I like the new Facebook

Thursday, Mar 19, 2009 9:04 am
William Barnes

I’m beginning to notice a pattern: every few months, Facebook changes something and every body protests the change, threatening to delete their accounts in response. I’m also aware of a trend: Facebook membership is increasing. If every person who protested the Feed, applications, the old new Facebook, the new new Facebook, etc were to actually leave, I’d have about 5 friends and Facebook wouldn’t have 175 million users. I don’t and it does, so I have to conclude that all the threats are empty. And of course, I’m sure Zuckerberg has concluded the same thing.

Why are people so afraid of new things? It’s not just Facebook. People protested the round start button in Vista, the new start menu in XP, the ribbon bar in Office. I can understand why my 70 year old relatives–who learn to use the computer by memorizing very specific instructions–don’t like it when things change, but why are people in their twenties and teens demanding that everything stand still?

Change is good. Change means progress. The new Facebook is better than the old one. Even if were not better, the answer is not to step backwards, but to take yet another step forwards.

Browser Wars (C'mon it's 2009)

Sunday, Mar 15, 2009 12:42 pm
William Barnes

Why are people still talking about web browsers like it’s 1995? The EU wants to force Microsoft to include competing browsers with Windows. It came up on the last episode of Cranky Geeks and Sebastian Rupley, of course, thinks it’s a great idea. It’s a horrible idea, poor Microsoft.

Twelve years ago, Microsoft started bundling Internet Explorer with Windows. No doubt, this kinda sucked for Netscape. People had less incentive to download Netscape (which was free) because they already had Internet Explorer (for free). Of course, later versions of Netscape were horrible and buggy, but most people gloss over that fact. Today, Internet Explorer competes mainly with Firefox (and to a lesser extent with Opera, Safari, and Chrome).

I’m resisting using the term “tying” since tying has a more specific meaning in competition law—requiring users of a product over which you have a monopoly to use a supporting product over which you do not—that I don’t think applies to what Microsoft did. Microsoft never forced Windows users to use Internet Explorer. They lowered the barrier to using it and made it impossible to remove, but it was always optional. They relied on the fact that most users don’t care what browser they use and would not bother to take a minute out of their day to switch.

In theory, bundling is still bad because they are using their dominance in one area to their advantage in another. Yet, what did Microsoft gain by pushing Netscape out of business? Market share? What is the value of 100% of the market for a free product? Microsoft’s tactics had nothing to do with Netscape itself. They were trying to make Windows more attractive to people buying a computer. Remember Active Desktop? They were trying to incorporate the web into the operating system; to replace the web browser rather than dominate the market.

Even if bundling was bad a decade ago, it is not a problem now. Can you imagine how people would react if Windows did not come with a web browser? If they had to go to Staples and buy a web browser in a box or download it via ftp? In 2009, the browser is just another accessory people expect to find on their computer. Microsoft also includes Paint, Notepad, Calculator, the clock, a suite of games, and numerous other products all of which have commercially available alternatives. For some reason, the browser has caught hold in the conciousness of the EU as being an accessory especially worthy of alternatives. I see no reason why, if Microsoft is going to include a program with Windows, they shouldn’t choose to include their own. It’s the way the world progresses. There was a time when you needed to buy a separate tuner box to get cable on your TV, until TVs integrated the tuners. There was a time when you had to buy a radio and install it in your car, now radios are standard. All Microsoft is doing is making their operating system do the minimum people expect it to do out of the box. It’s not their fault that most people are content with that.

Posted from Firefox 3 running on Ubuntu 8.10.

Offline Gmail

Wednesday, Feb 4, 2009 11:25 am
William Barnes

Gmail has finally added support for Google Gears. This is great if you feel the urge to type an email or need to look something up while stuck in the Moot Court Room. Or if you’re annoyed by the intermittent connectivity in other areas of the school (ever click on a message and have to wait five minutes for it to load?) Gears will overcome that by caching all your email on your computer.

Enable it in Gmail Labs (Settings->Labs->Offline) and then click the new “Offline” link that appears in the upper right of Gmail.

Managing Gmail

Saturday, Jan 31, 2009 1:13 pm
William Barnes

It has now been a few months since I switched to Gmail. Here is what I’ve learned.

Extensions

There are two Firefox extensions that are absolutely great:

Better Gmail 2 is a collection of Greasemonkey scripts that customize the Gmail interface in various interesting ways. Folders4Gmail allows you to create nested labels. There’s a script that moves the new mail count to the start of the window title (so you can see it when the end of the title is cut off in a tab or the taskbar). You can hide the chat and invite boxes in the left column. Good stuff.

folders4gmail

Gmail S/MIME lets you send and read signed and encrypted mail. You’ll also need an email certificate (Thawte has good free ones).

Filters

Labels are great but it’s still a pain to actually label all your messages. So create filters. I have all my email addresses forwarded to Gmail, so I have filters that label mail from each one (so my @webarnes.ca address gets label F/W and my @utoronto.ca address is label F/UT). I briefly considered Getting Things Done but found it too complex. I did, however, steal a few ideas. I have a set of “projects” labels (P/UTL for law school, P/LR for law review, P/CS for CourtServices). And of course filters to do most of the work. Here’s a good one:

From: (prof.one || prof.two || prof.three)@utoronto.ca, Label with: "P/UTL"

What does it do? Any email coming from one of the specified professors (just a list of all my profs) gets labelled as being part of the law school project. I wish Google would just let you create contact groups and label email from the group, but this is close enough.

Other stuff

Every once in a while I see people checking their email and they have hundreds of read messages in their Inbox. The greatest feature of Gmail is “archive”. After you read an email, click the “Archive” button and it disappears from your Inbox. But where did it go? It’s still there; it’s in the “All Mail” view at the left side. But if you happen to be one of those people with hundreds of messages in your Inbox, you’ll be amazed at how much better it feels to only have one or two. Of course, if you want to leave it in your inbox (to finish reading later, perhaps) then you just leave it there. Just use the Inbox for stuff you haven’t read or that you intend to re-read imminently.

If you use Remember The Milk, then there is an extension that not only puts your Todo list in the sidebar on Gmail, but can automatically create tasks and link them to a specific email when you Star a message.

I am considering getting rid of Remember The Milk and just sending myself emails with Todo items and using Gmail to manage my Todo list completely. I might steal from GTD a little more and make S/Action, S/Complete, etc labels. Remember The Milk is great, but it’s just another service that I have to pay attention to.

The University of Toronto claims that there is some difficulty in forwarding messages to Gmail but they are terribly unspecific. I have a filter to prevent email from the school from being marked as spam, but they seem to indicate that the problem isn’t simply that. So instead of forwarding my utoronto.ca email to Gmail, I’m using POP to collect it. That should reduce the chances of Gmail bouncing a forwarded message (not that this seems very likely to begin with). Of course, it introduces the possibility of a delay since Gmail only checks every hour, but you can always force it to check for new email now if you’re expecting something.

There is also this post on backing up Gmail.

Update 4:57pm

How to force Gmail to check for new mail on your utoronto.ca (or other) POP account: Settings->Accounts->Check mail now

gmail

Unabashed sharing

Wednesday, Jan 21, 2009 11:45 pm
William Barnes

When this post on social networking was published by Rex Shoyama at IP Osgoode I tried a few times to write a comment on it, but each comment turned into a thoroughly rambling essay (to borrow a phrase). Social networking is, after all, a subject I have strong feelings about. But then I remembered: I’ve got a blog, I can post whatever I want there and it doesn’t matter if I ramble.

The article discusses a website (Power.com) that has found itself in a touch of legal trouble for offering an alternative front-end to Facebook (and other social networks, but Facebook is the one suing). What follows are just trains of thought that sprang from the article.

Ownership of profile data

Some people who are critical of Facebook’s position also feel that the users “own” the data in their profiles and therefore should not be stopped from using a service like Power.com.

“Some people” are going a bit far. Even if we own the information about ourselves in some manner, it doesn’t lead to a right to access it in any way we choose. Analogy time: I own a fancy watch that I store in a bank vault; do I have the right to access it with a bulldozer? Even though the watch is my property, my access is subject to conditions.

The desirability of “unabashed sharing”

We may want to query whether or not the ability to easily copy content from a friend’s profile in Facebook into other different social networks is necessarily a good thing (that particular friend may have made assumptions about how his Facebook content would be used and might not want his Facebook photos shared outside of Facebook).

I’m not sure the issue with Power.com is copying content from a friend’s profile to another social network. Rex may be addressing a concern raised elsewhere while he was researching; it doesn’t seem to tie in quite right with the rest of his article. But, that aside, it’s a fun question.

Power.com appears to simply query Facebook with your login credentials and reformat the data, giving you some extra functionality. In other words, it seems to be just a proxy. There is, of course, the potential for a service that would cache the information it gets using your login data. Such a service would be granted access to any information you have access to. Two issues spring to mind: (1) your friend hasn’t authorized the third-party service to see their data, (2) the data will lose its privacy meta-data and, if shared by the third-party, be exposed to people it was not meant for.

Regarding the first issue: unencrypted web traffic travels through so many third parties it’s hard to consider this imposition of just one more a serious violation. The second is more compelling. A user, Alan, might post a private photo on Facebook relying on Facebook’s privacy controls. Bob accesses Alan’s profile through a third party service, 3P. Charlie then uses 3P to access Alan’s profile which, handily, is already cached. 3P saves time by showing the same version Bob saw. Problem: 3P didn’t know that only Bob was allowed to see Alan’s photo. Oops.

I can see why you might want to limit where your profile data shows up, but I am of the opinion that trying to maintain such control is unrealistic. Social networks are designed to spread information fast and far. Privacy is an afterthought. The solution to users maintain control over their personal information is not to erect barriers that give only a false sense of security. People need to learn to keep their profiles clean: if a picture is embarrassing, don’t post it; if a wall-post is scandalous, delete it. Employers, girlfriends, parents, they’ll find a way to see it if they really want to. If you absolutely must share something with a few people that you could not stand to get out in the open, then use a service built for that purpose.

This is not to say “get rid of privacy controls.” But privacy controls on social networks can only provide a little bit of resistance, they won’t keep information secret.

Let the flowers breathe?

Ultimately, it seems prudent to encourage the taking of measured steps towards finding better ways to achieve desirable interoperability between social networks, rather than jumping right over the “walled gardens”.

I’m not much for prudence. I think that fewer walls are better for privacy. The fewer barriers there are and the easier it is to get most information, the less incentive there will be to take the rest.

If Facebook allowed other networks simple access to lists of content available through your account, then why would those networks need to actually access the content? MySpace might know that one of my friends posted a photo on their Facebook account, but there is no reason that photo can’t remain hosted at Facebook and subject to their privacy controls. It wouldn’t prevent people from developing an application like Power.com, but nothing will. The only solution is to stop people from needing such a service.

Take down the walls from the inside and fast, then people won’t tear them down from outside.

Backing up Gmail on an Ubuntu mailserver

Wednesday, Dec 31, 2008 12:47 pm
William Barnes

Backstory

I used to run my own Courier/Postfix mailserver to manage my family’s email (technically, I still do, but more later). Of late, I’ve been finding this to be a little bit of a hassle. Mostly because my laptop battery occasionally dies and I want to check my email from a public computer. This is a less than optimal situation. I have to run a webmail program on the server (RoundCube is nice though) and I have to type my server login into a strange computer. So I decided to switch to Gmail and it is wonderful. I like the interface, I can use a different password for it than for my home network, and somebody else does the work of keeping it running.

But I’m not too thrilled about all my email “living in the cloud.” I trust Google. I have no choice. If I’m going to give personal information to anyone, it would probably be to Google (since they probably already know more about me than I do). But there is always the chance that they will turn off POP/IMAP access to my email and it will be trapped there. Multiple simultaneous meteor strikes could destroy the data centres where my email is housed. If that happens, I’ll be unable to find all my LOLcat emails. That just wouldn’t do.

Solution

Enable POP on Gmail, download the email with Fetchmail, archive it to Amazon S3 once a month.

POP on Gmail

Gmail POP

In Gmail: open Settings; choose the “Forwarding and POP/IMAP” tab; choose one of the “Enable POP” options.

Download with Fetchmail

You’ll need to have a mailserver running on your computer. I suggest Postfix. You’ll probably also want to get access to your mail. If you’re installing this on your desktop, then most clients will be able to access your Maildir directly. If you’re installing this on a server, I suggest Courier. Both of these are available through apt. I would suggest reading a more detailed tutorial (see esp. pg. 5-6) if you have never done this before.

You will of course need fetchmail (sudo apt-get install fetchmail). You need a config file (sudo touch /etc/fetchmailrc & chmod 600 /etc/fetchmailrc) with your email addresses and passwords like so:

set daemon 3600

poll pop.gmail.com port 995 with protocol pop3
        user {gmailuser}@gmail.com with password {gmailpassword} is {localuser} here options ssl

Replace {gmailuser} with your Gmail username, {gmailpassword} with your Gmail password, and {localuser} with your username on your Linux box. Run sudo /etc/fetchmail restart and your email should be getting downloaded to your computer.

Archiving

You might be fine stopping there. You now have a local copy of all your mail. On the other hand, maybe you want more. It would be nice to have the mail sorted into folders automatically and it would be nice to have a second copy. I have a cron.monthly script that automatically sorts my Inbox into folders by month and year and copies the archived mail to Amazon S3.

The cleanup-maildir python script can be found here (check the comments for a bug fix). Copy that to somewhere in your $PATH (try /usr/local/bin). My archive script can be found here (or Bzip2 compressed). Copy it to someplace like /usr/local/bin and create an executable file in /etc/cron.monthly which contains a line like: maildir-backup /mnt/backup/Mail/username username. The first parameter is the backup destination and the second one is the local user to back up.

You can use the command-line version of JungleDisk to mount your Amazon S3 space and set that as your backup destination.

Hopefully this helps somebody someday. If nothing else, now I’ll remember what I did for when I upgrade my server next.

My First Computer

Friday, Oct 17, 2008 5:33 pm
William Barnes

My very first computer (a Kaypro). Interesting side note: I scanned this at very high resolution then scaled it down and I noticed that the quality of the picture got better as I increased the compression; dust and defects in the photo got blurred away as I moved the quality slider down. Well, I thought it was an interesting side note.

DNS Spoofing

Saturday, Aug 16, 2008 8:29 pm
William Barnes

I have been thinking about the big deal in security at the moment: DNS spoofing. Everybody, it seems, is all caught up in trying to figure out how to add more bits. They want to make DNS replies harder to spoof.

It seems to me that they are missing the problem. The problem is the way DNS servers handle in-bailiwick additional records. If I request an NXDOMAIN from an ISP, I can be reasonable assured that a request will be made by the ISP to Google’s nameservers (which are probably already cached). I can then spam the ISP DNS server with fake replies hoping I stumble on the right combination of port and transaction ID. My replies will include a record for my NXDOMAIN and also an additional record giving new IP address for Google’s nameservers. From then on, the ISP will turn to my provided IP rather than Google. Eventually I can provide it with fake records for www.google.com and other useful subdomains.

My question: why should the ISP overwrite the information it has already cached? Additional records should be ignored unless they are needed for the current query (as in the case of glue).

I know this doesn’t prevent DNS spoofing, but it does significantly lower the value of the attack. You may be able to plant a record for as7230hf.google.com, but you won’t be able to overwrite their nameservers.

Maybe I’m missing something. Maybe there really is a critical reason to allow a nameserver to tell you that it isn’t where it is. But I don’t think so.

Improving Tabs

Sunday, Jul 6, 2008 2:00 pm
William Barnes

Tabs are great. Nobody wants to have a window for every document they currently have open. However, they’re not perfect. Every implementation I’ve ever run across has the same flaw: when you have too many tabs they scroll off to the side. This is especially annoying when editing source code. I often have 10 or so files open at once, but Quanta’s tab bar will only display about 5 or 6. So when I want to switch files, I have to click the arrow multiple times until the tab I want scrolls into view. Annoying.

Tabs Before

Here’s my idea:

Instead of having buttons to scroll back and forth, have a button that extends the tabs vertically. So if you have three times as many tabs as can be displayed, it should show three rows of tabs. The extension should float on top of the document rather than resizing the chrome.

Rows of tabs

I used Firefox as an example because I figured it would be most familiar to potential readers, but this could (and maybe should) be used in any tab bar implementation.

I should also note that Firefox has a little vertical arrow that gives you a dropdown list of your tabs. This is ok, but it means a second kind of UI element for users to interact with and eventually, you will run out of vertical space as well. Plus, I find it more tiring to move the mouse vertically than horizontally. Maybe I’m just weird.