Monday, December 1, 2008

HOWTO: Make the perfect office mocha

First off I'm not going to get into the discussion of what a "mocha" is. If you are going to go all high brow on me and start complaining that there is no espresso in this drink then just go away now, this post is not for you.

These are desperate times with limited low quality supplies, and our goal is to make the best tasting chocolate flavored coffee beverage possible from what we can scrounge from the break room.

  • Coffee
  • Hot Chocolate Mix
  • Half and Half
  • Begin preparing a new batch of "delicious" Newport coffee. 
  • Empty the Smiss Miss hot Chocolate powder (make sure you get the one with sugar, not the "No sugar added" stuff) into the styrofoam cup.
  • Add five (5), no more no less, of the Mini Moo's Half and Half to the hot chocolate mix
  • Stir mixture with a red coffee stirrer until well combined.
  • Add freshly brewed coffee to fill the cup and stir to mix.
  • DO NOT use the white coffee stirrers, they are too weak and will bend and frustrate you. I reccomend using two white stirrers held together if a red one can not be found.
  • DO experiment with different flavors of coffee. The hazelnut blend tastes great with the chocolate flavor.
  • DO NOT use any more or less than 5 of those little tubs of Half and Half. 5 tubs is the perfect amount.
  • DO NOT put the coffee in the cup first, it is too dificult to mix the cocoa powder evenly, and you lose out on the foam created when you mix it beforehand.

Pictures to come when I get around to bringing my camera into work.

Tuesday, September 2, 2008

Google Chrome overlooks one small security flaw

The release of Google Chrome today, the new open source browser by Google today has the whole internet talking. If you want an exhasutive review you can look elsewhere, everyone has it covered.

One thing I haven't seen discussed anywhere is the lack of the ability to secure my stored passwords. I often let other people just my laptop to check the internet, and while I would trust almost everyone I give access to, I still feel unsecure when all of my passwords can be revealed to someone with just a few simple clicks.

Google Chrome - Show Saved Passwords

What they did get right is that (at least for Gmail) the browser doesn't attempt to store my password until I successfully log in, so I no longer have 2 or 3 incorrect credentials in every login box.

It's a simple fix that the Google engineerers overlooked and hopefully will be released in the next iteration.

Monday, August 4, 2008

Inheriting before_filters and naming collisions

I've been using Ruby on Rails on and off now for over a year for different kinds of projects. It's great for a quick prototype or creating simple web applications, but there is so much "rails magic" that goes on behind the scenes that I doubt anyone really knows how Rails works.

As a programmer, I like to know how every part of my application works, especially when I need to debug a problem when something isn't working right.

When I started working today I updated my local copy to the head revision in the repo, and after I logged into our application, I was redirected to the edit user page (this was expected), but I was shown the error "Couldn't find User without an ID". As I continued to play around, I noticed that logging in worked fine until I went to a page handled by my Users controller.

The only change since the update in the users controller was in the login method:

class UsersController < ApplicationController
def login
session[:user] = nil
The addition of the single line in it was the only change, but it makes sense; when someone accesses the log in page, the current user should probably be logged out. Since this was the only change, I removed the line, and magically everything seemed to work again.

But why would this cause the session[:user] to be set to nil whenever I hit the Users Controller. The answer to that lies within my Application Controller which users a before_filter :login to make sure you are logged in before you can access anything in the site.

class ApplicationController < ActionController::Base
before_filter :login

def login
if !session[:user]
session[:previous_page] = request.request_uri
redirect_to "/users/login"

end p.s. Yes, I do irrationally hate the unless method :P

As it turns out, the before_filter is inherited by all of the subclasses of my Application Controller, which is all of them. This allows the before_filter to be called no matter which controller is hit.

However, since I also have a login method in my Users Controller, a naming collision occurred and whenever I accessed the Users Controller, the login method (the one in the Users Controller) would be called. This would clear session[:user], which is what caused the errors.

My first step in solving the problem was to rename the login method in my Application controller

class ApplicationController < ActionController::Base
before_filter :check_user_logged_in

def check_user_logged_in
if !session[:user]
session[:previous_page] = request.request_uri
redirect_to "/users/login"


This should stop the naming collision, but it also caused a new error for me; I would go into an infinite redirect loop when I would go to the log in page. The application would check to see if a user was logged in, which there was not, and redirect to the login page. Before loading the login page, the filter was called again, and the same result happened ad infinitum.

The solution to this problem was to add a skip_before_filter to my Users controller, which would override the before filter in the Application controller so it would not be called.

class UsersController < ApplicationController
skip_before_filter :check_user_logged_in, :only => ["login", "authenticate"]

def login
session[:user] = nil

def authenticate
#code for handling user authentication went here

Now, when we access the login page, we still clear any logged in user, but the before_filter doesn't check for a logged in User when we go here, as well as when we go through the authenticate method.

This should fix the problems I was having, but with Rails theres always another mysterious bug lurking behind the great unknown.

Sunday, May 25, 2008

13 things I would work on to make Pandora better

Pandora is a great service, it plays music I like, and I'm often finding new music that I like. It has almost completely replaced my desktop music player when I'm at my computer.

In no particular order, here are some of my suggestions on how to improve Pandora. (Disclaimer: I use Pandora, and due to my affiliation would like to see what's best for the company)

  1. Link to Wikipedia for Artist information. I found a new band I've never heard of and I like this song. Great! I go into the song menu and I click on 'Artist'. I get a a short blurb about the artist if I'm lucky, worst case I get a nearly blank page. Link to the wikipedia content, because your pages suck.

  2. Don't skip songs I like. This new song is awesome! I'm going to create a new station from it (which I prefer to creating stations from artists - you get a more focused station). Wait! You found what I wanted, but you stopped playing what I was listening to and switched to the other station, and I don't get to finish the song I liked.

  3. Dump Flash. It takes a lot of memory on my computer. I've noticed times when I have to reload the whole page, usually when changing stations. I'm not the only one that notices how buggy your implementation in Flash is. Wendy Boswell at Lifehacker writes that she sees a 23% increase in CPU usage when Pandora is in a tab in Firefox, or in it's own window.

  4. Play music videos. Link to YouTube pages, allow artists to upload their own videos, make your own integrated player. I don't really care how you do it, as long as if I want to watch a video you make it easy to find it.

  5. Give me statistics. How do I find out what kind of music I like? I want something better than just what stations I've created. I want to see what song's I thumbed up/down, what genres or musical attributes the song has. I want to see the trends in my music preferences since I started using the service.

  6. Let your users contribute. By providing basically only thumbs up/down, you are missing out on lots of data. I know you have your audiophiles who rate the songs, and they do a great job for the most part, but open up that data to your users, and allow your users to add value to your data. Tell me what the 400 characteristics for songs are, not just 30 or so. This could go well with a plugin architecture.

  7. I'm tired of this song. Give me the option to set how long you don't play a song for, instead of always 30 days.

  8. Make it easier to share radio stations. I don't use the social network built into Pandora at all, and I don't know anyone who does. I know that I can find the link to a station and send that to a friend, but I still want it to be easier, and see more people doing do. Yes, there is a link on the station to "Share This Station With a Friend" but the form only takes email addresses, which is not the easiest way for me to send things to my friends.

  9. Pandora Mobile. I would gladly pay the $36 per year fee to access if I had an AT&T or Sprint phone, but I don't, and I probably wont switch carriers until I can get a web and flash enabled phone.

  10. Song Queue. Provide a list of the next songs to be played on a station. I know this can change dynamically, but that doesn't prevent you from doing this. I should be able to remove a song that I know I don't like before it plays.

  11. Pandora can get too repetitive. The other night I was listening to a station, and heard a familiar song. I looked back and it was played only 21 songs ago, and it wasn't even a song I gave a thumbs up to. That just made me waste one of my "6 per hour, per station, or per QuickMix". [from FAQ] What does skipping a song do? How many skips do I get per hour?

  12. Don't keep playing a song I dislike. I know you have weird regulations that require you to do this, but you need to do more than suggest I switch to another station. Give me a list of stations I can switch to, or even better, this is a good time to recommend a new station to me.

  13. Sleep timer. Pandora times out and stops playing music after 3 hours. Why not let me set a timer for earlier as well, 3 hours is too long for me to listen to when I go to sleep, which is something I occasionally do.

Protip 1: What keyboard shortcuts are available? I personally didn't know there was any, and you have to click on the "tuner"(where you change the volume) before you can use them.

Protip 2: Start a classical station.

My stations are here. Send me some links to your favorite stations in the comments.

UPDATE (11:48pm 5/25/08) Another song repeats itself for me, but this time only 3 songs after it was last played, that is unacceptable.

Wednesday, May 21, 2008

PSA: social|median invites

I'm sure there's more than enough of these around now, but I just received an email saying that I have 5 invites which expire on Friday May 23rd. Just use my username ryansv if you want to try out the site. I haven't used it much, but it's worth checking out.

On May 14, 2008, your socialmedian account has been specially provisioned for you to be able to invite 5 additional people to check out the socialmedian alpha. These special invites are set to expire on Friday May, 23, 2008.

To invite your friends to the socialmedian alpha, you can direct them to:

1. go to
2. click on "create an account"
3. Instruct them to use your socialmedian username as their special invite code.

We are getting close to a public beta of socialmedian -- probably about 4-6 weeks away. Having more of your friends try the service will help us get there faster and help with the launch.


-the socialmedian team

Sunday, May 11, 2008

Friendfeed unavailable

I'm surprised I haven't seen a huge uproar from all the Scoble followers.

Saturday, May 10, 2008

Integrating Social Media and Education, the students are already there

Julian Baldwin has written up a series of interesting thoughts about social media from his perspective. Go and spend some time reading them, they're not very short but it's worth your time if you're interested in social media.

I personally connected with the second article, where Julian talks about how social media could be used in furthering education.
"There are many benefits in asking students to maintain academic blogs. If a student writes an essay they can password protect it. Instead of using paper their essay can be graded online. Essays can link to references, which makes it easy for teachers to verify sources and prevents students from making up sources they never used or excuses for why they don’t have it but claim to have it done."

I just finished taking a class at Worcester Polytechnic Institute (WPI) called Social Implications of Information Processing(class website). During the duration of the class I posted some of homework assignments from it. The assignments were all approximately one page responses to a prompt question.

This was not required for the class, nor did I really mention the website to the professor or the teaching assistants. I used the idea of posting to this blog to require myself to write articles that I thought the public audience of my blog would enjoy.

I also kept all of the articles very current, sometimes writing in response to things I had read online earlier that day. This, along with being able to link to the sources directly in the articles, I felt really increased the quality of the assignments.

Julian also mentions an interesting idea about letting the general internet using public determine a portion of the grade.
"Students could add work to YouTube, Flickr, Helium etc. to let the masses rate it and determine a small portion of their grade."

This idea however, I am wary of. I believe that students would tailor their assignments to entertain the internet populace, instead of the academic community, and the community in their field of research. This was not a large problem for me, as I'm a student in computer science, and the few people who read this blog would (I feel) be interested in the topics I was given.

One problem many of the students had with the class was that 30% of the grade was determined by "class participation", which was largely determined by awarding up to 3 points per class, 1 for each time you raised your hand and was called on. I (along with some of the other students) immediately realized there was not enough time to include all of the approximately 50 students in a 2 hour class. That's 150 times students would have to talk, more than once every minute.

That being said, it would have been much more reasonable to have class participation be awarded for participation that occurs online. We did use the forums of the Blackboard (wikipedia) system, however, this was used mainly for completing and turning in assignments, and not much collaboration occurred there. For the record, I am not a fan of the MyWPI implementation of Blackboard.

Here's the list of all the assignments I posted online, along with the grade I received on them.

There was one other paper I wrote which I did not put online, it was written quickly and I didn't feel the quality was up to par. It was about "exploitation of the intellectual property right legislation".

Putting my work online certainly kept me responsible for actually doing the work, and as a side effect, also started me actually writing on the blog. I would love to see social media become more integrated with education. If we can make it easier for students to communicate with each other, I truly believe it would benefit everyone involved.

P.S. Alternate title for this post was "Social media in your classrooms, enhancing your communications"

Thursday, May 8, 2008

Google Reader updates again, provides major usability increase

The Google Reader team has just released another update to their product, for those of us who increase the font size on the page. The new feature lets you increase the font of only the current article you are reading.

If this sounds simple and even useless to you, then you are not someone who occaisonally does increase the font. This is a very welcome addition for me. Now when I'm reading with an increased font size, the interface doesn't blow up as well, making what used to be nearly useless usable again.

Here's what used to happen to the interface (notice the buttons and search box at the top collide):
Google Reader with font increases everywhere, making the interface unusable

And here's what it looks like now (interface original size, just the post has font increased)
Google Reader Screenshot featuring the new font increases on only the current article

The only minor bug I've found so far is the current folder I'm reading also has it's font increased, which I actually don't mind so much, in fact it may not be a bug at all. However, when I switch to all items from a folder, the original folder font size is still increased.

Good job Google Reader team, especially Mihai Parparita, keep it up.

EDIT (3:19pm 5/8/2008): Forgot to mention, I'm using the Better GReader plugin for Firefox, but I had the same usability issues with the standard version of Google Reader

Google has become constant part of my internet experience

Quick poll, how many tabs do you have open in your web browser, and how many of them are Google services?

I have 9 tabs open, and this includes Gmail, Google Calendar, and Google Reader. Oh, and those 3 tabs never close.

Leave your answers in the comments

Wednesday, May 7, 2008

Pandora under maintenance

Screenshot of Pandora's maintenance message: Pandora is conduction system...

This showed up when I tried to "thumbs up" a song. Anyone know what's going on? There's no mention of it on the official Pandora blog. I wonder if it's just routine, or if they plan to roll out some new features. Here's hoping to the second option.

Monday, May 5, 2008

Google Reader allows me to (surreptitiously) alter the text of any article.

I glad to see Google Reader's new features. I saw another article that I received from Louis Gray's Google Reader Shared Items again. Thanks for keeping on top of the world for me Louis. :-)

The (current) top item in my Shared Items feed shows that you can alter the text of any article, I couldn't find the permalink in my Shared Items Feed.

Editing the text of an article on Google Reader

This could lead to misleading people by changing the content, or even adding more content. It could end up with me not being able to trust content from shared items anymore.

The edited article shown in my Shared Items on one of my friends accounts.

The article appears in my shared items feed with the article changed with the text I included. Note that you can alter full html markup of the article, potentially leading to other sorts of attacks.

Hopefully Google changes this back soon, I'm content with them continuing to post the full article in my Shared Items feed.

UPDATE: Another problem I've had with the new Notes feature is that there is no way to edit the notes (as far as I can find), all you can do is un-share them.

Sunday, May 4, 2008

Google Calendar is unavailable - One of the seven signs of the apocalypse?

It's not Gmail or Google Reader, but these things always unnerve me. Anyone else getting this?

UPDATE: It's back now. The world is still here.

Tuesday, April 29, 2008

Onaswarm sounds like it has potential, but it falls short for me

I read the review Onaswarm Gives FriendFeed a Run For Its Money on Mashable which I found from Louis Gray's Google Reader Shared Items (and proceeded to share myself).

I'm already a big fan of Louis Gray, even having just found his blog when reading a review of Shyftr on April 12th. Louis if you read this, I also have been a big fan of your shared items, sharing 21 items in the last week or so since I subscribed to your shared items, now at the top of my most shared items.

Ryan S shared item trends on Google Reader

I was happy to see the praise of how easy it was to sign up. I was also interested in exactly how well these location based "swarms" are progressing.

Unfortunately I ran into a problem on the first form.

Onaswarm registration process error: password is too long

That's right, there is an arbitrary limit on the size of my password, which I'm annoyed by, but I'll continue on. Also, notice there is no password confirmation box, a single typo and you will lose those users forever, because they can't access their accounts immediately.

I'm presented with a text box which says

"Enter 1 to 4 Account Names/User IDs that you use (on blogger, buzznet, delicious, digg, flickr, jaiku, lastfm, livejournal, msnspaces, myspace, picasa, pownce, soup, stumbleupon, twitter, typepad, tumblr, upcoming, wordpress, vimeo, youtube, vox) and we'll try to find your networks."
I really only "ryansv" for most sites, so I enter that and click go. The process is interesting at first, quickly finding a few sites that I use, (and some that aren't me), as well as reporting that I was not found on certain services.

The one main problem here is that it took almost a whole minute. It doesn't sound that long but when you're sitting there looking at a dimmed page with a spinner for a minute, it's unacceptable.

It also used, which I don't use. I guessing it can't pick up group blogs based on the user names of the contributors. I can't edit it once it has been imported, which is frustrating. I have to delete it, and add a new Blogger "identity" duffsdevice, to trick it into finding this blog. I'm sure this could lead to problems with duplicate items just like on FriendFeed.

I signed up for the Worcester, MA swarm which by the title of it looks auto generated, but I'm glad it's there. Unfortunately I'm now the sole member of the group. I didn't see any way to casually browse for popular swarms, so I couldn't find any others to join.

I tried importing contacts from GMail, but no one was found. The only other option is a name search, which isn't too appealing to me.

So, my opinion of the site is, it's no more useful than friendfeed currently, and I repeatedly had trouble finding out where to navigate to, so I gave up and left fairly quickly. I saw the full list on the home page, but that's the only place I saw content that wasn't mine. Also, I'm not fond of the UI, it's unnecessarily sprayed with AJAX, and maybe it's the color scheme, but there's something I cant easily define which distracts me from the content constantly.

Monday, April 28, 2008

Interesting advertising coincidence... or is it?

I'm listening to my Pandora station when the song "Invincible" by Ok Go starts playing and then the ad changes. This is what came up.

Blue Cross/ Blue Shied advertisement: Because you're not actually invincible

Alice in Chains is only voted down because it was a live version. :)

Monday, April 21, 2008

Evolution of Communication

Social interactions between individuals can really be broken down into one simple thing: communication. As time has gone on, communication has evolved along side us. The simplest form of communication began with body language and other visual cues, next came spoken language. In 105 A.D. paper was invented, thus beginning the spread of written documents. In 1450 A.D. The printing press was invented making written material widely available. In 1835 A.D. the telegraph and Morse code brought about the beginning of fast long distance communication. The newspapers, telephone, phonograph, radio, and television were all new forms of communication, all of which had fierce opposition.

A quote from 1920 in regards to the radio:

"The wireless music box has no imaginable commercial value. Who would pay for a message sent to nobody in particular?"

A Western Union internal memo from 1876 says:
“This ‘telephone’ has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us.”

Lee de Forest, the inventor of the cathode ray tube, said that television:
“Theoretically, television may be feasible, but I consider it an impossibility - a development which we should waste little time dreaming about.”

All of these quotes can be found at Things People Said, along with many other interesting (and completely wrong) quotes.

As we know now, all of these technologies have increased the amount of communication in nearly every country in the world. With the introduction of ARPANET in 1969, and the World Wide Web in 1989, the amount of communication has increased again, and as these technologies continue to grow, more and more communication occurs online. Some people have raised concerns that the various forms of communication online has degraded the social interactions between individuals. If this statement was true, we would see a decline in either quality or quantity of conversations, or both.

The quantity of conversations has clearly not decreased, the number of newly enabled conversations created by the communication tools on the Internet far outweighs any loss of communication that may have previously occurred face to face. An article entitled Are We Just Jumping On The Social Media Bandwagon? appearing on SheGeeks written by guest Colin Walker states:

“The internet, and social media on it, merely allows us to extend the range of our conversations. Instead of chatting over the garden fence we are chatting across oceans; instead of meeting in pubs and bars we gather in virtual spaces.”

The harder question to answer here is if the quality of communication has decreased due to use of communication tools such as email, instant messaging, social networking websites, chat rooms, BBS, IRC, SMS, blogs, and many other technologies and systems that facilitate not only personal, but also public conversations. Quality is a subjective term, so it would be impossible for me to provide a complete argument that the quality of conversations has decreased.

It's my personal opinion, and that of many other people, that a change in how or where communication occurs does not imply a decrease in quality. I would go as far to say that the quality of communication can not be decreased. Sure, we can be annoyed when we see the large amount of sophomoric communication online, but these seemingly useless conversations should not distract you from the inherent value of nearly instant communication with nearly anyone around the world. The ability to find almost any information about nearly any topic by simply searching on the Internet more than makes up for the lack of quality in a small group of Internet users.

The prompt for this article was to "Make a point about" how "Email and other forms of electronic communications have degraded the social interactions between individuals."

Sunday, April 20, 2008

How criminals will benefit from the REAL ID legislation

Forgot to publish this post for some reason, just noticed today.

“State a point for or against the National ID System, or a facet thereof. Please include references in addition to the book.”

A national ID system is a system used by the government of the country to track the people in the country. It has generally consisted of a unique identifier, with the possibility of appearing on an ID card which would be issued by the government. These types of identification systems have lead to many concerns over privacy, since they often become used for more than they were intended to do. The United States currently uses the Social Security number, which when originally created, “the numbers would only be used by the Social Security Program.”, however as people realized the value of a system which has an unique identifier for all the citizens in the country, it's use began to spread. Currently the Social Security number is used for a large variety of things, from obtaining a job to applying for a credit card. A citizen without a Social Security number would have a enormous number of problems doing things that most people take for granted.

The current legislation for the REAL ID system in the United States would in effect create a new standard for a national ID. It does this by establishing a new set of guidelines for what states would have to include in drivers licenses or other identification cards. If a state does not meet these criteria, “the penalty is barring people without a REAL ID from flying and from entering any federal buildings, such as a courthouse, Social Security Administration office or the office of an elected federal official.” This is a huge infringement on state's rights. When did the federal government get the ability to decide how and who the state's will issue drivers licenses or other identification cards to?

Proponents of the legislation say that the REAL ID act say that it “is necessary to prevent terrorists, criminals, and illegal immigrants from successfully obtaining and using fraudulent driver's licenses.” however, there are no facts proving the legislation will do this.. Criminals currently still obtain legal documents that are supposed to be difficult to obtain, what makes it that much harder for them to obtain the new forms of identification? The average citizen is who this would really affect. If they lose or need to obtain a new ID for any reason, it would become much more difficult for them to do so. The new IDs would also be a prime target for identity thieves. They contain much more information about the citizen, and as proposed the information would be contained in a 2D bar code, or some other computer readable information on the card.

This also brings up the privacy concerns related to having all of your information in a central location. It is not unlikely that the new IDs would be used widely, since drivers licenses are already used in this way. Whenever you need to present identification, you would just have to let a computer scan this card. This allows easy tracking of nearly every aspect of ones life. The data centers containing the information associated with these cards would be under constant attack by identity thieves, since this would become the most centralized location of personal data anywhere. It's foolish to believe that having this information would not lead to abuse of the information. Whenever data is collected, it is always possible for a leak to occur even in the most secure facility, because someone the data now exists where someone (legitimately or not) can access it.

The benefits to having the REAL ID system in place are few and often misleading. The ease of having only one card to prove your identity is a trade-off with losses in both security and privacy. The increased security measures required would force a huge cost on the states to implement these features, which would undoubtedly never become completely secure. This just makes it harder for a normal citizen to obtain identification, while criminals would have access to these cards, giving them the benefits of this system, instead of stopping them. Some of the reasons given for enacting the bill are to fight terrorism and reduce identity theft, but there is no convincing evidence that the legislation would accomplish that, but it does increase the centralization of personal information, which is likely to attract abuse instead of prevent it.

Monday, April 14, 2008

Social Implications of Open Source Software

Here's the prompt for this week's paper:

“Positive or Negative social implications of open source or 'free software'.”

What is open source or 'free' software? In this analysis I'm only going to refer to open source software, or what is commonly referred to as “Free as in 'Free Speech'”. This means you have access to the source code, and are free to modify it however you wish, and even redistribute it. The other definition is often stated as “Free as in 'Free Beer'”, meaning it costs nothing. These often go hand in hand since when you have the source code and may redistribute it, nothing stops you from giving it away for free. I'm not going to discuss the economics of open source software, as I feel that it is a discussion well suited for a different place.

What are the implications of open source software? You have the ability to look into exactly what a program does and learn from it or improve it. People also tend to argue that software that is not open source is unethical. Although I am a huge supporter of open source software, I have to argue that they are wrong. An article titled The Social Implications of Free Software on FSM states:

“Above all, Free Software is an ethical choice—not one of convenience. NGOs also tend to receive, store and disseminate huge amounts of information. It helps to be able to access info (in digital format) without having to 1) break the law, and 2) spend money to purchase applications to “read” the information. Using free software enables that, as South India-based lawyer Mahesh Pai points out.”

The argument made here is a non-sequitur; the arguments for open source software is that it is free and legal, which in no way implies that proprietary software is unethical. There should be a distinction between ethical implications and economic factors. It is not unethical to charge people for a product. The point made here is that a social implication of open source software is that is it much more likely to be used in a economically challenged locale, due to the low cost of the software (which is often gratis).

There are many benefits to using open source software. Nearly all proprietary software now has an open source counterpart, and in my opinion, many of them are much better than their proprietary counterparts. (There are also some that are much worse too.) Open Source software is often much more secure than proprietary software, which is interesting due to the full source code being available for anyone who would want to see it. I have written about this topic before, if you want to read more about this, go read my previous post Security through Open Source.

Open source software is created by a community of developers who share a generally common set of beliefs. This has lead to it's own community of OSS developers and users. This community continues to grow and thrive today. The community has a great property which will lead to it's success, and that is that the more developers that work on OSS, and the more users who commit to the community, the stronger it grows. This is fostered by the idea that all the software should be available from source code, and that anyone is free to modify and redistribute it. As more people work on it, bugs will be fixed, features will be added, and the software becomes more useful to more people.

Sunday, April 13, 2008

Does Blogger get the publish date wrong?

So I spent a little bit of time writing my previous rant, and then decided to see how long it would take to show up in my feeds. In Google Reader it showed up in about 3-4 minutes. Then I noticed the timestamp on it:

Received 7:32pm
Published 6:28pm

I actually hit publish around 7:28pm +/- 2 minutes, I wasn't really watching the time.

I started this post about 5 minutes ago, which was 7:34 according to my clock. Which lines up with the time according to Blogger. I found the current Blogger time by going to Settings > Formatting. The timezone format shows the current time. I want to see if this is just a timezone issue, so I'll post this in a little while. My feeling is that it is probably just an issue with Blogger, I started writing the post around 6:28pm, so it may have place that timestamp as the publish date.

Oh yeah, I still haven't seen it show up in FriendFeed.
UPDATE: I missed this in my FriendFeed due to the publish date being an hour before it should have been, my bad. It also picked up this post fairly quickly, as did Google Reader.

Actual Publish date: 7:52pm EST.

EDIT: The publish date is 7:34pm. The same time I estimated when I started this post, looks like I was right.

EDIT 2: I can't believe I missed this. You can set the post date and time in the Post Options drop down, which is by default set to the time which you started writing the post.

Blogger's Post Options Screencapture

As you can see, the date here is the time I said I originally started writing this post.

I would subscribe to any politician's blog who follows my idea.

Quick rant about politicians. I'm reading the article Administration Set to Use New Spy Program in U.S. on The Washington Post which was shared with me by Co-contributer Shane via Slashdot. I'll let you make your own decision about the article.

The article has a passage in it which made me think:

"There is no basis to suggest that this process is in any way insufficient to protect the privacy and civil liberties of Americans," Chertoff wrote to Reps. Bennie G. Thompson (D-Miss.) and Jane Harman (D-Calif.), chairmen of the House Homeland Security Committee and its intelligence subcommittee, respectively, in letters released yesterday.

"I think we've fully addressed anybody's concerns," Chertoff added in remarks last week to bloggers. "I think the way is now clear to stand it up and go warm on it."

I believe that what they are saying is that he said this in a conference with some bloggers. The way it is used implies he responded to all bloggers. This is wrong. I'm a blogger. If you're reading this you're a blogger. Some people dogs are bloggers. The point is everyone is a blogger. I think that politicians should be responsible for responding to everyone.

How about we make every politician write a paragraph summarizing why they are voting for every proposal they have to vote on. Let's make them bloggers too. Then they actually are talking to everyone, and they become more responsible since they actually have to show something to the general public. The only people who wouldn't want that are the politicians; but who decided they get to be in change?

Monday, March 31, 2008

Another data breach goes nearly unnoticed.

Vague topic this week, I'm under the assumption that I can basically choose anything involving ethics in computer science for this article. Link to the original assignment.

A recent incident of personal data being unintentionally released has occurred affecting 75,000 members of the public website for The Dental Network. The information contained full names, complete addresses, dates of birth, and social security numbers. This was reported by The Baltimore Sun on March 26th, 2008, even though the security breach happened February 20th, and the affected persons were informed by letter on March 10th, nearly three weeks later. Thousands of dollars in unauthorized purchases, accounts being opened and held for use at a later date, and many other illegal activities all could have happened before anyone was informed that they were at risk.

According to the Baltimore Sun: article,

“The company says that to its knowledge, no one has misused the information.”
The company has offered those who were affected 12 months of free credit monitoring, and sent information to these people on how to contact the credit bureau's and put a fraud alert on their account.
"We moved in a timely fashion to secure the data and notify the members,"
said CareFirst spokesman Michael Sullivan, but the article also mentions that
“[The information] had been posted on its Web site for two weeks in February because of a technical error.”

The Consumerist also picked up this article and added a few interesting points. They are critical of the companies offer of free credit monitoring services for a year, saying it's too short.
“Companies, is it really that expensive to offer 5 years, or 10 years, of credit monitoring to victims of your data security incompetence? Seriously, own up to your responsibility in exposing people to the risk of financial and credit problems and give them the tools they need to protect themselves. After all, it's your fault.”

This is a valid point. The company is at fault here, and the threat of identity theft due to this will not be gone in one year.

While on the website of The Dental Network, I could find no mention of the data breach, even though it is now only 3 weeks after the affected users were informed, and only 3 days after the article was picked up by The Baltimore Sun. The home page of the site is now displaying the message that:
“New Sales of Dental HMO Products Temporarily Halted in Maryland, Due to a technical issue involving the internal restructuring of The Dental Network (TDN).”

The company seems to be taking no responsibility for what has happened, instead trying to hide it away from people to attempt to maintain a semblance of security. Take a look and judge it for yourself, the website looks like it was created 10 years ago, and their policy for data integrity probably hasn't been updated since then.

It is the responsibility of The Dental Network to inform the people affected in this case. There is a state law passed in Maryland that requires businesses to respond promptly in the case of a data breach. It is my opinion that this company did not adhere to this law. The users in this case should have been given the positive right to privacy by the company, but instead it was broken, and the data was leaked. This clearly violates the ACM Code of Ethics, specifically section 1.7:
“Respect the privacy of others.”
The Dental Network should have been more diligent in securing the personal data of it's users, and much faster at noticing the breach and notifying it's users. There was a total of two weeks before the breach was noticed, and 3 more weeks before users were notified. That's 5 weeks were a potential criminal could have had access to this data. Five weeks is completely unacceptable.

UPDATE: I found the FAQ for the data breach. The data there isn't very helpful, and would likely only confuse and cause most people to ignore it. All of the information contained is about what you should do, the company seems to be doing nothing on it's own, therefore leaving the majority of people affected without any security against identity theft.

Thursday, March 27, 2008

U.S. Patriot Act causes ethical concerns for software developers

Here's the topic from the third paper:

“Pick an example from Chapter 2 or 5 and show if the people who built the software acted ethically according to Appendix A and your general sense of ethics.”

It occurs to me that I haven't noted which textbook we are using. It is A Gift of Fire, by Sara Baase, Third Edition.

Here's my paper, I tried not to include too much reference to the book, but it was needed for this assignment.

A good example of software that has been built upon questionable ethics is the software and procedures that the government uses to obtain personal information about suspected criminals.[1] “The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. Organizations” from the article Patriot Act haunts Google service on This law conflicts with many other government's privacy laws, which require organizations to protect all private information, and also require that the consumer is informed when this information is obtained, regardless of the process, by a third party. According to the Software Engineering Code of Ethics and Professional Practice (Version 5.2) section 1.04 Software engineers shall, as appropriate “Disclose to appropriate persons or authorities any actual or potential danger to the user, the public, or the environment, that they reasonably believe to be associated with software or related documents.” It is my argument that the U.S. Patriot Act causes the potential threat of private data being obtained by an outside party, in this case, the U.S. government, and that this causes an ethical dilemma for software developers, specifically in the U.S.

Some people have recently noted effects of the law. In the recent article posted on, and also covered on, there is a discussion of how the U.S. Patriot Act affects the use of Gmail, specifically in countries outside of the U.S. The information obtained by Google when a user uses Gmail can legally be reviewed by the U.S. government under loose controls. Not only is the ethicalness of the U.S. Patriot Act in the regards to privacy put into question, but it also causes an ethical dilemma for software developers. If the government can obtain personal information about someone without a warrant, is it ethical for a software company to keep data about you without informing you of the potential breach of privacy? A well defined privacy policy such as Google's are likely to provide a clause for this situation, such as “We may also share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services.” It is my opinion that privacy policies are created to protect the organization, instead of to protect the end user.

Many people would argue that the privacy policy is a solution to the ethical issues prevented here, but I do not think that it provides a full solution. The majority of users will never read a privacy policy, and of those that do, many of them will not understand the complete implications of it. It's likely the privacy policy misses some small detail that is important to the user, or some situation that the writer completely overlooked. It would be nearly impossible for the writer to know the complete set of laws that govern their organization, especially with the recent globalization of Internet based companies. How far do you have to go in informing the end user of possible dangers of using the service for you to have done what can be considered ethical?

Unfortunately, I don't have a solution to this problem. Ethical guidelines dictate that you should inform the end user of all potential danger to them, and breaches of privacy clearly fall in this category. However, “because no matter what promises companies make (or what privacy laws Congress might enact), data leaks happen.”, so maybe that should be taken into account when writing up a privacy policy. If there is a distinct possibility of a third party obtaining a user's personal data without the permission of that user, the software developer should make this information apparent to all of it's users. It doesn't matter if the third party is a government, or someone malicious looking to steal your identity, it still constitutes a breach of privacy, and the user needs to be informed.

Monday, March 24, 2008

Security through Open Source

Topic for paper number two:

Write a “Short paper on a computing technology of your choosing introduced in the last 30 years that you believe has been used unethically. Include references and cite from the Codes of Ethics in Appendix A.”

There have been many new computing tools introduced in the last 30 years, some even earlier, that have been used unethically. Usually these tools have legitimate and legal reasons for being created, but often these tools can also be used for questionable or unethical behavior. The UNIX security scanner Nmap has many legitimate uses, and comes installed on almost all Linux systems. However, even a program this widespread can be used for black-hat purposes.

A more recent example (Nmap was created in 1997), came up in an article on Coding Horror entitled A Question of Programming Ethics. A program called G-Archiver was found to contain code that used a hard coded email and password to send an email containing every username and password that entered into the software back to the creator of the program. This was a huge breach of trust between the author of the program and it's users. Luckily, a good hearted programmer had looked into the source code and found this, and instead of abusing what he found, he deleted all of the emails in the account, changed the password, and sent a message to Google asking them to delete the account.

There is no way to know exactly how many people could have found this before the security flaw was exposed, and instead of doing what this person did, stayed quiet and used the stolen information for their own purposes. Since the source code was easily examined, this flaw was found, but imagine how long this could have occurred if the source was not accessible. This brings up the topic of security through openness.

By completely exposing what your program does, the end user has a way to ensure your program only does what you say it does. However, this also allows the end user to more easily find vulnerabilities in the software. Having an open source program forces the programmer to understand these risks, which also helps to avoid poor decisions such as using security through obscurity. This could be interpreted to apply directly to Principle 1.04 of The Software Engineering Code of Ethics: “Disclose to appropriate persons or authorities any actual or potential danger to the user, the public, or the environment, that they reasonably believe to be associated with software or related documents.” How can you disclose any more information about your software than releasing the full source code?

There will always be tools created for completely legitimate purposes that will be converted into tools for unethical uses. Something as simple as a match can be used for many ethical uses, but it could also be used to burn down a house. The only thing that you as a programmer can do, is make sure that you make ethical decisions; you don't get a choice of what your users will do.

Wednesday, March 19, 2008

Google's role in the spread of Information

I'm taking a class at WPI this term called "Social Implications of Computing" where everyone is required to write a short paper on topics relevant to ethics and information processing. I plan to publish all of them that are at least remotely interesting.

With all of that out of the way, here is the first one:

One page paper on a point you choose to make about the statement:
"Google brought information to the general public."

Google did not bring information to the public, they have only made information more easily accessible to the general public. Information has been around forever, so to say that Google was the first to bring information to the general public is incorrect. Google is also not the only way to get the information that is on the Internet, there are many other search engines which index the same information.

It would be hard to make the statement that any search engine has brought information to the general public, since that search engine could easily be replaced by any other one. To put this in context, a Internet based company that I would say has brought information to the general public is Wikipedia. It has a publicly available, regularly updated, central source of information about a massive amount of topics.

Information has been available to the public in so many ways, from storytelling to printed information; including newspapers, magazines, and books. However, there was no central place to collect and store the information contained in these mediums. The Internet provided this, Google and other search engines exist to index this information and make it much easier to find what you are looking for.

More recently, Google has provided more access to the data they have already collected, through it's multitude of API's. However, even though this information is available to the general public, it is almost completely currently used by software developers, not the general public. This opens up a new aspect to the question, since Google is now a place to obtain information from. An interesting use of this information can be seen at a project called googleDrive, which allows you to drive a car on top of a simple overhead map pulled from Google Maps.

In conclusion, I would argue the point that “Google has brought information closer to the general public.” Information is not provided to you by Google, you must use it's service to find the information you are looking for. Google is a great service in this regard, since it allows a user to find and retrieve the information they are looking for in a matter of seconds, a speed which would have been nearly unthought of until recently in the past.

PS: googleDrive was made by Samuel Birch. It's fairly simple so far, but I am happy to see more people using the data that they already have available to them.

Someone should work on an openGL version using street view, maybe a street racing simulator, or just so you can get familiar with the location without having to waste gas.

EDIT 3/24/08: Fixed a typo

Wednesday, January 16, 2008

From Web 2.0 to Web 3.0

Recently the term Web 2.0 has been becoming more and more often used when referring to the current state of the internet and specifically new trends in web design. The term Web 2.0 often refers to the use of AJAX, which itself is just a term used to refer to a set of technologies; including JavaScript and XML, which allows a web page to retrieve and display extra data, without having to reload the entire page. It also commonly refers to websites which have social networks, wikis, or blogs. However

“The Web 2.0 meme has become so widespread that companies are now pasting it on as a marketing buzzword, with no real understanding of what it means.
If I was going to sum up what I think best describe the changes that have happened to the internet in the last few years, which is what I think has led to what people are calling Web 2.0, it would be that the internet has moved from static pages which serve content that the publisher wants you to see, to now being a place of content submitted by the users, and websites are now services that aim to aggregate and display this information as efficiently as possible.

Now people are starting to talk about the term Web 3.0, which is completely not defined, but is just a term that is used to refer to the general future of the internet. I have seen the term Web 3.0 used as a marketing tool in many places, an example of this can be seen at
where the term is used to try to hype up new features that will be implemented in future releases of the website. Some people have tried to define what they think Web 3.0 is going to be. But all of these definitions are just predictions of where people think the internet is going to be in a few years. These predictions range from simple explanations with no references, such as
“It basically means web browsing with 3D experience
to the more complicated, and filled with as many buzzy catch phrases as possible
“Web 3.0, expected to debut in 2007, will be more connected, open, and intelligent, with semantic Web technologies, distributed databases, natural language processing, machine learning, machine reasoning, and autonomous agents."
If you want to check out more of peoples predictions, Wikipedia has a couple on it's Web 3.0 page. All of the many references to Web 3.0 only have one thing in common, and that is they speculate about the future of the internet.

That being said, I think that it shouldn't be too hard to find the differences in Web 2.0 and Web 3.0. Web 2.0 generally refers to the current set of trends within the internet, and Web 3.0 is just a term used by people who want to continue using this style of naming the phases of the web, and would like to make predictions about where they think these trends will lead in the future. So if Web 3.0 is the future, what will be the impact of it? Unfortunately, I do not have the answer to this question, although I'm sure whatever happens that things will change, since that is really the only constant in as time passes.

In conclusion, do I think that Web x.y is just a marketing gimmick? To be blunt, yes. The term has been used to refer to the new age of the internet, and it has been used so commonly and without thought or definition that to most people it has very little meaning. Web 3.0 currently has no definition, so it is just a term that people use to attract people who have followed the crowd of Web 2.0, which is most often used as a marketing tool. The internet will always continue to evolve, and unless a major change causes everyone to access or publish on the internet differently, I see no reason to use version numbers on the web. When I open up my browser, I still go to the same internet as before, the content has changed, and it will continue to change in the years to come.