Facebook Places: Even more botched security settings

Facebook Places... ugh. More security settings to mess with.

Leave this setting at your own peril. Leaving it alone lets *other* people "check-in" on your behalf. Think about it. This will let anyone (your friends by default) tell everyone else where you have been. Without your permission.

The ACLU has even gotten into the action. Check it out.

WTF.

Click Account menu (on upper right), click Privacy Settings, click on "Customize", in the "Places I check in to" drop down select "Customize", select "Only Me", under "Make this visible to / These people" select "Only Me", and finally hit "Save Settings".

But wait, that doesn't really turn it off (but wait there's more). This page describes how to control the setting for Facebook apps.

Click Account menu (on upper right), click Privacy Settings, look for "Applications and Websites" on lower left - under that click "Edit your settings", look for "Info accessible through your friends" in the middle of the page then click "Edit Settings" on this line, uncheck ... everything, but especially "Places I've Visited", finally click "Save Changes".

WTF....

Seriously....

WTF.

Why is this so complicated? Just about any security-related question you ask an end-user is the wrong one (a non-expert can't be expected to give a reasonable answer). Facebook does one better and never asks the question in the first place.

Dogsundercover is now open for business

The Dogsundercover store is open! Holy cow! With much wrangling of the off-planet alien help we have a slick home page and smooth integration into our shopping cart software. We said it'd be June, and by holding their little green feet to the fire and their noses to the grindstones we got it all done. (OK, we all know aliens don't have noses, but you get the point.) Check out the selection of dog duvets (bed covers), blankets, and pillows.

Check it out.

Buy stuff.

Follow them on the Twitters.

W00t!

rickmode.com 3.0

I've gooooooglified rickmode.com. The site is no longer hosted on a generic cheap crowded shared server. This will save me roughly $80 per year. Woo hoo.

I designed the new site roughly like my old one, but simplified and using some neat tricks for gradient box edges (CSS3 styles which don't show up on Internet Explorer).

Read on for more geeky bits...

I'm using Google Apps Standard Edition giving me Gmail support for my rickmode.com emails. The main site is Python application running on Google app engine. The Google Apps domain allows me to configure the Google app engine application to use the www.rickmode.com address. Due to the way Google handles domain names in their cloud infrastructure, the naked rickmode.com domain forwards to www.rickmode.com. In my opinion, losing the use of the "naked" domain is a small price to pay in return for no system administration and the added resiliency from the Google infrastructure... not to mention the nice price of free.

I've also moved my blog from a self-hosted WordPress blog to Blogger. So now I no longer need to keep up with WordPress security updates (even better) the blog can handle high traffic. I may lose some flexibility however I happen to like the design of the Blogger templates. Blogger also supports using your own domain names, allowing me to use blog.rickmode.com rather than the rickmode.blogspot.com default.

My main page pull in the top three blog entries using the Blogger Data API, which uses the Google Data Protocol. This only took about 40 lines of code, including imports and the HTML template bits.

All this still requires my own domain registration of rickmode.com with full DNS control. So for about $10 per year and a bit of work, I have a custom web site with tight integration to a blog, all with no infrastructure headaches. I can concentrate on developing rather than system administration.

Cloud, FTW!

Dogsundercover

My Princess (Gulshen), and two of her good friends, Deborah and Silvia, have launched a new doggy product line and business named Dogsundercover. They are selling dog duvets (dog bed covers), dog blankets and dog pillows. They had a great launch at Fiesta Hermosa on Memorial Day weekend.

The online store will be opening this June, 2010. In the mean time check out the photos. Go check it out. NOW!

(I've been having loads of fun building their coming soon site and am doing most of the photography.)

Intellectual property is artificial

Patents and copyrights are artificial government grants making the intangible tangible. It's the artificialness that bothers me.

Our culture has come to think ideas are real like real estate. But they are not. They are intangible, and so is information. This feels an awful lot like the meme "ideas are cheap; execution is everything".

As all media become more like raw information--as the cost of transmission and storage of media falls--it will act more like ideas. All that will be left is the government grant to exclusive rights. Thus IP holders lobby governments for larger and larger hammers to beat down infringement.

And anyway, the point of limited IP terms is to allow derivative works for the greater good. I don't hear this greater good argument often enough.

The system is flawed. Perhaps short copyright terms as this article in The Economist suggests are more workable as the information will be fresh. It may also be the only realistic solution when the time comes that infringement is effectively free (as in beer). ["Protecting creativity: Copyright and wrong: Why the rules on copyright need to return to their roots", April 8th 2010, The Economist print edition.]

See also on Hacker News.

Lady walking in Hong Kong

Lady walking in Hong Kong, originally uploaded by rickmode.

That's Gulshen walking on one of the many pedestrian overpasses in Hong Kong. The image is (obviously) "photoshopped" using a plug-in called Topaz Adjust.

Common Lisp Pain

I've been looking for the most powerful toolbox to build my own web projects. For me Java and other JVM languages are out. I played the Java game on and off since 2000. I'm set on using a dynamic language. Ruby and Python, while cool and have extremely active communities, both seem crippled version of Lisp to me. So I've been learning Common Lisp (CL) and looking for a CL based web stack.

CL has been a blast to learn. The Practical Common Lisp book is excellently written and fun to work through. Getting SBCL and Aquamacs set up was fairly easy. Getting SLIME going.... took some work.

Then it gets harder.

ASDF. ASDF-INSTALL. What? What's the difference? What's the relationship? So eventually I *get* that ASDF is just the packaging bit, while ASDF-INSTALL is the downloading bit. ASDF-INSTALL is frankly busted. The web of trust chains back to nothing. And I only found that out after I use ASDF-INSTALL to pull down Hunchentoot and CL-WHO. This bombs horribly for many reasons. Eventually I'm pointed to clbuild. This takes a bit of work and for a while my SLIME is dead. Then the guys at #lisp ask if I installed clbuild's SLIME. OK I do that and now clbuild is working. Clbuild isn't terribly sophisticated though. The whole process of putting your own project in a project and exporting symbols is a bit weak. In this respect Java got it right. Heck, Maven (though a *massively* painful tool to use) gets much closer. Clbuild knows how projects are related, but it does not seem to deal with versioning. It only knows how to pull the latest versions down.

But at least I'm running and now I even get how to use asdf:*central-repository* to bring in my own projects, outside of clbuild's directory tree.

Now I finally get the Lisp for the Web example working. Except embedding Parenscript in a CL-WHO with-html-output form doesn't work for me. Next I add in persistence with Rucksack.

That was more pain because Rucksack's with-transaction inside a with-html-output caused an internal error in SBCL (no stack trace). There was nothing for it but to move code around until it worked. Not a happy debugging process.

Using metaclasses to add persistence is just elegant. I'm in. I've seen the the object-oriented persistence problem solved in many ways. I've even worked on a few object-relational mapping tools. The last attempt was in Scala, and even that wasn't ideal. CL and it's meta-object protocol are up to the task though. Rockin'.

So I get Rucksack working with the example and I feel like I'm getting somewhere. Then I find that Rucksack isn't ready for prime-time; the author doesn't recommend it as a primary datastore.

Hunchentoot with CL-WHO and HTML-TEMPLATE seem cool. I'm looking for a higher level of abstraction though.

Then it gets harder.

I take a look at Uncommon Web. Or I try to. It's really just a bunch of source code. So I'm to master a code base before deciding if I even like it? That's just... dumb.

Next up: Weblocks. More documentation. The articles on defmacro.org are very clear and well written. The widget approach sounds promising. The idea building HTML based on object and view definitions sounds really good. Dynamically created and modifiable scaffolding sounds good (as opposed to Rails style one-time created scaffolding). Even better Weblocks installs with clbuild. The demo even fires up right away. Rockin'. Now we're on to something. So today I try to work through the remaining 3 examples. No go. All are busted.

The simple-blog doesn't show blog entries on the main page. That example uses an XML backed store (cl-prevelance), so I'm not interested (why use XML with in a language based on s-expressions?). The weblocks-clsql-demo example tries to use a missing clsql-fluid package. This doesn't come from clbuild; you need to manually patch your copy of CLSQL. Wait so to use Weblocks with CLSQL, I have to make a code change to CLSQL? That's just... dumb. The final weblocks-elephant-demo uses a symbol, drop-instance, which is not exposed in the latest version of Elephant. Busted. This is exactly the sort of version issue with clbuild I mentioned above. Lame. So Weblocks, though promising, is not maintained in a useful way. Sad.

All in all, CL is feeling very fringe. I see blind spots. CL is the Lisper's Blub.