Well, I'm now on twitter as @joebeone (pronounced like JOE-bee-won).
I resisted for a while. I blame it all on Layer Tennis. You can't vote for a winner in layer tennis without tweeting.
I've loaded my crap up with a bunch of the usual suspects to follow. I expect to post once a day, so follow me if you dare. However, I maintain no airs about who I follow and don't follow... if you post too much, I'll probably drop you. But do let me know if I know you and you tweet it up.
I've found myself telling a few people how to either sync applications on the iPhone or SSH into your iPhone without an existing WiFi network.
I have two things that I regularly need to do and often they happen when I'm not near a wifi network (and I don't know how to connect in a network-sense to the iPhone via USB cable):
The simple but, I suppose, not obvious answer is to use the Mac to set up an ad-hoc network... that is, have the Mac act as a base station for a brief period of time. Here's what you do:
Your mac will then set up an ad-hoc network that your iPhone can see.
In my tinkering with this blog I managed to break the comment function. I've restored it and verified that it works now.
So, if you wanted to comment recently and couldn't because of this error, please consider coming back to do so.
(Thanks tons to my Dad who sent me the error message text.)
Well, IP lawyers, like those at ip.law360, should know enough about tech. to know when they've purchased a broken system, right?
exasperating... see if you can spot the problem here:
The only other non-academic email address I have is from gmail. Turns out they won't allow that either:
Last Summer, I wanted to slap a Creative Commons license on my dissertation. A good friend, Ping, had used another license (GFDL) by simply changing the copyright page and including the legal terms of the license in an appendix. So, I slapped a note on my copyright page and then included the full terms of CC's Attribution-NonCommercial-NoDerivs License in Appendix F.
Then I forgot about it... as the last bits of my thesis fell into place and some other things fell out of place.
About a week before I wanted to file, I was contacted by staff at Berkeley and told that my copyright page wasn't up to snuff. I figured that they had me nailed as some sort of rabble-rouser and that this could quickly blow up into a legal licensing mess. I was concerned that I didn't want to delay filing my thesis, but I also knew that I was probably the best person to fight this particular fight. Sigh. However, when I talked to the Berkeley staffer, it was clear that they simply expected the copyright page to look a specific way. Mine didn't look right. The rub was this: I couldn't make my copyright page "conform" without using the phrase "All Rights Reserved". Sigh.
We settled, via a formal appeal to the Graduate Division Dean, on a simple solution that you can see in my thesis: the copyright page says "Some Rights Reserved" and there is a reference to the full legal license in Appendix F. Hurray!
However, it became clear that other students might want to do this too. When danah went to file her dissertation, even though she followed the same scheme as me, the staff hadn't heard of the above exception. With a few mad text messages back and forth, I was able to give danah the name of the staffer I had worked with. This blessed staffer cleared everything up for danah. After that, hers was (probably) the second Berkeley PhD dissertation filed under a CC license. (I'd love to know of others!)
I decided to write a letter to the Graduate Division Dean asking his help to ensure that in the future using CC licenses wasn't difficult.
As reported yesterday in an op-ed, "Copyright and Copyleft in Publications", in the Daily Californian by Ian Elwood, Dean Szeri responded encouragingly a week later:
Two recent Berkeley students to file their dissertations using a Creative Commons license are Joseph Lorenzo Hall and danah boyd. Hall navigated through much bureaucratic red tape, but found that most of his difficulty came from simple formatting issues, not any ideological disagreement by the univerisyt [sic]. Another School of Information graduate, danah boyd, also filed her dissertation under Creative Commons shortly thereafter.
On Jan. 28, the Dean of the Graduate Division committed to make Creative Commons licensing available to future students. All students interested in contributing to the effort to make education more affordable and accessible should consider using Creative Commons instead of traditional copyright.
A couple quibbles: Dean Szeri didn't "commit" to making CC licenses available. In essence the exception I sought to use a CC license was the key event that will allow others to do this in the future. In his response to my letter, Dean Szeri said that my letter was timely because his staff was reviewing this and other options. As I outlined in my letter, what I would like to see happen is that students know that CC licensing is an option and know how to apply this kind of license in an informed way that doesn't run afoul of any formatting rules, let alone legal restrictions.
Also, CC uses copyright to do what it does... so maybe that last sentence would have been better as "...should consider using Creative Commons licenses instead of blindly reserving all rights."
(cross-posted at Localoaf)
Trapcall can unmask callers who have blocked caller ID. 
From Wired’s Kevin Poulsen:
The service, called TrapCall, is offered by New Jersey’s TelTech systems, the company behind the controversial SpoofCard Caller ID spoofing service. The new service is likely to be even more controversial — and popular.
“What’s really interesting is that they’ve totally taken the privacy out of Caller ID,” says former hacker Kevin Mitnick, who alpha-tested the service.
TrapCall’s basic unmasking service is free, and includes the option of blacklisting unwanted callers by phone number. It also allows you to listen to your voicemail over the web. It’s currently available to AT&T and T-Mobile subscribers, with support for the other major carriers due within weeks, says TelTech president Meir Cohen.
It works pretty well, I must say. I signed up with the service that then left a voicemail for me with a PIN number. I used that to confirm I have the cell phone on their web site. Then I dialed a cryptic authorization number that trapcall used to reprogram my phone to redirect blocked calls which I send to voicemail. This sends them through trapcall’s system and then the call gets forwarded back to me with the blockage removed.
I tested this by dialing from a friends phone blocking caller ID with the “*67” block and it worked well: the call came through as blocked, I pressed the iphone power button twice (to normally redirect to voicemail) and the call came back seconds later as from my friends phone. And the indication on the other line is noticable, but not by much.
The best part about their basic service is that it’s free. The paid options include voicemail transcriptions (where you obviously consent to have humans listen to your messages) as well as call recording. I wonder a bit about the last capability… it would seem that I could steal someone’s phone, program it with a beartrap account (the more expensive trapcall account) and have access to call recordings from that phone. It’s not clear to me that there is any necessary indication to the user of the cellphone that all of this is happening.
California voters passed Proposition 11 last November, which modified the state constitution and enacted laws to establish a Citizen's Redistricting Commission. As Tony Quinn says in a new article, "Proposition 11---What Will It Do?", from the fledgling California Journal of Politics and Policy:
The 10th time was the charm after all. Passage of Proposition 11 marks the first time California voters have supported redistricting reform. They had defeated various proposals to reform the way we draw district lines nine times over the past 80 years.
The idea embodied by the new regime seems fairly simple, but, like all good ideas, it gets a bit complex when the rubber hits the road:
In essence, three auditors employed by the State that are each registered to different political parties are chosen at random. Meanwhile, any California citizen can submit an application to the State Auditor to serve on the Commission. The three auditors, called the Review Panel, will then whittle down this large pool of applicants into a smaller pool of 60: 20 from the largest political party in California (by registration), 20 from the second largest and 20 from the remaining political parties.1 Then, the four senior legislators from the State legislature are allowed to strike as many as two names out of each of these three pools. Finally, the state auditor will randomly choose three applicants from the first pool, three from the second and two from the third. These eight Commissioners will, via a complex voting process, elect the remaining six members of the 14-member Commission.
Whew.
It sounds a bit complicated and it is. The Bureau of State Audits (BSA), seeking to implement the Voter's First Act (Prop. 11) in an inclusive and well-informed manner, has asked for input via a number of meetings around the State and via written comments submitted to their team.
When this was first brought to my attention by Kim Alexander, President of the California Voter Foundation, the first thing to catch my eye was the "bootstrapping" use of random selection to eliminate bias from both the Review Panel and the initial eight members of the Commission. (Full disclosure: I sit on Kim's Board of Directors.)
Random selection is a subject dear to my heart. In that vein, I've submitted comments (PDF) to the BSA recommending they use a simple, physical source of randomness---i.e., not a computerized random number generator---and conduct the drawing in public. I pointed out that such public random selection has wide precedent in California government: from the Fair Political Practices Commission's Audit Program, to the California Secretary of State's random selection of ballot ordering to the random selections conducted after each election in California counties to randomly choose the 1% of precincts to manual tally. I also included a set of procedures the BSA could use to conduct a high-integrity lottery-style public random drawing to select the eight initial Commissioners.
I should note that I heed the wisdom of Calandrino et al.'s defense of PRNGs. However, I think this case is distinct in a number of ways: it's orders of magnitude more important of a process and the number of selections to be performed is small.
I look forward to watching how this develops.
1 I guess if you're not registered to vote, you can't serve?
Man, I wish we were more like France sometimes:
The PACS [or Civil Solidarity Pact] was introduced a decade ago by France's then-Socialist Party government. Parliament approved the measure only after a fierce debate because, although its wording was deliberately ambiguous, the arrangement was understood mainly as a way for gay couples to legalize their unions even though under French law they are not allowed to marry.
In passing the law without making it specific to gays, however, France distinguished itself from other European countries that have approved civil unions or even marriage for same-sex couples. As a result of that ambiguity, the PACS broadened into an increasingly popular third option for heterosexual couples, who readily cite its appeal: It has the air of social independence associated with the time-honored arrangement that the French call the "free union" but with major financial and other advantages. It is also far easier to get out of than marriage. --- ("Straight Couples in France Are Choosing Civil Unions Meant for Gays")
Michelle and I are about to celebrate having been together for ten years.
We have no desire nor plans to get married. In fact, because of tax advantages and, vastly more important, health care, we almost recently hopped on the PATH to get married in NYC at their new Marriage Bureau. Alas, that was more than either of us felt comfortable doing.
So, despite the fact that my work health plan would cover us if we were married or gay and in a civil union or domestic partnership, we'll have to find another way to cover Michelle and we won't be able to take advantage of the legal benefits of a civil union or domestic partnership until one of us gets a sex change or turns 65.
Lame.
I've got the blogroll back (see the right panel).
Most of the solutions out there -- like these -- for transforming from OPML to HTML assume that I have a "flat" OPML file or that I want a bunch of bells and whistles (my blogroll needs no javascript).
If you use a reader like NetNewsWire (or Bloglines or Google Reader...) that supports outputting OPML in Groups, these solutions aren't very satisfying. I like the fact that I have a number of "groups" or "containers" in which I read my feeds and I'd like to be able to preserve that when exporting to OPML and also when transforming the OPML to HTML for inclusion on this here blog's blogroll.
Anyway, to make a long story short, I had to write my own. The following XSLT will take an OPML file with groups (i.e., not a "flat" OPML file) and render it with heading tags for group labels and list elements for each feed.
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="html" indent="yes" standalone="no"
omit-xml-declaration="yes" />
<xsl:template match="/">
<xsl:apply-templates select="//body" />
</xsl:template>
<xsl:template match="outline">
<xsl:choose>
<xsl:when test="parent::outline">
<li><a href="{@htmlUrl}"><xsl:value-of select="@title" /></a></li>
</xsl:when>
<xsl:otherwise>
<h3><xsl:value-of select="@title" /></h3>
<ul>
<xsl:apply-templates select="outline" >
<xsl:sort select="@text"/>
</xsl:apply-templates>
</ul>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>
It's actually just barely clever. It's slightly recursive in that it calls itself again if it is on an "outline" node that doesn't have "outline" as it's parent. This only works for single nested groupings.
For b2evo, you can use this and plop the output into the "Free HTML" sidebar widget. Some CSS tweaks and you have something looking quite nice.
Many of my colleagues were disappointed to hear that Riverside County, California had both not completed its hand tally of paper records but also that this tally lasted well into the new year.
Riverside Registrar of Voters Barbara Dunmore answers recent criticisms in an Op-Ed in the Press Enterprise ("Redundant Tallying"). Among other things, she says:
Of the record 657,000 ballots cast in Riverside County, 72,251 were cast electronically. This was more than were cast any other county in the state. In San Bernardino County, for instance, only 20,000 votes were cast electronically -- a difference of more than 50,000 ballots.
This continues to puzzle me. Most counties severely restricted and discouraged use of DREs in order to avoid having tens of thousands of paper records to manually tally. This almost feels as if Dunmore specifically encouraged their use in order to make a point that the 100% manual count requirement from the SoS would be burdensome for counties that didn't use optical scan technology.
Dunmore goes on to vocalize a frequent refrain:
In the end, the results of our mandated hand tally, once completed, were exactly the same as the results reported by the voting units on Election Day. No discrepancies. No errors. They were 100 percent correct. [...]
While I understand that the secretary of state's requirements are designed to ensure accuracy, Riverside County has utilized electronic voting for more than eight years, and each election's results have proved accurate.
Great! That's exactly what a good audit of working technology should show. Of course, the implication here is "Why should we do this?". Well, we don't look at companies and say, "Jeez, the audits of your books for the last few years have been perfect. Why don't you stop doing audits of your books?" The reality is that audits are an increasingly necessary part of election administration and the post-election canvass process. If anything, we need to regularize more, richer notions of audits -- more than just hand tallies -- into election administration.
Dunmore finishes with a lament about costs of voting systems:
The hand-tally mandate is a deterrent to using the millions of dollars in electronic voting equipment we have sitting idle. It would be a disservice to voters to eliminate early-voting programs because of a duplicative mandate that saps resources. But that is a decision we must carefully weigh in these difficult budget times.
Yes, this is tough; early voting poses a real problem in that the preferred technology, optical scan, is very hard to support for early voting. We want to make early voting easy for voters and election administrators. Unfortunately, the voting systems we have today are both expensive and of low quality.
To be clear, I don't agree that a 100% count is required, technically, of each vote cast on a DRE+VVPAT system. In fact, manual tallies of a random sample of machines where the sample size is contingent upon the margin in close races should do the trick nicely. Can anyone defend a 100% manual tally of DREs? To me, it only makes political sense as a deterrent.
We want smarter audits, not blunt ones.
I've updated my b2evolution plugin for Markdown to use PHP-Markdown 1.0.1m.
Get it here: http://josephhall.org/b2evo_markdown/
The other big change is that the instructions now make sense for a more modern version of b2evolution (like the stable 2.4.6 release).
SHA1(b2evo_markdown/markdown_plugin.zip)= 2211fb8b24c5888cf842e4a48a4ab4aa6c4e2a1b
Sheesh.
Upgrading the firmware in an unlocked, jailbroken iPhone is not easy and definitely nerve-racking.
Here's what I just had to do to upgrade from 2.2 to 2.2.1:
root and mobile users from the defaults of alpine and dottie. Recall that passwd mobile will change the password for the user mobile. You'll also have to update any stored SSH keys on machines your iphone interacts with.mobile:mobile.)* BTW, getting into DFU mode can be tricky for some dorky reason... seems that you have to do the following: 1) plug the iphone into your computer via USB, 2) turn the iphone off, 3) hold down the power and home keys on the iphone for exactly 10 seconds, 4) release the power key but continue to hold the home key for 10 more seconds. If you fuck this up, you'll just be in regular recovery mode and not DFU mode and you'll be in for a world of hurt. In that case, you'll probably want to QuickPwn again.
I'm a big fan of S3’s Password Wallet (which syncs with their iPhone version).
The most secure mode of their default password generator generates a random alphanumeric password between 8-12 characters long. In their template format, that looks like this:
{[xX#]:8:12}
Which says characters are randomly chosen to be lowercase (x), uppercase (X) or a number (#), and to randomly do this at least eight (:8) and at most twelve (:12) times.
However, I also like throw in special characters, which you can do like so:
{[xXp#]:8:12}
where p means one of the following characters:
~ ! @ $ % ^ & * . ; : ?Cool!
One thing bugs me though: I'd like to be able to have a toggle for each entry in Password Wallet that would let me specify a different template for password generation. That way, if a site doesn't like those special characters above, I can just flip the toggle and get the random alphanumeric style. (Right now, I have to open the preferences and delete the p from the template to go alphanumeric... and then remember to go and change it back.)
UPDATE: Before this post even when live, Sanford Selznick -- the man behind S3 -- responded to an email that you could use a template like so:
xXxX{p:0:1}xXxX
that will include a special character half of the time. That's a great temporary solution but I'd still prefer named templates. (And, no, I didn't just give you information about my password generation template!)
Even fancier would be something like:
{[xX#]:4:5}{p:0:1}{[xX#]:4:5}{p:0:1}
which produces passwords between 10-12 characters long where the first 4-5 characters are random alphanumeric, then an optional special character, then the same. This will result in 1/4 of passwords generated having no special characters.
I'm going to stick to pure random and a manual toggle, though!
“Rock ’n’ roll has absolutely nothing to do with music. It’s much more than music. Rock ’n’ roll is who you are. You can’t call the Cramps music. It’s noise, rockin’ noise.” --Lux Interior
How does one mourn the loss of a god?
Lux Interior, the 62 year-old frontman for The Cramps, died on Wednesday. He’s survived by the rest of the planet and Poison Ivy, his wife of 34 years and Cramps’ guitarist. The band site has gone black.
The NYT obituary is good... I think I can come to terms with “zombie rockabilly” although I really think they had a unique vision and expression that wasn’t so dependent on the specifics of music history.
Michelle’s favorite band is The Cramps. Our second date was to a Cramps show on 2 November 1997 (our ten year anniversary is in April). And I was pretty much in love after that show. The Demolition Doll Rods opened, and they sucked... mostly naked with skulls hanging from pasties; they couldn’t play their way out of a paper bag.
The second act, Guitar Wolf, was like nothing I had ever seen before, even having played death metal for a number of years in high school (I played drums with double bass). Guitar Wolf is a greasy trio from Japan that are each totally insane. They rock, hard... so hard, in fact, that the lead singer was kicked out of the club about halfway through their set!
Needless to say, I was pumped when The Cramps came on. They were a tight four-piece with a wicked hot guitarist, Poison Ivy, and an impossibly skinny singer, Lux Interior, who was wearing something that was impossibly tight. They played killer song after killer song... “I Was A Teenage Werewolf”, “Human Fly”, “Drug Train”, etc. Each song seemingly ten times better and more raw than the last.
We move to Berkeley for my graduate school and we saw The Cramps three more times, each on a Halloween evening in the 2000s. One of which the newly formed Eagles of Death Metal opened up... and, to everyone’s surprise, their drummer was none other than Josh Homme of Kyuss and Queens of the Stone Age. After that amazing show, I was surprised to find Sarah Ellinger, a SIMS student and someone I mistakenly took for a timid soul, at the front of the stage basking in the rock.
Rest in Pumps, Lux.
UPDATE [2009-02-06T10:59:45]: OMFGWTF... Chelle just pointed me to this crazy recording of The Cramps live in California in 1978 at the Napa State Mental Hospital:
(Image courtsey of canderson)
arrears
money that is owed and should have been paid earlier *: he was suing the lessee for the arrears of rent.*
I thought this was a typo in the NYT Daschle story...
(Cross-posted at Freedom to Tinker)
Paul Blumenthal over at the Sunlight Foundation Blog points to a new report from the Congressional Research Service: “A Federal Chief Technology Officer in the Obama Administration: Option and Issues for Consideration”.
This report does a good job of analyzing both existing positions in federal government that have roles that overlap with some of the potential responsibilities of an “Obama CTO” and the questions that Congress would want to consider if such a position is established by statute rather than an executive order.
The crux of the current issue, for me, is summed up well by this quote from the CRS report’s conclusion:
Although the campaign position paper and transition website provide explicit information on at least some of the duties of a CTO, they do not provide information on a CTO’s organizational placement, structure, or relationship to existing offices. In addition, neither the paper nor website states whether the president intends to establish this position/office by executive order or whether he would seek legislation to create a statutory foundation for its duties and authorities.
The various issues in the mix here lead me to one conclusion: an “Obama CTO” position will be very different from the responsibilities of a chief technology officer. There seem to be at least two positions involved: one visionary and one fixer. That is, one person to push the envelope in a grounded-but-futurist style in terms of what is possible and then one person to negotiate the myriad of agencies and bureaucratic parameters to get things done.
As for the first position, I’d like to say a futurist would be a good idea. However, futurists don’t like to be tethered so much to current reality. A better idea is, I think, a senior academic with broad connections and deep interest and understanding in emerging technologies. The culture of academia, when it works well, can produce individuals who make connections quickly, know how to evaluate complex ideas and are good at filling gaps between what is known and not known for a particular proposal. I’m thinking a Felten, Lessig, etc. here.
As for the fixer, this desperately needs to be someone with experience negotiating complex endeavors between conflicting government fiefdoms. Vivek Kundra, the CTO for the District of Columbia, struck me as exactly this kind of person when he came to visit last semester here at Princeton’s CITP. When Kundra’s name came up as one of two shortlisted candidates for “Obama CTO”, I was a bit skeptical as I wasn’t convinced he had the appropriate visionary qualities. However, as part of a team, I think he’d be invaluable.
It could be possible that the other shortlisted candidate, Cisco’s Padmasree Warrior, would have enough of the visionary element to make up the other side of the team; I doubt she has (what I consider to be) the requisite governmental fixer qualities.
So, why not two positions? Does anyone have both these qualities? Do people agree that these are the right qualities?
As to how it would be structured, it’s almost as if it should be a spider position -- a reference to a position in soccer that isn’t tethered by role. That is, they should be free from some of the encumbrances that make government information technology innovation so difficult.
Do I feel guilty for spending $35 on a t-shirt? Yes.
But, damn if Princeton doesn't need some Gucci.
(via nah)
Someone wrote recently to say there was something funny with my white rice recipe ("White Rice: simple food for the recession"). Turns out I had a major typo in the water amount! Sigh.
And there were some recent disasters with the Waffle recipe I posted a few weeks ago... so, don't cook that one until I get a chance to check it out!
Seems just like "running code" is a good rubric to code by, I'm going to make sure I actually cook exactly from my recipes before posting them publicly here.
I've just upgraded this blog to b2evo 2.4.6.
I realize the theme is rather bubbly, but I'll work on that when I get the time---graphic design takes so long compared to hacking for me!). Meanwhile, if you notice anything broken, holla.
Moreso than getting a new computer these days, moving or upgrading blog tools -- or CMS's in general -- can be a bit stressful. How do you get the benefits of the new or upgraded tool without loosing some or all of your content/presentation? Part of me wishes someone would create a simple "freeze" tool that would just scrape a blog to static HTML and allow you to put that up and no longer worry about vulnerabilities in the old software (note this is especially the case with course blogs, used only for a single semester... their liability as security threats continues way after the blogs cease to be active).
Accordingly, when François announced the 3.0-alpha version of b2evolution was available, I took the opportunity to do a mirror install of the alpha, first installing from scratch and then by copying my databases and content over and doing an upgrade.
Both the scratch install and upgrade worked flawlessly. The 3.0 version is very very slick. Almost everything is perfectly dialed in for optimum hacking.
Here are some thoughts:
If your apache server is running as nobody:nobody, how do you delete files and directories that it has created? That is, since you don't own them, it's impossible to delete them easily. However, with the help of the interwebs, the solution seems to be to write a php script that will use php to delete the files (because it will be running as the offending user). It can be a bit of a pain to write a php script to go delete these, so I've taken some code from lixlpixel on recursive directory tree transversal that recursively deletes an arbitrary directory tree created by nobody:nobody. Find that here: delete.php.txt (rename it to remove the txt file extension).
My b2evolution Markdown plugin still seems to work out of the box. I did see a strange bug related to inappropriate header modification right after activating it in the 3.0-alpha. Over the next weeks (or however long it takes to make it to beta or stable) I'll try and recast this plugin using the templates for more modern renderer puglins in b2evo.
How do you copy a mysql database (so that you don't clobber the real one during tests?). Well, you dump the file and then reload it. Something like:
mysqldump -u username -p database > olddatabase.sql
Then you can create a new database and source this file into it:
mysql -u username -p
create database newdatabase
use newdatabase
source olddatabase.sql
XML Feeds