Older blog entries for pjf (starting at number 586)

Facebook Privacy talk at BarCampMelbourne
This weekend at BarCampMelbourne I gave a talk on Facebook privacy, and what information I was able to extract from the API using some reasonable simple Perl programs. Due to the incredibly fast efforts of Avi Miller, this talk is now available on-line. If you're reading this blog on my main blog, then you can also watch it below:

<embed src="http://blip.tv/play/AYGgggoC" type="application/x-shockwave-flash" width="480" height="390" allowscriptaccess="always" allowfullscreen="true"></embed>

You can also watch the talk on the BarCampMelbourne channel on blip.tv.

As mentioned at the end of my talk, you can be kept up-to-date on my research by joining my facebook study privacy group, or the google group, as well as my blog.

Dark Stalking on Facebook
For a while I've been using Facebook's API and Facebook Query Language (FQL) via Perl's WWW::Facebook::API module to run fairly innocent queries on my friends. If I visit a town, I'd like a reminder of who lives there. If I want to go rock-climbing, it helps if I can easily search to see which of my friends share that hobby. This is good, innocent stuff, and makes me glad to be a developer.

Last week I decided to play with event searches. If a large number of my friends are attending an event, there's a good chance I'll find it interesting, and I'd like to know about it. FQL makes this sort of thing really easy; in fact, finding all your friends' events is on their Sample FQL Queries page.

Using the example provided by Facebook, I dropped the query into my sandbox, and looked at the results which came back. The results were disturbing. I didn't just get back future events my friends were attending. I got everything they had been invited to: past and present, attending or not.

I didn't sleep well that night. I didn't expect Facebook to share past event info. I didn't expect it to share info when people had declined those events. I haven't found any way of retrieving friends' past events using Facebook's website, but using FQL made it easy. Somehow, implicitly, I thought old events would fade away, only viewable to those who already knew about them. I didn't expect them to stick around for my code to harvest, potentially years into the future.

Finding my friends' old events crossed a moral boundary I honestly didn't expect to encounter. Without intending, I really felt like I was snooping. It didn't matter that these friends had agreed to share this information under the Facebook terms and conditions. I would personally feel uncomfortable with this much information being so readily available, and assume my friends would feel the same.

However my accidental crossing of moral boundaries wasn't the only thing that kept me awake last night. I was also kept awake by wondering just how much information could I tease out of the Facebook API. What could I discover? What if I were evil?

However I'm not evil, so I put my code on hold for a while and made a call for volunteers. I'd be restricting myself to just using the Facebook API, and without them installing any additional applications. I wouldn't share their data in any way, but I'd be able to inspect and use it, and would try to provide them with a copy when I was done. To be honest, I was surprised by the response; I now have almost two dozen people who have agreed to participate, covering a wide range of lifestyles and privacy settings.

The results have been very interesting. I expected to be able to obtain personal information, including things like events, photographs, and friends; it doesn't take much imagination with the FQL tables to find those. What was most interesting are some of the more creative queries I was able to run.

Most recently, I've been able to obtain status feeds, even for users who have very tight privacy settings, although I had to tweak my own application's privileges to do so. I don't know how far into the past these go, but they also come with likes information, and comments. This gives me a wealth of information on the strength and types of relationships people have. A person who comments a lot on another user's posts probably finds that user interesting. If I descended into keyword and text analysis, I may even be able to determine how they find that user interesting.

But by far the most interesting part of all of this have been dark users. Like dark matter, these users are not directly observable, usually because they've completely disabled API access. In fact, some of these users are completely dark unless you're a friend. They don't show up in search results. They don't show up on friends' lists. You can't send them messages. If you try to navigate to their user page (assuming you know it exists), you get redirected back to your homepage. These users have their privacy settings turned up real high, and are supposed to be hard to find.

However like dark matter, dark users are observable due to their effects on the rest of the universe. If a dark user comments on a stream entry, I can see that comment. More importantly, I can see their user-ID, and I can generate a URL to a page that will contain their name. I can then watch for their activities elsewhere. Granted, I can't directly search for their activity, but I can observe their effects on my friends. For want of a better term, I've been calling this "dark stalking".

What makes this all rather chilling is that I'm doing all of this via the application API. If your friend has installed an application, then it can access quite a lot of information about you, unless you turn it off. If your friend has granted the application the read_stream privilege, then it can read your status stream. Even if a friend of a friend has done this, and you comment on your friend's status entries, it's possible to infer your existence and retrieve those discussions through dark stalking.

While I've always considered people's own carelessness to be the biggest threats to their own privacy, in the social 2.0 world it seems we need to be increasingly worried about our friends, too!

I'm preparing a detailed paper with the results of my research (which is still ongoing), but I will be presenting my preliminary findings at BarCampMelbourne, this weekend (11-12th September 2009), with a further update at the University of Tasmania Computing Society (TUCS) on the 2nd October. A conference talk will invariably follow.

If you want to keep track of my research, then you can join the facebook group, or the facebook privacy group. I prefer comments and questions to directly to the facebook privacy group, or to me directly.

BarCampMelbourne and Social 2.0
In a week's time I'll be attending BarCampMelbourne. Registrations close on September 7th, so if you want to attend, now's the time to register.

Now, BarCamps are pretty cool, but I'm particularly excited about this one because I'm going to be doing a talk on something I've been playing with for a while, which is having an Augmented Social Life, or just Social 2.0.

In the last few years, social networks have flourished, and an unprecedented amount of private data is available on-line. I'll be demonstrating how to use modern social networks to improve your social life. That includes techniques on turning Facebook into beer.

However what I find most fascinating is from a privacy standpoint. Whenever I find a social network, I go looking for an API, and some APIs are more revealing than others. In particular, Facebook provides Facebook Query Language (FQL), which allows for some incredibly powerful queries. What makes it particularly scary is that with the default privacy settings, one can mine a huge amount of private information by having a friend who has installed an ethically bankrupt application.

I'll be giving some rather real-world examples of using and abusing facebook. Some are good, like reminding you which friends are in a city you're visiting, or which friends share a particular hobby. However many are more scary. I can demonstrate how to find people you've met at events, based purely on their first name. How to look into other people's past, and see what they were doing years ago. How to find out what applications your friends have installed.

Of course, I'll be doing all my examples in Perl, many using the excellent WWW::Facebook::API module.

Perl 5.10.1 released
I have a commitment to blog about Perl every week, and this week I was really worried about what I'd write. I've just returned from five weeks of International travel, and my scant time back in Melbourne has been spent taking photos at Manifest, rather than working on anything technical.

It's good that I haven't done anything newsworthy, because it would be completely over-ridden by the news that Perl 5.10.1 has been released. This release has a special place in my heart, as 5.10.1 includes autodie as a core module, and as most of you know, I'm very fond of autodie.

I'm in the process of writing a "What's New in Perl 5.10.1" summary, which will appear as a Perl Tip in the next couple of days. Subscribe by e-mail, Atom, or Facebook if you want to see the tip as soon as it goes out.

UK and Ireland thank-yous
I've spent the last few days travelling around the UK and Ireland, and it's just been lovely. By far one of the nicest things about travelling is the hospitality and generosity of the Perl community, and so I want to take a moment to say thank-you to a few special people who made my travels so enjoyable.

Thank-you to Drew, Kimberley, and Samantha for giving up their home in Dublin, driving around two crazy Australians, and picking us up when we get completely lost. An extra special thanks to Kimberley for some amazing cooking; it's not every day that we get to stay with a professional chef!

Thank-you to Murray and Becky for giving us booze, conversation, lodging, and wifi in their most amazing Edinburgh home. I really wish I got to spend more time in Edinburgh; both the city and its people are beautiful, and haggis is plentiful and tasty.

Thank-you to Andy Armstrong for driving us around the spectacular English countryside, putting us up for the night (and sleeping on the couch!), and then driving us on to Darlington. Given the cost of trains in the UK, Andy saved us a small fortune. Particular thanks goes to Andy for the trip to Hadrian's Wall and Vercovicium, which was spectacular!

Thank-you to my Great Aunt Jennie, who isn't at all involved in the Perl community, but gave us lunch, tea, great conversation, and acted as a guide for many miles of walking and photography around Darlington.

Thank-you to the charity shop five minutes walk from Great Aunt Jennie's house, which had an almost complete Space Hulk 1st Edition set with expansion cards for only £1.50.

Thank-you to Smylers, for putting us up in Leeds, and in particular for putting up with me running off around the city with my pirate friends.

Finally, thank-you to Léon Brocard for organising a London.pm meeting, and for Piers Cawley for the lift to the airport.

YAPC::EU 2009 microreport
I'm still travelling, and so I don't have a reliable sources of connectivity, time, or caffeine. As such, this report is much briefer than I would like.

I made it to YAPC::EU 2009 and survived. As my first YAPC ever, it was great to be at a conference where I could assume that everyone knew Perl. It was also great to meet a number of the people who I'd been working with on-line for years, but never met in person.

It seems that lots of people use autodie. That's good, because it's hard to gauge feelings and reactions on-line, but it's easy when a small group grabs one after a talk and asks detailed questions about its internals. There seems to be a lot of demand for autodie to provide the ability for third-party code to see if it's enabled, and also a lot of demand (not least for me) for Perl to call a special method on exception objects if they're about to kill one's process, as opposed to be caught and handled.

The conference highlight for me were the people. They were very warm, very willing to participate, and heckled only about things I could easily answer. I suspect that means they were also being very nice, since they were a very knowledgeable audience. Privately, everyone was extremely accommodating. Apparently travelling from Australia makes one special, and I felt very special indeed from all the attention.

Looks like I'm out of time for this entry already. I've got yet another flight tomorrow, so I'll try to squeeze out some writing on the plane.

2 Aug 2009 (updated 2 Aug 2009 at 12:38 UTC) »

Malaysia, London, Lisbon, oh my!
If I seem slow to respond, distracted, or exhausted, here's why...

15-18th July
Portland, Oregon
19-24th July
San Jose, California (OSCON)
25-27th July
San Franscisco, California
28th July
On a plane above the Pacific (yes, the whole day!)
29-30th July
Home in Melbourne, Australia
31st July
Kuala Lumpur, Malaysia
1st August
London, England
2-5th August
Lisbon, Portugal (YAPC::EU)
6th August
Madrid, Spain
7-10th August
Dublin, Ireland
11th August
Edinburgh, Scotland
12-13th August
Darlington, England
14th August
Leeds and London, England
15-18th August
Kuala Lumpur, Malayasia

Yes, that's a whole month of solid travel, averaging only about 2.3 days in any one place at a time. If you wish to track my trips (eg, to see if I happen to arrive in your part of the world), or if you're curious, you can do so via dopplr.

Right now I'm in Lisbon. I'm exhausted, and have talks to prepare for YAPC::EU. However I suspect a bath and a snooze is going to trump talk preparation for once.

30 Jul 2009 (updated 30 Jul 2009 at 01:31 UTC) »

OSCON 2009 adventures
I think that I've found a new term to describe myself. Adventuretarian. I live off adventure.

This was my second year at OSCON, and my first visit to San Jose. Unlike last year, where I was a self-described OSCON rockstar, this year I was happy to take a more relaxed approach. I wasn't giving as many talks, the talks I gave were all quite technical, and I didn't keynote. However, that doesn't mean I didn't have fun; far from it!

This OSCON I played around a bit with outfits. I'd picked up a pirate hat earlier in Portland, and used it in my tutorial when talking about PAR, the Perl Archiver. The hat ended up being one of my best fashion decisions ever, as it found its way into photo shoots, restaurants, and social events. In terms of getting noticed, or being popular with small children, or having random people say "Arrrr..." as they walk past, a pirate's hat is awesome.

My other outfit was my Star Trek uniform, used for my talk on The Art of Klingon Programming. It's not something I can ever imagining wearing for more than an hour or two at a time, as it's hot, and doesn't breathe. Of course, it's fantastic when you want to hang out with the cast of Trek in the Park.

Talking of The Art of Klingon Programming, it looked like it came across smashingly well, but I had forgotten to remind the audience to rate the talk if they liked it. So if you were there, and you enjoyed the session, go rate it now. ;)

I went to less parties than last year, and so met fewer people, but I was able to spend more time with people who I really enjoy as a result. One of the highlights was a beach trip down to Santa Cruz and around to Half Moon Bay, with some pretty spectacular beaches, cliffs, and even a light-house.

San Francisco
After the conference was a trip to San Francisco, staying with Julian (the most amazing photographer ever), and Jackie (the most amazing story-teller ever). Julian and Jackie's house was a hub of creativity and creative people. If I hadn't been so happily exhausted for OSCON I would have made more of it, but as it was I feel I was almost bordering on impolite by crashing and immersing myself in e-mail.

The next day involved a relocation to Skud's house, a home-cooked meal (my first since Schwern's excellent cooking in Portland), and discussions about San Francisco burrito etiquette, gender issues, booth babes, Australian history, pirates, musicals, and conferences. Skud, Schwern, Jacinta, myself, Valorie, and Andre, who I thought I had never met went out for lunch and ice-cream. Of course, in true small world fashion, Andre was Australian, and knew me from linux.conf.au. He's now working for Pixar, which sounds pretty sweet.

My last day in America involved Schwern, Jacinta, and myself going of a tour of the more touristy parts of San Francisco. Crabs and clam chowder seem to be a big deal in these parts, and I was given a "sample" of chocolate that I'm sure provided me with my daily intake of sugar in a single bite. Unfortunately we didn't have enough time for a big get-together of all the SF residents and visitors before I had to fly out. The flight home was good, with an unexpected exit row seat providing lots of legroom.

The only downer of the whole experience is that Jacinta had managed to wrangle me a cool (first generation) Google Android phone, which I discovered that I loved dearly, but which seemed to have fallen from my pocket inside the taxi home. Attempts to recover it were without success, and without having first recorded all the handset details I can't remote-brick the phone, so it's unlikely I'll ever see it again. Jacinta's now given me her android phone, and while I feel incredibly special and grateful, I'm paranoid about losing it, too!

Today I'm preparing my new laptop, which is about twice as awesome as my old one, comes with a three year worldwide warranty, and costs only a third of the price. Moore's Law + USA = Laptop win. I'm also paying bills, sending out invoices and faxes, paying super, catching up on tax, and generally doing all the things that keep a small business running.

Tonight I'm on a flight to Europe for YAPC::EU, which possibly represents the first conference ever where I have all my talks prepared and ready before the conference starts. I'll be back in Australia in a couple of weeks time, no doubt exhausted from my trip and looking forward to the next one.

Around the world with Perl
I've just finished my trip to the USA, which included adventures in Portland and San Francisco/San Jose and surrounds. I had a blast at OSCON, and will post memoirs soon. Right now I'm about to board a plane, fly back to Melbourne, do a stack of paperwork, and then fly off to Europe for YAPC::EU.

A huge thanks to everyone who brought me goodies, showed me around, took me adventuring, let me crash on their couch, took photographs, brought me food, gave me hugs, listened to my talks, commented on my talks, cycled back from hiking, took me to ice-cream, or any of the above. More blogging when I arrive back in Australia. ;)

Portland Adventures II
Today is my last day in Portland, and wow, what an adventure it's been. Friday was spent writing slides, relaxing in tea-houses (green mango bubble-tea with wifi rocks!), and a trip to Beer and Blog at the Green Dragon.

Beer and Blog I was particularly pleased with on many different levels. Ua had invited me to this fine establishment at last year's OSCON, and this represented me arriving, albeit a year late. I had a chance to socialise with cool new people, although I didn't realise just how cool some of them are until I did my research.

What made Beer and Blog really special was that during one of my conversations there was a comment that, "there's another Australian here, he's only just moved over". That other Australian was Mike McClure, with whom I went to University, but had not seen in about a decade!

Oh yes, Beer and Blog also had free beer. That also made it special. ;)

That evening was I was given a tour of Portland by Schwern, Kate, Ua, and Nick. That included beer, dinner, a walk along the river, and a trip to Voodoo Doughnuts. I'd been assured many times that my life would not be complete without having gone to Voodoo Doughnuts, and having been there, I can agree.

While I've been in Portland, Selena has been a wonderful host, and I'd felt that I'd been a terrible guest. Selena is a morning person, and I routinely came home late, slept in, and disappeared at odd times for ice-cream or doughnuts. On Saturday morning, I was determined to buck this trend. With thanks to Jacinta and Schwern who went on a secret ninja grocery mission, I got up extra-early and prepared breakfast. Coffee, juice, amazing toast, and an omelette made with thinly sliced super-fresh swiss brown mushrooms. The look on Selena's face and the huge thank-you hug made it all worthwhile. ;)

The rest of Sunday was amazing. After a snooze I made it to Trek in the Park. This is theatre at its absolute finest. Trek in the Park is brimming over with quality, humour, and superb acting. If you haven't seen it yet, then tonight and next weekend are your last chances to do so, and it won't cost you a cent.

I wore my starfleet uniform to Trek in the Park, which was a huge win. I had arrived a little late, but many members of the audience members must have assumed that I was part of the production, and as such I was able to get a rather nice seat. But the biggest win was the cast reaction; having a guy in uniform and an Australian accent seemed to be something special, which meant that I had no problems meeting the cast, learning about the production, and getting lots and lots of photographs. One amusing fact about the whole thing is that in true cosplay fashion, all the uniforms were made by Kirk's mum. ;)

In the evening was dinner with Stacy, one of my most favourite Portlandians. Stacy was my guide at OSCON 2008, where she gave up much of her time to show me around town, explain the local customs and delicacies, educate me regarding local mushrooms, and stop me from cycling on the wrong side of the road. Stacy was out and about bicycle-hiking this week, but cut short her trip and cycled all the way back to Portland in record time for dinner, making me feel incredibly special.

Today ends my Portland adventures, as I head to San Jose for OSCON 2009, where I'm presenting Doing Perl Right and The Art of Klingon Programming.

577 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!