There’s a Better Way to Build a Smart TV | The Official Roku Blog
Syndicated 2012-01-21 08:34:00 (Updated 2012-01-21 08:34:59) from Dan Connolly
There’s a Better Way to Build a Smart TV | The Official Roku Blog
Syndicated 2012-01-21 08:34:00 (Updated 2012-01-21 08:34:59) from Dan Connolly
A big thanks for Web-iPhoto!
My wife does a photo shoot with the boys for the Christmas card each year. I wanted to share a digital copy of the photo, but our family photo archive is a mess, with N iPhoto albums on M macs and K backups on X linux boxes.
I know iPhoto is just JPG's and sqlite underneath, so it kills me that I can't just get at the photos with a web browser. I could code something up myself, but surely somebody has done it before, no? I've looked without luck before, but I guess I was using the wrong search terms. Today when I wished for "iphoto sqlite web server", lo! Merry Christmas to me!
Syndicated 2012-01-03 00:23:00 (Updated 2012-01-03 00:27:03) from Dan Connolly
Capability Security in E, coffescript, python, dart, and scala
A couple months ago, I inherited some Java code and took on the task of fixing a bug in it. The bug turned out to be a consequence of a silent failure; eek! And there were precious few tests and no way to test the parts without being connected to LDAP servers and SQL databases and such. This started me on an exploration of current best practices in testing. And since the job of this code was policy enforcement around patient data, I could finally justify getting my hands dirty with capability-based security. I discovered, as many others have, that both testability and security are well served by some of the same basic object-oriented techniques.
Dependency injection frameworks always smelled like overkill to me, but after watching Miško Hevery on testability, I was convinced. If you're in the mood for text rather than video, see his Guide: Writing Testable Code. Basically, instead of having some policy enforcement object constructor call an LDAP connection constructor, the policy enforcement object takes the LDAP connection as a constructor argument. "Don't call us; we'll call you" is a handy mnemonic. This lets you substitute a mock LDAP connection for testing.
It also forms patterns of cooperation without vulnerability.
For example, take a look at the simple money example in E and the underlying sealer/unsealer pattern.
I have been using these as an exercise to explore some of the recent programming language developments:
Dynamic languages are popular in large part because programmers can keep types latent in the code, with type checking done imperfectly (yet often more quickly and expressively) in the programmers’ heads and unit tests, and therefore programmers can do more with less code writing in a dynamic language than they could using a static language.The balance between static and dynamic languages also shows up in development tools. I had the eclipse with the Joe-E verifier, maven, and mercurial working all together at home one evening. The code really does just about write itself at that point. But when I tried to reproduce it at work, I got so frustrated that I retreated to emacs and python and looking up function arguments manually. The python version of the project has gotten complex enough that I'm starting to miss some of the whole-program consistency that Java tools give, but I'm getting by with a bottom-up approach: flymake, doctest, and the like.
Syndicated 2011-11-23 22:44:00 (Updated 2011-11-23 23:57:11) from Dan Connolly
Medical Informatics, Peer Review, and Open Access
Three issues of JAMIA just arrived, weighing not just on my desk but also on my mind: success is defined by my peers in my new field, medical informatics, as publication in a journal where the readers have to pay for access. After fifteen years as an Open Web advocate, this grates on me.
But I see that change is already underway. While JAMIA is the top journal that I hear about in the office so far, a quick trip to Wikipedia shows that it's second in impact to an open-access journal: Journal of Medical Internet Research.
Syndicated 2011-11-21 14:35:00 (Updated 2011-11-21 14:55:21) from Dan Connolly
Secure Mashups: CSRF-resistent alternatives to WebID
I think WebID is headed in the wrong direction. It separates authorization from authentication, which is widely believed to be a good practice, but proves spectacularly bad practice when it leads to cross-site request forgery. I have tried to explain my misgivings to the WebID proponents, but I didn't have much in the way of an alternative to suggest. Until today, when I found Sitelier and Belay Research.
While evaluating Spring Security today, I went looking to see if it its role-based architecture is in any way compatible with capability-based approaches and I found this, from the Sitelier guys:
In our view, the web right now is backwards: users have accounts on dozens of websites, all with their own logins and passwords, and our content and personal information is scattered all over the web, out of our control. Sitelier turns the situation around: when you install an app, you're effectively creating an account on your site for the app, which can then save its data (your data) there, so all your online information can live in one secure location that you control.Replies pointed out related work such as Belay Research and emphasized usability research. Indeed, my understanding since at least as far back as my Dec 2008 post is that the capability approach is the necessary and sufficient solution to the problem of secure mashups; the only question is: given the worse-is-better tendency in software deployment, is there any chance we can move the state-of-the-art that far?
Syndicated 2011-07-26 22:26:00 (Updated 2011-07-26 22:26:48) from Dan Connolly
The Voters First Pledge: what do my elected representatives have to say?
Representative democracy in America has clearly been corrupted by big-money interests.I got automated acknowledgement of receipt from both of their offices, but no response since. I don't expect more than a form letter. How long does it take to send one of those? Over a month, evidently.
The Fair Elections Now Act S.750 and the The Voters First Pledge look like reasonable steps, to me.
I don't see you among the supporters.
Please sign the pledge, or at least explain to me your position on the bill.
Thanks for your consideration and your service to our country.
Sincerely,
Daniel W. Connolly
Syndicated 2011-07-09 17:12:00 (Updated 2011-07-09 17:12:43) from Dan Connolly
Eliminating trackname collisions in multi-CD audiobook with mutagen
I wanted to listen to an audiobook on my android phone, so I ripped it (using banshee) and copied the tracks, but "track 1" from disc 2 overwrote "track 1" from disc 2.
So this little ditty uses mutagen to rename them to "Disc 01 Track 01" and "Disck 02 Track 02" respectively.
I have since discovered that ripping this audiobook with iTunes (which consults Gracenotes where banshee consults musicbrainz) yields track names like 1a, 1b, 1c, ..., 2a, 2b, 2c, ... .
import sys import os # http://code.google.com/p/mutagen/wiki/Tutorial import mutagen def fix(album): for dirpath, dirnames, filenames in os.walk(album): for track in filenames: audio = mutagen.File(os.path.join(dirpath, track)) print audio['album'], audio['title'] t = "Disc %02d Track %02d" % (int(audio['discnumber'][0]), int(audio['tracknumber'][0])) audio['title'] = t audio.save() if __name__ == '__main__': album = sys.argv[1] fix(album)
Syndicated 2011-07-07 13:14:00 (Updated 2011-07-07 13:14:10) from Dan Connolly
Trying to replace delicious, pinboard.in, and catch with diigo
I keep trying out one more cloud based task/time/knowledge management tool, hoping it will replace several of my too many others. While browsing around the Chrome store looking for tools that sync with android, I discovered diigo. The highlight feature is really slick! I've been hoping for that feature as far back as the Amaya papers and talks from 2000. Plus, it does bookmarking and note taking. But it's not as smooth as I'd like. I wonder if that's inherent in the attempt to do so many things.
Trying to replace delicious, pinboard.in, and catch with diigo
I keep trying out one more cloud based task/time/knowledge management tool, hoping it will replace several of my too many others. While browsing around the Chrome store looking for tools that sync with android, I discovered diigo. The highlight feature is really slick! I've been hoping for that feature as far back as the Amaya papers and talks from 2000. Plus, it does bookmarking and note taking. But it's not as smooth as I'd like. I wonder if that's inherent in the attempt to do so many things.
Chrome merged the address bar and the search field a while ago. The diigo chrome extension notifies you when you search for things that match items in your library, so you don't have to build a new habit.
The original delicous bookmarklet clearly hit the sweet spot for bookmarking:
There were some lightweight features that improved the experience: auto-complete of tags and auto-suggested tags from the crowd. Then the features started getting heavy, going beyond the critical response times, and on a tip from Gerald, I started migrating my delicious bookmarks to pinboard.in. (This was long before "the vice president of bad decisions at yahoo" threw in the towel.)
The diigo bookmarklet has two critical problems:
It was the speed of pinboard that convinced me to switch from delicious, not so much the "anti-social" aspects; I did enjoy the collaborative aspects of delicious, until they went overboard and made it too painful to search my own bookmarks. I was surprised to see so much of my community using twitter for link sharing: how do they ever find the bookmarks they made?! Twitter has the attention span of a gnat; it has no interest in helping you find a bookmark you made 2 years ago. Pinboard solved that problem by adding comprehensive twitter archiving to their snappy search offering.
Diigo has a twitter archive feature, but
That brings me to the goal of using diigo for task management.
Catch supports gtd-style collecting and processing really well:
I do most of my processing via catch's web interface, when I have the full bandwidth of a big screen, keyboard, and fast network. But sometimes when I have some time to kill, I use the catch android app to process notes.
I hope the diigo Powernotes android app gets there. Both catch and diigo let me log in using my google apps accounts, but:
I sure wish Amazon helped me record why I'm adding to my wishlist, e.g. who recommended it, which features or review comments I'm particularly interested in. I can annotate items if I switch to viewing the whole list, but the first thing Amazon does after I hit "add to wishlist" is distract me from recording what's on my mind with offers for other products. So I did a little research on home theater systems using diigo. But while shopping does involve research, there's really a lot more to it, and Amazon is a huge machine finely tuned to help with the whole process. Amazon's universal wishlist button helps some. Besides, as we learn from gtd, the most important thing to do after capturing a thought is to put it in context where you will next act on it. And for online shopping, that place is Amazon more often than not.
The diigo community and development team appeals to the hacker, the researcher, and the closet-librarian in me. I haven't found many familiar names/faces in the diigo community yet. The business model (freemium, with a focus on the education market) seems sensible to me, but I don't have much confidence in my ability to pick viable web businesses. (I've been involved in the web pretty much since it started; I wonder if I'd be ahead or behind if I'd invested in the web businesses I liked when I learned about them...) With a new owner for delicious, it may be time to take another look. The delicious crowd is large enough to display some wisdom in, for example, finding interesting new python programming resources. And I once discovered that a colleague subscribed to my family movie bookmarks.
Diigo says they support the same export format as delicious, but I don't see how I can get all my data back that way, since delicious has no concept of highlighting nor lists. I see a mention of annotations in the diigo API; perhaps all the structure is captured there.
Syndicated 2011-04-30 17:41:00 (Updated 2011-05-01 03:38:32) from Dan Connolly
Closing music sharing loops with Amazon Cloud Player and iTunes home sharing
I enjoy the music that my wife buys, but when I shop, I seem to get overwhelmed before I get as far as the "place your order" button. It's just like in college, when I used pore over the used cassette section, only to realize it was time for my next class before I decided what to buy. Once she buys the music, I'd like to have it when I commute to work or go to the gym.
I pulled my hair out for a while trying to get my Ubuntu linux box to fool her Mac into using it as a time machine server. I couldn't even get apple file sharing working read-write (for saving playlists and metadata). When Apple came out with home sharing, I pretty much threw in the towel and resigned myself to pulling out my MacBook Air whenever I wanted to deal with the world of popular music. But mostly I just didn't bother.
Then, after she had been limping along for a while on external keyboards and mice for her MacBook due to the internal ones having broken down (and the price to service them being out of reach), we swapped out her MacBook for my Macbook Air.
This gave me a fresh shot at organizing the family music collection.
My Ubuntu box has big, cheap disks. I use LVM2 to manage three volumes, which vary based on availability and confidentiality constraints:
At some point since my earlier frustrations, Ubuntu and Mac OS X have decided to get along; file sharing now Just Works. So I rsync'd all her music to the mass media volume shared it. Unlike the nightmare of merging iPhoto libraries, iTunes has an option to view "only items not in my library". Yay!
The iTunes collection includes some original stuff, such as piano recital recordings and garage band compositions. I'm dealing with my long-standing angst about that by using Musicbrainz Picard to automatically re-tag everything and then move the stuff that's outside the wisdom of crowds to the family-media volume. The collection also includes stuff that my wife imported for photo montage projects; Frank Sinatra and polka music were of great sentimental (or humor) value to the client, but I don't want it in my "shuffle all" mix on the way to work. I'm not sure how to deal with that, yet.
Reducing the redundancy feels good to the closet librarian in me, but... what if the disk goes kerflewey? It's all replaceable, but even the potential of buying it or ripping it again leads me to the aforementioned paralysis/overwhelm.
Enter Amazon Cloud Drive and Amazon Cloud Player.
Not only does the android app eliminate the hassle of firing up a Mac to use doubletwist to sync iTunes to my android phone, but cloud storage provides backup of all our popular music... or at least: all the music that I cherish enough to bother uploading to Amazon.
Syndicated 2011-04-16 03:21:00 (Updated 2011-04-28 20:26:32) from Dan Connolly
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!