Older blog entries for pjf (starting at number 590)

Fun with QR Codes and Perl
Short blog today, but cool tech. I've been playing around with 2D barcodes recently, and have just pushed a Perl Tip on generating QR Codes with Perl. Given how incredibly easy this is, I'm tempted to generate huge numbers of these and go sticking them around town for my own nefarious purposes. ;)

29 Sep 2009 (updated 29 Sep 2009 at 15:03 UTC) »

Today I broke a world record, and got on TV

Achievements for today:

Perl for Android

I have an Android phone. I love it. After scanning a barcode it now runs Perl. Sure, the example Hello World program dies with an error, but there's already a patch to fix that.

This is a massively exciting achievement for me, and is even better for it having all of ninety seconds. It's now tantalisingly easy to do some pretty amazing things from my phone. I don't think I'm going to be short for a project any time soon.

Talk like a Pirate Day
This Saturday was International Talk Like a Pirate Day, as well as Software Freedom Day. This year I sided with the pirates, donned a particularly swashbuckling outfit, and joined about 150 other pirates to march through Melbourne, fight off ninjas, and singing the only sea-shanty known by every member of our scurvy crew.

Afterwards, there was the world's best pirate cake, crafted by jarich.

I have some pictures of the day and the party, including the Jolly Tux. For those people on Facebook, there's a lot of photos on-line.

What's new in Perl 5.10.1
For those who missed it, Perl Training Australa has a new Perl Tip on What's New in Perl 5.10.1.

Rocking out at MXUG
For a while, Melbourne has been running MXUG, the Melbourne X Users Group, where X is a technology you're interested in. It has a nice format: 15 minute talks, timed, with five minutes for questions. Then beer, pizza, lightning talks, and a trip down to the pub.

Despite me apparently living in Melbourne, I've never attended a MXUG meeting, but I'd been hearing good reports about them. Apparently one can become a speaker just by adding themselves to the speakers list (which is editable by members), and so I aggressively volunteered to give my (still formative) talk on facebook privacy.

The talk went really well. The audience was warm, interactive, and laughed at all my jokes, even the really lame ones. Since I judge my self-worth on the size and enthusiasm of my audience, I decided that I really liked MXUG. Normally, that would be enough for me to call the night a success.

However enough people asked me about how I used my wiimote as a presentation device, so I volunteered for one of the five minute lightning talks. I had no slides. I did no preparation. I spent all the time I'd normally be working on my talk eating pizza, drinking beer, and talking to MXUG members.

So I was especially happy when I showed off how to use Xwii to enable a tilt mouse, and as a presentation device. I then showed off how I could use the wiimote to control my music player, and sung a few bars from "I've got a feeling" from Buffy on stage. That would normally be enough to count the night as doubly-awesome, but oh no! It gets better.

My last Xwii profile showed how I can hook into a Guitar Hero controller, "but I don't have one of those here, so I can't show you". Sure enough, someone produces a guitar out of nowhere. A few seconds to pair it with my machine, a few more seconds to start up Frets on Fire, and I am rocking out on stage in front of a cheering crowd of 50 people.

I then got to sit back down in the audience, and read about my exploits on twitter. ;)

That, ladies and gentlemen, was my thrice-awesome night at MXUG.

Facebook Privacy talk at BarCampMelbourne
This weekend at BarCampMelbourne I gave a talk on Facebook privacy, and what information I was able to extract from the API using some reasonable simple Perl programs. Due to the incredibly fast efforts of Avi Miller, this talk is now available on-line. If you're reading this blog on my main blog, then you can also watch it below:

<embed src="http://blip.tv/play/AYGgggoC" type="application/x-shockwave-flash" width="480" height="390" allowscriptaccess="always" allowfullscreen="true"></embed>

You can also watch the talk on the BarCampMelbourne channel on blip.tv.

As mentioned at the end of my talk, you can be kept up-to-date on my research by joining my facebook study privacy group, or the google group, as well as my blog.

Dark Stalking on Facebook
For a while I've been using Facebook's API and Facebook Query Language (FQL) via Perl's WWW::Facebook::API module to run fairly innocent queries on my friends. If I visit a town, I'd like a reminder of who lives there. If I want to go rock-climbing, it helps if I can easily search to see which of my friends share that hobby. This is good, innocent stuff, and makes me glad to be a developer.

Last week I decided to play with event searches. If a large number of my friends are attending an event, there's a good chance I'll find it interesting, and I'd like to know about it. FQL makes this sort of thing really easy; in fact, finding all your friends' events is on their Sample FQL Queries page.

Using the example provided by Facebook, I dropped the query into my sandbox, and looked at the results which came back. The results were disturbing. I didn't just get back future events my friends were attending. I got everything they had been invited to: past and present, attending or not.

I didn't sleep well that night. I didn't expect Facebook to share past event info. I didn't expect it to share info when people had declined those events. I haven't found any way of retrieving friends' past events using Facebook's website, but using FQL made it easy. Somehow, implicitly, I thought old events would fade away, only viewable to those who already knew about them. I didn't expect them to stick around for my code to harvest, potentially years into the future.

Finding my friends' old events crossed a moral boundary I honestly didn't expect to encounter. Without intending, I really felt like I was snooping. It didn't matter that these friends had agreed to share this information under the Facebook terms and conditions. I would personally feel uncomfortable with this much information being so readily available, and assume my friends would feel the same.

However my accidental crossing of moral boundaries wasn't the only thing that kept me awake last night. I was also kept awake by wondering just how much information could I tease out of the Facebook API. What could I discover? What if I were evil?

However I'm not evil, so I put my code on hold for a while and made a call for volunteers. I'd be restricting myself to just using the Facebook API, and without them installing any additional applications. I wouldn't share their data in any way, but I'd be able to inspect and use it, and would try to provide them with a copy when I was done. To be honest, I was surprised by the response; I now have almost two dozen people who have agreed to participate, covering a wide range of lifestyles and privacy settings.

The results have been very interesting. I expected to be able to obtain personal information, including things like events, photographs, and friends; it doesn't take much imagination with the FQL tables to find those. What was most interesting are some of the more creative queries I was able to run.

Most recently, I've been able to obtain status feeds, even for users who have very tight privacy settings, although I had to tweak my own application's privileges to do so. I don't know how far into the past these go, but they also come with likes information, and comments. This gives me a wealth of information on the strength and types of relationships people have. A person who comments a lot on another user's posts probably finds that user interesting. If I descended into keyword and text analysis, I may even be able to determine how they find that user interesting.

But by far the most interesting part of all of this have been dark users. Like dark matter, these users are not directly observable, usually because they've completely disabled API access. In fact, some of these users are completely dark unless you're a friend. They don't show up in search results. They don't show up on friends' lists. You can't send them messages. If you try to navigate to their user page (assuming you know it exists), you get redirected back to your homepage. These users have their privacy settings turned up real high, and are supposed to be hard to find.

However like dark matter, dark users are observable due to their effects on the rest of the universe. If a dark user comments on a stream entry, I can see that comment. More importantly, I can see their user-ID, and I can generate a URL to a page that will contain their name. I can then watch for their activities elsewhere. Granted, I can't directly search for their activity, but I can observe their effects on my friends. For want of a better term, I've been calling this "dark stalking".

What makes this all rather chilling is that I'm doing all of this via the application API. If your friend has installed an application, then it can access quite a lot of information about you, unless you turn it off. If your friend has granted the application the read_stream privilege, then it can read your status stream. Even if a friend of a friend has done this, and you comment on your friend's status entries, it's possible to infer your existence and retrieve those discussions through dark stalking.

While I've always considered people's own carelessness to be the biggest threats to their own privacy, in the social 2.0 world it seems we need to be increasingly worried about our friends, too!

I'm preparing a detailed paper with the results of my research (which is still ongoing), but I will be presenting my preliminary findings at BarCampMelbourne, this weekend (11-12th September 2009), with a further update at the University of Tasmania Computing Society (TUCS) on the 2nd October. A conference talk will invariably follow.

If you want to keep track of my research, then you can join the facebook group, or the facebook privacy group. I prefer comments and questions to directly to the facebook privacy group, or to me directly.

BarCampMelbourne and Social 2.0
In a week's time I'll be attending BarCampMelbourne. Registrations close on September 7th, so if you want to attend, now's the time to register.

Now, BarCamps are pretty cool, but I'm particularly excited about this one because I'm going to be doing a talk on something I've been playing with for a while, which is having an Augmented Social Life, or just Social 2.0.

In the last few years, social networks have flourished, and an unprecedented amount of private data is available on-line. I'll be demonstrating how to use modern social networks to improve your social life. That includes techniques on turning Facebook into beer.

However what I find most fascinating is from a privacy standpoint. Whenever I find a social network, I go looking for an API, and some APIs are more revealing than others. In particular, Facebook provides Facebook Query Language (FQL), which allows for some incredibly powerful queries. What makes it particularly scary is that with the default privacy settings, one can mine a huge amount of private information by having a friend who has installed an ethically bankrupt application.

I'll be giving some rather real-world examples of using and abusing facebook. Some are good, like reminding you which friends are in a city you're visiting, or which friends share a particular hobby. However many are more scary. I can demonstrate how to find people you've met at events, based purely on their first name. How to look into other people's past, and see what they were doing years ago. How to find out what applications your friends have installed.

Of course, I'll be doing all my examples in Perl, many using the excellent WWW::Facebook::API module.

Perl 5.10.1 released
I have a commitment to blog about Perl every week, and this week I was really worried about what I'd write. I've just returned from five weeks of International travel, and my scant time back in Melbourne has been spent taking photos at Manifest, rather than working on anything technical.

It's good that I haven't done anything newsworthy, because it would be completely over-ridden by the news that Perl 5.10.1 has been released. This release has a special place in my heart, as 5.10.1 includes autodie as a core module, and as most of you know, I'm very fond of autodie.

I'm in the process of writing a "What's New in Perl 5.10.1" summary, which will appear as a Perl Tip in the next couple of days. Subscribe by e-mail, Atom, or Facebook if you want to see the tip as soon as it goes out.

UK and Ireland thank-yous
I've spent the last few days travelling around the UK and Ireland, and it's just been lovely. By far one of the nicest things about travelling is the hospitality and generosity of the Perl community, and so I want to take a moment to say thank-you to a few special people who made my travels so enjoyable.

Thank-you to Drew, Kimberley, and Samantha for giving up their home in Dublin, driving around two crazy Australians, and picking us up when we get completely lost. An extra special thanks to Kimberley for some amazing cooking; it's not every day that we get to stay with a professional chef!

Thank-you to Murray and Becky for giving us booze, conversation, lodging, and wifi in their most amazing Edinburgh home. I really wish I got to spend more time in Edinburgh; both the city and its people are beautiful, and haggis is plentiful and tasty.

Thank-you to Andy Armstrong for driving us around the spectacular English countryside, putting us up for the night (and sleeping on the couch!), and then driving us on to Darlington. Given the cost of trains in the UK, Andy saved us a small fortune. Particular thanks goes to Andy for the trip to Hadrian's Wall and Vercovicium, which was spectacular!

Thank-you to my Great Aunt Jennie, who isn't at all involved in the Perl community, but gave us lunch, tea, great conversation, and acted as a guide for many miles of walking and photography around Darlington.

Thank-you to the charity shop five minutes walk from Great Aunt Jennie's house, which had an almost complete Space Hulk 1st Edition set with expansion cards for only £1.50.

Thank-you to Smylers, for putting us up in Leeds, and in particular for putting up with me running off around the city with my pirate friends.

Finally, thank-you to Léon Brocard for organising a London.pm meeting, and for Piers Cawley for the lift to the airport.

YAPC::EU 2009 microreport
I'm still travelling, and so I don't have a reliable sources of connectivity, time, or caffeine. As such, this report is much briefer than I would like.

I made it to YAPC::EU 2009 and survived. As my first YAPC ever, it was great to be at a conference where I could assume that everyone knew Perl. It was also great to meet a number of the people who I'd been working with on-line for years, but never met in person.

It seems that lots of people use autodie. That's good, because it's hard to gauge feelings and reactions on-line, but it's easy when a small group grabs one after a talk and asks detailed questions about its internals. There seems to be a lot of demand for autodie to provide the ability for third-party code to see if it's enabled, and also a lot of demand (not least for me) for Perl to call a special method on exception objects if they're about to kill one's process, as opposed to be caught and handled.

The conference highlight for me were the people. They were very warm, very willing to participate, and heckled only about things I could easily answer. I suspect that means they were also being very nice, since they were a very knowledgeable audience. Privately, everyone was extremely accommodating. Apparently travelling from Australia makes one special, and I felt very special indeed from all the attention.

Looks like I'm out of time for this entry already. I've got yet another flight tomorrow, so I'll try to squeeze out some writing on the plane.

581 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!