Older blog entries for forrest (starting at number 73)

Ok, I've got my perl script for price-shopping at CD BABY done. It adds the number of tracks as well as the prices to the genre list you select, and sorts it by price.

You still can't tell how long any of the CDs are, which is whack: number of tracks, although very poor, is the best clue available. (From now on, I'm writing the artists to ask how long their CDs are before I buy them!)

Find cdbaby_cheapskate.pl on my hacks page.

Java driving me nuts

I'm starting to get involved with a java development group at work, and I'm trying to get tomcat set up on my Debian box at home.

It's not going smoothly, and unfortunately no one has replied to my post to the debian-java mailing list, although it's been several days.

If someone here could offer me a clue, or advise me where else I should be asking, I'd be most grateful.

It seems that all my java experiences are going like this. It's not so much that it's a steep learning curve, it's that certain pieces of information I need are nowhere to be found.

CD BABY

I finally placed an order with the independant CD store that all the anti-RIAA slashdotters always mention. I talk about what I ordered over on LJ.

While they're really cool, I have two problems with their site

  1. They don't encourage price shopping, and
  2. They don't say how long any of their CDs are.
I wrote a little perl script to get around (1): it takes one of their "all artists of a given genre" html pages, fetches all the prices and outputs the html with the list sorted in price order, and with prices displayed. (I'll be putting it out on my hacks page once I get it a little more user-friendly.)

But shopping on price alone is not enough; the shortest CD I bought was 37:29 and the longest was 70:02 -- that's a huge difference. Duration isn't everything, but it's certainly an important factor.

I wrote to CD Baby asking them to include this information in their CD descriptions. I don't know how they'll respond, but if more people request the same thing (hint hint), I guess they're more likely to notice.

Athough I hope to blog free software related stuff here and keep my other stuff over at LJ, I just did a cool art thing, so I wanted to mention it here.

At least I used free and open source software ... perl to snarf webcam pics and mpeg_encode to make a timelapse movie.

6 Jan 2004 (updated 6 Jan 2004 at 03:22 UTC) »

Oh wow, responses about my gpg comment. Let me get replies in before it all leaves the recent log:

tmorgan: While I find the idea of somehow distinguishing between different levels of trust in the key infrastructure interesting, I think that would make it too complex for the non-technical user. Keeping it at "I trust this person not to send spam" is straightforward and has an obvious, big payoff for everyone involved (the spam problem is only getting worse).

I don't know to much about how it all works either, but I have read that some people have one key for signing and another (usually longer) key for encrypting. So perhaps one's signing key could be a spam trust key, and one's encrypting key could be a super-duper I rilly know you trust key. Mere mortals could be happy with the anti-spam key.

dyork: You're right, of course, about client support. I have been impressed enough with the usability of the Thunderbird/Enigmail combo to think that might be the app that will work for non-techies. (I've never tried gpg on Windows, though -- I'm just guessing things work similarly in that universe.) Home users have their choice of clients, and effective spamfighting might be enough of a draw to make people switch. Thunderbird is a typical GUI mail client; I think anyone could get used to it without much effort.

I know you don't have much choice about mail clients at work; I know that Outlook has a nice plug-in architecture which makes it seem like it might be possible to add a gpg plugin there. (I don't know much about it, but I installed the SpamBayes Outlook plugin at my work and that integrated seamlessly into the client.)

Critical mass is the key, and I can see a glimmer of hope that changing the definition of "trust" to make signed messages useful in blocking spam, combined with new, easier to use clients, could just make it all take off.

Everyone hates spam.

GnuPG for spamfighting?

I've been thinking lately how PGP/GnuPG could be used as a spam-prevention mechanism. I'm impressed with how easy Enigmail makes signing and checking signatures -- it seems like it should be usable by non-geeks.

If GPG-signing were to be used as a spamfighting tool, the meaning of "trust" (which always seemed vague to me anyway) would have to be changed. You would "trust" someone, even if you didn't know them personally, as long as it seems reasonable that person isn't going to send spam. If you receive signed spam that is somewhere in your web of trust, you mark the signers of that key as untrustworthy.

The lower threshold of "trust" would make more sense to a lot of non-technical users -- which is important, because everything I've read about signing keys on the net, is like don't mess around, this is serious business, only sign keys of people you've really met in person and that just means that, outside a small geek community, no one signs any keys.

I trust person X not to spam me ... hell, I'd sign a lot of keys of people from mailing lists and such that I'd probably never meet IRL. And that web of trust seems like it would actually be useful -- signing the keys of "real people" would be a matter of course, and if it were simple enough and gained critical mass, everyone would want to jump onboard.

AlterniRATE

It looks like only one person has downloaded my alternative iRATE implementation. That's too bad, but I guess it is rather specialized -- limited to people who are

  • on a platform where xmms runs
  • are comfortable installing perl modules from CPAN
  • run the official iRATE client (still necessary to download tunes), and
  • are not entirely satisfied with the official client, or at least curious to try an alternative.
Looks like that's just me.

I wanted to get my track-selection algorithm into the official client, of course, but it was a substantial change which would have been hard for me to write in an unfamiliar language. Combine that with a lukewarm reception for my proposal that made it seem like a patch would have a hard time getting accepted anyway, and I decided it was better to write something for myself in a language I was much more comfortable with.

I'm continuing to develop it and put the latest out on my website, but I'm not bothering with any official announcements.

Hanzi Quiz

I haven't touched this code in ages, but I have an idea how to improve it which I want to implement soon.

I wrote a utility program in perl (which you can find in the hanziquiz tarball) which takes pinyin with tone numbers (e.g. ni3 hao3) and converts it to pinyin with tone marks using utf-8 characters (something like nĭ hăo -- although that's with unicode numeric entities instead of raw utf-8). Now I'm thinking, if I move that conversion into the javascript of Hanzi Quiz itself, I can

  • make it easier to edit the test entries
  • have a fallback for browsers which can't display the accented characters (determined by a can you see this? up front)
Sounds pretty good, eh? The problem is the pinyin character ü (coded as a named entity here). That's hard to enter in text editors (except perhaps as an html entity ... oh that's hard too, just not impossible). In my perl conversion tool I use the character 'v', which isn't used in pinyin, to represent ü. I understand that's common, but perhaps not as common as 'u:' or 'uu'.

Should I code to expect the input to use 'v' (which is reasonable if I'm the one entering data), or should I try to handle other representations? What if I encounter html entities, or non-ASCII utf-8?

Eh, best start coding for the simplest ('v') case, and work from there. Yeah, I've talked myself into it just now.

LiveJournal

I have a personal blog over at LJ. I had hoped to keep a blog on my own site, but I eventually decided that LJ was all set up for me, so why not just blog there?

The entries are few and far between now, but will probably become more frequent in the future.

Verizon Spyware Warning

My wife and I recently got a cellphone plan from Verizon. With our cellphones, they included a tutorial CD. I put it in my wife's Win2k box (it's Windows-only, of course) to see if there was anything worth seeing. It appeared to just be a gee-whiz flash presentation of the manual for people who can't read (I'm thinking there must be a lot of those these days!) Yawn.

At least that's what it appeared to be until I shut down the tutorial app. As soon as I clicked the close box, ZoneAlarm informed me that something named noptify.exe wanted to access the internet.

The CD installs noptify.exe as a hidden file in c:\winnt\temp, and it tries to contact the internet periodically as long as you have it installed. Verizon clearly goes to some length to deceive the user and cover their tracks.

Why would the largest U.S. wireless provider do something want to do something so ethically dubious? What sort of information are they gathering? Why would they want to risk their reputation by maliciously compromising their customers' computers?

I definitely want to make some noise about this one, but I haven't formed my plan of attack yet. I'm thinking of writing the FTC and/or my elected representatives and cc'ing Verizon customer support.

1 Dec 2003 (updated 1 Dec 2003 at 04:02 UTC) »
AlterniRATE

I just got my Perl/Tk alternative iRATE client to a point where I can release it to the world.

It doesn't talk to the iRATE server yet, so you have to fire up the standard client every so often to download tunes. It does write the standard irate trackdatabase.xml file, so the standard client knows about the ratings and such from AlterniRATE.

It uses xmms to play the mp3's so it's limited to platforms on which that's an option. I suspect that Winamp::Control could be used as a Windows alternative, but I'm not too excited about writing that part. Maybe someone else will.

The primary motivation for writing this was that I think that the way the standard iRATE client selects which tunes to play is flawed; it seems like it totally forgets about older tracks, except perhaps if they're rated 7 or 10.

AlterniRATE uses probability weights which grow exponentially for each track until it's played again. The weights grow much faster for high-rated tracks than for low-rated ones, but eventually any tune which hasn't been played in long enough will be screaming "choose me! choose me!"

I hope some iRATE users here will check it out.

Ok, I'm going to blow of steam about a linux desktop user interface problem; there may be more appropriate places, but I guess this isn't the worst place.

I was googling for something like "free music download sites" and I found a link to http://www.mp3downloadhq.com/. I'm using Moz 1.5 and clicked on the link to load in a tab in the background. Boom! My browser is resized to fullscreen. I have my menus on top, but the bottom was hidden below GNOME's bottom bar.

I managed to drag the GNOME bars to the sides instead of top and bottom, but the bottom of my browser was still below the bottom of the screen and I couldn't resize it.

Well, eventually I managed to get it, although I can't say for sure what I did. But I fought with my browser for at least five minutes.

This is not my idea of being in control of my computer. I've had this happen with fvwm, and while it's bad, I can hit Alt-F11 (I think; it's been awhile) to get the top the browser window back so I can move the window into another screen where the corner is grabbable. It took me a couple of times to learn that maneuver, but even when I know what to do, it's a pain in the butt.

I'm supposed to be in charge of my computer here! Ok, I just went under Edit->Preferences->Advanced->Scripts & Plugins and turned off "Move or resize existing windows". I hate to do that, because it could have some useful purpose ... oh wait, I've only ever seen that used for evil. So, I guess it's OK.

I created a page for dinky little programs I've written which I find very useful, and may prove useful to someone else.

Only two out there so far, but I'm sure there will be others.

18 Oct 2003 (updated 18 Oct 2003 at 05:12 UTC) »

Alarming Privacy Violation

I'm sure I must not be the only one here who invests in Vanguard Funds; they have a reputation for low overhead.

Their website is clearly geared towards IE, the only browser they guarantee to work. Mozilla under Linux usually works though, and that's what I usually do. To do a buy transaction you're shepherded through a series of scrollbar-less windows. They offer you the option to print a record of the final transaction, but you're not supposed to save the html, as evidenced by this bit of javascript:

document.onmousedown=noRight;
document.onmouseup=noRight;

function noRight(e) { if (event.button > 1) { alert("Sorry, the right click has been disabled for this application."); return false; } }

Of course, I saved the html: I wanted to store a record on my computer and the above code presented no restriction to me.

Just now I was looking at the html source so I could enter my data into Gnucash, when I saw something that made a chill run up my spine:

	<div class="gh"><img SRC="https://ad.doubleclick.net/activity;src=9999;type=vangu99;cat=mfbuy9999;qty=1;
cost=999;ord=99999999999;u=99999|Individual|prd;tran=9999999999?" WIDTH=1 HEIGHT=1 BORDER=0></div>

I changed all the numbers to random strings of 9s to obscure my personal financial information (and added a newline to make the formatting less obnoxious), but from the original content it's clear that information about my transaction was sent. To ad.doubleclick.net.

I feel violated. I'd feel really violated if ad.doubleclick.net didn't resolve to 127.0.0.1 on my system.

I guess I'd better go re-read their privacy policy with a fine-tooth comb.

P.S. I know I've read some things before about why Doubleclick in particular is a very dubious entity to trust with one's personal information. I know I can google for it, but if anyone can help me out by pointing me to the best articles to reference in my upcoming complaint to Vanguard, that'd be great.

64 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!