Older blog entries for pjf (starting at number 595)

Wear Sunscreen (and other thoughts for the year ahead)

If I could offer you but one tip for the future, sunscreen would be it. The long term benefits of sunscreen have been proved by scientists, whereas the rest of my advice has no basis more reliable than my own meandering experience. I will dispense this advice now.

-- Mary Schmich

I'm not one for New Years Resolutions. In fact, the last resolution I made wasn't even mine; I stole it shamelessly from Skud, and it was "Never Refuse an Adventure".

However, today I feel like dispensing advice, reflecting on the year that was, and making plans for the future. I'm going to share these with you, and I'm going to start with my outlook on life.

One lifetime is not enough.

I have too many things I want to do, want to learn, and want to be. Heck, even ten lifetimes would not be enough. Since I can't do everything, a lot of my thought goes into maximising the area under the curve; making sure that when I die, I've squeezed the most out of life that I possibly can. Our axes here are age (horizontal), and enjoyment (vertical).

To get the most under the curve, you need it to stretch as far to the right as possible. You need not only to live as long as you can, but to have both the brains and the body to make the most of being alive. Without brains and body, you're placing limits on the vertical height of your graph.

That, as much as you may not like it, means doing exercise, both mental and physical. A lot of the people I know are good at one, but suck at the other. My only advice here is to find exercises that you enjoy. Mentally that might mean a problem you want to solve. Physically that may mean combining exercise with transport (eg, cycling), or gaming (eg, StepMania), or social activities (sports or martial arts seem to work well here).

For most of my friends, it's physical and not mental exercise that is lacking. In this case, sites like SparkPeople can be useful in tracking food and exercise, although they could do with an API. If you've got sufficient money, you may find investing in a personal trainer worthwhile.

I'm not going to talk about money, but instead I'm going to talk about utility, in the economic sense of the word. Without going into lots of theory, utility is the satisfaction you derive from something, and it can vary across individuals. For example, I have friends for whom watching sport is a high-utility activity, even though it's not for me. Those same friends may consider giving a presentation in front of a large audience to have negative utility; whereas I'm positively thrilled at the prospect.

Utility is going to have a strong correlation with the vertical height of your life-graph. Hopefully everyone grasps (at least at an unconscious level), that the utility of something isn't fixed. A glass of water has a greater utility to someone dying of thirst in the desert, than it has to the average office-worker. The +3 sword you've just looted is worth a lot to adventurer without a magic weapon, but has very little utility to the adventurer who already owns a +4 blade (unless they're a ranger and can dual-wield).

A lot of our decisions come down to trading things of different utilities. If you purchase something, that's usually because you believe that your purchase has greater utility than the money you paid for it. The big mistake I see people making is they take good deals now, but do so at the expense of taking great deals later on.

One example of this is time. A person may spend their evening playing an MMO, and that's arguably a good use of time, because they enjoy it. However ten evenings of study may allow the same person to learn a new skill, and with that skill achieve some greater goal. If the satisfaction of that goal is worth more to them than ten evenings of online gaming, then they've taken a good deal, but potentially forfeited a better one.

That brings me to the concept of investment. In short, do it. I'm not just talking about investing money. I'm talking about investing in skills, health, friends, relationships, tools, mental discipline, cybernetics; anything where you forfeit utility in the short-term for a much greater gain of utility in the long-term. Be aware that not all investments are good ones, or what is a good investment for you may be a poor investment for someone else. But in order to really maximise the area under the curve, you're going to need to do some investing.

What naturally falls out of this is the concept of goals. Identify the things which hold a particularly high utility for you. You want lots of goals; they're what allow you to identify good investments, and high-utility events. For some people, myself included, there's even utility in the sense of achievement when accomplishing a goal. Goals can be very short term (like making a person smile by sending them an SMS), or very long term (continue to be mentally and physically fit at age 75).

Don't be afraid to add new goals, and don't be afraid to discard old ones. Life is a process of continuous change, and there's no shame if your priorities or circumstances don't remain static. However when evaluating your goals, try to be aware of why they're changing; that can often reveal insights into yourself you may not otherwise notice.

Your goals may involve taking risks, and that should not scare you. Many pay-offs more than justify the risks you need to take to get them. When making decisions, get into the habit of trying to analyse both the most likely and the most significant outcomes from those decisions. Try to associate both probability and utility with each of these; this should help you gauge the expected value (EV) of a decision. You should using this matrix to help you make the most beneficial choices; sometimes they won't be the obvious ones.

Thinking about the possible consequences of an action helps you plan better for the future, and usually helps you both better utilise good outcomes, and mitigate bad ones.

A lot of my goals focus on things that I know will be highly memorable experiences. I cherish my memories, and being able to look back and smile about the things that I've done has a high utility to me.

So, what are some of my goals that I'm willing to share with you? Well, that's a hard one. Well, let's start with some history.

Most of you know me as a geek. I do a lot of programming, especially in Perl. I poke around with privacy issues, I play RPGs, I dissect network traffic streams, and I do a lot of speaking at technical conferences. Stereotypical geeks are poor with people, and that included me. It still includes me in many situations. However I've discovered that more than anything else, I love people. For a while now, I've been studying how I can become a better people person.

For me, 2009 was a year about people. I made a conscious effort to meet new people, to attend more social events, and to form new friendships. This has really paid off, and some of the risks I've taken have definitely been worthwhile.

I want to get better with people. I want to better understand how they work, how they think, and most importantly, what makes them happy. I'm not just being altruistic here; making other people happy is a very good way to get things done, and one that usually beneficial to all parties involved. So one of my goals this year is to put more points into cognition, telepathy, empathy, and bard.

I've also discovered that while I'm excellent in broadcast (presentation) and multicast (storytelling) communication, I'm lacking in unicast (personal) skills. I find this ironic, because I used to be the reverse. I think my unicast issues relate to what I'm willing to discuss. I generally hold my cards a little too close to my chest at times; I fear my conversation topics can be a bit too formal as a result. I seem to be most popular in unicast when talking about my most recent topic of inspiration, but when that's computer-related I'm concerned my conversational partner will find it boring, and when it's people-related I fear they'll find it weird. This is an area where risk-taking is definitely needed; the advantages of finding someone who's genuinely fascinated by my thoughts outweighs the risks of scaring someone away with whom I'd otherwise hold a specious social relationship.

I have a couple of mental models that I use for other people, but I've discovered not everyone fits nicely into these models, although they're a relatively small subset of the whole population. The mental models I use for everyone else are woefully incomplete. To solve this, I suspect I'll need to do some dedicating reading, research, and experimentation.

I need more points in arei'mnu, a Vulcan word that roughly translates into "mastery of emotions". There are many times when my emotions are in opposition to my logical and well-reasoned thoughts. In fact, this is something of a conundrum for me, as I feel that emotions are core to the human experience, and removing emotion strips life of much of its meaning. Usually I embrace and revel in my emotions; I even find value in sadness and tragedy, as they often provide a focal point for reflection on good times and fond memories. Usually my arei'mnu is excellent, but there are a few tweaks that I need to make, most of which relate to specific circumstances and triggers.

Finally, in 2010 I want to experience new things. I jokingly refer to this as "gaining XP", but it's one of the things that I really believe in, and one of the things that too many people stop doing. After a while, XP is addictive. People, food, places, thoughts, ideas, activities; they all hold such amazing and unique possibilities. My real question, and the one that's driving me nuts right now, is how to prioritise them, along with the very real awareness that I'm not even aware of the tiniest fraction of the experiences which life has to offer. In this regard, your advice is very much appreciated.

Tightening up your Facebook privacy
I've previously discussed the new Facebook privacy system, what they mean to you, and some recommendations on keeping at least some privacy. If you haven't read this post, I suggest you do so now, as I won't be repeating those recommendations here.

Since my last update, I've had a lot of feedback, and done a bit of exploring, and discovered there are some extra privacy controls that are rather hard to find! One thing that had me perplexed was how to hide which groups I was a member of. Groups are juicy stuff, they tell me a lot about your beliefs, interests, and social ties. These are things you may not wish to be broadcasting to the world. Events are the same, but even more so, since they give me an idea of where you are actually are, and who you're physically interacting with. You probably want to have some control over who can see these.

Luckily, you can; the controls just aren't where you expect them to be. They're not in Privacy Settings at all, they're in Application Settings. By selecting Edit Settings you can change the privacy on your groups, events, gifts, links, notes, and photos; although the photos setting only controls who can see your photos tab/box/link; individual albums have their own privacy controls.

When deciding on your privacy settings, it's worth keeping two things in mind:

Applications run with the permissions of the user that installed them.

This means that if you allow your friends to see events, your friends applications can also see events. The previous privacy settings actually allowed friends to see events, but you could block their applications.

A permission of Everyone generally means it's publicly accessible

Facebook is making it pretty clear that Publicly Accessible Information (PAI) is available to everyone and everything, including unauthenticated users, applications, and third-party websites.

It's also worth noting that even if you set your event and group privacy to only me, it's still possible to go directly to an event or group and see the list of members, and you will show up there. What tightening your event/group privacy stops is a person or application being able to see all of your groups and events in one hit. If I'm determined to find your groups and events, I'd start by grabbing your publicly accessible list of friends, walking through their events and groups, and checking each one to see if you're a member. Your potential employers and in-laws aren't likely to go to that sort of trouble.

It also looks like I'm not the only one who's been upset that Facebook has made one's list of friends completely public information. What's amusing is their response to it. Let's look at their new privacy tools blog post, which talks about how to hide your friends. It starts off being very positive:

When you uncheck the "Show my friends on my profile" option in the Friends box on your profile, your Friend List won't appear on your profile regardless of whether people are viewing it while logged into Facebook or logged out.

That's great, isn't it? We can finally hide our list of friends, just like we used to... Except...

This information is still publicly available, however, and can be accessed by applications.

In other words, you can hide your list of friends from casual observers, but it's still considered publicly accessible information, and hence presumably can be accessed by anyone who can write, install, or employ an application to find it, as well as by "Facebook enhanced" websites.

To the average user, the effects of this change is a great way of letting them feel like their friends are private, but without actually making them private.

I want to give a specials thanks to Matthew Musgrove (@mrmuskrat) for assistance in finding the group and event privacy settings. Also, Risto H. Kurppa is in the process of putting together simple instructions on how to protect one's privacy on Facebook, and is seeking contributions.

If you wish to receive e-mail when I make further posts on Facebook privacy, then join my privacy study or subscribe to the relevant google group.

New Facebook Privacy and You
Facebook are in the process of changing how their privacy settings work, and today, I was given the option to migrate my account over to the new scheme. These were announced on the facebook blog about a week ago, and sounded quite promising. Unfortunately, I actually feel creeped out by the new system.

I'm going to start with the good thing. Yes, that's right, there's only a single good thing about the change that I've found. When making status updates, one now has fine-grained control over who sees them. I can have a status update that's only seen by my family, or only seen by my friends who like to dress as pirates, or by everyone except my friends in Sydney. This is something that a lot of people have been asking for, and it's great to see it implemented.

Unfortunately, the rest sucks.

I've some some blogging about Facebook privacy in the past, as well as a conference presentation and radio interview. In all cases, I've recommended using the (difficult to find, but incredibly valuable) button marked Do not share any information about me via the Facebook API. When ticked, that would block almost all the information I could gain about a user with my tools, which try to squeeze as much information from the Facebook API as possible. Admittedly, there were some leakages, but not many.

That setting is now gone. All the applications, installed by all your friends, now have access to your "publicly available information", and there's not a damn thing you can do about it.

Publicly available information includes Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages. What's more disturbing for me is that the new Applications and websites settings don't provide a control for sharing of events. In fact, some of the volunteers for my privacy study have gone from me not being able to see anything about them, to me being able to see their past, current, and future events! That disturbs me, not least because I want to control who can see which events I've attended.

The other thing to dwell on here is pages are now publicly accessible. Pages are things that you can fan, such as companies, or bands, or even privacy researchers, and newsletters. To be honest, these were creepy to begin with, because the owner of a page could access all sorts of bulk demographic data about their fans, and even export it for processing with other tools. But now, the list of pages you've fanned are public.

Public information in Facebook is available to everyone, even users who haven't logged in, and third party applications and websites. That's bad. You may have have fanned pages that relate to controversial beliefs or sexual preferences. Your probably don't want a potential employer to be able to see these, but now there's nothing you can do about this either, except for un-fanning those pages. I recommend you do this now.

What's also conspicuously missing are the ability to control is what goes onto the recent activity section of your Wall. I'm looking at one my volunteers now who previously never had their like events posted to their wall, and it's now covered with them. This gives me a wealth of information about who they're interacting with, which in turn is very useful if I'm planning to do any social engineering.

In fact, it even links to events and posts that my friends like, but that I can't see. I can even extract Facebook IDs (fbids) of the target posts. While this doesn't in itself let me access the information directly, I can certainly tell when two of my friends are liking the same post. Based upon what I know about my friends, I may be able to infer more than that, or ask one friend what another friend has just "liked".

You can manually remove recent activity from your wall, but you have to do it manually by finding the event you want deleted, and selecting the 'Remove' option that appears when you hover to the right of it. Joining groups also results in recent activity (without the option of turning it off), and there's a chance that other events may appear there as well.

In fact, talking of groups, I can't find any privacy controls for them either. For some of my friends, they're visible. For some of my friends (and apparently for myself), they're not. At the very least this is confusing, and it may simply represent different friends being at different stages of the privacy migraation. Group information gets leaked all over the place anyway (recent events, groups recently joined, and publicly visible group lists), so regardless how this is being controlled, I can probably find out which groups you're a member of regardless.

What I find most disturbing of all is that my friends list has gone from completely private to completely public. While I've found the control that allows me to no longer display my friends on my profile, since they're now "publicly available information", they're still accessible by other means. I actually consider my list of friends to be very private; and I'm not at all happy that's changed.

Oh, and for those who remember me talking about dark stalking to infer the existence of other users who had otherwise completely hidden themselves from view? Well, it's not that big an issue anymore, since I can now directly navigate to their pages (from their UIDs that I'd found previously), and see their "publicly available information". Good work in protecting their privacy, Facebook, good work...

Recommendations
So, you might be wondering what I recommend? Well, to begin with, make sure that you're happy with your new "publicly accessible information" really being public. If you don't want your grandparent, work colleague, potential employer, stalker, dog, guild, or whoever else seeing your Name, Profile Picture, Gender, Current City, Networks, Friends, or Pages, then change or remove them now. They're available to everyone, including unauthenticated users, "facebook-enchanced applications and websites", and via the API.

Go to your profile page. Scroll down until you see Recent Activity. Anything you don't want to see there, delete it now. Anytime you join a group, or like an event, or fan a page, or change your relationship status, or sneeze, go back to Recent Activity and check if you're happy with that being broadcasted.

Go through all the new privacy settings, and think about each one. Some of them may not have even been mentioned in the migration tool. My date of birth had unexpectedly went from being completely private to compeltely public.

Stay informed. If you want updates from me, then join my privacy study or subscribe to the relevant google group. Make sure you fan the Facebook Site Governance page, since that's where many updates are posted, and is a hub for user feedback. If you want another perspective on the changes, the Electronic Frontier Foundation have also posted their analysis of the changes.

Finally, be aware this is not the first time a major website has changed their privacy policy, and it certainly won't be the last. If you really want something to remain private, you might want to avoid putting it on-line in the first place.

Perl 5.11.1
I've been behind in my blogging; time seems to fly when one is having fun, and I've been having a pretty good time recently. Most of it's involved working with people and science, rather than technology. After I finish my taxes (not yet overdue), this may change.

In the meantime, I can't go without mentioning that Perl 5.11.1 has been released. This isn't a stable version of Perl, but it's a point release on the way toward 5.12.0. I'm quite excited about 5.12.0 for many reasons I'll go into later, but they all involving modernisation of the language.

Of note in 5.11.1 (and hence 5.12.0) is that deprecation warnings are turned on by default. This isn't scary; it means that if you've got old code that's going to break in the future, then Perl will start warning you about that well in advance.

Of other note is a minor point, and that's the ability to include version numbers in package declarations. One can now write package Foo::Bar 1.23, rather than having to do cumbersome things with the $VERSION package variable.

Teaching Perl in Sydney
I've just spent the week teaching Perl in Sydney. It was good. Actually, it was really good. My class were close in ability, asked intelligent questions, thought through problems, asked for assistance when needed, quizzed me about advanced topics during the breaks, and generally showed themselves to be awesome. It felt just like the good ol' days.

Fun with QR Codes and Perl
Short blog today, but cool tech. I've been playing around with 2D barcodes recently, and have just pushed a Perl Tip on generating QR Codes with Perl. Given how incredibly easy this is, I'm tempted to generate huge numbers of these and go sticking them around town for my own nefarious purposes. ;)

Today I broke a world record, and got on TV

Achievements for today:

• Dressed like a pirate
• Danced like a robot
• Broke a world record
• Supported Robogals
• Got on national TV

Perl for Android

I have an Android phone. I love it. After scanning a barcode it now runs Perl. Sure, the example Hello World program dies with an error, but there's already a patch to fix that.

This is a massively exciting achievement for me, and is even better for it having all of ninety seconds. It's now tantalisingly easy to do some pretty amazing things from my phone. I don't think I'm going to be short for a project any time soon.

Talk like a Pirate Day
This Saturday was International Talk Like a Pirate Day, as well as Software Freedom Day. This year I sided with the pirates, donned a particularly swashbuckling outfit, and joined about 150 other pirates to march through Melbourne, fight off ninjas, and singing the only sea-shanty known by every member of our scurvy crew.

Afterwards, there was the world's best pirate cake, crafted by jarich.

I have some pictures of the day and the party, including the Jolly Tux. For those people on Facebook, there's a lot of photos on-line.

What's new in Perl 5.10.1
For those who missed it, Perl Training Australa has a new Perl Tip on What's New in Perl 5.10.1.

Rocking out at MXUG
For a while, Melbourne has been running MXUG, the Melbourne X Users Group, where X is a technology you're interested in. It has a nice format: 15 minute talks, timed, with five minutes for questions. Then beer, pizza, lightning talks, and a trip down to the pub.

Despite me apparently living in Melbourne, I've never attended a MXUG meeting, but I'd been hearing good reports about them. Apparently one can become a speaker just by adding themselves to the speakers list (which is editable by members), and so I aggressively volunteered to give my (still formative) talk on facebook privacy.

The talk went really well. The audience was warm, interactive, and laughed at all my jokes, even the really lame ones. Since I judge my self-worth on the size and enthusiasm of my audience, I decided that I really liked MXUG. Normally, that would be enough for me to call the night a success.

However enough people asked me about how I used my wiimote as a presentation device, so I volunteered for one of the five minute lightning talks. I had no slides. I did no preparation. I spent all the time I'd normally be working on my talk eating pizza, drinking beer, and talking to MXUG members.

So I was especially happy when I showed off how to use Xwii to enable a tilt mouse, and as a presentation device. I then showed off how I could use the wiimote to control my music player, and sung a few bars from "I've got a feeling" from Buffy on stage. That would normally be enough to count the night as doubly-awesome, but oh no! It gets better.

My last Xwii profile showed how I can hook into a Guitar Hero controller, "but I don't have one of those here, so I can't show you". Sure enough, someone produces a guitar out of nowhere. A few seconds to pair it with my machine, a few more seconds to start up Frets on Fire, and I am rocking out on stage in front of a cheering crowd of 50 people.

I then got to sit back down in the audience, and read about my exploits on twitter. ;)

That, ladies and gentlemen, was my thrice-awesome night at MXUG.

Facebook Privacy talk at BarCampMelbourne
This weekend at BarCampMelbourne I gave a talk on Facebook privacy, and what information I was able to extract from the API using some reasonable simple Perl programs. Due to the incredibly fast efforts of Avi Miller, this talk is now available on-line. If you're reading this blog on my main blog, then you can also watch it below:

<embed src="http://blip.tv/play/AYGgggoC" type="application/x-shockwave-flash" width="480" height="390" allowscriptaccess="always" allowfullscreen="true"></embed>

You can also watch the talk on the BarCampMelbourne channel on blip.tv.

As mentioned at the end of my talk, you can be kept up-to-date on my research by joining my facebook study privacy group, or the google group, as well as my blog.