Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

pjf (2464)

  (email not shown publicly)
AOL IM: miyuki3k (Add Buddy, Send Message)

I run Perl Training Australia [].

I help with Melbourne Perl Mongers.

I spend an awful lot of time talking about Perl, and have had my picture in the Australian newspapers with a camel. That's rather scary.

Journal of pjf (2464)

Friday April 23, 2010
01:31 AM

Facebook privacy - Instant personalisation and connections

Facebook privacy - Instant personalisation and connections
Facebook has been announcing a number of changes recently, many of which will impact your privacy. While you may not have seen them hit your account yet, they will almost certainly do so soon.

In the past, Facebook had a whole bunch of free-form fields for things like location and interests. You could put practically anything you wanted in these, and show them to your friends. For things like interests, there was some basic search features, but they weren't very advanced.

These free-form fields are now changing into "connections". Like existing fan pages, connections represent an actual relationship, rather than just text. Also, just like fan pages, they're public, so you can see all the people who like cooking, or mushrooms. The new connection pages include extra information including text from wikipedia, and an automatic search through both your friends and all public posts to look for content related to that subject. The same applies for your location (hometown and current), your employers, and education!

From an application developer's standpoint, this is a great change. The existing free-form fields were next to useless. From a privacy standpoint, this is an interesting change. It's great to be able to find friends who share your common interests, but because connections are public, you're not just revealing that information to your friends. You're revealing it to the whole wide world. For any user who just accepted the defaults the defaults, I now know the city where you live, who you work for, where you went to school, and what you enjoy doing, in addition to who your friends are, and what you look like.

Luckily, you don't have to convert your interests and locations to connections. However if you don't, those parts of your profile will simply cease to exist. Facebook would really like you to convert to connections, and you'll get a scary looking message about parts of your profile being removed if you don't. Of course, not all of your interests will map to new connections, and those that don't will be discarded in any case, so whatever you do you will be losing information, including potentially the dates of your employment and education. For me, that's not a big deal, but it might be for you. If you do want to continue listing your interests in a free-form and private fashion, I recommend you simply add them to your "about me/bio" section.

If you do convert your interests (and Facebook will ask you to do so sooner or later) then keep in mind that these (along with your existing fan pages) are very public. Your friends, family, employer, potential employer, applications, websites, enemies, and random people on the Internet will all be able to see them. If you don't want that, your only recourse is to remove those connections.

In theory, you can also edit your birthday, and change your age to under 18, which limits what Facebook will publicly disclose about you, although your connections are still very broadly published. Unfortunately, as I discovered the hard way, you can only transform from an adult into a minor once, so if you've edited your birthday in the past you may not be able to change it now. In fact, if you've already converted to the new connection system, then your birthday will no longer show up as something you can edit, so make sure it's set to a date you're happy with before going through the conversion.

Instant Personalisation
Facebook is rolling out changes to allow websites to automatically access your "publicly available information", which includes name, profile picture, gender, friends, and "connections".

What's that, I hear you ask? Are these the same connections that I just added to my profile during the conversion process? They sure are! I bet you just love the idea that when you visit a website, they not only automatically know your name, your location, and your friends, but also a detailed list of your interests, activities, education, and employer!

Luckily, you can turn instant personalisation off. There's a new ticky box on the applications and websites privacy page. For some users, this is on by default, and for others it's off, and I'm not yet sure how that's determined. If it's not ticked now, and you later go through the connections conversion process, then I recommend you go back to double check it's still unchcked.

Having ensured that instant personalisation is disabled, I bet you're feeling pretty safe. However there's a great little clause if you read the fine print: To prevent your friends from sharing any of your information with an instant personalization partner, block the application...

That's right, your friends can share your information. This actually isn't anything new; applications your friends have installed can also view your information, but you probably don't want them sharing your info with the instant personalisation sites either.

So, in addition to unticking a box, you probably want to visit the applications listed in the FAQ entry and block them, too.

While you're at it, I recommend you look at your list of authorised applications as well, and remove any ones that you no longer need. It's very easy to authorise an app these days (in fact, commenting or liking this blog post will do so!), so you might be surprised to see what's there.

Finally, if you want to protect against accidental leakage of your profile information, consider logging out of Facebook before browsing other websites. Sure, this may be a pain in the arse, but Facebook can't share your information if you're not logged in.

Conference Talk at OS Bridge
I'll be talking more about Facebook privacy, along with some practical demonstration of tools, at the Open Source Bridge conference from the 1st-4th June 2010.

Thursday March 25, 2010
09:36 AM

Ada Lovelace Day (Part 2)

Ada Lovelace Day (Part 2)
Today is Ada Lovelace continuation day; a day for continuing blog posts reflecting on the awesome contributions of women to science and technology. Here is my continuation from my previous post of my personal heroines.

Selena Deckelmann (@selenamarie)
Wow. Selena. Where do I start? Selena does everything. She runs the Open Source Bridge conference, the Portland Postgres User Group (PDXPUG) with @gorthx, the Code'n'Splode tech group, and gives talks at Ignite Portland and numerous conferences worldwide. She has an amazing garden, keeps chickens about as well as I do, and boundless energy.

And I mean boundless energy. Selena seems to be awake before dawn, will party into the night, and seems to always have half a dozen projects on the go at once. Selena coming off a trans-pacific flight is only slightly less bouncy than normal. As if that wasn't enough, she's also an amazing host, and was kind enough to let Jacinta and myself crash at her place last year when we were visiting Portland.

Selena is also an amazing public speaker, a great storyteller, knows more about databases than anyone else I know, and went to Nigeria to help combat election fraud. She is well-versed in awesome.

Selena is responsible for convincing me that I really need a pull-up bar at home.

Karen Pauley (@keiosu)
I first met Karen at a Sydney Perl Mongers meeting a few years back. Karen is the Steering Committee Chair of the Perl Foundation, and is quite frankly one of the most friendliest and interesting people I've ever met.

Karen is responsible for making sure things get done, and a lot of her work is behind the scenes. In fact, I think it would be correct to say that Karen is awesome at meta-work; she has the rather unenviable task of encouraging technically minded people to do productive things. Her talk at the Open Source Developers Conference on managing volunteers was brilliant.

I'm personally indebted to Karen for listening to all my crazy ideas, sending me the most amazing Christmas Cards from Japan, providing fashion advice, making me laugh (a lot!), being an awesome person to hang out with at conferences, and for standing in the hot Australian sun with a digital SLR. If you've seen photos of me draped over a nice looking sports car, then that's probably Karen's work. ;)

I aspire to become anywhere near as good a conversationalist as Karen.

Mary Jane "MJ" Kelly (@mjmojo)
I met Mary Jane completely by chance at OSCON last year. At the time, I thought that she was pretty darn awesome. What I didn't realise is that she's much more awesome than I first thought.

Mary Jane is full of ideas. Cool ideas. Ideas which involve industrial cutting lasers, 3D printers, quilts, robots, fractals, untraditional business cards, topography, steampunk, using tattoos for social hacking, and adventures!

Better still, MJ doesn't just have great ideas, she implements them too! I'm hugely looking forward to seeing her talk at this year's OSCON, which is all about hacker spaces and building awesome things.

Mary Jane is actively involved in computer security, particularly in the field of anti-fraud technologies in on-line gaming. MJ founded the Girls In Tech Seattle chapter, and organised the 2007 Northwest Security Symposium.

MJ has a wicked sense of humour that never fails to make me smile, shares my love of costumes and cool events, and is solely responsible for my knowledge of waffle-makers.

Honourable mentions
There are a lot more women in technology who have been hugely influential in my life, either by changing the way that I think, or from teaching me amazing new things. In particular, I'd love to give a special mention to Leslie Hawthorn, Sulamita Garcia, Emma Jane Hogbin, Allison Randal, Audrey Tang, Jenine Abarbanel, Akkana Peck, Brianna Laugher, Brenda Wallace, Mary Gardiner, Donna Benjamin, Raena Jackson-Armitage, Pia Waugh, Sarah Stokely, Ricky Buchanan, Lindsey Kuper, and Liz Henry.

I don't have an Ada Lovelace Day list on twitter, but I do have my techwomen list, which includes all of the above and more.

Wednesday March 24, 2010
06:59 AM

Ada Lovelace Day (Part 1)

Ada Lovelace Day (Part 1)
Today is Ada Lovelace day; a day for reflection on the awesome contributions of women to science and technology. Today, I would like to pay tribute to some of my personal heroines, and as you'll see, there's quite a few of them. I've tried to list them in roughly chronological order.

Dr Katherine Phelps
In my early teens I had a Commodore 64 with a 1200/75 baud modem, which I used to access local bulletin board systems (BBSes). This was the start of what I would discover was a lifelong joy of communicating with people from behind the safety of a monitor, or in the case of the C64, a television.

Katherine, and her husband Andrew, ran one such local BBS called the Rainbow Connection, and I met them both at a BBS meet-up. Katherine seems to have a knack for encouraging younger people to excel, and taught me the basics of HTML, and even had me editing web-pages for Glass Wings and other websites. In fact, it's due to Katherine that I got my first exposure to the Internet and Internet programming.

Today, Katherine is still prominent in the fields of storytelling, interactive fiction, game-writing, and comedy. Katherine is almost wholly responsible for me getting into Japanese Animation, by showing me an nth generation, unsubtitled, videotape of My Neighbour Totoro, with herself and Andrew providing a very amusing translation as we watched. ;)

Kirrily 'Skud' Robert (@Skud)
I met Skud though Katherine, also while I was still at high school. At the time I was living with my parents as a quiet, introverted geek. All of my friends, and most of the technical people I knew, were also quiet and introverted types.

Skud pretty much shattered all the stereotypes I had for what it was to be technical. She was outgoing, opinionated, pushed boundries, made things happen, was extremely good with people, had unconventional social views, and was way cooler than me. She still is.

Skud has had a massive influence on my life. She started her own business (Netizen) and wrote a set of course manuals on Perl. Some years later, that same writing would form the basis of Perl Training Australia's own course manuals. Skud has been highly influential in the Geek Feminism movement (which has both a blog and wiki), and gave a critical keynote entitled standing out in the crowd at OSCON 2009.

Often I feel that whenever I discover a new experience, it's actually something Skud has been doing for at least a decade. I still fondly remember Skud giving me advice on etiquette at a rather incredible FOSS party a few years back. In fact, etiquette is another thing Skud is rather good at. ;)

Skud continues to be one of my most favourite people in the world, and I was delighted to have the chance to visit her in San Francisco last year after OSCON. My personal motto, never refuse an adventure, was directly lifted from one of Skud's new year's resolutions.

Jacinta Richardson (@jarichaust)
Once I got to university, I started an anime club. One year, working behind the desk, and with my hair in pigtails and balloons, a girl approached and asked about the club. At the end of the conversation she said "I might come back later", which when advertising an anime club usually translates to: "I think you're a complete freak, and I hope to never see you again in my life."

To cut a long story short, she came back, and she was studying Software Engineering. ;)

Jacinta was a receipient of a 2008 White Camel Award for outstanding contributions to the Perl community. Along with running Perl Training Australia, she's also one of the original organisers of the Open Source Developers' Conference, has helped with countless Perl Mongers meetings, and is largely responsible for our Perl Tips newsletter.

Jacinta also does a lot of behind the scenes work which is not easily seen. She has contacts in practically every user group in Australia, so Jacinta is often involved when organisation of Australian-wide events are needed. At conferences she's often giving up her own time to coach nervous speakers (including me!). In fact, Jacinta even had a hand in one of my most favourite talks of all time, @webchick's Women in FLOSS.

Emily Taylor (@Domino_EQ2)
I met Emily shortly after a phone-call from Jacinta saying that I was going to have a late addition to my Perl class. Emily arrived at lunchtime, and started as a bright, attentive student; she quickly caught up with the rest of the class, showed genuine talent, and was working on advanced exercises in no time.

However what got me really excited was why Emily was learning Perl. By afternoon of the first day, I was calling back to the office to say that our new student was awesome, and she was going to apply for the position of head tradeskill developer for Everquest II (EQ2). However I think it two at least two weeks until I discovered she was in my guild!

Now, Emily is indeed the grand tradeskill developer for EQ2. She has an awesome blog on MMO tradeskilling and MMOs in general. More importantly for Ada Lovelace day, she's also an active contributor to the Gamers In Real Life (GIRL) blog.

Emily presently lives in San Diego, where she distracts me yearly with photographs from Comic-con, and disagrees with me about what breakfast spreads are appropriate on toast.

Stay tuned for tomorrow's continuation of this post.

Thursday January 28, 2010
03:11 AM

Kuala Lumpur, Day 0

Kuala Lumpur, Day 0
After seventeen hours of travel, I've finally checked into my hotel in Kuala Lumpur. I'm here with Jacinta, and we're teaching Perl to a client next week, but we've arrived early to do some sight-seeing... and because we're insane.

Actually, it only feels like we're insane, because we've only just got back from LCA2010. In reality, going to KL so quickly means that we actually have something one of us might care to label as "a holiday". There's no chance of tacking a holiday on the end: we need to get home in order to clear the mail, launder clothes, and squish an entire month's worth of social engagements into three days before KiwiFoo, and then me spending two weeks in Sydney.

That's right. Four weeks of travel, with only three days at home. Maybe I am insane after all.

Kuala Lumpur is just like I remember it. Hot, humid, friendly people, and cheap, delicious food. Almost everything can be ordered with peanuts, and fried anchovies.

Today I feel like telling stories, so I'm going to recount the happenings of my day. Now would be a good time to get a mug of hot chocolate, or maybe skip to someone else's blog entry. I don't mind.

The trip was not a difficult one, but not an uneventful one either. It started with being picked up by the least competent taxi driver in Melbourne. Or more correctly, not being picked up. The taxi was clearly visible in the street, about a block or two away, and spent most of its time doing U-turns and driving back-and-forth outside a small group of houses. I suspect they were using a GPS navigation system, and it didn't know our street numbers. Trying to flag the taxi down with a high-powered diving torch, the sort which is capable of stunning small fish from a mile away, didn't seem to help either.

The torch did attract the attention of a completely different taxi, who, sensing that we were now quite late for our flight check-in, decided to take the most leisurely approach to driving that I've ever seen. From our conversation, I discovered the driver never gets speeding tickets, but was once fined four times in one day because his car had insufficient velocity. Since our car speed to be travelling down the highway with all the speed of warm molasses, I could understand why.

The flight to KL was lovely. Through good planning, a lot of luck, and er, an aggressively unscheduled seat change, both Jacinta and myself were able to secure three seats each to ourselves. As someone who is used to sleeping on airplanes, this is the height of luxury. During the eight hour flight, I slept for seven, and without the need for sleeping tablets. I awoke feeling relaxed and refreshed.

Getting to the hotel wasn't hard, but inefficient. The plan was to catch a bus to KL Sentral, a train to Putrajaya, and then use the hotel's complimentary shuttle from there. It now appears that we could have caught a train directly from the airport to Putrajaya, saving considerable time and some money. Still, the trip to Sentral resulted in some spiffy weekly tickets which looked like they'd be useful in travel.

Calling the hotel from the train, I asked if we could get a pick-up from Putrajaya. They seemed uncertain, and after some to-and-fro, they admitted that the shuttle doesn't go to Putrajaya station, despite it being the nearest major public transport centre. They do however go to Kuala Lumpur proper (where we were just coming from), and a shopping centre or two.

As it happens, I now discover the hotel's bus seems to be the transportation equivalent of "scattered showers": not in your area, and not when you care. So rather than using the hotel bus, we were introduced to the public bus network.

Putrajaya's public bus network doesn't work the same way as other bus networks do. There's a big bus station, with lots and lots of bays and busses, but the goal of the drivers is to collect as few passengers as possible. This is primarily done by locking the bus, sneaking out, having a smoke for half an hour, and then dashing back into the bus and driving off as quickly as possible before anyone spots you. Other tricks include waving passengers away when they try to enter, or telling passengers you don't leave until much later, and then driving off as soon as they turn their backs. In fact, should a bus foolishly leave its doors open for more than a few moments, it is almost invariably becomes jam-packed with passengers. All the busses seem to go to the same places anyway, just in a different order, and catching any bus is better than being outside in the heat.

The hotel itself is super-fancy. The room comes with bath-robes, slippers, a fruit-bowl, a fancy room configuration and furniture. Heck, even the bath-tub has its own phone, just in case you decide you need another bottle of champagne. The hotel seems to be filled with government officials and businessmen; not surprising, given the location in the heart of KL's government and technology district. I've never really liked fancy hotels; when travelling I prefer a more organic experience, but I think I've finally become to understand them. The people who frequent these hotels, almost by necessity, need to have so much money that the prices actually seem reasonable. For example, I'm eating a meal right now that costs the equivalent of dinner for six people on the streets of KL. That's an expensive meal, but it's still on the cheap side compared to what I'd be paying for the same meal in Australia.

The only thing which doesn't change is my surprise over the minibar. You want how much for a can of cola?

Sunday January 03, 2010
01:06 AM

Wear Sunscreen (and other thoughts for the year ahead)

Wear Sunscreen (and other thoughts for the year ahead)

If I could offer you but one tip for the future, sunscreen would be it. The long term benefits of sunscreen have been proved by scientists, whereas the rest of my advice has no basis more reliable than my own meandering experience. I will dispense this advice now.

-- Mary Schmich

I'm not one for New Years Resolutions. In fact, the last resolution I made wasn't even mine; I stole it shamelessly from Skud, and it was "Never Refuse an Adventure".

However, today I feel like dispensing advice, reflecting on the year that was, and making plans for the future. I'm going to share these with you, and I'm going to start with my outlook on life.

One lifetime is not enough.

I have too many things I want to do, want to learn, and want to be. Heck, even ten lifetimes would not be enough. Since I can't do everything, a lot of my thought goes into maximising the area under the curve; making sure that when I die, I've squeezed the most out of life that I possibly can. Our axes here are age (horizontal), and enjoyment (vertical).

To get the most under the curve, you need it to stretch as far to the right as possible. You need not only to live as long as you can, but to have both the brains and the body to make the most of being alive. Without brains and body, you're placing limits on the vertical height of your graph.

That, as much as you may not like it, means doing exercise, both mental and physical. A lot of the people I know are good at one, but suck at the other. My only advice here is to find exercises that you enjoy. Mentally that might mean a problem you want to solve. Physically that may mean combining exercise with transport (eg, cycling), or gaming (eg, StepMania), or social activities (sports or martial arts seem to work well here).

For most of my friends, it's physical and not mental exercise that is lacking. In this case, sites like SparkPeople can be useful in tracking food and exercise, although they could do with an API. If you've got sufficient money, you may find investing in a personal trainer worthwhile.

I'm not going to talk about money, but instead I'm going to talk about utility, in the economic sense of the word. Without going into lots of theory, utility is the satisfaction you derive from something, and it can vary across individuals. For example, I have friends for whom watching sport is a high-utility activity, even though it's not for me. Those same friends may consider giving a presentation in front of a large audience to have negative utility; whereas I'm positively thrilled at the prospect.

Utility is going to have a strong correlation with the vertical height of your life-graph. Hopefully everyone grasps (at least at an unconscious level), that the utility of something isn't fixed. A glass of water has a greater utility to someone dying of thirst in the desert, than it has to the average office-worker. The +3 sword you've just looted is worth a lot to adventurer without a magic weapon, but has very little utility to the adventurer who already owns a +4 blade (unless they're a ranger and can dual-wield).

A lot of our decisions come down to trading things of different utilities. If you purchase something, that's usually because you believe that your purchase has greater utility than the money you paid for it. The big mistake I see people making is they take good deals now, but do so at the expense of taking great deals later on.

One example of this is time. A person may spend their evening playing an MMO, and that's arguably a good use of time, because they enjoy it. However ten evenings of study may allow the same person to learn a new skill, and with that skill achieve some greater goal. If the satisfaction of that goal is worth more to them than ten evenings of online gaming, then they've taken a good deal, but potentially forfeited a better one.

That brings me to the concept of investment. In short, do it. I'm not just talking about investing money. I'm talking about investing in skills, health, friends, relationships, tools, mental discipline, cybernetics; anything where you forfeit utility in the short-term for a much greater gain of utility in the long-term. Be aware that not all investments are good ones, or what is a good investment for you may be a poor investment for someone else. But in order to really maximise the area under the curve, you're going to need to do some investing.

What naturally falls out of this is the concept of goals. Identify the things which hold a particularly high utility for you. You want lots of goals; they're what allow you to identify good investments, and high-utility events. For some people, myself included, there's even utility in the sense of achievement when accomplishing a goal. Goals can be very short term (like making a person smile by sending them an SMS), or very long term (continue to be mentally and physically fit at age 75).

Don't be afraid to add new goals, and don't be afraid to discard old ones. Life is a process of continuous change, and there's no shame if your priorities or circumstances don't remain static. However when evaluating your goals, try to be aware of why they're changing; that can often reveal insights into yourself you may not otherwise notice.

Your goals may involve taking risks, and that should not scare you. Many pay-offs more than justify the risks you need to take to get them. When making decisions, get into the habit of trying to analyse both the most likely and the most significant outcomes from those decisions. Try to associate both probability and utility with each of these; this should help you gauge the expected value (EV) of a decision. You should using this matrix to help you make the most beneficial choices; sometimes they won't be the obvious ones.

Thinking about the possible consequences of an action helps you plan better for the future, and usually helps you both better utilise good outcomes, and mitigate bad ones.

A lot of my goals focus on things that I know will be highly memorable experiences. I cherish my memories, and being able to look back and smile about the things that I've done has a high utility to me.

So, what are some of my goals that I'm willing to share with you? Well, that's a hard one. Well, let's start with some history.

Most of you know me as a geek. I do a lot of programming, especially in Perl. I poke around with privacy issues, I play RPGs, I dissect network traffic streams, and I do a lot of speaking at technical conferences. Stereotypical geeks are poor with people, and that included me. It still includes me in many situations. However I've discovered that more than anything else, I love people. For a while now, I've been studying how I can become a better people person.

For me, 2009 was a year about people. I made a conscious effort to meet new people, to attend more social events, and to form new friendships. This has really paid off, and some of the risks I've taken have definitely been worthwhile.

I want to get better with people. I want to better understand how they work, how they think, and most importantly, what makes them happy. I'm not just being altruistic here; making other people happy is a very good way to get things done, and one that usually beneficial to all parties involved. So one of my goals this year is to put more points into cognition, telepathy, empathy, and bard.

I've also discovered that while I'm excellent in broadcast (presentation) and multicast (storytelling) communication, I'm lacking in unicast (personal) skills. I find this ironic, because I used to be the reverse. I think my unicast issues relate to what I'm willing to discuss. I generally hold my cards a little too close to my chest at times; I fear my conversation topics can be a bit too formal as a result. I seem to be most popular in unicast when talking about my most recent topic of inspiration, but when that's computer-related I'm concerned my conversational partner will find it boring, and when it's people-related I fear they'll find it weird. This is an area where risk-taking is definitely needed; the advantages of finding someone who's genuinely fascinated by my thoughts outweighs the risks of scaring someone away with whom I'd otherwise hold a specious social relationship.

I have a couple of mental models that I use for other people, but I've discovered not everyone fits nicely into these models, although they're a relatively small subset of the whole population. The mental models I use for everyone else are woefully incomplete. To solve this, I suspect I'll need to do some dedicating reading, research, and experimentation.

I need more points in arei'mnu, a Vulcan word that roughly translates into "mastery of emotions". There are many times when my emotions are in opposition to my logical and well-reasoned thoughts. In fact, this is something of a conundrum for me, as I feel that emotions are core to the human experience, and removing emotion strips life of much of its meaning. Usually I embrace and revel in my emotions; I even find value in sadness and tragedy, as they often provide a focal point for reflection on good times and fond memories. Usually my arei'mnu is excellent, but there are a few tweaks that I need to make, most of which relate to specific circumstances and triggers.

Finally, in 2010 I want to experience new things. I jokingly refer to this as "gaining XP", but it's one of the things that I really believe in, and one of the things that too many people stop doing. After a while, XP is addictive. People, food, places, thoughts, ideas, activities; they all hold such amazing and unique possibilities. My real question, and the one that's driving me nuts right now, is how to prioritise them, along with the very real awareness that I'm not even aware of the tiniest fraction of the experiences which life has to offer. In this regard, your advice is very much appreciated.

Friday December 11, 2009
07:14 PM

Tightening up your Facebook privacy

Tightening up your Facebook privacy
I've previously discussed the new Facebook privacy system, what they mean to you, and some recommendations on keeping at least some privacy. If you haven't read this post, I suggest you do so now, as I won't be repeating those recommendations here.

Since my last update, I've had a lot of feedback, and done a bit of exploring, and discovered there are some extra privacy controls that are rather hard to find! One thing that had me perplexed was how to hide which groups I was a member of. Groups are juicy stuff, they tell me a lot about your beliefs, interests, and social ties. These are things you may not wish to be broadcasting to the world. Events are the same, but even more so, since they give me an idea of where you are actually are, and who you're physically interacting with. You probably want to have some control over who can see these.

Luckily, you can; the controls just aren't where you expect them to be. They're not in Privacy Settings at all, they're in Application Settings. By selecting Edit Settings you can change the privacy on your groups, events, gifts, links, notes, and photos; although the photos setting only controls who can see your photos tab/box/link; individual albums have their own privacy controls.

When deciding on your privacy settings, it's worth keeping two things in mind:

Applications run with the permissions of the user that installed them.
This means that if you allow your friends to see events, your friends applications can also see events. The previous privacy settings actually allowed friends to see events, but you could block their applications.
A permission of Everyone generally means it's publicly accessible
Facebook is making it pretty clear that Publicly Accessible Information (PAI) is available to everyone and everything, including unauthenticated users, applications, and third-party websites.

It's also worth noting that even if you set your event and group privacy to only me, it's still possible to go directly to an event or group and see the list of members, and you will show up there. What tightening your event/group privacy stops is a person or application being able to see all of your groups and events in one hit. If I'm determined to find your groups and events, I'd start by grabbing your publicly accessible list of friends, walking through their events and groups, and checking each one to see if you're a member. Your potential employers and in-laws aren't likely to go to that sort of trouble.

It also looks like I'm not the only one who's been upset that Facebook has made one's list of friends completely public information. What's amusing is their response to it. Let's look at their new privacy tools blog post, which talks about how to hide your friends. It starts off being very positive:

When you uncheck the "Show my friends on my profile" option in the Friends box on your profile, your Friend List won't appear on your profile regardless of whether people are viewing it while logged into Facebook or logged out.

That's great, isn't it? We can finally hide our list of friends, just like we used to... Except...

This information is still publicly available, however, and can be accessed by applications.

In other words, you can hide your list of friends from casual observers, but it's still considered publicly accessible information, and hence presumably can be accessed by anyone who can write, install, or employ an application to find it, as well as by "Facebook enhanced" websites.

To the average user, the effects of this change is a great way of letting them feel like their friends are private, but without actually making them private.

I want to give a specials thanks to Matthew Musgrove (@mrmuskrat) for assistance in finding the group and event privacy settings. Also, Risto H. Kurppa is in the process of putting together simple instructions on how to protect one's privacy on Facebook, and is seeking contributions.

If you wish to receive e-mail when I make further posts on Facebook privacy, then join my privacy study or subscribe to the relevant google group.

Thursday December 10, 2009
05:45 AM

New Facebook Privacy and You

New Facebook Privacy and You
Facebook are in the process of changing how their privacy settings work, and today, I was given the option to migrate my account over to the new scheme. These were announced on the facebook blog about a week ago, and sounded quite promising. Unfortunately, I actually feel creeped out by the new system.

I'm going to start with the good thing. Yes, that's right, there's only a single good thing about the change that I've found. When making status updates, one now has fine-grained control over who sees them. I can have a status update that's only seen by my family, or only seen by my friends who like to dress as pirates, or by everyone except my friends in Sydney. This is something that a lot of people have been asking for, and it's great to see it implemented.

Unfortunately, the rest sucks.

I've some some blogging about Facebook privacy in the past, as well as a conference presentation and radio interview. In all cases, I've recommended using the (difficult to find, but incredibly valuable) button marked Do not share any information about me via the Facebook API. When ticked, that would block almost all the information I could gain about a user with my tools, which try to squeeze as much information from the Facebook API as possible. Admittedly, there were some leakages, but not many.

That setting is now gone. All the applications, installed by all your friends, now have access to your "publicly available information", and there's not a damn thing you can do about it.

Publicly available information includes Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages. What's more disturbing for me is that the new Applications and websites settings don't provide a control for sharing of events. In fact, some of the volunteers for my privacy study have gone from me not being able to see anything about them, to me being able to see their past, current, and future events! That disturbs me, not least because I want to control who can see which events I've attended.

The other thing to dwell on here is pages are now publicly accessible. Pages are things that you can fan, such as companies, or bands, or even privacy researchers, and newsletters. To be honest, these were creepy to begin with, because the owner of a page could access all sorts of bulk demographic data about their fans, and even export it for processing with other tools. But now, the list of pages you've fanned are public.

Public information in Facebook is available to everyone, even users who haven't logged in, and third party applications and websites. That's bad. You may have have fanned pages that relate to controversial beliefs or sexual preferences. Your probably don't want a potential employer to be able to see these, but now there's nothing you can do about this either, except for un-fanning those pages. I recommend you do this now.

What's also conspicuously missing are the ability to control is what goes onto the recent activity section of your Wall. I'm looking at one my volunteers now who previously never had their like events posted to their wall, and it's now covered with them. This gives me a wealth of information about who they're interacting with, which in turn is very useful if I'm planning to do any social engineering.

In fact, it even links to events and posts that my friends like, but that I can't see. I can even extract Facebook IDs (fbids) of the target posts. While this doesn't in itself let me access the information directly, I can certainly tell when two of my friends are liking the same post. Based upon what I know about my friends, I may be able to infer more than that, or ask one friend what another friend has just "liked".

You can manually remove recent activity from your wall, but you have to do it manually by finding the event you want deleted, and selecting the 'Remove' option that appears when you hover to the right of it. Joining groups also results in recent activity (without the option of turning it off), and there's a chance that other events may appear there as well.

In fact, talking of groups, I can't find any privacy controls for them either. For some of my friends, they're visible. For some of my friends (and apparently for myself), they're not. At the very least this is confusing, and it may simply represent different friends being at different stages of the privacy migraation. Group information gets leaked all over the place anyway (recent events, groups recently joined, and publicly visible group lists), so regardless how this is being controlled, I can probably find out which groups you're a member of regardless.

What I find most disturbing of all is that my friends list has gone from completely private to completely public. While I've found the control that allows me to no longer display my friends on my profile, since they're now "publicly available information", they're still accessible by other means. I actually consider my list of friends to be very private; and I'm not at all happy that's changed.

Oh, and for those who remember me talking about dark stalking to infer the existence of other users who had otherwise completely hidden themselves from view? Well, it's not that big an issue anymore, since I can now directly navigate to their pages (from their UIDs that I'd found previously), and see their "publicly available information". Good work in protecting their privacy, Facebook, good work...

So, you might be wondering what I recommend? Well, to begin with, make sure that you're happy with your new "publicly accessible information" really being public. If you don't want your grandparent, work colleague, potential employer, stalker, dog, guild, or whoever else seeing your Name, Profile Picture, Gender, Current City, Networks, Friends, or Pages, then change or remove them now. They're available to everyone, including unauthenticated users, "facebook-enchanced applications and websites", and via the API.

Go to your profile page. Scroll down until you see Recent Activity. Anything you don't want to see there, delete it now. Anytime you join a group, or like an event, or fan a page, or change your relationship status, or sneeze, go back to Recent Activity and check if you're happy with that being broadcasted.

Go through all the new privacy settings, and think about each one. Some of them may not have even been mentioned in the migration tool. My date of birth had unexpectedly went from being completely private to compeltely public.

Stay informed. If you want updates from me, then join my privacy study or subscribe to the relevant google group. Make sure you fan the Facebook Site Governance page, since that's where many updates are posted, and is a hub for user feedback. If you want another perspective on the changes, the Electronic Frontier Foundation have also posted their analysis of the changes.

Finally, be aware this is not the first time a major website has changed their privacy policy, and it certainly won't be the last. If you really want something to remain private, you might want to avoid putting it on-line in the first place.

Tuesday October 27, 2009
07:49 AM

Perl 5.11.1

Perl 5.11.1
I've been behind in my blogging; time seems to fly when one is having fun, and I've been having a pretty good time recently. Most of it's involved working with people and science, rather than technology. After I finish my taxes (not yet overdue), this may change.

In the meantime, I can't go without mentioning that Perl 5.11.1 has been released. This isn't a stable version of Perl, but it's a point release on the way toward 5.12.0. I'm quite excited about 5.12.0 for many reasons I'll go into later, but they all involving modernisation of the language.

Of note in 5.11.1 (and hence 5.12.0) is that deprecation warnings are turned on by default. This isn't scary; it means that if you've got old code that's going to break in the future, then Perl will start warning you about that well in advance.

Of other note is a minor point, and that's the ability to include version numbers in package declarations. One can now write package Foo::Bar 1.23, rather than having to do cumbersome things with the $VERSION package variable.

Saturday October 17, 2009
08:20 PM

Teaching Perl in Sydney

Teaching Perl in Sydney
I've just spent the week teaching Perl in Sydney. It was good. Actually, it was really good. My class were close in ability, asked intelligent questions, thought through problems, asked for assistance when needed, quizzed me about advanced topics during the breaks, and generally showed themselves to be awesome. It felt just like the good ol' days.

Thursday October 08, 2009
12:13 AM

Fun with QR Codes and Perl

Fun with QR Codes and Perl
Short blog today, but cool tech. I've been playing around with 2D barcodes recently, and have just pushed a Perl Tip on generating QR Codes with Perl. Given how incredibly easy this is, I'm tempted to generate huge numbers of these and go sticking them around town for my own nefarious purposes. ;)