Introduction About Site Map

XML
RSS 2 Feed RSS 2 Feed
Navigation

Main Page | Blog Index

Archive for the ‘Web-based’ Category

Facebook: Peer-Maintained Surveillance Network, Now With Prompting

860640_cooperation

Graph theory is essential to the Surveillance Industrial Complex — the privatised branch which maps people and assigns risk levels to them, depending for example on who they meet/met and/or speak/spoke to. Facebook extracts an immeasurable amount of work previously carried out by the Surveillance Industrial Complex. It outsources the effort. The cost is being passed to the public in exchange for games and pseudo-status.

Recently, owing to a friend, I came to realise that Facebook no longer requires anything more than a person adding himself/herself to the site in order for surveillance to commence. Users are now prompted to inform on peers, even those whose accounts (profiles) are vacant or inactive. Family connections, geo-location, face recognition/tagging are all done by one’s peers now. The only thing more worrying than this degradation of privacy is people’s lack of awareness of the ramifications.

The prompting mechanisms add all sorts of relational metadata, adding to prompting for tagging of photos with names, even names of people who are not registered Facebook users.

I often hear arguments that go something along the lines of, “if you don’t like Facebook, then don’t use it.” Well, it’s not as simple as that. You may choose to leave Facebook alone, but Facebook will never — ever — leave you alone. The Surveillance Industrial Complex uses is to gather intelligence on everyone in civilisation. I can almost sympathise with countries that banned Facebook.

WordPress for Galleries

A new site I’ve launched, Maria Chain, uses a blogging software, WordPress, to act as a sort of photos gallery. This is the first time I set up such a Web site, presenting an artistic portfolio using WordPress.

SH Property and Libre/Open Source Software

ONE of my clients, SH Property, recently had the site redesigned. As I do architecture and programming for a living in a field which is very competitive, I often have to depend on tools that lower down the costs. The means by which I rebranded the site at the domain level only required Apache redirects, which sure saves a lot of money. It is worth noting that Libre/Open Source software was used almost exclusively to build the site and the previous logo/header/banner (when it was called SJ Property Investment), for instance, was created using the GIMP. It was temporary. Here it is:

SJ Property Investment

While Libre/Open Source software usually costs nothing to acquire, it’s far from impossible to make a living with it; services and skills — requiring manpower — are the real scarcity.

PHP Sucks on Backward Compatibility (or How ‘Gallery’ and PHP 5.3 Don’t Play Nice)

As a bit of a dinosaur in technology (I still use a Palm PDA and single- or dual-core AMD), backward compatibility and long-term support are important to me. I am not a fan of PHP even though many programs that I like (the latest being Roundcube) use it almost exclusively.

Many problems seem to occur for those who use old versions of Gallery with the latest PHP, which has become notorious for its backward compatibility deficiencies. One bit of software that I use which is not compatible with PHP 5.3 is Gallery 1.x. It’s a version that I hacked a bit to suit my purposes, so upgrading would flush all my customisations away. Whether a sandboxed compatibility mode is available (such that, e.g., PHP 5.2 is run for specified paths) I do not know yet, but based on what people are saying suppressing the warnings and errors should be possible. It’s not a real solution but a cosmetic hack. If your Web host undergoes a PHP upgrade to 5.3 it can lead to lots of issues associated with out-of-date software. “A short time ago,” wrote my host (with which I host about 10 domains), “we emailed you to let you know that we were upgrading all our servers to the latest version of PHP. This is now complete. We therefore recommend you have a quick check of your site and ensure everything is working as it should.”

The bottom line is, from my personal point of view, is that PHP yet again proves that backward compatibility is too much for it to handle and, as such, one oughtn’t rely on long-term usage of programs written in PHP. Other authors pointed this out before. It’s quite the blunder. In Web-based environments in particular, a case of “lose compatibility or get cracked” may become more common if we become dependent on PHP.

Keeping Web-based Software Updated

One of the problems that’s leading to the cracking of many Web sites is that software is not kept up to date. It is not an easy task unless the process is made simple and at times automatic because people are adverse to change and to risk (associated with updating software, never mind the risk of getting cracked). Keeping abreast of security fixes and new upgrades for Web-based software is not easy unless one uses an operating system like Debian, which can be updated regularly and has strict requirements for inclusion. There are several points worth making here:

1. Some CMSs are better equipped for this type of scenario. In my ~15 domains I have a dozen of so different CMSs and some are antiquated, e.g. php-nuke, and depend upon updates coming upstream, e.g. php-bb with the infamous uploader hole (~2008). Other software, such as WordPress (it’s my favourite as I was also part of the devs community for many years), alerts all users about the need to update the software. They keep up appearance by reducing the number of reports of cracked sites.

2. In recent years people have been using scripts like Fantastico-packaged set to install the software. Softaculous is another one. 3 days ago WordPress issued a security fix (local privilege escalation and XSS for the most part, not too critical for some site setups), which automatically sent me several E-mails like the following (from domains where I used Softaculous to set things up):

 

"The following script updates are available:

WordPress 3.3.2:
[omitted]

To upgrade these scripts go to your Control Panel -> Softaculous -> Installations.
There you will be able to update the scripts.

>From Softaculous Cron Jobs  ([IP removed])"

Each bit of software typically keeps administrators abreast of security holes, but some software does not do this. WordPress alerts even writers, urging them to contact their admin for updates. Other bits of software require that one subscribes to a mailing list or regularly checks for updates. Back in the old days, and the way MediaWiki still works for the time being, people are advised to subscribe to a mailing list (or blog) with announcements about security fixes. If many customers have Joomla sites, then it’s useful to be subscribed to such fora and then update everything for everyone in batch mode (for WordPress I need to update 8 sites each time a fix comes out, and for some I need to do this manually from the shell due to different server settings).

It helps to have a database of installed software, recording which server is running which piece of software. It would be surprising if no such listed had already been compiled by those who operate many servers. It helps know what can be updated at the same time by the same person with the same files.

Some updates are merely about new features and might not even be backward compatible. Some software, like WordPress 2.0, is LTS (for inclusion in Debian stable), so it’s unlikely to require much updating. So, one can just look at what has changed and only update if the update is security related or has a data-jeopardising bug (in WordPress 3.2, for instance, people who rushed to update not for security reasons merely suffered from bugs and then had to update again to 3.2.1).

Join Diaspora… But Maybe Not Just Yet

Up and down all day long

Roundabout

SEVERAL months ago I joined Diaspora and enjoyed the good uptime of the service. The community was thriving, everyone was friendly, and the site reacted to input as one would expect. But then, just like Identi.ca, the site began having performance and uptime issues. At one point the site was down for a week. People soon lost those withdrawal symptoms and perhaps just moved on; some returned only to see sporadic operation of the site, which fairly enough is still in alpha (the software it runs is). But the bottom line is, in the early days people reviewed the site harshly for technical shortcomings. Now it’s just the really terrible uptime and low reliability. Unless this gets fixed the site is likely to lose its most ardent supporters and participants.

When Diaspora becomes “stable” it may all be resolved, but by that point, how many people will be on the JoinDiaspora pod?

What’s the Point of LinkedIn?

Old chain

LIKE most people on that site, I joined LinkedIn several years ago after a friend had invited me. For many years I did nothing with the account, but in more recent years the site grew rapidly in terms of popularity and is now a status symbol by some people’s imagination. It’s a bit like Facebook for professionals. But what really is that point of it all? It’s all rather superficial and the process of connecting to peers and friends (or ex-colleagues) is very time-consuming. When one considers what can be gained from having one’s name in a database associated with many other names, then the reality of the matter becomes clearer. Have we come to a point in the lifecycle of the Internet where we score people’s popularity based on the hours they dedicate to clicking to modify some proprietary database of some private company? Frankly, I stopped spending time in LinkedIn and my profile there is very much outdated (last updated properly in 2006). Can there finally be consensus on the irrelevance of public profiles that are merely the entry in someone else’s Web site? It’s just a MySpace for adults and the function is tracking other people’s careers is often overstated as crucial. It’s more like gossip or stalking.

Retrieval statistics: 21 queries taking a total of 0.215 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|