Geek

Javascript Array to Sentence

2008-02-18T11:30:00Z

I'm sure this is everywhere online, but I couldn't find it quickly.

Requires prototype.

Array.prototype.toSentence = function() {
    switch (this.size()) {
        case 0: return "";
        case 1: return this.first();
        case 2: return this[0] + " and " + this[1];
        default: return this.slice(0, -1).join(', ') + " and " + this.last();
    }
};

$A(["this", "that", "other"]).toSentence();
// "this, that and other"

IT Software Procurement

2007-10-11T19:45:00Z

“The Government are spending public money, and in doing so, it is difficult to see how they are not also breaching state aid rules and providing illegal state aid. If someone cannot access benefits online without using a Windows-based computer, as is currently the case, I do not see how the Government can be doing anything other than involving themselves in illegal state aid.”

John Pugh MP during an adjournment debate on IT software procurement

via the wonderful ORG

holy crap

2007-09-08T16:18:00Z

First blog from an iPhone!!!!

I'm giggling like a girl.

PostgreSQL & PostGIS database installation and setup on OS X

2007-06-05T15:57:00Z

At my new job, we play with maps and do crazy things with spacial data storage. We use the PostreSQL database with PostGIS on top.
Whilst I'm not particularly involved in the development of these things, I do require to have it up and running to develop on the same application. So my first day at my new job wasn't very fun when I had to spend half of it figuring out this PostGIS thing. I never liked Databases (I'm still pushing for flat file storage in our apps), and this new foreign language was very hard, especially seeing as I immediately placed as head of Macintosh support at the company (both of them).
There were a few solutions out there, and I got myself in a pickle switching between custom builds, ports and binaries, unsure about what was what, and which path to go down.

I've now done it a few times, and this is what I find works for me:

Install the "Unix Compatability Frameworks" (Direct Link) by Kyng Chaos
From the Kyng Chaos Postres Page install PostreSQL (You might as well install the startup item as well, although it hasn't always worked for me)
Then PostGIS from the same page
Start the Postgres server without restarting by typing the following into the terminal

sudo SystemStarter start PostgreSQL

If you don't have pgAdmin - go grab it and install it now.
Open up pgAdmin, and if you don't already have a localhost connection in the right sidebar - add a new connection with the host of 'localhost' and all other options default (user = postgres with no password)
In pgAdmin - connect to the localhost server, then right click on 'Login Roles' - the go to 'New Login Role'.
Assuming the DB isn't precious, I find it easiest if you create the user to have the same username as your OSX shortname, witht he same password, and all the Privileges ticked.
Right click on Databases, create a database where the owner is you, with the name that you want. Rest can be left blank.
Open a Terminal window, and run the following 3 commands (replacing yourdatabasename):

createlang plpgsql **yourdatabasename**
psql -d **yourdatabasename** -f /usr/local/pgsql/share/lwpostgis.sql
psql -d **yourdatabasename** -f /usr/local/pgsql/share/spatial_ref_sys.sql

Crack open a beer, and get coding. You've finished setting up.

And by Markdown's interesting interpretation of my write-up, that makes it a 1 step install!

If you have any problems, leave a comment. I'm hardly an expert, but if I'm so lucky as to actually know the problem, I'll update the guide to make it more concise.

If there are no comments, then I'm going to assume it's not because no-one's used this, but that it's so damn good, no-one had any problems.

Plaintext Passwords

2007-04-13T06:53:00Z

My Macbook Pro is down for a few weeks (don't ask), so I've been working on Naomi's Macbook. DefaultSettingsRUs.

Last night I was desperate to listen to Four Tet to get me through some late night work in the office, and as I didn't have my Music collection with me, I tumbled along to Bleep, they're a good independent online MP3 shop that I've always respected after all.

I put 'Everything Ecstatic' in my basket, um and ah a bit, look over at my Soulseek icon. Think 'no! I will support Fout Tet, Bleep (or Warp) and independent labels (even if this one is needing it less and less)'

So I go to the checkout, go to log in. I've forgotten my password, but it's cool. I can reset it through one of those very handy 'Forgotten Password' links. So I do that, and huzah! I get an email. With my password. Clear as day. There it is. On my screen.

I wanted to reset my password. Not be told what it is. Bleep shouldn't be able to tell me my password even if they tried, let alone proceed to email that password.

I cannot fathom a reason for this. All the hard work for one way encryption has been done. It's there to be used. In Rails it's as simple as:

Digest::SHA1.hexdigest('Make me secure!')

In PHP, as Bleep appears to use, it's even simpler (believe it or not)

hash('sha1', 'Make me secure!');

Whilst your there, you might as well salt it as well. But that'll add another 30 seconds onto a 1 minute implementation.

Suddenly Bleep have closed many possible security vulnerabilities:

Anyone with access to the database to would have access to everyones passwords
Email is not a secure mode of transport for data.
On top of email, any time the password is thrown around in plain text, it's vulnerable. This could happen in any of many unforeseen circumstances.

Legacy is not an excuse either. Just a couple of weeks ago, I (not exactly a l33t coder) created a way of supporting two encryption techniques to enable migration over to a new one. In under two hours. Hardly a burden.

Whilst it is often the excuse of developers that 'well, you shouldn't use the same password for everything', it is a fact, nearly everyone does it. It's inescapable. Nobody wants to go out of there way constantly be thinking of security. That is the developers job. On top of this, that doesn't even matter with Bleep. They themselves are a shop. They store(d) my credit card details, on top of other personal info, and an ability to purchase things.

Whilst I'm willing to admit it's perhaps not as high a priority as, say, implementing https, there is absolutely no reason I can think of, or can find online, to not take such a simple step.

So, whilst being slightly outraged at my perceived incompetence in this area by bleep, I received an email from youtube. It was my youtube password. I don't know who requested youtube to send it. It may have been Bleep after my quite frank email to them. It may not have been. I don't know. Perhaps someone was trying to show me that it's not such a bad thing because 'giants' such as youtube do it. If that's the case, then it seems they are proving my point, they managed to get my unencrypted password to be sent over an unencrypted method, to a known destination.

Is this pandemic? Am I missing something? I'm not a security man. I like security to be something I don't have to think about. This is why password encryption is fun, it solves the problem so simply. So why is it not being done?

In the mean time, I've deleted my youtube account, and removed all personal information from my Bleep account. I trusted both of these companies with my details, a trust that is very easily broken.

It's broken.

I'm off to listen to Four Tet, my Soulseek download has just finished.

Update

Bleep have been in contact with me, and they were genuinely apologetic, and not in the least bit believing this is acceptable behavior, but unfortunately it is out of there capabilities to resolve the issue.

I realise I was particularly harsh to them in this blog entry. This is definitely not because they are the only online company to have this practice, nor are they most obnoxious with it. I was simply more outraged as I hold the bleep store closer to heart that any other store, and therefore was more outraged at the time. Like when Apple support play me about, it is not because they are particularly bad, but I expect more of such a great organisation.

So please, do go and purchase some mp3s from bleep. They have an almighty collection of wondrous stuff from Britain's finest independent labels, completely DRM free, and with only the coolest guys at the other end.

And no, they didn't pay me off.

Should a visited link be more or less prominent?

2007-02-17T09:38:00Z

Many will say it should be less prominent, using a shade more similar to the background, and perhaps even losing it's underline. This would allow the user to see the links to places they haven't yet visited, enabling them to explore more and have a better experience.

I don't think it's necessarily as simple as that. Just because a user has been there before, doesn't mean they don't want to visit again. In fact, in many cases I think it's the opposite. In a web app, there may be hundreds of features, of which (despite the designer's best wishes) they won't use all of them. Making prominent links to parts they've used before may be a smart move in customising the experience to them.

Or another example - a list of links. Examples are blogrolls or associated items (like visitors to an event). Many go along the lines of dissolving the visited links as described above, so that you can see the ones that are new to you. However, this is ignoring the fact that the user (or at least I do) likes to scan the list for things I do know first, to gauge context and my interest in the other items, which I know nothing about.

Perhaps the best thing is not to de-emphasise either, but to enable to small but noticeable difference.

These are just thoughts, not answers. Any others?

Twitter and the login/Name dilemma

2007-01-28T18:33:00Z

Twitter is awesome. It incorporates the successful social communication aspect of myspace but without the crud with a super clean interface, and adds a fantastic mobile edge. It removes the limitation of location while adding the limitation of brevity, enabling you to not worry about perfection in your contributions, allowing more fluid and human interaction.
But I won't go any further into this, as it has already been discussed many times.

This is a blog about a very particular and new decision by Obvious, the people behind Twitter.

They, like many services, have a login username, i.e. 'abscond', which is unique. They also allow a more human way of naming yourself, usually your real name, which allows you to use spaces, punctuation, capital letters and no need to search for something unique like jamesdman_28374.

But then comes the dilemma of explaining this to the user, and choosing where to use each one where, something I have come across recently.

Twitter have recently changed the way they display your friends 'tweets' to you, using the unique login rather than the human name to identify the tweeter. They explain that this is to avoid the confusion of having two friends with the same name.

I'm not sure this is a great idea. It's ugly and looks geeky. Phil is Phil Rose not 'hatchetman'. It's like days or yore, with IRC and AOL chat rooms.

At the very least, on the desktop it should be an option that is reversible. After all, it is a specific problem. And the web version tweets have a user picture next to each one. Plus, while I may have have friends with the same first name, most have put their full name down in the name field.

I do think the mobile version is a different thing in this individual case. You are not provided a user picture, or a link to the account to investigate. Plus the login is crucial information if you wish to send a direct message. Also, on the whole, the login name is shorter than the full name and therefore more suitable for SMS messages. In a way, the mobile interface is much like the web 10 years ago, and therefore restricted to the same function over style limitations.
But this is Web 2.48.36.9 RC4, the luxurious new web where a lack of technical restrictions allow us to enact our inefficient human nature. So Twitter - here my plea: Rid me of unsightly lowercase one word names and give me back my friends real names!

Is Myspace winning the web?

2007-01-19T18:15:00Z

In September 2005 Microsoft's number one man for 'profit over everything' Steve Ballmer was quoted in an article saying:

“We won the desktop. We won the server. We will win the Web. We will move fast, we will get there. We will win the Web.”

I won't go into how "I was not shocked but oh so enraged by this", as Molly did so efficiently at the time.

However, I do think that attempts to 'possess' the internet space is an ongoing threat. The economic system we live in today believes in commoditising everything possible, and increasingly so.

But Microsoft isn't the biggest threat by far at the moment. No, they missed there opportunity in a crucial decade of not doing much. The big threat is undeniably Myspace.

Myspace is, in my eyes, becoming increasingly an 'owned' internet. Users are beginning to see myspace providing all of their internet needs.
It has been praised for allowing 'users to create their own content', which I always thought was the internet anyway. Perhaps the internet content was being created by aliens in the 'web 1.0' days. All I see that has changed is that the content is now owned by a single company, avec huge banner ad.
Users also use it to 'message' each other to keep in contact. It doesn't need mentioning that a fantastic non-centralised protocol already exists for this called E-mail. I get a blank look from myspace users when I mention this.
And with myspace rapidly moving into video, music, classifieds and event management, I can easily see a time when many people never leave the myspace.com domain, and I suspect some don't already.

The geek community seems to be turning a blind eye to the elephant under the table that is myspace. Flickr is proclaimed as the greatest success of the century amongst intellectuals, but the greater masses continue swarming to myspace.
The intellectuals don't mind like they do with Microsoft, as it currently doesn't infringe on their playings. They can play with their private servers, and have XFN lists, flickr, del.icio.us and other such geek-friendly services, without being bothered by the myspace giant.

But, at risk of sounding very sensationalist, as centralised services with a legal, marketing and profit motive continues to rise, I know which one fits better into the current economic system, and all those involved in that would prefer.

Throw in the fact that Murdoch is the one at the top of this, and I'll be off now to go don the latest fashion in tin foil hats.

Begging Spam

2007-01-14T06:25:00Z

In the ever fascinating world of spam (no, really), I've noticed yet another new tactic in the fight to implant URLs on my pageranking goodness. Begging and pleading.

Please don't delete these

It's a fresh approach, I'll give you, and pleading to my better side. I'd probably have more of a better side if people didn't use these 'series of tubes' to squeeze pennies for themselves.

Please don't delete, I need the money

It's possible you do. I don't know where you're from, or your situation. So although I have my doubts, seeing as you littered crap all over my site in such a polite manner I'll give you the benefit of the doubt.
The capitalist in me says go get an honest job, but then a capitalist these days would say go ahead, abuse the community resources around you for your own personal gain.
The socialist in me says start a petition or something. I volunteer in oxfam every week for you.
The communist in me says start a revolution. A revolution involving equality for all and no spam.

But please don't spam, it's like (adamnalogy coming) running over a kid in a SUV, appologising and explaining you bought it to protect your kids. Or something.

Creating a blog in Ruby on Rails in more than 15 minutes

2006-11-05T19:45:00Z

I hope everyone likes the new design of abscond.org. I have had some great feedback so far.

I was fed up with Movable Type, mainly for license reasons, and also I don't have a clue how to hack around with it. Wordpress wasn't as friendly to me as people make out (I think it's all that PHP).
So Ruby (and Rails) it was. I dabbled with Typo, even made my own template, and hacks, but it go a bit messy. I had a quick look at Mephisto, but got the same feeling.

So I thought, what the hell, let's make my own blogging/personal site CMS in Ruby on Rails. Now don't fool yourself into thinking I'm some uber programmer who likes to torture myself. I found it was actually easier to get what I wanted in a blogging package if I wrote it myself. With Rails it really is easier to do it yourself. I came from an idea in my head, to being launched in one week, including designs.

I named my CMS for this site 'Arran', after a beer I was drinking (something I might continue as a naming scheme)

We've all seen blog in 15 minutes video, where "woops" you have a blogging package in no time. Of course this doesn't really apply, as it's completely not production ready.

So I thought I'd share how I continued from that video to here, my own personal CMS.
The best bit is I didn't really write most of the code, I grabbed it from here and there, then tweaked it to my liking. So this is essentially a list of links to resources I used, and a little bit about how I used them.

Spam protection with Akismet

This is one of the most crucial steps in making your blog production ready. Spam is lethal. Not using a standard blog package gives you a head start on this, as the spambot doesn't really know what it's dealing with, but there are bots that just go filling in any web forms with the hope it results in something tot here benefit. However the good people at wordpress run a spam checking system called akismet. You pass a comment to it, and it tells you if it thinks it's spam or not, with surprising effectiveness. And another good person wrote a ruby library for it. And another good person wrote a guide on how to quickly implement it. I, like a lot of the commenters, recommend simply marking spam in a Boolean rather than simply not saving it so you can look over what you caught in the net.

Admin area

I think that the quick yet easily extended rails admin plugin is yet to come. I think the nearest so far is Login Generator, as it makes the least assumptions about what you want, yet I find myself performing the same sort of tasks every-time I implement an admin interface on an application. I might create something some time if I obtain the skills.

Last.fm integration

I'm a big fan of Last.fm, I really wanted to include my latest music listenings from there. This is great as it means it's not down to me to keep it updated, and I can't lie and pretend I'm listening to poncier music than I am!
This tutorial very quickly got me on the path of processing multitude of XML files Last.fm provide.

Magnolia link list

Magnolia does a nice job (if a bit slow) at keeping my links. So I regurgitate it onto this site using the Ma.gnolia::API ruby library. All self documented, so it wasn't to hard to lay it all out how I wanted

Gravatar integration

Gravatar is a way of allowing your commenters to have a funky icon to go with them, not only on your site, but all gravatar enabled sites.
This is the easiest of the lot. Try something like:

@image = "http://www.gravatar.com/avatar.php?gravatar_id=#{MD5.new(EMAIL_ADDRESS_HERE)}"

Live comment preview

With Rails' notorious AJAX skillz, you don't need to know an ounce of Javascript to get this up and running. This guide is pretty much all you need to fill and empty div with your preview. And I thought this would be one fo the niceties I'd have to sacrifice not using something pre-fab.

File handling

I have an easy to use, image per blog entry thing going on here. It's something I've wanted as an easy way to brighten each entry up, but hacking it into other blogging packages was always to hard and dirty. I built it right into mine, with the very handy file_column rails plugin. This enables me to handle uploaded files, and make multiple images cropped and resized automatically. How easy.