HeresTomWithTheWeather

This is Gilbert Perreault and Rene Robert remembering Rick Martin yesterday.

The French Connection line is why I've been a hockey fan since I first saw a hockey game on TV. Even on warm days, I wore my Sabres jacket to elementary school and I played hockey at the Ice Haus in Houston before it was demolished to build the Town and Country Mall. C'est la vie.

In a recent post about Facebook, I linked to RFC 1087: Ethics and the Internet. Although my point was clear that people were leaving Facebook on ethical grounds, I didn't go into more detail about RFC 1087.

Heres what RFC 1087 says.

The IAB strongly endorses the view of the Division Advisory Panel of the National Science Foundation Division of Network, Communications Research and Infrastructure which, in paraphrase, characterized as unethical and unacceptable any activity which purposely: ...(e) compromises the privacy of users.

EFF explained how Facebook compromised the privacy of its users.

Today, Facebook removed its users' ability to control who can see their own interests and personal information. Certain parts of users' profiles, "including your current city, hometown, education and work, and likes and interests" will now be transformed into "connections," meaning that they will be shared publicly. If you don't want these parts of your profile to be made public, your only option is to delete them.

So why should we care about the ethics of privacy? Why did the Internet Activities Board think this is important?

If you agree with Zuckerberg, privacy doesn't matter. If he's right, then we shouldn't mind if uninvited strangers read our email, right? For some people, Facebook's bait and switch may have allowed that.

A common option when you lose the password to your web email service is to either have a password reset link emailed to you or you can answer a security question that you have previously answered. For instance, one popular web email service presents "what was your favorite childhood book?" as a choice. Maybe you really loved "Winnie the Pooh." If you are using this particular web email service and chose that question and answer and you also listed the book in your Facebook interests, then it would be very easy for a stranger to gain access to your email (when he could not previously). You don't have anything in your email you would like to keep secret, right?

Update 7/15: Eben Moglen

Labels: ethics, facebook, privacy

Maybe 20 years ago, a friend let me borrow a copy of To Kill a Mockingbird. The 50th anniversary reminds me that I need to return it. It's no surprise that this book has come under criticism. It tells a kind of story that is not often heard.



It is when Jem is allowed to have a rifle that we learn the meaning of the title. Atticus says

I'd rather you shot at tin cans in the back yard, but I know you'll go after birds. Shoot all the bluejays you want, if you can hit 'em, but remember it's a sin to kill a mockingbird.

In I Remember Atticus, Jim Perdue explains this reference.

Blue jays are viewed as the bullies of the bird world. They're loud, territorial, and aggressive.

These blue jays are not people but institutions and their functionaries. The social construction of reality is composed of stories these loud blue jays construct to legitimize their place in the world. The loud blue jay overwhelms any evidence that is contrary to its story.

In the Wall Street Journal, the loudest blue jay of them all, Allen Barra explains why we must shoot the Mockingbird.

In all great novels there is some quality of moral ambiguity, some potentially controversial element that keeps the book from being easily grasped or explained.

From the blue jay's perspective, there's two types of stories: the story told by the blue jay or stories that are controversial. Any other stories, like To Kill a Mockingbird, are unacceptable.

Who was the Atticus Finch where I grew up? It was the head high school football coach, Oscar Cripps. Like Atticus, Oscar Cripps is the man we all wish we were. He inspired us to be better people. "There is no I in team." For all of us who have been blessed by his sacrifice and integrity, there is no controversy. I noticed this recent reference to an effort to honor him.

SBISD should defer to campus leadership when it comes to allowing schools to maintain and build on its traditions. When a school overwhelmingly wants to honor a former teacher with the naming of a new campus facility, it is absurdly bad management for SBISD to prevent that from happening. It is typical bureaucratic government thinking to substitute a bunch of top-down regulations and Board politics for the common sense of the people who know best about what is right for the school. When a school board overrules local desires, it creates separation from a community that wants to be supportive. No community affairs expert would ever have advised SBISD to oppose the tsunami of support for naming a stadium for a community legend like Oscar Cripps. But SBISD seems incapable of understanding, or even caring, about what locals want.

What is this about? From the same online publication, an earlier article explained what was going on.

Kellner said she understood from the dozens of e-mails and calls she and other trustees received supporting Cripps that he was an outstanding coach. But she said the district has a thick file on Cripps containing evidence that made it difficult for her to support the naming.

"We need to adhere to the highest standards, we need to avoid additional controversy," Kellner said.

Really? Thank you Spring Branch Independent School district for the living example of the relevance of To Kill a Mockingbird on its 50th anniversary.

Update: Somehow I overlooked this post with a number of comments earlier today. The comment by Bob King was particularly interesting and is a must read. Another comment is found here: "The beautiful thing is that Oscar Cripps doesn’t need this (the facility naming)," he said. "He couldn’t care less. There are thousands of people who would run through fire for this man."

I mentioned my admiration for Danah Boyd's work in a previous post almost three years ago:

I usually don't say much about online social networks since Danah Boyd pretty much says everything that needs to be said.

With the extraordinary recent blowback against Facebook and her SXSW talk, I was curious to see if she had blogged about people quitting facebook, and indeed, she has: Quitting Facebook is pointless; challenging them to do better is not was a worthwhile read and I found myself agreeing with her for the most part.

However, consistent with pretty much everyone else I've seen explaining their decision to stay with Facebook, she unnecessarily creates imaginary straw men: people who are leaving just because they're unhappy. I don't know anyone who is leaving just because they're unhappy. I do know people departing because of Facebook behaving unethically.

Let's cut to the chase and get to the part where Facebook is the abusive boyfriend that everyone has to stand by. Boyd explains that we have to stand by Facebook because it has put its users in a vulnerable position:

I believe that a significant minority of users are at risk because of decisions Facebook has made and I think that those of us who aren’t owe it to those who are to work through these issues.

This is an honorable position that lets us preclude leaving facebook from having any meaning unless it changes the behavior of Facebook. However, many people are leaving exactly because they have learned that Facebook holds all the chips in the relationship and will not change. If they and people they care about can leave Facebook without damage, that is meaningful for them regardless of its effects on Facebook's behavior. Can you say cult?

If all this sounds strangely familiar, it is. Again, we have a case of a corporation privatizing profits while socializing costs (our time) and by sticking with facebook (and falling for a "bunch of mistakes" - predators do not mind being thought incompetent), we're bailing them out. Good luck with that.

Assuming Facebook won't change, the only answer for a problem like this is for people to leave. It's a world wide web last time I checked and this is a trainwreck we've been watching in slow-motion for four years that demands more and more of people's time. Time that people don't have to deal with this nonsense anymore. It's time to get radical about protecting our time.

Labels: facebook

Maia Oden will be returning to Texas in a week and she's going to make a trip to Austin to play at Cafe Caffeine the evening of December 27. This is great news!

After attending college near her hometown in Texas, she found her way to Boulder and Taos for many years. It is just recently that she started to record music. Some of the songs are on her MySpace page. The name of the band is Laughter's Fountain.




I don't keep up with too many people from college. But I've kept up with Maia and also with my friend Lewis as Lewis and I frequently enjoy the live music at the Continental club. Lewis and I saw Maia perform a couple of short gigs in college. It will be great to see her sing again!

Labels: austin, maiaoden, music

I'm really looking forward to the Austin Co-op Music Festival tonight at the French Legation Museum. A new crop of sustainable businesses (Black Star Beer Co-op, South Austin Food Co-op...) are emerging in Austin and this seems like a great place to talk to like-minded people.

802 San Marcos St. (Google Map)
Austin, TX
When: Friday Oct 24
6-10PM

Labels: austin, coop, music

Update 9/28 - Barry Ritholtz shares a bailout comparison graphic buried in the Sunday NYT.

Dozens of protesters along 6th street in front of the offices of JP Morgan and Senator John Cornyn yesterday evening.


An Austin man questions the sanity of giving handouts to the same people who created the financial crisis...


Another protester shares his thoughts...

Labels: austin, banking, federalreserve, protest

Today is One Web Day, Earth Day for the Internet. Cafe Caffeine is hosting Austin's OWD today (Live video feed here). If you want to hear how this interview of Bernard relates to One Web Day, tune in this evening at 5:30.

Update (1:15pm central): Douglas Rushkoff is guest blogging on boingboing today. His book Get Back in the Box introduced me to Bernard in January '06.

Update 9/23: Rushkoff blogs at boingboing today on open currency.

Update 9/23 #2: "It is time we use the inspiration and power of this technology, this community, this dream, to fix what is broken in this real world. It is time the virtual gets used to fix the real...But the fact is things are this dark, and we have been given that tool. And we must use it to learn again how citizens govern." - Lessig on One Web Day.

Labels: austin, onewebday, owd, sustainability

It's late Sunday night and I'm fixing spaghetti with picante sauce while doing laundry. Who is up for some technical blogging?
Update 10/16 - OpenID support is now in the master branch of Insoshi. If you install Insoshi, you've got it.

Update 1/17/09 - updated Austin on Rails pointer which changed.

Insoshi is open source software built with Ruby on Rails. It lets anyone create their own social networking website. Insoshi is a work in progress but since it is open source, it can be improved by anyone. On August 23, there was a request for OpenID on the Insoshi google group. Tonight I'm going to describe the steps I took to get OpenID working with Insoshi. If you want to try it out, just clone my fork of Insoshi on github, do a git submodule init & update, and follow the installation instructions. Of course, let me know if you have any questions or suggestions.

Insoshi is available under the AGPL. As the Insoshi site explains, the AGPL is like the GNU GPL but fixes the loophole for web applications.

Insoshi uses the restful_authentication plugin, so I decided to use the open_id_authentication plugin since plenty of people have already described their experiences using these two together. Currently, the open_id_authentication plugin on github does not work with Rails 2.1 as it is dependent on changes made in edge rails, so I forked my own copy (including it as a git submodule) and made two changes to get it working with 2.1 again. The first change for 2.1 compatibility was unfixing OpenIdAuthentication module's requested_url method to go back to using the deprecated (for edge rails presumably) request.relative_url_root. The second fix was similarly easy to fix. For this one, I lazily borrowed the solution from another fork instead of writing my own. Fields that are posted by the client when she posts her OpenID need to be plumbed through to the OpenID server so that they are available after redirecting to the OpenID server. What was happening here was that the authenticity token posted from the client was getting lost. We fix this by passing the token to the OpenID server. The authenticity token is what prevents cross site request forgeries (which I described at Austin on Rails last year)

Update 9/15: Josh fixed #1 five minutes ago.

Now that the openid plugin is compatible with Rails 2.1, let's start using it within the existing restful_authentication generated files. For the basics, I'm using the railscast episode approach. First, make sure you have the ruby-openid gem installed.

If you're familiar with restful_authentication, you know it generates a sessions controller and a users controller. Insoshi renames the latter the people controller. Note that in the Railscast, it refers to a login instance variable of User. I have changed this instance variable to name (of Person) to work with Insoshi. For old school logins, the client identifies himself with an email parameter instead of a login parameter and for OpenID, the nickname from the OpenID server is assigned to name instead of login. You can see these basic changes here. Also note that for OpenID logins, I've bypassed the validations associated with passwords in the Person model by changing the password_required? method in the Person model.

Update 9/15: We also need to gracefully prohibit an email login for an account that has an OpenID associated with it. So, we change the lookup in Person.authenticate to

u = find_by_email_and_identity_url(email.downcase.strip,nil)

I like the way slicehost's OpenID login lets you toggle between OpenID and old school so I'm doing it that way too. The javascript I checked in differs from slicehost in that I clear out the openid_url field when the old school form is chosen. This way, when the old school credentials are passed, I can easily detect it is not an OpenID login. (I use slicehost for all my deployments)

So, what if the required fields (email & nickname) provided by the OpenID server do not validate? We need to provide the client the opportunity to manually populate those fields. In this checkin, I save a verified_url cookie variable so that when the required fields are manually submitted, we also have an openid to create the new Person.

Before I cover the "remember me" function, I should mention the demo mode you can put Insoshi into. If you log into Insoshi as admin, you click a checkbox for demo mode. I did this as it prints a nice message "This is a demonstration site. Data may be modified or removed without warning." (You can see this message on Insoshi's demo site) After I did this, I got an IM from Rich telling me he was editing my profile. I proceeded to get very paranoid wondering how I had screwed up. It soon became apparent that demo mode makes person id 2 the demo account which everyone can automatically log into. Of course, I was person #2 (admin is #1).

Rails 2.0 introduced cookie-based sessions by default. This requires a secret key to generate hashes for session variables stored in cookies. Because Insoshi is an open source rails application, another thing to keep in mind is that Insoshi could not simply use the rails app generator to generate a secret key. Each installation will generate its own secret key. Since you will be keeping your keys in the home directory, you will need to create a symbolic link in your deploy.rb to your shared directory so they don't get blown away when you deploy. Obviously, you won't be checking them in to your repository (Btw, you will also need to do this for your public/photos directory for your attachment_fu profile photos or they will also disappear when you deploy.)

The "remember me" check box is delegated to the OpenID server, so for OpenID login, the checkbox on the relying party website should not exist. For instance, when the client logs into a website and he's redirected to his OpenID server, the client will be presented with a checkbox that says, for instance, "Skip this step next time I sign in to openidconsumerxyz.com." If the client checks that box, then subsequent accesses to openidconsumerxyz.com will allow the client to proceed immediately without seeing anything from the OpenID server. This will happen if the OpenID server is sent a checkid_immediate mode request. However, the open_id_authentication plugin does not support checkid_immediate. Also, if we modify the plugin to send the checkid_immediate and the client didn't click "skip this step" then the server will send SETUP_NEEDED and the plugin will try to access a setup_url instance variable of the response in complete_open_id_authentication(). First, this is a private variable so it will throw an exception. Second, the setup url is no longer supported in the OpenID 2.0 specification. So, in the next update we'll work around that.

Labels: insoshi, openid, opensource, rails, rubyonrails

Here's Brandon Wiley welcoming everyone to StartupCampAustin. Agenda here.

In the first session in the Quadrangle room, the tables were arranged facing the podium but there was no speaker because sessions were topic-driven, not speaker-driven. We decided to scrap our expectations from previous barcamps and we rearranged the tables in a circle, campfire-style.

This first session was on scaling. A facilitator was chosen and we were off! But something wasn't quite right with the topic. The topic seemed somehow inappropriate (even though we voted for it), maybe because of the many different circumstances that scaling refers to or maybe something else. By the end of the session, there seemed to be a rough consensus that a startup generally shouldn't be wasting time thinking about scaling their technology solution. It seems that often times scalability problems result from failing to practice the principle of subsidiary function. "But we're too big to fail!"

The next session I attended was the cooperative solution. For me, this was the most educational. Donald Jackson facilitated this one. The main contentious claim by a few participants was that, sure, a cooperative might be good for some things (outdoor sports equipment, credit unions, food, etc), but worker-owned cooperatives are not a good solution for a technology outfit. My response to this was that, although a collective might not deliver growth associated with well-known powerhouses like Google, there seem to be several advantages for independent freelancers to form a small collective. Often times, a cooperative can provide better service to customers with better availability and skill sets than one person can provide. How would a cooperative be any better than an S-Corp, LLC, etc?

Speaking of which, the last session I attended was on the well-known business entities. Scott Allen advised that sometimes an entity is not the right path as a contract arrangement for joint work may be a lot simpler. Scott, Joshua McClure and Jennifer Navarrete and others shared lots of great advice. The campfire style was perfect for this topic.

At the end, people were invited to give 3 minute pitches of their products. This was a great idea because I've seen 30 minute pitches suck the life out of barcamps. The pitches were fun this way.

Brandon and Joey Lopez did a great job un-organizing startup camp. At the end, several people expressed the desire to have startup camps once every 3 or 4 months.

Labels: austin, barcamp, startup, startupcampaustin

Tonight at Tech Night at MonkeyWrench Books, there was a conversation about Twitter which drifted into a conversation about the more decentralized open-source identi.ca done by Evan Prodromou. My mis-pronounciation of Evan's name sounded familiar enough to Brandon Wiley, the original coder of Freenet, that he recognized him from the early days of Freenet. A funny story about their first meeting which was at the O'Reilly P2P Conference was followed by an interesting conversation started by Donald about a decentralized urban farm in San Francisco called myFarm.

After the meeting, Brandon reminded us about Startup Camp Austin and I asked Brandon if I could get him to do a PSA for the event and he agreed.



Brandon, who is a regular at Austin Jelly, has a new startup called Ringlight. Brandon introduced StartupCampAustin at his blog a week ago.

Labels: austin, freenet, jelly, startup

So says Charlie Rose in his recent interview with JP Morgan Chase CEO Jamie Dimon in regards to what has been called the Bear Stearns bailout. Bear Stearns did not get bailed out. Bear Stearns was given to JP Morgan Chase by American taxpayers. Senator Christopher Dodd, chair of the Senate Banking Committee, made this clear in this All Things Considered interview at NPR.

This is an unprecedented action. For the first time ever, taxpayer dollars of this magnitude were paid at risk without a huge guarantee that we're going to be protected as taxpayers.

In the spirit of the shock doctrine, JP Morgan has acquired the fifth largest investment bank with taxpayers footing the bill if it doesn't work out. Dodd also wonders about what seems to be a conflict of interest:

I have great respect for Jamie Dimon who is the head of JP Morgan. He also sits on the board of directors of the Federal Reserve in New York...and so the question is here: having decisions be made over the weekend with an institution where its leader is also a member of that board raises some serious issues that ought to be addressed...I've had some people over the last several days say that we're creating a model for future events. If that's the case, then I'm deeply worried about it. I'm willing to accept that this was a one time-event. We were under a clock and decisions had to be made but the idea that we are creating a permanent model for future events like this is troubling to me because of the idea that the American taxpayer is being put on the hook.

However, there was no mention of the conflict of interest by Dodd in the senate hearings on April 4.

Later this week the Netroots Nation conference will be here in Austin. House Speaker Nancy Pelosi will be giving a keynote on Saturday. Part of that is taking questions from the highest rated questions at Ask the Speaker. I have submitted a question here. If you agree, please vote it up.

Of course, I'll be twittering live from the conference too.

Update 7/14 - Ellen Brown who helped me craft the question has a new post on globalresearch.ca:

Rather than bailing out bankrupt banks and sending them on their merry way, the Federal Deposit Insurance Corporation (FDIC) needs to take a close look at the banks’ books and put any banks found to be insolvent into receivership. The FDIC (unlike the Federal Reserve) is actually a federal agency, and it has the option of taking a bank’s stock in return for bailing it out, effectively nationalizing it. This is done in Europe with bankrupt banks, and it was done in the United States with Continental Illinois, the country’s fourth largest bank, when it went bankrupt in the 1990s.

A system of truly "national" banks could issue "the full faith and credit of the United States" for public purposes, including funding infrastructure, sustainable energy development and health care. Publicly-issued credit could also be used to relieve the subprime crisis. Local governments could use it to buy up mortgages in default, compensating the MBS investors and freeing the real estate for public disposal. The properties could then be rented back to their occupants at reasonable rates, leaving people in their homes without the windfall of acquiring a house without paying for it.

Labels: NN08

An interesting thing happened on Friday. I showed up for the weekly Jelly at 10. The wireless router was on its last legs. I twittered a heads up. At 10:25, I decided I would be more productive at my client's site. It wasn't a wasted trip as I got to talk shop with a few people before I left.

Back at Cafe Caffeine, Jelly was still happening but without wi-fi and wi-fi is the sine qua non. So, after weighing alternatives, Stephen Gutknecht and Sarah Vela chose a plan of action. Since the manager of the coffeehouse was away, Stephen assumed the risk of the purchase of an Airport Extreme which Sarah picked up from the nearby Apple Store at Barton Creek. By noon, Jelly had wi-fi.

Soon afterwards, the manager arrived and Stephen emphasized that it was his choice to do it and wasn't looking to force them into buying a particularly expensive router. Management appreciated the grassroots energy and reimbursed Stephen for the router.

Chalk up another win for local independent coffee.

Labels: austin, cafecaffeine, jelly

...tagged by Ashley.

What was I doing five years ago?-- As this week is, it was another week with Friday the 13th. On Thursday, June 12th, 2003, I took some time off work to make my annual pilgrimage to Seattle for SIFF 2003. On Friday, I saw Dirty Pretty Things and PTU. On Sunday, Kopps, Surplus: Terrorized Into Being Consumers and Yes Nurse, No Nurse. Two weeks later, on June 26, Auz sent me an email titled "YABI #1." It began

(Yet Another Bad Idea)

Working Title: gnuFlix

Essentially: physical P2P network as backend to Netflix type system

Five Snacks I Enjoy-- 1) a ziplock bag of cookies, pineapple, cantaloupe and carrots 2) junior mints 3) chocolate brownie cliff bar 4) tortilla chips 5) leftover takeout.

Five things I would do if I had a billion dollars-- 1) build a proper stadium for the Ice Bats 2) a pedestrian bridge from my apartment to the other side of Congress 3) twitter from the moon 4) liberate the muppets from disney 5) ashtray, paddle game, remote control and the lamp.

Five places I have lived-- Seattle, Silicon Valley, Houston, Austin, and Oz.

Five Jobs I Have Had-- See here for four of them. I also can install hardwood floors.

I won't tag anyone.

The Creative Commons Salon is back at Cafe Caffeine tomorrow. With 16 in attendance at last month's initial meeting, stories were shared about how Creative Commons was being put into use here in Austin. If you have questions about Creative Commons, this is the place to be. There were several people last month who really knew their stuff, including people I recognized from That Other Paper and Barcamp Austin.

David Neff will talk about how the American Cancer Society is using creative commons on Sharinghope.TV. David was recently interviewed about SharingHope by Connie Reece. If you're looking for music, Jamendo and CCMixter will be reviewed. I've spent many futile hours trying to find good creative commons music so I'm looking forward to this. Of course, Trent Reznor just released Ghosts I-IV under creative commons license and has seeded bittorrent sites himself with the first nine songs.

Update 3/30 - Recaps from Gloria and Alexandre on Wednesday's salon.