Going dark on Wednesday

Like many far more important Internet sites, this blog will be going dark on Wednesday to protest the proposed Internet censorship bills SOPA and PIPA. If passed, these bills would give content owners the power, without judicial oversight, to shut down entire web sites and compel banks and other financial institutions to freeze the site owners’ assets. As someone who runs a web site that allows user-generated content to be posted, this means that I could personally suffer financial ruin should someone decide to include copyrighted content in a comment on a post here. Or even if they didn’t; major content owners have demonstrated a willingness to file DMCA takedown notices for content that isn’t even theirs, and somehow I doubt they’d be more cautious under SOPA or PIPA.

SOPA and PIPA would also establish a government-mandated DNS blacklist to block allegedly infringing sites and prohibit measures to circumvent the blacklist. This would make technologies like DNSSEC — which are finally starting to be rolled out to help make sure that when you try to visit a web site, your computer has some assurance it’s talking to the correct server — potentially illegal. Furthermore, it should go without saying that giving the government the power to shut down web sites without any kind of judicial oversight is an unconstitutional prior restraint on freedom of speech, even if it weren’t ripe for abuse by private parties.

SOPA and PIPA would make running a business on the Internet extremely hazardous. Having a company’s assets frozen is effectively an instant death penalty; even if the courts later find the accounts were frozen illegally, the damage would already be done. It’s hard to keep a web site running if you can’t pay for Internet hosting, after all, and by the time the courts would clear your name, the business would be down for weeks, if not months. A single action under SOPA or PIPA could take down Facebook or Google, and content owners hate YouTube-running Google.

Lest you think I’m being hyperbolic here, consider this: the RIAA blasted proposals to have the International Trade Commission (ITC) handle web sites devoted to copyright infringement by pointing out that the ITC will have taken 33 months to finish dealing with a mobile patent case and underscoring a need to be able to take immediate and direct action. Well, yes, that’s how due process works; both sides get to make their case to a neutral third party. Evidently the RIAA would prefer mobile companies to be able to freeze each others’ assets at the first claim of patent infringement. And given that pretty much every company in the mobile industry is suing every other company over one patent or another, you could easily see the entire mobile device industry collapsing, or at the very least grinding to a halt overnight. That’s the content industry’s vision of how the Internet should be.

Online copyright infringement may be a problem (or just blown way out of proportion by bogus claims), but SOPA and PIPA are breathtakingly blunt instruments to deal with the problem that make large content owners judge, jury, and executioner over the entire web. Either bill, if passed, would swiftly cripple innovation on the web and would jeopardize the continued existence of most sites you visit daily.

Tax filing tip

If you haven’t filed your 2010 taxes yet and are planning to claim the first-time homebuyer’s tax credit, be warned that the IRS won’t let you file your return electronically if you try to do so. Apparently the IRS is unaware that technology exists to send documents electronically.

Comments Off

Red-Green Tree

Do you know how I know I’m a geek? When I saw this morning’s xkcd:


My initial reaction was disappointment upon realizing that the tree wasn’t a red-black tree with all the black nodes colored green. On the other hand, though, I suppose a red-green tree would involve a lot more duct tape.

Also, regarding the alt title text: removing the root of a heap is only O(log n). Quit whining about Billy taking the root present; it’s not as though a heap would’ve allowed him to take anything else. Maybe next year I’ll make you solve a graph coloring problem to figure out who gets what; maybe O(n log n) suddenly won’t seem so bad when your Christmas morning is NP-complete!

Las Vegas considered harmful

Never go to Las Vegas. Especially not during the summer.

The problem isn’t the heat. Which isn’t to say the heat isn’t a problem, of course. I mean, it’s a city in the middle of the desert. And yes, I know the definition of a desert is in terms of rainfall and not temperature, and yes, much of Antarctica is a desert despite it being so very cold. That doesn’t matter. The particular desert that Las Vegas is in is your typical scorchingly hot desert.

But hey, heat is a solved problem. Drink plenty of fluids, and stay inside most of the time where it’s air conditioned. You can even find some places outside that will be misting water in the general area, but as anyone who wears glasses can tell you, those kind of suck.

No, you’ll find the real problem with Las Vegas when you do venture outside the air-conditioned confines of the casino — and trust me, when you’re indoors, you are in a casino — is not the heat, but the people. The throngs and throngs of people choking every sidewalk in sight.

Try as you might, there is no escaping them. They are everywhere. And all of them will get in your way, turning your walk to the casino next door into an agonizing twenty minutes of misery. Why? Because they are all tourists. And tourists are incapable of walking like normal people.

The reasons for this are legion, as anyone who has been there can tell you. They’ll have had plenty of time to study the phenomenon whether they wanted to or not, after all. The people take approximately one step every five seconds. This is not counting the times they will randomly stop without warning to point and stare at a building. They will not look first to see if anyone is trying to walk past them before the stretch out their arm. Why would they? None of them, not a single one, even bothers to look where they’re walking in the first place anyway. There is always at least a 45-degree difference between their sight vector and movement vector. And all of these people are packed tightly together on the sidewalk, except for the couples holding hands; they invariably put as much distance between each other as possible while maintaining physical contact, enabling them to take up enough room for three people.

As you try to walk down the sidewalk, you will be tempted to weave your way through the crowd, taking advantage of the fleeting gaps between people in order to move forward at a less glacial pace. This is, of course, folly. Hey DARPA, I have a Grand Challenge idea for you: build a robot that can walk down The Strip at an average pace greater than two miles an hour. That’s much more impressive than a car that can drive itself in traffic.

Just make sure you remember to tell the Strip-walking robot that exterminating the meat-bags in its way isn’t allowed. Cyberdyne forgot to add that, and everyone knows how that turned out.

Am I suggesting that the experience will drive anyone to hate humanity? Yes. Yes I am.

And just to complicate things further, while you struggle to make forward progress down The Strip, you’ll get to avoid all the people passing out ads for the other thing Las Vegas is popularly known for: prostitutes. They’ll stand in a row of three or four along the street, wordlessly passing out cards covered with scantily clad (if that) women and occasionally slapping a stack of them against their hand in what’s apparently the local signal for “want to hire some prostitutes?”

I suppose if one were to collect as many of them as possible, they could be used to play poker.

“I’ve got three-of-a-kind with starred-out nipples.”

“Beats my pair of handbras.”

“Does four pair beat three-of-a-kind?”

“Um, that’s only two pair. You count the girls.”


“I’ve got you all beat: flush, girl-turned-away-from-camera-so-the-nipple-is-just-out-of-view high.”

“You moron, it has to be their natural hair color to count as a flush.”

Unsurprisingly, the sidewalks are paved with discarded ads for prostitutes. But don’t worry, if for some reason you can’t find anyone handing them out, and are too dignified to pick them off the sidewalk, rest assured that 75% of the newspaper boxes are actually filled with full-size ads for prostitutes.

But in a way, I expected all that. What I didn’t expect was the latest innovation in mechanizing the gambling experience: the electronic blackjack table. Not video blackjack, mind you. This is a blackjack table where the dealer is replaced by a large computer screen displaying a “dealer” avatar, and you play using the touch screen in front of each seat. (And yes, you can select which dealer you want to see, in case you aren’t satisfied with the particular revealing outfit she — obviously it’s always a she — is wearing.)

These machines are an abomination. It’s the dealer’s eyes. How they’re always staring off at some point past the seats during the idle animation. The empty, vapid smile clinches it. Obviously the machines are soulless, but it’s like the designers tried their hardest to evoke that sense through the dealer, and succeeded beyond comprehension. Most arcade games — remember those? — had an attract mode when no one was playing. These machines have a repel mode.

But, as much as it pains me to admit, Las Vegas does have a few good points. Blue Man Group is worth seeing. Their show is… hard to describe. Suppose an alien race landed on Earth and somehow, after all the prerequisite take-me-to-your-leader stuff got taken care of, somehow wound up with a Vegas show. I imagine it would be something like Blue Man Group.

Penn & Teller were also good. Before going to the show, I had the brilliant idea for a souvenir for Renee: get a playing card signed by them, and then present it to her in the course of doing a card trick, a sort of “is this your card?” kind of thing.

I started by going to the Rio’s gift shop to buy a deck of cards before the show. I wound up in the checkout line behind a woman who was evidently buying one of every fragile item they had. I got to watch for several minutes as the cashier individually wrapped each one of them, as I checked my watch and worried I was going to miss the start of the performance.

Fortunately, I did not, finally getting into the theater with a little time to spare. The show itself was good, and for obvious reasons I won’t spoil it other than by saying that one thing Penn & Teller like to do is to do a different trick than the one you think they’re doing. That’s like a whole other level of misdirection.

After the show, for whatever reason only Teller went out into the lobby to sign autographs and whatnot. Undeterred, this was my chance. When I got up to the front of the line, I handed him — what else? — the three of clubs from the deck I had purchased. He signed it “Teller” and handed it back to me. As I began to move away to give someone else a chance, he stopped me and said — yes, said, out loud — “Wait, I can do better.” I handed it back, and he wrote on the top of it “Is THIS Your Card?”


It’s a shame that I’m terrible at doing card tricks, not helped by how Renee saw though the obvious trick and deliberately ruined things for me. That’s what I get for underestimating her.

But yeah, aside from that, Vegas is terrible.

In which I criticize xkcd

As much as I like xkcd, I can’t let Monday’s comic stand without comment:


That’s not how homeopathy works.

Wait, let me rephrase that. That’s not how homeopathy claims to work.

According to the principles of homeopathy, the cure for any condition can be created by finding a substance that induces the same symptoms of the condition, and then diluting it to an extreme degree. Hahnemann “discovered” this by observing that if a healthy person ingested cinchona bark (which had been used to treat malaria), they suffered symptoms similar to malaria. He therefore took this one data point and concluded that “like cures like” is a universal principle. Furthermore, since diluting something harmful reduces its harmful effects, it therefore eliminated the harmful effects of the compound without reducing the supposed curative properties.

Why do homeopaths know this, especially given that homeopathic treatments consistently fail scientific tests? Ask them, and they’ll accuse you of just being a shill for big pharma.

Now you see the problem in the aforehotlinked xkcd comic. If homeopathy were true, heavily diluted semen wouldn’t get you pregnant; it would be birth control. Or maybe induce an abortion.

Also: you might think that the 30X dilution means “diluting by a factor of 30″. That’s not how homeopathic notation works. The “X” doesn’t mean “times”, it means “factors of 10″. A 30X homeopathic dilution of something is made by diluting it by a factor of 10-to-1, thirty times in a row. Or, in other words, diluting it by a factor of 1030 = 1,000,000,000,000,000,000,000,000,000,000-to-1.

A 30X dilution of semen certainly won’t get you pregnant. According to Wikipedia, an undiluted dose of human semen contains roughly 4×107 spermatozoa. After a 30X dilution, the sperm count drops to 4×10-23, or 0.00000000000000000000004 spermatozoa. Since you can’t have fractional spermatozoa, your 30X dilution leaves you with nothing but water. It definitely won’t get you pregnant. Or keep you from getting pregnant. It’s freaking water.

Another way of looking at it is this. Also according to Wikipedia, the original volume of that semen is 2 mL. A 30X dilution would add enough water to increase the volume to 2×1030 mL = 2×1027 L. That’s a lot. That’s roughly 4.8×1014 cubic miles. The Pacific Ocean “only” has 1.5×108 cubic miles of water in it.

And 30X is fairly modest as far as homeopathic dilutions go. You can find homeopathic “treatments” on the market that are diluted at 200C. Since the C stands for 100, this is the same as 400X. That’s one-followed-by-400-zeros-to-one!

In summary: homeopathy is completely ridiculous, but not in the way that xkcd claims it is.

How to protect yourself from Comcast’s latest idiocy

You know how there are shady people on the Internet who will register domains that are one letter off from popular domains, in hopes that someone will mis-type the website’s address in their browser? And how this is invariably used for one of three things: filling your screen with ads, filling your screen with porn, or filling your screen with ads for porn?

Comcast thinks this is a fantastic idea, and will now be typo-squatting over all unregistered domains.

Technically, this is DNS hijacking and not typo-squatting, but the end result essentially the same: mistype an address, get ads in your face instead of an error message.

Comcast pitches “Domain Helper” [sic] as something to help their customers; they say this because they’re greedy liars who think users are stupid. (Take a look at the comments on that post, and you’ll see that users aren’t as stupid as Comcast seems to think — they’re almost universally opposed to the idea.) By having the DNS server resolve addresses for domains that don’t actually exist, not only do you break applications that depend on being able to detect an error condition (such as e-mail spam filters that check for invalid domains), but you also risk helping attackers hijack user’s computers.

Apparently Comcast learned nothing from the Site Finder fiasco from several years ago, where VeriSign — the ultimate authority for registering .com and .net domains — rolled out a similar service attack across the entire Internet. That didn’t go well. They ultimately got smacked down by ICANN — the organization responsible for overseeing the domain name system and with whom VeriSign has a contract with to manage the aforementioned .com and .net TLDs. Meanwhile, the developers of BIND — the software that probably runs the DNS server you’re using right now — rushed out an updated version to counter Site Finder. Basically, everyone responsible for keeping the Internet running united against Site Finder, and if you know how hard it is to get people on the Internet to agree on anything, well, that should tell you something.

Of course, since Comcast thankfully doesn’t have any authority over the global domain name system, their current idiocy is limited to the networks they operate. Comcast offers a way to opt-out of their DNS hijacking “service”, but not surprisingly the steps are intended to make it difficult for users to actually opt-out. After all, that’s partly why companies use opt-out instead of opt-in in the first place. (The other reason? They know nobody would actually opt-in to the “service”, so dumping it on users and forcing them to explicitly refuse it is the only way to get them in.)

Anyway, here are the hoops Comcast makes you jump through to opt-out:

  1. Look up the MAC address printed on the bottom of your cable modem.
  2. Enter the MAC address and your e-mail address in the form.
  3. Wait for a confirmation e-mail.
  4. Click the link in the confirmation e-mail from the location where you have Comcast’s Internet service.
  5. Wait two days or so for the change to actually go into effect.

Making customers look up the MAC address of their cable modem is completely unnecessary, and is clearly only required in order to make it more difficult to opt-out. The average user isn’t going to know what a MAC address is (nor should they have to), and in a typical home network the cable modem is going to be wedged in some difficult-to-access corner of the building. In my case, it’s in the back of an alcove behind my TV and holly’s dessicated powered-off husk, requiring some effort to balance on one foot atop a pile of cables while reaching down through a narrow gap towards the blinkenlights.

Ostensibly, Comcast needs you to tell them your cable modem’s MAC address so they know who is opting-out of their attack service. This is a lie. Comcast’s opt-out page could instead look for what IP address your request is coming from, which requires no action whatsoever on the user’s part. Comcast already keeps track of which of their IP addresses they’ve assigned to each cable modem — if they didn’t, their Internet service simply wouldn’t work — so they could figure out the MAC address that way. And their procedures already require you to visit the confirmation page using your Comcast Internet connection anyway. Likewise, the e-mail confirmation shouldn’t be necessary — connecting via your Comcast-provided Internet connection should be enough to prove that you’re who you say you are, and to prevent someone from using a script to automatically opt-out all possible 248 MAC addresses.

We’ll see whether the opt-out really works. When I tried looking up a bogus domain name earlier this evening, I got a DNS error as expected, which means Comcast might not yet have rolled Domain Helper [sic] to this particular network.

tl;dr version:

  • Comcast’s Domain Helper [sic] breaks things you use the Internet for
  • If you use Comcast, opt-out now
  • Comcast makes opting out needlessly difficult; don’t let them win

I guess if you were wondering what it was going to take to break my month-long silence here, well, apparently this was it.

Comments Off

Lazy Spammers

I see that nowadays comment spammers don’t bother figuring out what markup they need to use to make hyperlinks, so they try half a dozen different formats and hope one works.

They’re also apparently too dumb to not put two dozen spam comments in the same recent post and think that won’t get noticed right quick.

ur doin it wrong: Direct Marketing Edition

Living in an apartment means having a greater incidence of people leaving ads on your door. Whoever went through here today, however, clearly didn’t quite grasp the concept of how this marketing scheme works. The ads were clearly intended to be the direct-mail kind, what with having printed addresses and the “PRESRT STD U.S. POSTAGE PAID” thingy where the stamp would go. Yet it was shoved between the doorknob and doorjamb.

Naturally, the would-be mailing address is for a residence about two miles away.

Any ideas why someone would bother buying a database of residential addresses if they’re just going to pay some schmuck to walk around in the middle of summer shoving the ads in doors?

FLummoxing CLeverness

You wouldn’t think it’d be so difficult to rip a few DVDs. Well, it isn’t, unless you’re trying to do it in a way that’s far too clever for your own good.

A refresher for those of you who haven’t committed my personal computing resources to memory: I have two computers, holly and kryten. (No points for guessing the naming scheme.) holly is my eight-year-old former desktop computer, now relegated to running MythTV. kryten is my four-year-old tablet that I use for pretty much everything else.

Ripping and encoding DVDs is a CPU-intensive process, so naturally I wanted to do the job on kryten, whose wimpy 1.7 GHz Pentium-M is still quite a bit better than holly’s mere 933 MHz Pentium-III. The problem is, kryten doesn’t really have a DVD drive per se. I have a DVD drive that connects via the PCMCIA slot, but it’s slow (as in, too slow to play a DVD real-time) and sometimes hangs the Linux kernel when you eject the card.

My clever plan to get around this was to read the DVDs on holly, copy the raw data over to kryten via the local network, and do the actual encoding from there. Pretty much any program on Linux that reads from a DVD is just as happy to read from a directory where you copied a DVD’s files to, after all.

For the first disc, this worked just fine. For the second one, not so much. For some reason no program could read the VOB files on the DVD without projectile vomiting error messages to the system logs. (I wound up with 600+ MB of error messages in each of three system log files when all was said and done — log files that are typically around 50 KB for a week’s worth of data. So yeah.)

Since the VOBs are where the actual video content of the DVD is stored, this was a bit of a problem. I ran into the same problem with the third disc I wanted to rip. Thinking it might be a flaky DVD drive or driver, I tried rebooting holly (soft and hard), but no change. First disc fine, second and third not. Each disc played perfectly in my set-top DVD player, so the discs themselves were clearly undamaged. kryten’s external DVD drive wasn’t any more successful.

My best guess as to what was going on was that the discs in question had deliberately bad sectors to serve as copy protection to prevent someone from doing exactly what I was trying to do. But if that were the case, you’d think that all three discs would have had it, since they were all part of the same three-disc set. It doesn’t make much sense for only some of the discs to have copy protection. But if it wasn’t deliberate, it’s awfully suspicious that only the VOB files on the two discs were affected.

I wound up ripping the two problematic discs the easy way, doing everything on holly and having MEncoder read from /dev/dvd directly instead of mounting the UDF filesystem and reading that. Lo and behold, that worked, albeit taking longer to encode because of the slower processor. Whatever method programs use to read from the DVD directly instead of via the filesystem apparently never tries to access the sectors causing the errors.

Given that holly is effectively headless (given the “quality” of ATI’s Linux drivers, I didn’t want to switch from MythTV to the console if I could help it), this posed the question of how to figure out which titles on the DVD were the ones I wanted to rip, and not previews or special features or copyright notices or anything. The solution? Playing each title one by one in MPlayer, running in AAlib mode to render the video in glorious ASCII art though the SSH session from kryten to holly. Converting uncompressed DVD-quality video to ASCII art is a lot more bandwidth-friendly than sending it across the network directly, and while it is hardly the way I’d want to watch a video, it’s good enough to recognize the opening scene is what you’re looking for.

But finally, I now have the videos shrunk down into a format my portable media player is happy with. All it took was to stop trying to be so clever about how I was doing it, and thus avoiding whatever the underlying problem was.

Disloyalty Card

One of the things I used to like about my local grocery store is that, unlike seemingly all the other chains out here, it didn’t have some asinine loyalty card you needed to have to get the sale price on discounted items. So much for that.

I really don’t see why it’s even in grocery stores’ interests to have loyalty cards in the first place. If they want to track customer spending habits across visits, they could just key their database by your credit card or debit card number (or even checking account number), instead of inventing their own card. After all, how many people these days regularly use cash?

(On the other hand, I kid you not, I once had the person in front of me at the checkout pay for their groceries solely in rolls of coins. And not even handing the cashier enough rolls once the total came up, oh no, but one at a time, bringing yet another roll out of her purse each time the payment came up short. But I digress.)

The other theoretical benefit a store could get out of a loyalty card program would be to better direct marketing efforts towards individual customers. But it’s not as though the store does any validation of the information you put on the application form, or does anything to prevent you from giving the extra copies of the card to other people, say, then-current roommates.

In fact, when my current grocery store started their loyalty card program, the cashier would grab an application, scan the card attached to it, hand you the application, and ring up your purchase. Further visits to the store confirmed that yes, they aren’t even bothering to check if you turned in an application for the card at all; it works anyway. Way to not bother doing even the most basic validity checking. I’m sure the aggregate marketing data you get with that will be ever so useful.

Speaking of which, the marginal benefits to the store have to be weighed against the costs of running the program: making and distributing the cards, training cashiers to ask for the card during checkout, the extra time needed during each checkout to process the card, maintaining the extra database of card activity, etc.

Maybe there’s some fantastic benefit the store gets out of this that I’m missing, but the way I see it, the store would be lucky to do much more than break even with the program, especially compared to the marketing data they could have mined from their pre-loyalty-program database. Is the average customer really enamored with carrying yet another card in his or her wallet, or worse, sticking a miniature card on an already cluttered keychain?

Rest assured, if by some bizarre series of events I ever find myself in charge of a chain of grocery stores, there will be none of that.

Thanks for that

To whomever thought it would be hilarious to pull my apartment building’s fire alarm tonight:

Die in a fire.


All washed up

Pop quiz: How long does it take for the lane stripings on a road to go from “brand new” to “so faded that road crews have to put up warning signs about an unmarked road”?

Apparently, around here, the answer is “less than 48 hours”.

It’s somewhat of a remarkable achievement when you think about it. How exactly does a road crew achieve this degree of epic fail for what should be routine maintenance? Did they use water-soluble paint? I haven’t seen that much suffusion of yellow since Dirk Gently lent me his calculator. Even the tape the road crew used for temporary lane markings proved more durable.

I know, I know, car navigation systems are pretty nifty, but can we please wait until they stop telling people to drive along train tracks before we start eschewing lane markings?

Comments Off

kuliniewicz.org hits the big time

Thank you, spammer who decided to forge a bogus From: whatever@kuliniewicz.org header, for all the bounces and other autoreply garbage that wound up in my inbox yesterday. In hindsight, I suppose I should have blackholed all @kuliniewicz.org e-mail addresses I’m not actively using instead of leaving the default of “all of them forward to me”. Naturally, I reconfigured that pretty quickly once I saw what was happening, and so only got ~100 garbage autoreplies in my inbox from that spam.

That said, you have no idea how tempted I am to reply to all the challenge/response messages the spam triggered. You know, to repay them the favor of filling my inbox with backscatter.

Fun fact: challenge/response spam filters operate on the same principle as protecting your house from burglars by hanging your neighbor’s key on your front door with a note that he has a nicer TV than yours anyway.

My kingdom for a pango.Matrix

Why oh why does PyGTK define a pango.Matrix class to wrap a PangoMatrix struct, and provide a set of methods for manipulating them, but no way to create the blasted things in the first place?


>>> import pango
>>> m = pango.Matrix()
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
NotImplementedError: pango.Matrix is an abstract widget

Abstract widget? Abstract widget!? What’s abstract about a plain old C struct?

typedef struct _PangoMatrix    PangoMatrix;
struct _PangoMatrix
  double xx;
  double xy;
  double yx;
  double yy;
  double x0;
  double y0;

It’s not an abstract interface. It’s not even something derived from GObject, for crying out loud. It’s six doubles duct-taped together! PyGTK should be able to wrap this in its sleep. And don’t even get me started on how pango.Matrix is most certainly not a widget; it’s a smegging matrix.

And to make things worse, there doesn’t even seem to be a way to make a trivial C function that creates a PangoMatrix* and make a PyGTK-compatible wrapper for it. Since PyGTK knows about pango.Matrix, and has methods that work with them, I obviously need to tell PyGTK that my trivial C function returns one. No such luck:

Could not write function ma_matrix_new_rotate: No ArgType for PangoMatrix*

And lest you think that PyGTK wants to internally call it PyPangoMatrix_Type — which, after all, would fit with the naming scheme for everything else it wraps out of GTK — that doesn’t work either.

Apparently pango.Matrix is in some kind of weird limbo where PyGTK knows about it but won’t let you actually use it at all.

Unless anyone knows the proper voodoo to make PyGTK cooperate, it looks like I’m going to have to implement the entire widget in C instead of Python, just because I can’t smuggle a PangoMatrix into my Python code. After I’ve gone ahead and implemented the entire widget except for what I need the PangoMatrix for.


Comments Off

Facebook 1, Your Privacy 0

As if I needed another reason to avoid social networking sites like the proverbial plague.

You may have heard by now that Facebook recently added a “feature” called Beacon that automatically spies on your activities on other websites and tells everyone else on Facebook what you’re doing over there. For the technical-minded, there’s a good analysis of precisely how this works, but the basic idea is as follows:

  1. When you log in to Facebook, it stores a cookie in your browser with your log-in information. This way, when you go back to Facebook next time, it automatically logs you back in. This cookie persists as long as you don’t explicitly log out of Facebook. (In other words, going to a different site or closing your browser doesn’t delete the cookie.)
  2. Websites can feed information into Beacon by using a little JavaScript code that Facebook provides. Let’s say your favorite online movie rental store does this. When you add, say, Brazil to your queue, the store’s website executes Facebook’s JavaScript, telling it “whoever this guy is just added Brazil to his queue at FoobarVideo.com”.
  3. That JavaScript code sends a request to Facebook’s website, passing along the message “whoever this guy is just added Brazil to his queue at FoobarVideo.com”. Since the code creates an iframe to do this, the browser also sends your Facebook cookies along with the request. Remember, as long as you haven’t logged out of Facebook, your cookies that log you in are still there, even if you aren’t currently visiting Facebook.
  4. Facebook uses the cookie to figure out precisely who you are, and adds “Hapless User just added Brazil to his queue at FoobarVideo.com” to your Facebook page. (You really need to pick a better user name, by the way.)
  5. After that’s done, your browser, assuming it still has the same page open, shows a popup window for a few seconds giving you a chance to opt-out of what Facebook just did. Yes, the notification goes away after a brief delay. Hope you noticed it.

Now, there are many things wrong with this. First, and most obviously, is that Facebook is reporting your activities on other sites without you initially knowing, and only informing you in a manner that’s easy to miss. Many users only discovered this when visiting their Facebook page and noticing all this new information they never entered, let alone intended to share with the world.

Even if you think you don’t have anything to hide, you probably do. Suppose your favorite online store wants to Beacon the purchases you’re making. It’d sure suck if all your friends could find out what you’re buying them for Christmas just by visiting your Facebook page. And if you’re renting Debbie Does Anything That Moves from that online video rental store, you should know the production values are pretty questionable. Um, I’ve heard.

Secondly, even if you manage to opt-out, or configure Facebook after visiting each site that does this to always opt-out, Facebook is still receiving the Beacon messages. It’s just not showing them on your page. Facebook is perfectly capable of building a profile in its database of your activities on other websites, and you just have to trust that they won’t do anything nefarious with them. Or, you know, have them stolen when a script kiddie breaks into their servers.

But even worse, Facebook can build this profile on you even if you don’t have a Facebook account! Sure, Facebook won’t be able to match the Beacons you unwittingly send to an account name, but they can still track you to a degree by your computer’s IP address. Are they keeping a database of this information too? Who knows! And since you don’t have a Facebook account, you’ll never see the message saying that the Beacon was sent.

Let me repeat that: Facebook is perfectly capable of building a profile of your activities on other websites, even if you don’t have a Facebook account, and without you ever knowing about it.

(And in that case, who even cares what their privacy policy might say? You never agreed to it anyway.)

Fortunately, if you have a decent browser, there is a way to protect yourself from Facebook Beacon. Those requests your browser sends to Facebook behind your back all fetch URLs of the form http://facebook.com/beacon* or http://*.facebook.com/beacon*. Firefox users can use the AdBlock extension to block any attempts by your browser to access those URLs. Other decent browsers should have some similar feature.

Now I can see this Beacon thing as potentially being useful in principle, as I can imagine there are times when you’d like to point out your activities on other websites, such as that scathing review you just wrote about Debbie Does Anything That Moves. But the correct approach would be for the site to ask before sending the Beacon to Facebook, and to explictly opt-in on Facebook’s website (just in case that other website is misbehaving) to enable them in the first place. Revealing information about your activities without your prior consent is a violation of your privacy.

This has been a public service announcement for those of you with Facebook accounts. Because Facebook certainly didn’t bother telling you about this beforehand.