Facebook 1, Your Privacy 0

As if I needed another reason to avoid social networking sites like the proverbial plague.

You may have heard by now that Facebook recently added a “feature” called Beacon that automatically spies on your activities on other websites and tells everyone else on Facebook what you’re doing over there. For the technical-minded, there’s a good analysis of precisely how this works, but the basic idea is as follows:

  1. When you log in to Facebook, it stores a cookie in your browser with your log-in information. This way, when you go back to Facebook next time, it automatically logs you back in. This cookie persists as long as you don’t explicitly log out of Facebook. (In other words, going to a different site or closing your browser doesn’t delete the cookie.)
  2. Websites can feed information into Beacon by using a little JavaScript code that Facebook provides. Let’s say your favorite online movie rental store does this. When you add, say, Brazil to your queue, the store’s website executes Facebook’s JavaScript, telling it “whoever this guy is just added Brazil to his queue at FoobarVideo.com”.
  3. That JavaScript code sends a request to Facebook’s website, passing along the message “whoever this guy is just added Brazil to his queue at FoobarVideo.com”. Since the code creates an iframe to do this, the browser also sends your Facebook cookies along with the request. Remember, as long as you haven’t logged out of Facebook, your cookies that log you in are still there, even if you aren’t currently visiting Facebook.
  4. Facebook uses the cookie to figure out precisely who you are, and adds “Hapless User just added Brazil to his queue at FoobarVideo.com” to your Facebook page. (You really need to pick a better user name, by the way.)
  5. After that’s done, your browser, assuming it still has the same page open, shows a popup window for a few seconds giving you a chance to opt-out of what Facebook just did. Yes, the notification goes away after a brief delay. Hope you noticed it.

Now, there are many things wrong with this. First, and most obviously, is that Facebook is reporting your activities on other sites without you initially knowing, and only informing you in a manner that’s easy to miss. Many users only discovered this when visiting their Facebook page and noticing all this new information they never entered, let alone intended to share with the world.

Even if you think you don’t have anything to hide, you probably do. Suppose your favorite online store wants to Beacon the purchases you’re making. It’d sure suck if all your friends could find out what you’re buying them for Christmas just by visiting your Facebook page. And if you’re renting Debbie Does Anything That Moves from that online video rental store, you should know the production values are pretty questionable. Um, I’ve heard.

Secondly, even if you manage to opt-out, or configure Facebook after visiting each site that does this to always opt-out, Facebook is still receiving the Beacon messages. It’s just not showing them on your page. Facebook is perfectly capable of building a profile in its database of your activities on other websites, and you just have to trust that they won’t do anything nefarious with them. Or, you know, have them stolen when a script kiddie breaks into their servers.

But even worse, Facebook can build this profile on you even if you don’t have a Facebook account! Sure, Facebook won’t be able to match the Beacons you unwittingly send to an account name, but they can still track you to a degree by your computer’s IP address. Are they keeping a database of this information too? Who knows! And since you don’t have a Facebook account, you’ll never see the message saying that the Beacon was sent.

Let me repeat that: Facebook is perfectly capable of building a profile of your activities on other websites, even if you don’t have a Facebook account, and without you ever knowing about it.

(And in that case, who even cares what their privacy policy might say? You never agreed to it anyway.)

Fortunately, if you have a decent browser, there is a way to protect yourself from Facebook Beacon. Those requests your browser sends to Facebook behind your back all fetch URLs of the form http://facebook.com/beacon* or http://*.facebook.com/beacon*. Firefox users can use the AdBlock extension to block any attempts by your browser to access those URLs. Other decent browsers should have some similar feature.

Now I can see this Beacon thing as potentially being useful in principle, as I can imagine there are times when you’d like to point out your activities on other websites, such as that scathing review you just wrote about Debbie Does Anything That Moves. But the correct approach would be for the site to ask before sending the Beacon to Facebook, and to explictly opt-in on Facebook’s website (just in case that other website is misbehaving) to enable them in the first place. Revealing information about your activities without your prior consent is a violation of your privacy.

This has been a public service announcement for those of you with Facebook accounts. Because Facebook certainly didn’t bother telling you about this beforehand.

All Glory To The Hypnotoad!

Is it wrong if the detail that cemented my interest in the new Futurama movie is the fact that one of the DVD extras is a full-length episode of Everyone Loves Hypnotoad?

Just imagine… a full half-hour of this…

Don’t Panic

The Hitchhiker’s Guide to the Galaxy: TV Series opening

I recently discovered by a lucky accident that Netflix has the old (i.e., from 1981) Hitchhiker’s Guide to the Galaxy TV series available. It was obvious what had to be done.

Unfortunately, the disc Netflix shipped to me at first was, in topological terms, a sphere rather than a torus. I almost panicked, due to the lack of any instructions in large friendly letters on the packaging to the contrary, but instead of throwing in the towel, I reported the problem and got a structurally intact disc.

The six-episode series follows the plot of the books a lot more faithfully than the movie. (Yes, I know the TV series is based on the original radio play, which the books were also based on. Sheesh, it says so right there in the title graphic. Quit being so pedantic.) The storyline runs from the demolition of the Earth by the Vogons through to Magrathea and Milliways and up to Arthur and Ford being stranded with the Golgafrinchans on prehistoric Earth.

Without a doubt, the best part of the series are the sequences narrated by The Guide, with accompanying fake “computer” animations. Of course, this is hardly surprising, since Douglas Adams’s narrative style is a large part of what makes the books so great, and The Guide’s scenes allow that to come through with full force. The animations also supply some nice supplementary material, such as examples of the first and second worst forms of poetry in the universe that put Vogon poetry to shame.

Zaphod Beeblebrox

It goes without saying that if you’re a fan of the books (and who isn’t?), you’ll like the series too. There’s only a few things to quibble with. One of them is Zaphod‘s second head. Can you tell which one is the fake one? It’s supposed to be animatronic, but you hardly ever see it move at all, except for bouncing around on the actor’s shoulder as he moves around due to inertia. I know, I know, there’s really no good way to do the whole two-heads-side-by-side thing in live action, especially with 1980s special effects. And to be fair, at least they tried; the movie punted by making the heads one on top of the other, with the second head conveniently hidden from view most of the time, and even then they contrived a way to get rid of it entirely in very not-at-all-in-the-book subplot. So they did do about as well as anyone could expect with Zaphod. But still, it looks goofy.

There’s also one other thing. When the Heart of Gold enters orbit around Magrathea and the planet’s nuclear missiles launch, the Guide is careful to point out in advance that everyone is going to survive the attack and that no one will get hurt aside from one of them getting bruised on the upper arm (but won’t say who it is in order to preserve some level of suspense). Given that warning, why oh why does the Guide not warn the viewer about the scene where you see Douglas Adams’s man-ass on display? I mean, seriously.

(No, I’m not going to tell you when that happens in the series. Be glad you’re at least getting a heads-up.)

But needless to say, the series is worth watching, especially if you’re one of those people who thought the movie was OK but wished it didn’t diverge from the books so much. You know who you are.

The System is Up

It appears that the DNS changes have finally started going through. I had hoped that migrating this site to my provider‘s new servers was going to be almost seamless, but so much for that.

I mean, I knew it would take some time between telling my registrar about the new name servers for kuliniewicz.org and those new servers going into effect, but I assumed that the domain would keep pointing to the old server in the interim, instead of nowhere. If I had known that, I would’ve posted a warning beforehand to let everyone know. Sigh.

Well, anyway, the fact that I can access the site without any stupid /etc/hosts tricks is promising.

So, if you’re still having problems accessing this site, e-mail me at my GMail address (firstname.lastname@gmail.com), since the usual @kuliniewicz.org could also be busted if problems resurface. But then again, if you were having problems, I don’t know how you’d be reading this anyway. Maybe your favorite page vanished during the migration or something.

Anyway, feel free to commence whatever the opposite of a lightswitch rave is in celebration.

Comments Off

Wallace: Behind the Scenes

Out of curiousity, how interested are people in reading about the technical details behind the Wallace rewrite? I could write up a couple posts about some of the technical challenges encountered and/or achievements made since the last update, but there’s not all that much in the way of stuff that can be shown off.

For example, does anyone want to hear about how user input is collected? Or maintaining audio/video synchronization and minimizing audio lag? Or performing caps negotiation with downstream elements in the processing pipeline? (I’ve certainly learned quite a bit on that last one over the past couple days.) There’s interesting stuff there for anyone who wants to know more about writing GStreamer elements or who is just curious about what kind of processing is needed to make Wallace work.

I’ll probably write about some of this stuff anyway, if only to have it out there and Googleable for anyone that’s interested. But if there’s not a whole lot of interest in that sort of thing, that’ll set the bar higher for deciding what’s blogworthy about Wallace development, especially given that there’s a non-trivial investment in time preparing a post about something like that.

The Winter of Their Dissed Content

Or, why The Daily Show has been in reruns for the past two weeks:

Comments Off

GStreamer audio sinks are picky

If you ever get the urge to write your own GStreamer element, and one of the things your element will output is an audio stream, I have a word of advice that might save you a fair amount of frustration.

All of the typical sink elements that output an audio stream to a sound card (such as alsasink, esdsink, osssink, or even gconfaudiosink, which after all is probably just going to wrap one of the first three) require that your buffer offsets be measured according to the stream time (GST_FORMAT_TIME), and not any other way. It doesn’t matter if the caps you negotiated for your source pad clearly specified the sample size and rate, or even that you’re setting the timestamp for each of your buffers. If your offsets don’t use GST_FORMAT_TIME, it won’t work.

Specifically, you’ll wind up with this critical error message spit out by one of the base classes most of the audio sinks shipped with GStreamer inherit from:

GStreamer-CRITICAL **: gst_segment_clip: assertion `segment->format == format' failed

And that’s because that base class hard-codes GST_FORMAT_TIME as the segment format in its call to gst_segment_clip.

Note that the error message you get doesn’t clearly say that this is the reason it fails, unless you happen to install the debugging symbols for all the GStreamer libraries and plugins, and then go into a debugger to see what’s calling that function (after remembering to set the G_DEBUG environment variable to fatal_criticals so you get a core dump at the site of the problem), and then look up that part of the GStreamer source code to find out about the hard-coded use of GST_FORMAT_TIME.

Now, for those of you who notice what category this was posted under, yes, this means I’ve been tinkering with Wallace again. In particular, I’m completely rewriting how it uses GStreamer to output audio and video streams from the emulator into something useful (i.e., either playing the streams or encoding them to a video file). I’ve come to the conclusion that my old methodology was fundamentally completely wrong, and it’s a wonder I was able to make it work at all, kind of sort of.

This time, I’m having GStreamer drive execution of the emulator itself, instead of handling that on my own and trying to shovel its output into the pipeline, which makes scheduling and timing really really brittle. Now, each time GStreamer thinks the emulator should produce some more output, it will call (through the nesemulator element I’m writing) the emulator more or less directly. This ends up simplifying a good chunk of code, since GStreamer is (naturally) pretty good at figuring out when it needs more output data. At least, GStreamer is going to do a much better job than my abusing g_idle_add and nanosleep.

Also, instead of treating nesemulator as a source element, it will act as a decoder element. So what input stream does it take? Why, a sequence of button inputs, of course! GStreamer’s fakesrc can be coaxed into providing a null input for testing nesemulator quite nicely. Of course, I’ll need to write a new element to poll user input and convert that into the right button presses, but I was going to have to do that in one way or another anyway. Even better, this approach provides a cleaner way to implement playback of FCEU movie files: write another element that decodes a .fcm file into the corresponding input sequence, and stream that into the nesemulator element.

In fact, this approach can also be used to write an NSF decoder element, by wrapping the nesemulator element, discarding its video output, and controlling selection of which song to play. If you were ever longing to listen to 8-bit music in Rhythmbox, that’d let you do it.

For the moment, though, I just have a rough but functional implementation of nesemulator, which lets you do simple stuff like this:

gst-launch-0.10 fakesrc sizetype=2 sizemin=4 sizemax=4 filltype=2 ! nesemulator name=emu location=Mega\ Man\ 2\ \(U\).nes emu.video_src ! queue ! ffmpegcolorspace ! xvimagesink emu.audio_src ! queue ! audioconvert ! alsasink

You know, in case you get the urge to watch the intro to one of the greatest video games of all time.

Bad Cephalopod

This weekend Phil Plait (of Bad Astronomy fame) and PZ Myers (of Pharyngula fame) were in DC for an Americans United meeting, and during their down time Saturday night had a meet-up for readers in the area. There were probably around two dozen or so people there, crouded around a chain of tables of such length as to probably not be favored by the local fire codes.

I know it’s somewhat cliched to point this out, but PZ Myers is vastly more quiet and reserved in person than one might expect from reading his blog. I mean, he hardly even killed any kittens while I was there, though he was sporting a shirt I’m nearly covetous of. I did learn, however, that he may be at risk of becoming the god of zebrafish religion, what with his zebrafish ascending to a tank called “heaven” after their role in an experiment is over to live out the rest of their days.

As for Phil Plait, he was at the opposite end of the table chain from me most of the evening, so I didn’t hear much of the conversations he was involved in, aside from complaining about the baggage handlers at BWI and the lack of direction coming from the upper levels of NASA. He was signing copies of his old book, and PZ was signing (or maybe defacing) them too, for no reason aside from not having published any books himself. (Had I had a copy of the bible handy, I would’ve asked PZ to sign it, if only to see what his reaction would be, considering.)

I also learned there’s still a fair number of people on the Metro even at 11:30 at night.

Comments Off

Ghost of NaNoWriMo Past: Save Point

NaNoWriMo 2002 Winner

Renee asked for it, and guess what I found lurking in the depths of holly’s hard drive? (Where by “depths”, I mean in a clearly named subdirectory under $HOME.) The novel I wrote for NaNoWriMo 2002!

How long ago was 2002? I wrote the novel in StarOffice, of all things. This was back before OpenOffice.org existed to any great degree. Fortunately, I had generated a PDF version of the novel too. Unfortunately, the quality of the PDF was atrocious, since I think I printed to file and then converted the resulting PostScript to PDF via ps2pdf; and I did that because StarOffice’s native “Export to PDF” feature looked even worse.

Fortunately, the current version of OpenOffice.org has a usable “Export to PDF” and can open StarOffice files. Unfortunately, I had uninstalled OpenOffice.org some time ago, probably to free up a good 300 MB of disk space and because I almost never used it. So guess what got reinstalled on kryten to make a legible version of the novel that you’d actually be able to open?

Sheesh, the lengths I go for you people.

I also kept a log of my progress as I wrote. Look on my writing speed, ye mighty, and despair:

Nov 01:     0 today;      0 total
Nov 02: 1,834 today;  1,834 total
Nov 03: 2,314 today;  4,148 total
Nov 04: 2,062 today;  6,210 total
Nov 05: 2,400 today;  8,610 total
Nov 06: 2,431 today; 11,041 total
Nov 07: 2,093 today; 13,134 total
Nov 08: 2,402 today; 15,536 total
Nov 09: 2,013 today; 17,549 total
Nov 10: 2,455 today; 20,004 total
Nov 11: 2,093 today; 22,097 total
Nov 12: 2,403 today; 24,500 total
Nov 13: 2,824 today; 27,324 total
Nov 14: 2,018 today; 29,342 total
Nov 15: 2,101 today; 31,443 total
Nov 16: 2,141 today; 33,584 total
Nov 17: 2,055 today; 35,639 total
Nov 18: 2,141 today; 37,780 total
Nov 19: 2,269 today; 40,049 total
Nov 20: 2,031 today; 42,080 total
Nov 21: 2,005 today; 44,085 total
Nov 22: 2,173 today; 46,258 total
Nov 23: 4,330 today; 50,588 total

For the adventurous, you can read Save Point in the new collector’s “legible PDF” edition. Be warned, though, that I myself have never read it, let alone edited it any, so there’s no assurance of any quality whatsoever. But seeing as how I was posting it on the Internet as I was writing it back in the day, any possible embarassment has already been done.

For those two lazy to read 50,588 words, here’s the four-word synopsis of the plot: “Self-inflicted Groundhog Day“.

Duet

You know, if I knew tesla coils counted as instruments, I might’ve become a musician:

[...] The music that you hear is coming from the sparks that these two identical high power solid state Tesla coils are generating. There are no speakers involved. The Tesla coils stand 7 feet tall and are each capable of putting out over 12 foot of spark. They are spaced about 18 feet apart. The coils are controlled over a fiber optic link by a single laptop computer. Each coil is assigned to a midi channel which it responds to by playing notes that are programed into the computer software. These coils were constructed by Steve Ward and Jeff Larson. Video was captured by Terry Blake. What is not obvious is how loud the coils are. They are well over 110dB. [...]

And in case you’re wondering if it can get any geekier than that:

FemToWriMo

Apparently I know several literate people who write stuff, and NaNoWriMo has only exascerbated things. Why, I actually had to add a whole new category in my feed reader just to stay on top of it all!

For example, Ryan has started up a secondary blog for his novel, tentatively titled The (Next) Most Dangerous Game. Does the tentatively titular (Next) suggests a game that, if you sorted all game in increasing order of danger, would be positioned penultimately; or that the game will become the most dangerous one, supplanting the current title holder? All will be revealed as the story progresses! Presumably.

Also, memo to Ryan: game time?

Not to be outdone, Andrew, when he’s not busy maintaining the official Ship of Fools website, has not one, not two, but three writing blogs. He started with Words of the Drewcifer for posting short stories and other writing fragments, but recently branched out into More Words of the Drewcifer, where he’s mainly been posting successive chapters of Aldain. Now he’s also started a third blog for his NaNoWriMo entry Solomon.

Clearly, Andrew is the single largest threat to our nation’s strategic word reserve, and he will not rest until his writing blog has more spinoffs than Mega Man and Law & Order combined.

Finally, Renee has broken free of her blog for posting writing fragments amongst miscellaneous and/or sundry other posts and started a second blog for her on-going NonNaNoWriMo story Knowing Andrew. Um, a more different Andrew.

Unless Andrew’s been living some kind of crazy double life, I guess. You know, the kind where you hang with people who fight lions.

As for me… not so much. Yeah, I did the NaNoWriMo thing back in 2002, wisely commiting to it (as much as one can commit to such a thing) on Nov 1, without having the slightest idea what to write about. Yet I still finished before Thanksgiving break, mainly motivated by wanting to finish before Thanksgiving break right around when I hit word 45,000 or so. I planned to do it in 2003 too, but quickly abandoned that upon seeing the utter garbage I was forcing out.

Fun fact: One of the main motivations for starting this blog as a proper blog instead of posting diary entries on K5 was to document that 2003 NaNoWriMo attempt. So much for that.