Tag: Open Source

Passlet.com

December 4, 2006 » Geek

I saw on my Ajaxian feed today a neat service called Passlet. Essentially it is a password keeper, like KisKis or the one built into Firefox. The novelty here is that it uses JavaScript to handle all the encrypting and decrypting on the client side. That means no transmission of clear text information, not even over SSL.

I happily admit I’d been thinking about this concept for at least 4 months. See, I liked KisKis a lot. It was Java, used good, solid encryption and had a nice interface. Problem was, it’s hard to keep my thumb drive version synced to my box versions, and I rarely remembered to anyway. So I thought, why not make a web based password keeper that used JavaScript to keep it secure?

The result was BlowPass which uses a JavaScript implementation of the Blowfish cipher. I was working on the Ajax stuff when I got frustrated with mootools and left it alone. It has several key weaknesses, and I suppose I could learn from Passlet, but, I may as well just use it instead of finishing BlowPass. If you want the source to BlowPass leave me a note. Thats my GPL disclaimer since the Blowfish implementation was GPL’d.

Update (01/11/07)
BlowPass is semi-active now, you can get more information and try it out at http://static.velvetcache.org/projects/blowpass. It’s still a rather raw version though. If you aren’t concerned about the “open-source” aspect (e.g. don’t want to host it and mod it yourself) I’d go use passlet or passpack.

The Old Internet

December 4, 2006 » Geek

I was on Arachnoid.com today looking for the lovely Ruby SearchReplaceGlobal I had used on my home machine. I happened to click on the link to this essay (post? rant?) and read it through. I really like his take on what the internet has become; “The new Internet, unlike the old, is hierarchical — there are vendors and there are consumers. The vendors are perpetually in your face, and the consumers, like consumers everywhere, behave like narcissistic children — whatever it is, it isn’t good enough, give me more.”

Like said, I read it through and it’s a bit of a rant by someone who seems frustrated that users of his freeware won’t take responsibility for themselves. I think that the “old” internet has been surfacing from time to time out there. It’s ridiculously easy to get help from other developers out on the web, especially if it’s an internet technology. Blogs are most often free and open content offered without any demands on the end user.

Social sites like YouTube are driven by user created content, but more and more they are being filled in with commercial content. They also have advertising, of course. I think sites like YouTube are more just companies realizing they can capitalize on a wealth of user created content and get advertising exposure simply by offering a neat service. Much like Myspace and Xanga capitalized on the angsty user drivel driven content from teenagers. That doesn’t mean I don’t approve, it’s just interesting to see a social sharing phenomenon being twisted slightly into a give and take corporate relationship.

Gregarius And Google Reader Update

September 28, 2006 » Geek

I just finished installing Gregarius because I wanted to access my feeds no matter where I was and have a consistent read/unread status across all machines. Before I used to use RSSOwl, which is a great app, but when I got home I would have to go through and “read” items I had already read elsewhere. I had tried Google Reader, but there weren’t enough features.

Sure enough, as soon as I installed Gregarius on Dreamhost one of the first feed’s was Robert Scoble’s. It was a brief on the new Google Reader features. I’m going to try out the new Google Reader, but for now I’ll leave Gregarius installed, as it’s a very nice application.

Linux On The Desktop

September 20, 2006 » Geek

Upon reading the title “Why Desktop Linux Will Not Take off, and Why You Don’t Want It to” my geeky open-source evangelist side immediately was offended. How dare anyone say that this fine OS I love and cherish isn’t suited for desktop use!

I continued to read on in hopes of finding some good fodder for a flaming comment. As I read, I realized he was right. Linux is for geeks. Linux will always, mostly, be for geeks. See, I’ve realized that there are two types of users who can survive in a Linux environment.

The first is the über-geek who is willing, or rather is happy to sit and tinker and reload and reboot and install and tweak and break and fix, ad infinitum. There is a line to be crossed where you become a serious Linux user, and from there on out it’s just a matter of adding on to your knowledge.

The second kind of user is the neophyte, who doesn’t know the difference. This is the kind of user who leaves the system as they bought it. They type, they web surf, if the are adventurous they install AIM and do some chatting. Thats it, no programming, no tweaking. Linux is ideally suited for this type of user as well. Most distro’s come well equiped, with a suite of programs well within the realm of the Windows users understanding. The UI is similar, and friendly. This type of user won’t break the system, and will happily use it.

The third type of user lies squarely in the middle. These are the adventurous types of Windows users. They download freeware, shareware, warez. They tweak, they game, they think they know about hardware, software and the secrets of their OS. Okay, maybe they don’t think that way, but they are undeniable confident and in control of their systems. Some may even wander into the realm of a little programming. These users are ill suited to being new Linux users.

You see, they want to tweak things on their new system. They want to learn. This is good, but can be disasterous. Linux is very transparent, you can play with it’s guts, and you can break it’s guts. One bad config file and your X server won’t come up. Thats when I used to panic. I wasn’t as used to the command line as I could have been, yet I tried to tweak everything in sight. Of course I didn’t read the man pages or other docs first, don’t be silly.

See, I know that these people are not a good fit for Linux because I used to be one. “Wait,” you say, “That doesn’t fit, you’re contradicting yourself.” I would have to agree, but for one small thing. I was a very driven one of these middle users. I’m not ashamed to admit I went through over 2 dozen install, break, re-install processes. I also jumped around among distros. I believe my pattern went something like: SUSE, Fedora, Debian, Zenwalk, Debian, Mepis, Debian, Mepis, Dream Linux, Debian, Ubuntu. It was long path. As a side note, Dream Linux was amazing. Very bling bling. Plus they just released a new version that looks great. I’m going to try it out of course.

Eventually I got sick of waiting for installs, so I started learning how the config files actually worked, and thats where I am today. So, go read that article, decide what kind of user you are, then dig in anyway! :)

Facebook API’s

September 7, 2006 » Geek

This article is in response to a Facebook posting about Facebook “selling” personal information through their developers section. I originally tried to post this on facebook, but it has restrictive message limits, so here it is in it’s entirety. (Pardon the spelling and such, I wrote this is in a rush.)

This is the posting I found on the Facebook site, verbatim:

IMPORTANT! EVERYONE MUST READ THIS-
With all the new changes, Facebook has adopted a “Facebook Development Platform.” Basically, it allows Facebook Inc. to sell any information on you to anyone. This includes your picture, hometown, current location, interests, political views, musical preferences, relationship status, etc. Pretty much anything that you enter on Facebook is sold. The best part is that you are AUTOMATICALLY ENROLLED! They didn’t even tell us! I’m pretty sure Facebook thought they could get away with nobody noticing it since everyone is so overloaded with this new news feed/mini feed junk. If you don’t believe me, check it out for yourself in the Facebook Terms of Service. It’s black and white.So screw them, to remove yourself from the “Facebook Development Platform” follow these instructions:1. Log in to facebook.
2. Click “My Privacy” on the left edge of the window.
3. Under the network, “Everyone” click “edit settings”
3. Scroll to the bottom of the page to the heading “Facebook Development Platform” and uncheck the statement that says “My information may be used according to the restricted Terms of Service.”
4. Click Save.
5. You have official thwarted facebook from whoring out your personal info to the highest bidder!Spread the news! Tell your friends to remove their name from the selling block. This is utterly disgusting!

First of all, they aren’t selling the information, they are exposing web services. What that means is that they’ve realeased API’s to let developers write applications to extend Facebook. The developers can’t access information about you unless you log in to the application they developed. Additionally all information passess through http://api.facebook.com/, which means the developers don’t have direct acess to your passwords, so they aren’t going to steal your account information that way.

Anyone seeking to develop an application has to apply for an API key, which doesn’t cost anything, but can uniquely identify, and allow for the immediate disabling of any application written to steal data.

From the Facebook API FAQ:
“Any content delivered to the outside application can be safely displayed to the user. However, in general, content delievered when using a session key should only be stored until that session key expires, or twelve hours, whichever comes later. The exceptions to this are user ids and affiliations information. This is detailed further in the accompanying documentation.”

The opening of these API’s and web services are a contribution to the Facebook society, and something they’re doing for free. Open source programming is a great benefit to end users, and these API’s and those of other sites allow the creation of rich, dynamic and integrated web applications.

If people take the time to read and understand whats going on with the system they can see that there is noting to “be afraid” of, and that their information is just as secure as ever. Which, I’ll admit, isn’t saying much. Social networking systems such as Facebook are hugely complex systems, and Facebooks should be applauded on their content control systems. They’ve added a at least a mediocum of security to the information on their system with a complex network of “friend” relationships. Compared to other sites, Myspace for example, the security of your information inside of Facebook is commendable.
That leads to the final argument here. Even though Facebook is releasing these API’s (which are a good thing) it’s all still in your control. As the post that first sparked this response says, you can opt out. And barring that Facebook, like other web services such as Flickr, Myspace, etc. is an opt-in. You signed up, if you don’t like it that much, unsubscribe.

I apologize if this was even slightly emotionally charged, I just don’t want to see a good thing ruined because of illogical fears.

Here are some links to help understand whats actually going on.
http://developers.facebook.com/faq.php
http://en.wikipedia.org/wiki/Application_programming_interface
http://en.wikipedia.org/wiki/Web_services

And here are some example applications built on the API.
http://www.blabbook.com/
http://matchrevolution.com/

Please read and consider these. If you find a posting on Facebook that goes against the new web services, post a link to this site! We could potentially lose a great number of wonderfull social services provided by clever programmers and the Facebook API’s!