Rational Action

I’m currently testing out a little perl script that will turn your “Recently Updated Profiles” page on The Facebook into an RSS feed. If this sounds interesting to you, drop me a comment.

Currently it works by using the “recently updated profiles” page to build a list of profile URLs. Then it fetches every recently updated profile, which lets it know the day the profile was last updated. The program hits facebook’s servers pretty hard and is slow to boot. With some caching I bet I can speed it up, but for now it’s too resource intensive to release to the public.

Another problem: if you read RSS feeds outside of your web browser (in Thunderbird, for example), you won’t be able to see anything, since facebook requires cookies. Sage works nicely in Firefox. Safari reads RSS itself, right?

As many of those familiar with blogging already know, the easiest way to post a new entry to a blog is not through a web browser. Instead, many bloggers will use programs like w.bloggar to write entries. These programs give the average user a quick way to write and preview their post. When the user has finished editing, the program sends the post to the blog with the click of a button.

Sound nice? Well, now you can use those programs with the CU Community.

CUBlog is a program that makes the CU Community look like a blog, letting you post and edit your CU Community entries with any blogging tool. CUBlog acts as an intermediary between the blogging tool and the CU Community by receiving your post from the blogging tool and sending it to the Community.

Here’s how to use CUBlog with w.bloggar. (For those in the know, the CUBlog server is Blogger API 1.0 compatible, and runs on host “sacarny.com” port 80, path “/cublog/”. If that made sense, go have a blast. If you’re confused, read these directions to set up CUBlog for yourself):

1. Download and install w.bloggar. You only need the latest version. Once it is installed, just double-click the “w.bloggar” icon on your desktop to load it up.
2. If this is your first time running w.bloggar, a new account window will pop up. If this isn’t the first time you’ve run blogger, you’ll have to click File from the top menu, click “Account Settings”, then choose “>> New <<” from the “Account” dropdown box. If this step isn’t making sense, it’s probably the first time you’ve run w.bloggar, and you can ignore it.
3. Enter your username and password for CU Community into the text boxes:

   

4. Yes. Yes you do want to create the account.

   

5. A window will pop up. At the top of this window, find the “Blog Tool” drop down box. Choose “>> Custom <<” It’s the topmost choice:

   

6. Now fill in the section below. Click on the “API Server” tab and make sure the text boxes are filled in with “Account Alias” set to “CU Community”, “Host” set to “sacarny.com”, “Page” set to “/cublog/”, “Port” set to “80″, and “Timeout” set to “30″.

   

7. You are practically done. Just click the “Custom” tab. Change it so that the “Templates” drop-down box says “Not Supported”. It should look like this:

   

8. That’s it. Click “OK” and you can log in and begin working with your CU Community account.

If you want to run the CUBlog background program on your own computer, you can download the Windows version, which comes with a nifty graphical front-end. Just download the exe or zip and run it. After the program has started up, follow the directions as above, but for step 6, change “Port” to “2000″, “Host” to “localhost”, and “Page” to “/”. That’s it!

If you use OS X, you’re probably not using w.bloggar (It’s a Windows-only program.) If anyone wants to make instructions for using CUBlog with, say, iBlog, go right ahead. If you do happen to write instructions, please tell me so I can link to them. The CUBlog program itself runs on OS X but I haven’t written a frontend for it.

Geeks Only:

CUBlog is written in perl and can run as a standalone daemon or as a CGI script. It emulates the Blogger XML-RPC interface and implements the entire 1.0 API, more-or-less (templates are not supported, since CU Community doesn’t support them). Since the CU Community doesn’t have an XML-RPC interface, CUBlog interacts with it by making standard HTTP requests.

You can view the source by downloading the tarball, available here.

So I was sitting in CS class on Thursday. The prof was showing us how to use CUNIX (The Columbia computer system). He logged in and then went into his public website directory:

command me, baby: cd public_html

Yes, he set bash to display “command me, baby” instead of “$“.

Then he listed the files in the directory, and look what popped up:

command me, baby: ls
final.pdf

He said “oops.” I was sitting there with my laptop connected on wifi. If I had been a quicker thinker, I could have downloaded the final right then and there. But alas, I didn’t even know his username, so finding the file would have been tough.

(He may have been using telnet to get at CUNIX in the first place. Had my wifi card been in monitor mode — had I been a sneaky Linux user, that is — I could have stolen his password as he transmitted it cleartext through the air.)

Anyway, realizing that his final was world accessible, he quickly moved it:

command me, baby: mv final.pdf ..

Thus final.pdf now sat in his home directory. It no longer was shared to the world over the web, but it still sat in a folder on CUNIX. Since I assumed that home directores in CUNIX were set a-r (in other words, unbrowseable by everyone), I assumed that the file would be unviewable by everyone as well.

Later that day I was ambling around the campus, thinking about geeky things like the Mars landers, when an epiphany hit me.

After I regained consciousness, I considered some points:

• The home directory, in which the file now resided, was probably marked a-r (effectively, you can’t list files in it)
• However, the home directory — if it had the same permissions as mine — was probably marked a+x (files inside directory can be accessed by their names)
• I couldn’t list the files in his home directory. But I could access them, as long as the permissions on the specific file were correct, and I knew the right filename
• The file was named final.pdf
• The file had been in the public_html directory, meaning that it was probably set to be a+r (world readable)

If you haven’t gotten my point yet: final.pdf was accessible to everyone under the sun. Nothing was stopping me from logging in and copying the file into my own directory (Except my moral standards and a fear of getting caught — both of which were surprisingly effective.)

I sent the prof an e-mail and hopefully he’ll remedy the problem.

The Mars party was somewhat less happening than I wanted it to be, but since it happened at all, it was more happening than I expected. Emily, Chris, Lora, Moses, and I all chilled in Emily’s room and I prepped her computer to tune into NASA TV. I got the latest Realplayer installed with seconds to spare, and tuned in.

Landing on Mars is a tricky but very, very cool thing to do. I’m impressed enough that we’ve got two (three if you count the European) orbiters creating a sort of telecommunications net on another planet besides our own. I’m even more impressed that now we have two little cars driving around there too.

With the right conditions, the landers can communicate with the orbiters (and even directly with the Earth) on their way in. Unfortunately the quality of the communications is pretty unpredictable — for example, the first Mars rover went silent for 6 minutes during its entry. Judging by what I heard during this landing, comms were excellent: (Events are probably out of order and paraphrased poorly)

“We have 50 seconds to parachute deployment…”
“Parachute deployment confirmed”
Sudden burst of cheering
“Heat shield separation confirmed”
More cheering

There were probably 6 bursts of cheers as the landing executed flawlessly. The lander maintained “tones” (Low bandwidth Earth communication) throughout the whole process, which kept everyone up to date, albeit with a 11 minute speed-of-light lag. When I had seen and heard enough cheering, I figured that the lander had come to a stop alive on the surface of Mars. I closed RealPlayer and went back to partying.

So I’ve become a bit too caught up in this whole Mars thing… so caught up, that I want to have a Mars Landing party on Saturday night. (We’re sending in another rover, this one’s called Opportunity)

The lander gets in a little after 12 midnight. By then everyone should be sufficiently drunk so as to make the whole experience an emotional event. Consider the tears we would shed if Opportunity did not radio back to Earth. Consider the festivities in which we would partake, if the lander sent back its “OK” response.

Who’s in?

The blog is now fixed on Mac IE 5. It seems that by not setting the menu to have a specific CSS width, things became all kinds of fucked up. Well, now it’s 150 pixels. Tell me if it looks bad. And tell me if this blog doesn’t work on your browser.

(This is probably going to be boring. Skip to the “My Analysis” section for something short.)

Yesterday I was working on my new site when I discovered that Mozilla 1.6 alpha wouldn’t publish it properly. I tried to downgrade to Mozilla 1.5, but it would go pause on startup, remaining alive but using 0% CPU. I decided to reboot.

When Windows XP started up, I got an error that shlwapi.dll could not be found, and hence winlogon.exe (the program that logs you into your computer) could not run. Huh? Where did it go?

Well, it was gone and I needed to get it back. I booted into Knoppix (a Debian-based Linux distribution on a CD) and checked out my directories. shlwapi.dll had ceased to exist. I made a friend send me her copy of it. Then I did something pretty stupid:

I enabled experimental NTFS write support on my Windows XP partition.

The attempt at copying shlwapi.dll back failed with some system error, and Knoppix refused to show my c:windowssystem32 directory from that point forward. Ooops, just a little filesystem corruption.

I used an old, burned copy of Windows XP to attempt to get to the recovery console, but lo and behold it wouldn’t accept my Administrator password. Huh? ntpasswd did the trick, resetting the Administrator password.

After some fiddling and following of the directions on some forum, I was able to get my system to start up and permit me to login. But Windows then refused to give me a start menu because it was missing shdocvw.dll. Huh? Looks like I wasn’t having a problem anyone had diagnosed before! I copied the file over from an XP cd, but Internet Explorer still wasn’t working!

I threw up my hands and did an in-place reinstall of XP. An hour later I was presented with an activation dialog, which refused to work over the Columbia ethernet because XP seemed to think I needed to dial up to my ISP. I called ‘em up and all went smoothly. Norton Antivirus popped up a dialog box saying that the Welchia worm had been detected. I quickly installed a few patches to keep my computer from being infected.

Mozilla still refused to work, so I created a new profile and copied the necessary files from my old one. I should not have had to do that. At least it’s working now.

My analysis:

Microsoft has released software with tons of security holes. They’re doing the right thing by patching them, but these patches may have little conflicts that can cause big problems. Especially with computer users like myself, who like to install things but reboot later. Somehow or another, some rather important Windows system files were deleted rather than updated.

The solution: more review of code, better testing of patches, and an increased focus on getting things right the first fucking time. I should not have to download 2 patches per week. How come the average Linux box can get by with so many fewer patches, when it has to focus on remote and local holes? Sigh.

(As for Mozilla crapping itself: at least I had the know-how to fix it. I was using an Alpha version, so if it happened because of that, I have only myself to blame.)

I have started working on a website. If you can’t tell, I’m going for the minimalist design — it seems to require the least amount of work. Right now I’m making it Mozilla Composer.

I visited Frankie and Erica yesterday and fixed up their computers a bit. And I came to a conclusion. Browse the web with Mozilla: it blocks popups and suffers from none of the security holes that afflict Internet Explorer. As the web stands right now, if you browse with Moz, you will be basically immune to any web-based exploit.

I was at Merritt on Friday, sitting at my desk trying to do something productive. I needed a little network hub so I could get internet on 3 computers at my desk. Of course, I couldn’t find any power adaptors for the one I had in mind, so I just stole a massive stackable switch. I think it had like 32 ports. I connected 4 computers.
I didn’t realize that it had a fan in it. I think this added to the amazing rush of overkill that I felt as I plugged in my $1000+ switch, with its 28 empty ports.

Art: What are you doing with that?
Me: I needed a switch, and I didn’t have a power adaptor for the little one
Art: You realize that’s our backup switch for [Insert major client here]
Me: No.

Anyway, it’s still under my desk, whirring away.