the site of the Eureka Rebellion of miners and others seeking reform (i.e. voting rights). In US terms it’s a “college town”, in that the local university is one of the biggest features. Although only the size of Boca Raton or Yuma it’s not as conservative as a similar-sized US city would be; it has a Labor (centre-left) member of parliament, a decent portion of Green voters, and workable public transit, albeit on a small scale. UK people may like to compare it in size to Chester, Durham, or Bath.
I lived in Ballarat for a semester in the 1990s, on an internship with Mars Confectionery, whose Asia-Pacific HQ is on the edge of town. I found it pleasant apart from the work — Windows 3.1 and Novell support, which involved a lot of crawling under desks and scraping chocolate off the inside of keyboards. I was one of the few civilians in town to have any Internet access, as I managed to beg a 2400 bps dialup off someone at the uni computer centre. At age 19, it was only my dialup connection and weekend trips to Melbourne that managed to offset the boredom of office colleagues talking about football and lawncare; 20 years later, I don’t have to work in an office, pretty much everyone torrents Game of Thrones, and though I don’t much care about lawns people usually find my veggie-garden talk less weird than my obsession with Linux and cyberpunk SF was back then.
To answer a FAQ: yes, Ballarat is colder by Melbourne by a couple of degrees. I’m pretty sure I’ll cope with it, since I lived 4 years in Canada. Bit of frost? Bring it!
To answer another FAQ: yes, I’ll be expecting friends to visit!
More detail to follow once I actually have a house and stuff.
Clicky web analytics: highly recommended
I know I’ve mentioned this before, but I just discovered they have an affiliate program and, well, that’s an excuse to mention it again.
They are basically a drop-in replacement for Google analytics, but run by a company who care more about, you know, analytics than selling ads. Clicky gives me all I need in terms of pretty charts and reports, and I can see where Growstuff’s visitors are coming from and how they’re using the site. Pretty much what you’d expect.
I’ve also paid for a premium account, which gives me two features I really love: “Spy”, which shows me people’s activity in real time (and makes a delightful “DING!” in my browser when we get a new visitor, which can be quite noisy at times, though of course you can turn the sound off if you prefer), and a heatmap overlay for the website that shows where people are actually clicking on the page — great for seeing which parts of your site are getting the most attention.
On top of all that, they’re friendly and responsive and have been really helpful on Twitter when I’ve had questions for them.
Anyway, if you’re looking for an analytics system that’s not run by a kind-of-evil ad company, and you want to support independent software companies and not be a free user, give Clicky a shot. If you use this affiliate link and buy a premium account, it’ll help Growstuff out a little bit, too.
What is a spike?
There was some discussion on the Growstuff IRC channel last night, while I was asleep, about the term “spike”. I use it a bit on the Growstuff project but I don’t think everyone knows what I’m getting at, possibly because I picked it up by osmosis from the Extreme Programming community over a decade ago, and the term’s fallen out of favour since then. So here’s a quick definition as I use it:
A couple of interviews
I’ve recently been interviewed by a couple of different blogs, and thought I should link them here:
Start your commit message with a verb
I’ve been pair programming with a lot of different people, with a variety of skill levels, on Growstuff over the last year. One thing I’ve noticed is that some people freeze up when it comes to writing a commit message. They type “git commit” and then sit there for a minute going “uhhhh”.
I understand this. It’s hard to convert maybe an hour’s hard work in code into a short sentence of English. How do you compress such complex ideas? How do you even make words, when your brain has been deep in code?
So here’s the tip I give to my pairing buddies who freeze up when it comes time to commit, and I offer it here for free: Start your commit message with a verb.
The rest usually comes easily. What did you add? What did you fix? What did you refactor? Grammatically, this is the direct object, and starting with a verb works as an effective prompt to figure out what it might be.
Sometimes you need an indirect object as well (“Added planting_count to crops”) or a reason (“Added planting_count to improve performance”) but really, if you can get a verb and a direct object, you’re most of the way there. And it’s certainly better than “WTF!?” or “yay bugfixes!” or “.”, all of which I’ve seen as commit messages.
(Of course, if you don’t freeze up when you have to write a commit message, then keep doing what works for you.)
Clicky Analytics with Mediawiki
As of right now, there’s not, but there is a good explanation of how you can put some custom code in your LocalSettings.php to integrate any analytics stuff that you like.
Here’s a generic version that will work for any analytics system, hopefully cut-and-pasteable. It works fine on my Mediawiki install right now (version 1.20.x) but is not guaranteed for any future versions. Or, well, it’s not actually guaranteed for this one, now I think about it. Use it at your own risk, is what I’m saying.
Note that you have to paste the analytics code from your provider in around line 16.
Hope that helps.
As a side note: I’m very happy with Clicky, so if you’re looking for an alternative to Google Analytics, you might consider them. Yes, they cost money, but that’s a good thing. Don’t be a free user.
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!