Best Xmas Present

Sometimes when you go a long time without blogging you don’t want to post because you feel like you need to say something important on your return.
Luckily I have something not only worthy of breaking blog silence, but worth overly large text and even the blink tag:
She said yes! We’re getting married! I love you Jenny!

I won the Pizzigati Prize for my work on CitizenSpeak!

I’m completely stoked that I won the first annual Pizzigati Prize for non-profit open source software for my work on CitizenSpeak! The family of Antonio Pizzigati established the prize to reward open source developers in the non-profit sector.
digg_url = ‘’;
First off, thank you Jenny for all your love and support that made all of this possible. I want to thank the Pizzigati family, the advisory panel and the Tides Foundation—especially Sarah Lohrius—for this tremendous honor. I also want to thank Jo Lee for guiding the project, Eric Gundersen at Development Seed for his design work and technical help with the site and Pablo Calamera for developing the original CitizenSpeak. It’s because of all of you and all the people I’m forgetting that CitizenSpeak is what it is.

I know it’s cliché to say it’s just an honor to be nominated, but come on, look at the other finalists! CivicSpace and CiviCRM are huge successes, and both are part of the ecosystem that CitizenSpeak swims in. Another developer for Martus won a MacArthur Genius award! How can you not be excited to be in such heady company?

Finally, note that this is the first annual award. Open source developers: I strongly recommend you look in to submitting your work for the 2007 award. Anyone interested in non-profit tech: The Tides Foundation is looking for ways to make next years award even better, and they need your help. They’re looking for donations (they are a non-profit, after all), people to spread the word about the award, and feedback from the community; so go to their forums and let them know what you think!

HOWTO: Make a weblog a gopherlog

For April Fools Day I redirected to gopher:// It’s the sort of joke that doesn’t have a punch line… I think they’re called “unfunny.” I thought I was being pretty original until I found out Matt Haughey did it 4 years ago for MetaFilter on Internet Jackass Day, and apparently someone other than me invented the Gopher protocol, like 10 years ago!

Still, if you’re looking to turn your weblog into a gopherlog (or rlog for short) I will pull back the curtains and show you how I set up my gopher server. It’s not the best way (it’s actually quite an ugly hack), but I only had a few hours to set things up.

First, you need to get and install PyGopherd. It’s fairly simple, just download it and follow the instructions in the manual to install it, then configure a directory for it to serve. I told it to serve ~/public_html/gopher/ but any directory will do.

Then, download feedparser, html2text and this script of my own design to create text files from an RSS feed. Set the output directory to the same one that your gopher server is using, set the RSS feed to your RSS feed and you’re more or less done. For extra fun, put the script in a cron job so that it will keep updating with new items. If you do that, you’ll also need to rm the old files (which really should be done in my script, but see the part above about this being a hack that needed to work in a couple hours).

There’s plenty of room for improvement. For instance you could write a Python script for PyGopherd to parse the RSS feeds, which would cut down on all sorts of problems and be useful to literally tens of people. Still, if you want to turn dial on the old wayback machine you could do worse than to turn your weblog into a gopherlog. OK, probably not.

What’s the Deal?

Happy 2005! One of the things I noticed in 2004 is the growing disconnect between what’s hot with the cool kids online and what the majority of people online actually have heard about and understand. This year I’ll try to write posts explaining what these cool things are and why they’re cool/important/useful. My goal is to write a persuasive argument for my parents to, if not try the technology in question, at least understand it.
I’ll be posting them in the What’s the Deal category, which I hope will allow me to address the quality of airline food when the time comes. My first post in the series is about blogging, and I hope to cover wikis, RSS,, BitTorrent and more.
Update: I picked blogging as my first topic. I figured “I’ll just write a quick overview of blogging” which is kind of like saying “I’ll just write a quick overview of every aspect of Roman society and culture.” I need to stop myself whenever I use the modifier “just.” I’ve got it written but it’s an incredible act of hubris on my part to say “this is blogging” so I keep rewriting. Sorry for the delay.

I got 101 problems but Apple ain’t one

I’ve closed comments on this because a lot of people seem to want to focus on whether Konfabulator and Watson are rip-offs or were ripped-off. Instead, I’m trying an experiment and have moved everything to a Wiki page so people can contribute evidence about each item in the list. What’s a Wiki?

So Matt Haughey was looking back on a 1997 article from Wired giving 101 Ways to Save Apple and since he’s into hippie copyrights he won’t mind me stealing his blog post idea. (You too can steal future blog ideas at’s toblog tag)
Remember that the list was written in 1997, before the iPod, before the MP3 revolution, before even the Bondi Blue iMacs. As far as anyone could tell, Apple would be dead within a year.

Continue reading “I got 101 problems but Apple ain’t one”

Why hasn’t Google stopped comment spam?

[Update: They did something! Google, MSN and Yahoo! now disregard links with nofollow in the rel attribute of a link. Example: <a href="" rel="nofollow">. Go grab a plugin for your blogging system and stop supporting comment spammers! Like the TiVo permalink thing, any relation between the deployed solution and my proposal is largely coincidental and likely detrimental to the solution. People far smarter and more elequent than I came up with the rel solution before me and argued effectively for it. Thank you mysterious strangers!]
That’s right, Google.
Comment spam is a problem for lots of people and there are (at least) two parties responsible for each piece of comment spam posted: the comment spammers and Google. Because of their positive image, very few people (with exceptions) look at Google when discussing comment spam. Plenty of people explain that comment spammers are trying to exploit PageRank, but no one complains that Google isn’t patching an obvious vulnerability. If this were Microsoft there would be three duplicate posts about this a day until it was fixed.
Why am I focusing on Google? Comment spammers are trying to get links to their sites in order to boost their PageRank. Google doesn’t offer a way to opt out of contributing to PageRank, they only offer a way to opt out of indexing all together with robots.txt.
What can they do to stop it? Offer a way for a link not to contribute to PageRank. Use VoteLinks or something like it and I will personally write the Movable Type filter that adds rel=”vote-abstain” to all links in comments.
One thing that VoteLinks doesn’t address is notifying comment spammers that their asshattery is ineffective before they submit comments. It would be nice if there were a way for comment spammers to check an attribute, like in a <div> around the comments field, that would say “no links in here will contribute to your PageRank.” Without that piece the comment spammers will continue their shotgun approach to reciprocal linking in hopes of finding still-vulnerable weblogs. I don’t imagine that those vulnerable weblogs will ever go away, but I’m just trying to avoid having to clean up after comment spammers on my own site.
So Google: Don’t be evil, clean up the mess you’ve created.

Kryptonite’s implications

The Kryptonite story is pretty played out right now although more stories about other tubular lock vulnerabilities (via) will surely pop up. There’s a lot to be learned by reflecting just on what happened to Kryptonite.
About two weeks ago videos of someone opening a Kryptonite bike lock using a Bic pen in 30 seconds showed up online. A lot of people were incredulous, which is great, but they were easily able to replicate the experiment and news quickly spread. When the New York Times writes about security flaws, it’s no longer the domain of locksmiths. Kryptonite is doing the Right Thing™ and replacing vulnerable locks.
The computer security world has been wrestling with full disclosure since day one. Full disclosure claims that the best way to report a security flaw is to make the report public and include a way to replicate the flaw.
The argument for full disclosure is that malicious hackers will find out about the code anyway, so they gain very little. Also, people are best able to protect their systems when they can see the full impact of the flaw on their own and vendors have a history of needing to be shamed into fixing problems. The argument against is that by showing the public how to replicate the flow, malicious hackers can now exploit it with ease.
Apparently the Kryptonite flaw has been known since at least 1992 (via) and is only being fixed now. Why so long? Until now Kryptonite hasn’t been shamed publicly for the flaw. Meanwhile people have had their bikes stolen because they treated their lock as secure, until they found out that their bikes weren’t safe and haven’t been safe for at least 12 years.
The video was the equivalent of exploit code in computer security, and accomplished the aims of full disclosure. People found out what bike thieves already knew, were able to protect themselves, and the vendor is finally addressing the issue.
Another important parallel is with DRM and the DMCA (thanks to getlucky for the idea). I know it’s a Slashdot cliché to apply the DMCA to anything and everything, but there’s actually a good parallel here. Let’s pretend that the law treated the Bic pen vulnerability the way it treats decrypting DVDs.
First, the person who discovered the flaw has his home raided by police and goes through two trials in as many years. Next, everyone linking to the video is sued, although the New York Times is spared. Finally once all the lawsuits had gone through their motions, Kryptonite congratulates itself on a job well done. Of course the don’t fix the lock, but since it can silence anyone who talks about how to break the lock they don’t need to.
To see how the DMCA affects computer security, the Kryptonite saga is a great metaphor. A lot has been said about leaky abstractions, and most of it applies in this instance. For instance people using Bic pens to open bike locks generally don’t own the bike; people decrypting DVDs generally own the discs.
Laws like the DMCA, in fact all intellectual property laws, rely on metaphors and don’t address the fundamental differences between physical objects and ideas directly. These laws pretend that ideas are physical objects and subject to physical constraints, but strain so hard in doing so that the absurdity is clear when you try to map a law like the DMCA back onto a physical counterpart like a bike lock.
I like to think that I’m on the tail end of the last generation that treats ideas as abstractions. The internet forces people to deal with ideas as they are instead of tied to physical objects like paper or vinyl. The kids right now, the kids who will take the internet as a given for the rest of their lives, they have the best chance of interacting with ideas without abstraction.

How the Internet is broken, how to fix it, and why that’s not going to happen

The Internet is broken. Not in a “I-put-the-Internet-in-the-recycle-bin” kind of way, in the “data-won’t-go-from-one-computer-to-the-other” way. You probably don’t believe me, which is understandable considering that you’re reading this over the Internet. Let’s try a little experiment.

Chances are you’re behind a router. Open up AOL Instant Messanger (or a reasonable facsimile) and try to send a file to someone else behind a cable modem. Chances are it won’t work, because the Internet is broken. This is one example, there are plenty others. Enabling computers to talk to each other is the fundamental purpose of the Internet, but as it stands personal computers have to go through servers to talk to each other.

What’s happened is these NAT routers that enable multiple computers to connect to a single cable modem aren’t a perfect solution. They’re a horrible solution, in fact. The networking equivalent of using water in your radiator – it’ll work in the short term but come winter your pipes will explode. John Walker, creator of AutoDesk, has written about this and other threats to the Internet in The Digital Impimatur.

The typical home user never notices NAT; it just works. But that user is no longer a peer of all other Internet users as the original architecture of the network intended. In particular, the home user behind a NAT box has been relegated to the role of a consumer of Internet services. Such a user cannot create a Web site on their broadband connection, since the NAT box will not permit inbound connections from external sites. Nor can the user set up true peer to peer connections with other users behind NAT boxes, as there’s an insuperable chicken and egg problem creating a bidirectional connection between them.

Sites with persistent, unrestricted Internet connections now constitute a privileged class, able to use the Internet in ways a consumer site cannot. They can set up servers, create new kinds of Internet services, establish peer to peer connections with other sites–employ the Internet in all of the ways it was originally intended to be used. We might term these sites “publishers” or “broadcasters”, with the NATted/firewalled home users their consumers or audience.

There’s a lot of things that you can do with an Internet connection that you can’t do with a NAT connection – for instance sites like LegalTorrents give preferential treatment to people on Internet connections and gamers behind NAT connections can’t host games. So why do people use NAT routers?

Continue reading “How the Internet is broken, how to fix it, and why that’s not going to happen”

HOWTO: How and Why You Would Want To Get Ogg Vorbis on iTunes

OGG? OGG? WTF is OGG? I’ll get to that in a moment, and then after I’ve gotten to that I’ll get to two methods for getting Ogg Vorbis files to play in iTunes. One method is insanely easy but will take a while, the second method is much quicker and somewhat harder. Now, I get to the getting to that.
Ogg Vorbis is a free competitor to MP3. “But wait,” you say on cue, “MP3s are, err, free-ish. I don’t have to pay anything to legally encode my legally purchased CDs on a computer that I certainly didn’t win in a bar bet in Tijuana.” That’s right, you don’t have to pay anything, but someone does.
A company called Faunhofer owns several patents that are used with MP3s, and so every time you download an MP3 playing program the maker has to spend money. If you still hate Apple after all they’ve done for you you could download iTunes several billion times and drive them into a much-predicted bankruptcy. (Probably not)
If you or one of your geeky friends wanted to make your own MP3 player you’d have to pay Fraunhofer, even if you gave it away for free. Sure that seems unlikely – considering the free mp3 players available for download – but my girlfriend seems to insist on cooking from scratch when there’s perfectly good meals available in my supermarket’s frozen foods and cereal aisles. My point is that people make all sorts of crazy things from scratch, except she doesn’t have to pay royalties on her excellent pasta salad.
(Aside: MP3 is short for MPEG Audio Layer 3, and MPEG is an acronym for Motion Picture Experts Group. Does that mean that MP3 expands to “Motion Picture 3,” even though it’s an audio format? What’s the matter, did I just blow your mind?)
Am I against giving Fraunhofer their due? Not really, but I’m not champing at the bit to give them money for something the Vorbis people are able to do for free. Should you get rid of all your MP3s and re-encode all your albums as Ogg Vorbis? If you’ve got that much time on your hands, I guess, but I’m not doing it.
What should you do with Ogg Vorbis? If you’re part of the 83% of musicians that provides music online consider putting up Ogg files. When you rip your new music, rip it as Ogg Vorbis. Or you can just listen to LiveJournal Phone Posts and make fun of people for all their drama.
More importantly, why should you use Ogg Vorbis? Well it sounds better. Also, copyright protections are eroding our rights and by using an open format you know that it won’t track users. If you don’t think that file formats are that important, Larry Lessig puts forward an excellent case in Code and Other Laws of Cyberspace for how computer code is creating laws that no citizen can protest.
So now that the advocacy for Ogg Vorbis is out of the way, continue reading for how to get it going in iTunes.

Continue reading “HOWTO: How and Why You Would Want To Get Ogg Vorbis on iTunes”

Why isn’t Election Day a national holiday?

It seems like it should be fairly straight forward. Celebrating Election Day with a national holiday is fundamental to celebrating democracy. As it stands, the law establishing federal holidays has been amended several times to create new holidays. Why do we celebrate our independence, our presidents and our flag, but not our democracy?
Election Day falls on the first tuesday after the first monday in November, basically the tuesday from November 2nd through the 9th. This is actually a pretty crowded time for holidays, Veteran’s Day is November 11th and Thanksgiving is usually 16 days after election day. What I would like to see happen is moving Veteran’s Day to Election Day, to celebrate the men and women who protect our democracy as well as the central tenet of that democracy.
By giving people the day off we would be making it easier for people who have less free time between work and family life to contribute to democracy. We would also be sending a national message that choosing our government is important enough to take some time off.
I’m certainly not the first person to have this idea, but its time has come. The Atlantic covered this in a story in 1998. Still, we install democracies all over the world, yet we have one of the lowest voter turnouts in the world.
Of course there are still some questions to answer. Do you have the party annually or bi-annually, when congress is elected? The Atlantic article suggests that Election Day be moved to a Saturday, but I don’t like that because it doesn’t have the same celebration for Democracy that creating a holiday does. And by combining it with Veteran’s Day, there’s not a net increase in holidays, which means no additional cost to taxpayers.
If you think that this is something worth doing, please spread the word. Spread it on your weblog, spread it to your friends and family and coworkers. Spread it to your government. I think this is an idea whose time has come.
On a related note, something I personally will be doing is having an Election Day party, where entry will hinge on having an “I voted” sticker. I can think of few better reasons to have a party than to celebrate democracy.
[Update: Eric posted some more information including information on Bill S.726 which aims to do just what this post suggests.
Goodspeed Update is also looking at this, which will hopefully encourage Ann Arborites to contact Senator Stabenow.]