Monthly Archives: July 2009

Twitter and politics

Posted on by

John Prescott decided to write an article commenting on how politicians use social media, off the back of Cameron’s “twat” remark. He said that having to get your point across in 140 characters forces them to be concise and to have an actual opinion, not avoid the question.

One of the comments to his article was

Yeah, more empty sloganeering is exactly what the country needs.

thaumaturge

And I can see their point. The example that Prescott gave – “tough on crime, tough on the causes of crime” – was a bad one. That’s not really the use of twitter.

Cameron apologises for saying offensive 4 letter word on radio – TORY? http://tinyurl.com/mtd6sj

@johnprescott

That’s more like a twitter usage. It’s not a party policy message because there’re better places for those to go. The limited characters really isn’t enough for those. But a quick quip, off the cuff, makes the politician more human. Someone we can relate to better and get to know on a more personal level.

I want more politicians to be using the Internet like this. You can have an actual conversation with them on twitter and sometimes they even reply. People have to remember, and respect, that you’re voting for an actual person, not a party. Just because a person is a member of the Labour party, it doesn’t mean they back national ID cards, for instance. Voters need to know who the person is, not just what party they’re in.

As always where politics is concerned, people are idiots. The comments to that article could have been a nice debate about the uses of the Internet within our executive, but instead they turned mostly into people complaining about Labour. The damn article had nothing to do with Labour. STFU.

Sweatiest. Day. Ever.

Posted on by

I went to Laura’s this weekend, having not seen each other for weeks — since we finish university actually. Happiness definitely ensued. Chris came too, and Bryan lives right next to Laura so the gang was almost complete! ‘cept for Luke who just didn’t put any effort in.

High points included:

  • More pizza than was really necessary
  • Discovering they do Southern Comfort in a can
  • Rediscovering lemon slices
  • Making that egg in bread thing in frying pans that were clearly too small
  • Being enraged by Dr Robotnic!
  • Getting zeros for the first few sets of bowling, and then half strike it all the way home (and still losing)
  • Being able to tick off Clockwork Orange from my list of films to see — fucked. up.
  • Chris kicking a hedgehog so hard even the RSPCA would be impressed
  • Finding out Dagny Taggart likes it rough
  • Deciding to want to become a professional laser tag player, and becoming very hot whilst deciding.
  • Meeting Charlie!
  • Battling with Laura to keep her clothes on
  • Being yelled at in a forest, and fleeing for our lives

Good times. :D

Lets irrigate Africa!

Posted on by

I was watching the rain today, and was wondering why places like Africa don’t get water. “Because it doesn’t rain,” was the obvious answer. So, if the water won’t come to them why not take the… water… to them… (Dammit, I’ve never been able to use that cliché).

But anyway, my idea is this. Africa is surrounded by water. Like a farmer bringing water to his land from a near by river, why not do that for the centre of the country, where they’re dying of thirst? The idea is stupidly simple, and I’m sure there’s a glaringly obvious problem with this idea, but no one has been able to point one out to me yet.

Basically, dig a huge river (I suppose that would be called a canal) ultimately from one side of Africa to the other. Right along the equator. It’ll fill with sea water. They obviously can’t drink sea water though. But I’ve thought of that too!

Along side this new canal build a bus stop like building over the top of it. The water will evaporate and condense on the plastic of the cover and run down the sides into some sort of container or pipe, which will lead the water to a water well. It’ll now be fresh water and clean enough to drink.

The biggest barrier I guess would be funding it, but I can’t imagine that a plastic sheet and a few pipes could be that expensive. Some company could just donate them. And I’m sure the Africans would happily work for free to build the river – after all, they’re getting fresh water at the end of it.

So, tell me why this is a dumb idea?

Encryption: Symmetric hashing

Posted on by

These are things I do know (though I don’t understand public/private keys), but since I’m having problems with signing OAuth requests, I figured I’d brain dump my knowledge, filling in any gaps with research and hoping that I’ll understand why my signing isn’t working. If nothing, I’ll have a blog post about encryption to help people. I’ll mostly be talking about encryption to do with OAuth though.

If you’d rather hear about this from someone that knows what they’re talking about, rather than someone who’s building up their knowledge as a lone wolf and possibly going in the wrong direction, then you’ll want this post on security architecture.

OAuth wants to let one website access a user’s private data on another website, using HTTP. That basically means that all requests are made through URLs (either which get parameters, or through post data). That kind of data can be snooped on by malicious people through a man in the middle attack where the data can actually be changed before being sent to the server, or someone could just store it by watching wireless communication, or if you have a virus on your computer/router/access point which is relaying traffic to someone.

For instance, a customer could click the URL:

http://www.orderadrink.com/drink_order.php?drink=tea&customerid=1234

But then an attacker could see the request, and before it gets to the server where the order would be processed, they could change it to:

http://www.orderadrink.com/drink_order.php?drink=coffee&customerid=1234

And then the customer gets coffee for some reason unknown to them… OAuth fixes that problem by hashing the parameters with a salt (passphrase) that only the consumer (the person sending the request) and the service provider (the person receiving the request) knows. For instance, when I signed up for a developer API account with Google they gave me a phrase that I keep secret. Only Google and I know it.

For instance, the consumer and service provider could both decide that they want to do rot13 on all the parameters. So we take “drink=coffee&customerid=1234” and rot13 it making “qevax%3Dgrn%26phfgbzrevq%3D1234″ (we need to do a urlencode() on it too, since it’s a GET parameter). Then we send this URL to make our order:

http://www.orderadrink.com/drink_order.php?drink=tea&customerid=1234&hashed=qevax%3Dgrn%26phfgbzrevq%3D1234

Now, if the hacker decided to change “tea” to “coffee”, orderadrink.com would notice because the parameters no longer match the hashed version, so they wouldn’t allow the action to happen.

Any hacker worth is salt (pun unintended) would immediately notice that that’s just rot13 and would change the hash accordingly. So we use a more sophisticated method of scrambling the parameters. One of those methods offered by OAuth is HMAC-SHA1.

This encrypts the data you give it using a sort of cypher. Damn near impossible to guess, or even to work out. Whilst, it’s not impossible to crack, it’s rarely worth the cracker’s CPU time (which could take years if we’re lucky). So I send the parameters hashed using HMAC-SHA1, using the secret phrase Google gave me, and they just decrypt it to check if the values match up.

I was planning on doing public/private key explanation too, but I really don’t understand it… I’ll go and do more research and maybe do another post on it. I think that’s the problem I’m running into with OAuth; I’ve chosen the signature method that is “more complex and requires key generation and a longer learning curve”. That’ll show me for jumping in at the deep end. I’ll just work with HMAC-SHA1 for a while, which I do understand.

The state of the development community

Posted on by

Blogs were first made as soap boxes so allow me to get up on mine and moan for a little bit.

I’ve been trying to figure out OAuth, so I can use the YouTube API on a project I’m working on. It’s had a fair bit of coverage too; it was talked about at i/o last year, twitter has made it fairly popular, and so a lot of others have joined in too. It doesn’t look like it has much of a developer community though… The freenode room has 13 people in it, compared to #linux, #wordpress or #php’s usually maxed out rooms.

Because of the apparent lack of individual interest though, I’ve literally been able to count the number of resources I’ve seen on one hand. There’s this developer’s guide by Google, the oauth spec, there’s some code examples and a library – but I wouldn’t really say they’re for new comers to this scene, and then there’s a pretty comprehensive documentation.

I’ve not really been helped much by any of that, though.

I was mostly just told to use the library to do what I needed, but there’s not much documentation, and the examples given aren’t really explained. Maybe I’m just not as smart as I need to be… And I think that’s what annoys me so much. I’ve really tried hard – and it’s not like I’m a help vampire or anything – I’ve actually put a lot of work in before asking in the #oauth channel. I’ve read, and reread, that spec, but I’m still a littlelot confused.

I wrote a function to nab a request token (pastebin link should stick around for a month – it’s broken anyway, you’re not missing much if you don’t get to see it), which essentially creates a URL. But that’s not correct. I was just told to use the library but I don’t even know where to start with it…

I’m not complaining about the current work that’s being done; I think it’s awesome that the current developers are working on it and at least some people are benefiting. I really don’t mean to be offended anyone. I guess I just felt like moaning; the entry barrier to this stuff just feels too high.

Sigh.

RSS quilt type thing

Posted on by

Ages ago I was trying to find a cool start page which I could set for my homepage; I’d grown bored of Reader because it stopped me going to other websites. I stuck with /r/funny for a while before switching to the Onion. Ultimately they weren’t giving me what I wanted, so I decided to make my own.

So I made this RSS quilt type thing, and it’s pretty perfect for me at the moment. By default it uses data from the combined RSS feeds of Reddit, BBC, the Guardian, and Ars so it’s a pretty nice pool of information for me. It only shows the headlines too, and that’s all wanted. Putting the body of the articles on would take up way too much space.

Dark items are newer items, whilst lighter items are older. Eventually they get so old they’re barely visible – but you can mouse over them to see it clearly again. Not that I’d want to, if it’s that old I’ve probably already read it. It checks for updates to the feeds every four minutes too, and then inserts them nicely into the page (in an element that you can see, so it’s not inserting elements at the bottom of the page where you won’t notice). It adds new elements in italics too, just to make them extra prominent.

Article order is always randomised

You can change the feed by clicking the modulo symbol in the navigation bar. You’ve got to put the actual RSS feed URL into that though. You can also nab the bookmarklette (click the question mark in the navigation bar) and that will hopefully find the RSS feed for the website you’re looking at when you click it.

Using it in full screen mode is cool. 100% filled with information, pretty much.

Not quite finished yet though, still a couple extra things I want to add: some option (without adding more text to the page) to say “I’m tired of seeing this story, get rid of it” and have that data locally stored in the browser. If the article is a picture post, or at least has a prominent picture in it, then show the picture rather than the headline. Add options to change the gradient from black to lighter to other colours. Dynamically insert an entire new feed (this shouldn’t be that hard, just need to rejig some logic around).

YouTube comments suck, someone should fix that.

Posted on by
Intellectual heights known only to YouTube

Intellectual heights known only to YouTube

YouTube’s comments really suck. In fact, most of the videos suck too, but every comment is pretty much awful. This is problem most likely came around because of the size of the community just exploded, there’s no reason to be held with any respect.

Places like reddit are still in that point where they don’t have too many users, so the quality of comments is still pretty high. Talk in text speak and you’ll be down voted to oblivion. Whereas on YouTube that seems an okay thing to do.

Each video – even really obscure videos – always seems to have a new comment thread made within the last day or so, making it impossible to have an actual, productive conversation.

There’s also a problem with threads… If you click “reply” to most threads, you just start another thread… Sometimes it works as a nested comment, like expected.

So, to fix the problems we need a smaller community, with more power for each user to vote on the smarts of each comment… We obviously can’t get rid of 90% of the YouTube community, but why can’t we just ignore it?

I was thinking someone should make a Greasemonkey script which removes all the comments on videos, and replaces it with comments maintained by someone else’s service. The new service obviously won’t be adopted by 99% of the current YouTube raff so we’ll get a smaller, more sophisticated society of people commenting on videos.

I like this idea. Someone should do it, or maybe I should.

Edit: Looking into this more, you can probably use the Disqus API.