Tech/Computing at Everything In Between

Archive for the ‘Tech/Computing’ Category

Stop wasting energy fighting Internet ID: If you don’t trust the government, fight bills like SOPA & PIPA instead!

On Being a Social Cyborg: How iCalendar Helps Me Fight Loneliness

Here’s a topic I’ve been meaning to write about ever since I was deeply depressed last Fall and Winter. Back then, I was incredibly lonely, and despite my best efforts I simply found it damn near impossible to do anything to improve my situation. That’s because my “best efforts” consistently lead me to dead-end resources that sounded good but that had no practical or immediately useful information; resources like WikiHow.com’s “How to Deal With Loneliness” article.

In their article, WikiHow contributors write:

Get involved in anything where you will meet people. If you are very shy, find a group for social anxiety, even if it has to be online (obviously it’s better if it’s not). Look on places like Craig’s List, or local news websites for your town for activities in your area. Volunteering can help. But don’t attend functions with the idea of making friends or meeting people. Being too demanding is a sign of loneliness. Try to go with no expectations whatsoever, and to enjoy yourself regardless of what happens. Look for activities that interest you, that also involve groups of people, like intramural sports, book clubs, church groups, political campaigns, concerts, art exhibitions, etc.

While it all “makes sense,” the WikiHow article reads like an elaborate horoscope. It’s incredibly annoying because it contains no meaningful, discrete, actionable items. Where, exactly, can I find “activities in my area”? And once I find them, how do I make sure I know about them when they are happening? And as if that wasn’t hard enough, how do I make the process workable under the extreme energy constraints that being depressed and lonely put me under? (See also: without using up too many “spoons”.)

Ironically, when I finally concocted a solution to this problem, I no longer had the time to write the blog post about solving the problem because I was so busy doing things and being social. I proceeded to pull myself out of my depression, have a pretty good (if still difficult at times) Spring and Summer, and even Fall in 2011. But now that the days are getting shorter and I’m increasingly feeling like my moods are walking on a tightrope of “happy” above a pit of bleakness, I figure it’s about time to document my process. That, and it seems people I know are running into the same problem, so hopefully sharing my own solution can really make a positive impact on others’ lives.

Creating a Cyborg’s Social Calendar

The basic problem was two-fold. First, I needed an easy way to discover local goings-on. Second, I needed a way to remember to actually attend events that I was interested in.

It turns out this is far more difficult to accomplish than one may at first believe since the set of events that I both want to attend and have the capability (energy, time, money, motivation, physical accessibility, etc.) to attend are actually relatively limited. Moreover, I also need to align the set of events that match both of those criteria with the knowledge that said event is occurring when it is occurring. It’s a bit like playing temporal Tetris.

In a nutshell, the solution I implemented was similarly two-fold. First, I cast an incredibly wide but low-cost sensor net, integrated directly into the process I already used for keeping track of my daily appointments. (See also the “no extra time” concept and its wide applicability). Second, I classified the “activities in my area” into two distinct groups: “engagements” (stuff I’ve said “yes” or “maybe” to) and “opportunities” (stuff I haven’t yet said “no” to).

Here’s what my calendar looks like after all the pieces of the system are in place:

As you can see, I have an enormous selection of activities I could participate in at any given time. Better yet, they all show up on my calendar without my ever needing to repeatedly go “look[ing] on places like Craig’s List” to find them, the events on my calendar update themselves, and I can show or hide sets of events on a whim.

The prerequisite tool for doing this is the iCalendar feed, which, in the words of Stanford University, is a popular calendar data exchange format which allows you to subscribe to a calendar and receive updates as calendar data changes. Each of those calendars under the “Subscriptions” heading in the screenshot of my iCal is actually an iCalendar feed from a remote website. iCalendar feeds are to calendars as RSS feeds are to blogs.

The first thing I did was add the event subscription feed from my Facebook. Do this:

Log into your Facebook account and go to the “Events” page.
Scroll to the very bottom of the page and click on the small “Export” link. This will reveal a personalized web address (URL) listing all upcoming Facebook events you’ve been invited to or have RSVP‘ed either “Yes” or “Maybe” to, in iCalendar feed (.ics) format. Copy that URL.
Back in iCal (or your calendaring application of choice), choose “Subscribe…” from the menu and paste in the URL you got from Facebook.
Give this calendar subscription a meaningful name. I called it “Facebook Events” (see above screenshot).
Set the “Refresh” interval to something that makes sense; I set it to once “every 15 minutes,” since the Facebook feed is one I check often because it changes so frequently. (For feeds from calendars that I check or that update less often, such as those of community groups, or calendars listing events that are far from home, I set the refresh rate much, much slower, such as once “every week.”)

Okay! Now, whenever a friend invites you to an event on Facebook, your calendar will be updated to reflect that event at the appropriate date and time. If you RSVP “No” to the event, it will disappear from your calendar when iCal next checks your Facebook iCalendar feed.

Repeat the same steps for any other event-management website that you use and that offers iCalendar feeds. Some services I use, such as Plancast.com and Meetup.com, actually offer two distinct iCalendar feeds, one for all of the events visible to you on the service, and one for events that you have RSVP‘ed “Yes” to. Subscribe to both; in the screenshot of my iCal window, above, you’ll note the existence of a “‘meitar’ on Plancast” calendar as well as a “Plancast Subscriptions” calendar, and similarly a “My ‘Yes/Maybe’ Meetups” calendar as well as a “My Meetups” calendar.

Now that you’ve got a bunch of subscriptions, it behooves you to organize them in a way that makes sense to you. How you can do this will depend a little bit on the tools you have at your disposal. I found Apple iCal the best choice because of its Calendar Group feature, while I found Google Calendar an incredibly frustrating tool to use.

In iCal, I first created two calendar groups. The first one was called “Social Engagements,” into which I placed all the iCalendar feeds that showed me events to which I’ve RSVP‘ed “Yes” to on the remote site. This included the Facebook, “‘meitar’ on Plancast”, and “My ‘Yes/Maybe’ Meetups” feed. The second group was called “Social Opportunities,” into which I placed all the other calendars.

Every time I learned about a new local venue, such as a nightclub, or a café, or a bookstore that had an open mic, I would scour its website to see if it offered an iCalendar feed. If it did, or if it used a tool that did, such as embedding a Google Calendar on their website,¹ I’d add their feed to my “Social Opportunities” calendar group, too. I’d do the same every time I learned of a new event aggregating website, such as the IndyBay.org calendar or the Calagator Portland Tech Community calendar, which both offer feeds.

In very short order, I became one of the go-to people to ask about what was happening ’round town—including some towns I didn’t even live in!

However, as I travelled across the country speaking at conferences, I realized that my “Social Opportunities” group was getting cluttered with events that I could not actually attend because I was literally thousands of miles away from them. To solve that problem, I created distinct “Social Opportunities” calendar groups based on geographic region, and moved the individual subscriptions to the group with which they were geographically associated; the Occupy DC calendar feed is in the “Social Opportunities – DC” calendar group, and so on. I also created an “A-geographic” group to house feeds that listed events from all over the place.²

Some event-management services let you filter by geography, making this even easier. For instance, Yahoo!’s “Upcoming” event listing website shows you events by “place,” and you can subscribe to an iCalendar feed of just those events. For instance, here are the Upcoming events in Seattle, and here is the same information in iCalendar feed format. I added the feed of each Upcoming Place to which I regularly travel to its appropriate regional calendar group.

The benefits of this set up are obvious:

Visually overlay social opportunities on top of social engagements to ensure few conflicts, and help make the most informed choice about which events I want to go to when there are conflicts, to mitigate my social opportunity cost.
Toggle calendars on/off to find nearby activities. Ordinarily, I simply leave all the “opportunities” calendars deselected, so I’m just looking at my personal calendars and the “Engagements” group, since this view shows me “stuff I have to do today.” When I’m bored or I’m looking for new things to do in the upcoming week, however, I simply turn on the “opportunities” calendars. Voila! In 1 click, I’m browsing a wealth of stuff to do!³
Quickly orient oneself within the social space of a new city. If I’m taking a trip to Washington DC for a few days, all I have to do is deselect/uncheck the “Social Opportunities – SF/Bay Area” calendar group to hide all of my calendar subscriptions in that group, then select/check the “Social Opportunities – DC” calendar group and, voila, my calendar view has instantly shifted to showing me events that I can attend in Washington, DC.
Make RSVP‘s meaningful: if I RSVP “Yes” to an event on Meetup, the event is automatically removed from my “Social Opportunities – A-geographic” calendar group and added to my “Social Engagements” calendar group.
Easily move event information from a calendar feed to a personal calendar using copy-and-paste without ever leaving the calendaring tool of your choice.

Of course, none of this matters with regards to feeling lonely if I don’t also show up at events in physical space. Admittedly, actually mustering the physical and social energy to get up and go is by far the hardest part of this whole process. Typing on a keyboard is all fine and well (rest assured I do more than enough of it!), but there is no substitute for actually being around other human beings face-to-face. Physically vibrating the air using one’s mouth and having those vibrations move another’s ear drum (or physically moving one’s hands and letting the photons bounce off those movements and onto the retina of another’s eyes, in the case of sign language) is a vital part of the experience of being social.

This system isn’t perfect, but the imperfections are mostly due to the way sites like Facebook handle RSVP information. For my purposes, though, this workflow gets me well over 80% of the way towards my goal, and since I’m actually a human (not a machine), I can deal with a little data pollution here and there. There’s also plenty more I could write about with regards to “being a social cyborg,” such as how I use my calendar in conjunction with my contact management application (my digital rolodex) to maintain “loose” or “weak” interpersonal ties with over 1,000 people spread across the world—again, using “no extra time.” But I’ll save that for another post.

For now, hopefully this gave you a better understanding why my most frequent response to being informed of a party is something along the lines of, “Can you send me a link (to Facebook/Meetup/Google Calendar)?” and also why I’m so, so, so critical of important websites like FetLife that seem to prioritize everything but user security and interoperability.

Every public Google Calendar also publishes its information in an iCalendar feed. For example, rather than view the Occupy SF calendar on their website, just subscribe to the iCalendar feed provided by Google. Also, while you can create an aggregate view of multiple Google Calendars to embed on a Web page, it seems to me like this isn’t a feature offered for iCalendar feeds, so if you come across such a calendar, you’ll likely need to add the individual calendars’ feeds one by one. [↩]
Currently that’s just Meetup and Plancast, for me, since I’ve joined Meetup groups all over the country and I’ve subscribed to people on Plancast who live in dozens of cities. [↩]
Frustratingly, although Facebook also offers you a page listing events that you were not invited to but that your friends were, there seems to be no iCalendar feed of that list, forcing me to periodically check that page for events that would be “Social Opportunities” if I knew of them. Thankfully, to add them to my own calendar, I just RSVP “Yes” or (more likely) “Maybe.” [↩]

Written by Meitar

November 5th, 2011 at 11:04 pm

Posted in Crosspost,Geeky,Maybe Maimed,Productivity,Tech/Computing

Internet censorship FACEPALM moment of the day

How to spoof your MAC address on Mac OS X (for reals)

5 comments

One of the oddities of Apple’s Mac OS X platform is that some things that should be easy are obtusely difficult, and remarkably so. Changing the hostname of a Mac OS X Server is one good example. Another is changing the “Ethernet ID” (aka. MAC address, aka. link-level address) of a network interface card.

This should be really simple, as the correct command line is plain as day (where the string of colon-separated 00′s is your preferred MAC address):

sudo ifconfig en1 lladdr 00:00:00:00:00:00

There are numerous blog posts all over the ‘net that tell you this time and again, but each one seems to have comments from users complaining that it doesn’t work on their system. I ran into a similar problem not long ago when my MacBook Pro didn’t do what I expected. Just like others, whenever I tried to run the above command, nothing seemed to happen:

ifconfig | grep ether # Determine current MAC addresses
sudo ifconfig en1 lladdr 00:00:00:00:00:00 # Try changing MAC address for en1 (usually Airport)
ifconfig | grep ether # Confirm change; but uh-oh! Output is the same as before! Why?

Here’s how I fixed this problem.

The thing to know is that there seem to be a number of conditions that will prevent Mac OS X from successfully changing a NIC‘s MAC address. Some are obvious and some are not. As far as I can tell, these conditions are:

having the interface “down” (i.e., if you’ve recently run ifconfig en0 down or an equivalent),
being associated with (i.e., connected to) a Wi-Fi network with your Airport card,
having the System Preferences application running,
forgetting to “unstick” the current system configuration set.

It’s the last one that bit me. Mac OS X has a feature called “system configuration sets” or “locations,” as it’s termed in much of the GUI. These can be accessed via the Network pane in System Preferences, or via the scselect command from Terminal; it’s that scselect command which offers the key to changing a Mac’s MAC address.

On my MacBook Pro (which, for the record and if it matters, is running Mac OS X 10.6.7), I need to do all of the following before running ifconfig, as shown above:

If I’m changing my Airport card’s MAC address, I need to disassociate from any network. (This can most easily be done by invoking airport -z from Terminal. If you don’t have this command, see my tips on where to find airport.)
Quit System Preferences if it’s open.
Tell the operating system to “delay changing the system’s ‘location’ until the next system boot” by running: scselect -n.

According to the man page for scselect:

scselect provides access to the system configuration sets, commonly referred to as “locations”. When invoked with no arguments, scselect displays the names and associated identifiers for each defined “location” and indicates which is currently active. scselect also allows the user to select or change the active “location” by specifying its name or identifier. Changing the “location” causes an immediate system re-configuration, unless the -n option is supplied.

[…]

-n Delay changing the system’s “location” until the next system boot (or the next time that the system configuration preferences are changed).

Once I perform the above rigmarole, I can then change my MAC address without issue. But I have to be ludicrously careful. As soon as I open the Network System Preferences pane or otherwise do something to change the system configuration preferences, I have to run through that rigmarole again before changing my MAC address will work as expected.

Written by Meitar

March 29th, 2011 at 10:50 pm

Posted in Crosspost,Mac OS X,Networking,Security & Privacy,Tech/Computing

One Minute Mac Tip: Sniffing Wi-Fi traffic and capturing packets with the built-in airport utility

3 comments

Many Mac OS X users lament the lack of sophisticated network analysis tools, often prevalent and seemingly prolific on Linux systems. What many don’t know is that Mac OS X comes with a built-in command-line tool to do all sorts of nifty things with Wi-Fi networks, from packet capture (traffic sniffing) to scanning nearby networks’ signal to noise ratios.

Mac OS X ships with a command-line tool called airport that can do all sorts of nifty things with Wi-Fi networks. Unfortunately, it’s so squirreled away that most people don’t seem to know about it. The utility is part of the Apple80211 Private Framework used to power your Mac’s Airport menubar icon.

Invoking the utility without arguments prints a useful (if incomplete) usage message. At a Terminal command prompt, type:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport

The tool let’s you do a number of interesting things, so it’s worth playing around with. While you’re playing, you may as well create a symlink (a shortcut) to the utility so you don’t have to type that long path name all the time:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/bin/airport

Among the easiest things you can do is print a list of the Wi-Fi networks within range of your computer, but unlike the Airport menubar item, this report shows you a bunch of extra, precise data, such as which encryption protocol (if any) is being used on the network:

$ airport en1 scan
                            SSID BSSID             RSSI CHANNEL HT CC SECURITY (auth/unicast/group)
                       moscohome 00:22:6b:8b:86:51 -61  10      N  -- WPA2(PSK/AES/AES)
                     PUBLIC-455H 00:15:6d:60:95:d1 -82  1       N  -- NONE
                    Alex Network 00:1e:e5:24:c4:4f -86  1       Y  TW WPA(PSK/TKIP,AES/TKIP) WPA2(PSK/TKIP,AES/TKIP)
                   linksysELNIDO 00:21:29:a3:fd:99 -90  6       N  -- WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)
                        2WIRE024 00:18:3f:02:2f:49 -88  6       N  US WEP
                        2WIRE940 00:12:88:d9:85:41 -93  6       N  US WEP

If I wanted to see which of my neighbors still haven’t upgraded from WEP, I could just filter using grep:

airport en1 scan | grep WEP

More awesome, perhaps, is the tool’s ability to actually perform traffic sniffing and capture packets. Tell airport to sniff, and optionally provide a channel (which you now know thanks to your ability to scan). You need to be an administrator (i.e., you need sudo privileges) to do this:

sudo airport en1 sniff 6

This creates a file called airportSniffXXXXXX.cap in the /tmp directory, where XXXXXX is a string for uniqueness. You can then feed this file into your favorite network analyzer such as Wireshark to examine the traffic offline.

Written by Meitar

December 5th, 2010 at 2:58 am

Posted in Mac OS X,Tech/Computing,Wi-Fi

Cross-post: Edenfantasys’s unethical technology is a self-referential black hole

10 comments

This entry was originally published at my other blog. I’m cross-posting it here in order to make sure it gets copied to more servers, as some people have suggested I’ll face a cease and desist order for publishing it in the first place. Please help distribute this important information by freely copying and republishing this post under the conditions of my CC-BY-NC-ND license: provide me with attribution and a (real) back link, and you are free to republish an unaltered version of this post wherever you like. Thanks.

A few nights ago, I received an email from Editor of EdenFantasys’s SexIs Magazine, Judy Cole, asking me to modify this Kink On Tap brief I published that cites Lorna D. Keach’s writing. Judy asked me to “provide attribution and a link back to” SexIs Magazine. An ordinary enough request soon proved extraordinarily unethical when I discovered that EdenFantasys has invested a staggering amount of time and money to develop and implement a technology platform that actively denies others the courtesy of link reciprocity, a courtesy on which the ethical Internet is based.

While what they’re doing may not be illegal, EdenFantasys has proven itself to me to be an unethical and unworthy partner, in business or otherwise. Its actions are blatantly hypocritical, as I intend to show in detail in this post. Taking willful and self-serving advantage of those not technically savvy is a form of inexcusable oppression, and none of us should tolerate it from companies who purport to be well-intentioned resources for a community of sex-positive individuals.

For busy or non-technical readers, see the next section, Executive Summary, to quickly understand what EdenFantasys is doing, why it’s unethical, and how it affects you whether you’re a customer, a contributor, or a syndication partner. For the technical reader, the Technical Details section should provide ample evidence in the form of a walkthrough and sample code describing the unethical Search Engine Optimization (SEO) and Search Engine Marketing (SEM) techniques EdenFantasys, aka. Web Merchants, Inc., is engaged in. For anyone who wants to read further, I provide an Editorial section in which I share some thoughts about what you can do to help combat these practices and bring transparency and trust—not the sabotage of trust EdenFantasys enacts—to the market.

EXECUTIVE SUMMARY

Internet sex toy retailer Web Merchants, Inc., which bills itself as the “sex shop you can trust” and does business under the name EdenFantasys, has implemented technology on their websites that actively interferes with contributors’ content, intercepts outgoing links, and alters republished content so that links in the original work are redirected to themselves. Using techniques widely acknowledged as unethical by Internet professionals and that are arguably in violation of major search engines’ policies, EdenFantasys’s publishing platform has effectively outsourced the task of “link farming” (a questionable Search Engine Marketing [SEM] technique) to sites with which they have “an ongoing relationship,” such as AlterNet.org, other large news hubs, and individual bloggers’ blogs.

Articles published on EdenFantasys websites, such as the “community” website SexIs Magazine, contain HTML crafted to look like links, but aren’t. When visited by a typical human user, a program written in JavaScript and included as part of the web pages is automatically downloaded and intercepts clicks on these “link-like” elements, fetching their intended destination from the server and redirecting users there. Due to the careful and deliberate implementation, the browser’s status bar is made to appear as though the link is legitimate, and that a destination is provided as expected.

For non-human visitors, including automated search engine indexing programs such as Googlebot, the “link” remains non-functional, making the article a search engine’s dead-end or “orphan” page whose only functional links are those whose destination is EdenFantasys’s own web presence. This makes EdenFantasys’ website(s) a self-referential black hole that provides no reciprocity for contributors who author content, nor for any website ostensibly “linked” to from article content. At the same time, EdenFantasys editors actively solicit inbound links from individuals and organizations through “link exchanges” and incentive programs such as “awards” and “free” sex toys, as well as syndicating SexIs Magazine content such that the content is programmatically altered in order to create multiple (real) inbound links to EdenFantasys’s websites after republication on their partner’s media channels.

How EdenFantasys’s unethical practices have an impact on you

Regardless of who you are, EdenFantasys’s unethical practices have a negative impact on you and, indeed, on the Internet as a whole.

See for yourself: First, log out of any and all EdenFantasys websites or, preferably, use a different browser, or even a proxy service such as the Tor network for greater anonymity. Due to EdenFantasys’s technology, you cannot trust that what you are seeing on your screen is what someone else will see on theirs. Next, temporarily disable JavaScript (read instructions for your browser) and then try clicking on the links in SexIs Magazine articles. If clicking the intended off-site “links” doesn’t work, you know that your article’s links are being hidden from Google and that your content is being used for shady practices. In contrast, with JavaScript still disabled, navigate to another website (such as this blog), try clicking on the links, and note that the links still work as intended.

Here’s another verifiable example from the EdenFantasys site showing that many other parts of Web Merchants, Inc. pages, not merely SexIs Magazine, are affected as well: With JavaScript disabled, visit the EdenFantasys company page on Aslan Leather (note, for the sake of comparison, the link in this sentence will work, even with JavaScript off). Try clicking on the link in the “Contact Information” section in the lower-right hand column of the page (shown in the screenshot, below). This “link” should take you to the Aslan Leather homepage but in fact it does not. So much for that “link exchange.”

(Click to enlarge.)

If you’re an EdenFantasys employee, people will demand answers from you regarding the unethical practices of your (hopefully former) employer. While you are working for EdenFantasys, you’re seriously soiling your reputation in the eyes of ethical Internet professionals. Ignorance is no excuse for the lack of ethics on the programmers’ part, and it’s a shoddy one for everyone else; you should be aware of your company’s business practices because you represent them and they, in turn, represent you.
If you’re a partner or contributor (reviewer, affiliate, blogger), while you’re providing EdenFantasys with inbound links or writing articles for them and thereby propping them up higher in search results, EdenFantasys is not returning the favor to you (when they are supposed to be doing so). Moreover, they’re attaching your handle, pseudonym, or real name directly to all of their link farming (i.e., spamming) efforts. They look like they’re linking to you and they look like their content is syndicated fairly, but they’re actually playing dirty. They’re going the extra mile to ensure search engines like Google do not recognize the links in articles you write. They’re trying remarkably hard to make certain that all roads lead to EdenFantasys, but none lead outside of it; no matter what the “link,” search engines see it as stemming from and leading to EdenFantasys. The technically savvy executives of Web Merchants, Inc. are using you without giving you a fair return on your efforts. Moreover, EdenFantasys is doing this in a way that preys upon people’s lack of technical knowledge—potentially your own as well as your readership’s. Do you want to keep doing business with people like that?
If you’re a customer, you’re monetarily supporting a company that essentially amounts to a glorified yet subtle spammer. If you hate spam, you should hate the unethical practices that lead to spam’s perpetual reappearance, including the practices of companies like Web Merchants, Inc. EdenFantasys’s unethical practices may not be illegal, but they are unabashedly a hair’s width away from it, just like many spammers’. If you want to keep companies honest and transparent, if you really want a “sex shop you can trust,” this is relevant to you because EdenFantasys is not it. If you want to purchase from a retailer that truly strives to offer a welcoming, trustworthy community for those interested in sex positivity and sexuality, pay close attention and take action. For ideas about what you can do, please see the “What you can do” section, below.
If you’ve never heard about EdenFantasys before, but you care about a fair and equal-opportunity Internet, this is relevant to you because what EdenFantasys is doing takes advantage of non-tech-savvy people in order to slant the odds of winning the search engine game in their favor. They could have done this fairly, and I personally believe that they would have succeeded. Their sites are user-friendly, well-designed, and solidly implemented. However, they chose to behave maliciously by not providing credit where credit is due, failing to follow through on agreements with their own community members and contributors, and sneakily utilizing other publishers’ web presences to play a very sad zero-sum game that they need not have entered in the first place. In the Internet I want, nobody takes malicious advantage of those less skilled than they are because their own skill should speak for itself. Isn’t that the Internet and, indeed, the future you want, too?

TECHNICAL DETAILS

What follows is a technical exploration of the way the EdenFantasys technology works. It is my best-effort evaluation of the process in as much detail as I can manage within strict self-imposed time constraints. If any of this information is incorrect, I’d welcome any and all clarifications provided by the EdenFantasys CTO and technical team in an appropriately transparent, public, and ethical manner. (You’re welcome—nay, encouraged—to leave a comment.)

Although I’m unconvinced that EdenFantasys understands this, it is the case that honesty is the best policy—especially on the Internet, where everyone has the power of “View source.”

The “EF Framework” for obfuscating links

Article content written by contributors on SexIs Magazine pages is published after all links are replaced with a <span> element bearing the class of linklike and a unique id attribute value. This apparently happens across any and all content published by Web Merchants, Inc.’s content management system, but I’ll be focusing on Lorna D. Keach’s post entitled SexFeed:Anti-Porn Activists Now Targeting Female Porn Addicts for the sake of example.

These fake links look like this in HTML:

And according to Theresa Flynt, vice president of marketing for Hustler video, <span class="linklike" ID="EFLink_68034_fe64d2">female consumers make up 56% of video sales.</span>

This originally published HTML is what visitors without JavaScript enabled (and what search engine indexers) see when they access the page. Note that the <span> is not a real link, even though it is made to look like one. (See Figure 1; click it to enlarge.)

Figure 1:

In a typical user’s browser, when this page is loaded, a JavaScript program is executed that mutates these “linklike” elements into <a> elements, retaining the “linklike” class and the unique id attribute values. However, no value is provided in the href (link destination) attribute of the <a> element. See Figure 2.

Figure 2:

The JavaScript program is downloaded in two parts from the endpoint at http://cdn3.edenfantasys.com/Scripts/Handler/jsget.ashx. The first part, retrieved in this example by accessing the URI at http://cdn3.edenfantasys.com/Scripts/Handler/jsget.ashx?i=jq132_cnf_jdm12_cks_cm_ujsn_udm_stt_err_jsdm_stul_ael_lls_ganl_jqac_jtv_smg_assf_agrsh&v_14927484.12.0, loads the popular jQuery JavaScript framework as well as custom code called the “EF Framework”.

The EF Framework contains code called the DBLinkHandler, an object that parses the <span> “linklike” elements (called “pseudolinks” in the EF Framework code) and retrieves the real destination. The entirety of the DBLinkHandler object is shown in code listing 1, below. Note the code contains a function called handle that performs the mutation of the <span> “linklike” elements (seen primarily on lines 8 through 16) and, based on the prefix of each elements’ id attribute value, two key functions (BuildUrlForElement and GetUrlByUrlID, whose signatures are on lines 48 and 68, respectively) interact to set up the browser navigation after responding to clicks on the fake links.

var DBLinkHandler = {
    pseudoLinkPrefix: "EFLink_",
    generatedAHrefPrefix: "ArtLink_",
    targetBlankClass: "target_blank",
    jsLinksCssLinkLikeClass: "linklike",
    handle: function () {
        var pseudolinksSpans = $("span[id^='" + DBLinkHandler.pseudoLinkPrefix + "']");
        pseudolinksSpans.each(function () {
            var psLink = $(this);
            var cssClass = $.trim(psLink.attr("class"));
            var target = "";
            var id = psLink.attr("id").replace(DBLinkHandler.pseudoLinkPrefix, DBLinkHandler.generatedAHrefPrefix);
            var href = $("<a></a>").attr({
                id: id,
                href: ""
            }).html(psLink.html());
            if (psLink.hasClass(DBLinkHandler.targetBlankClass)) {
                href.attr({
                    target: "_blank"
                });
                cssClass = $.trim(cssClass.replace(DBLinkHandler.targetBlankClass, ""))
            }
            if (cssClass != "") {
                href.attr({
                    "class": cssClass
                })
            }
            psLink.before(href).remove()
        });
        var pseudolinksAHrefs = $("a[id^='" + DBLinkHandler.generatedAHrefPrefix + "']");
        pseudolinksAHrefs.live("mouseup", function (event) {
            DBLinkHandler.ArtLinkClick(this)
        });
        pseudolinksSpans = $("span[id^='" + DBLinkHandler.pseudoLinkPrefix + "']");
        pseudolinksSpans.live("click", function (event) {
            if (event.button != 0) {
                return
            }
            var psLink = $(this);
            var url = DBLinkHandler.BuildUrlForElement(psLink, DBLinkHandler.pseudoLinkPrefix);
            if (!psLink.hasClass(DBLinkHandler.targetBlankClass)) {
                RedirectTo(url)
            } else {
                OpenNewWindow(url)
            }
        })
    },
    BuildUrlForElement: function (psLink, prefix) {
        var psLink = $(psLink);
        var sufix = psLink.attr("id").toString().substring(prefix.length);
        var id = (sufix.indexOf("_") != -1) ? sufix.substring(0, sufix.indexOf("_")) : sufix;
        var url = DBLinkHandler.GetUrlByUrlID(id);
        if (url == "") {
            url = EF.Constants.Links.Url
        }
        var end = sufix.substring(sufix.indexOf("_") + 1);
        var anchor = "";
        if (end.indexOf("_") != -1) {
            anchor = "#" + end.substring(0, end.lastIndexOf("_"))
        }
        url += anchor;
        return url
    },
    ArtLinkClick: function (psLink) {
        var url = DBLinkHandler.BuildUrlForElement(psLink, DBLinkHandler.generatedAHrefPrefix);
        $(psLink).attr("href", url)
    },
    GetUrlByUrlID: function (UrlID) {
        var url = "";
        UrlRequest = $.ajax({
            type: "POST",
            url: "/LinkLanguage/AjaxLinkHandling.aspx",
            dataType: "json",
            async: false,
            data: {
                urlid: UrlID
            },
            cache: false,
            success: function (data) {
                if (data.status == "Success") {
                    url = data.url;
                    return url
                }
            },
            error: function (xhtmlObj, status, error) {}
        });
        return url
    }
};

Once the mutation is performed and all the content “links” are in the state shown in Figure 2, above, an event listener has been bound to the anchors that captures a click event. This is done using prototypal extension, aka. classic prototypal inheritance, in another part of the code, the live function on line 2,280 of the (de-minimized) jsget.ashx program, as shown in code listing 2, here:

        live: function (G, F) {
            var E = o.event.proxy(F);
            E.guid += this.selector + G;
            o(document).bind(i(G, this.selector), this.selector, E);
            return this
        },

At this point, clicking on one of the “pseudolinks” triggers the EF Framework to call code set up by the GetUrlByUrlID function from within the DBLinkHandler object, initiating an XMLHttpRequest (XHR) connection to the AjaxLinkHandling.aspx server-side application. The request is an HTTP POST containing only one parameter, called urlid, and its value matches a substring from within the id value of the “pseudolinks.” In this example, the id attribute contains a value of EFLink_68034_fe64d2, which means that the unique ID POST’ed to the server is 68034. This is shown in Figure 3, below.

Figure 3:

The response from the server, shown in Figure 4, is also simple. If successful, the intended destination is retrieved by the GetUrlByUrlID object’s success function (on line 79 of Code Listing 1, above) and the user is redirected to that web address, as if the link was a real one all along. The real destination, in this case to CNN.com, is thereby only revealed after the XHR request returns a successful reply.

Figure 4:

All of this obfuscation effectively blinds machines such as the Googlebot who are not JavaScript-capable from seeing and following these links. It deliberately provides no increased Pagerank for the link destination (as a real link would normally do) despite being “linked to” from EdenFantasys’s SexIs Magazine article. While the intended destination in this example link was at CNN.com, it could just as easily have been—and is, in other examples—links to the blogs of EdenFantasys community members and, indeed, everyone else linked to from a SexIs Magazine article or potentially any website operated by Web Merchants, Inc. that makes use of this technology.

The EdenFantasys Outsourced Link-Farm

In addition to creating a self-referential black hole with no gracefully degrading outgoing links, EdenFantasys also actively performs link-stuffing through its syndicated content “relationships,” underhandedly creating an outsourced and distributed link-farm, just like a spammer. The difference is that this spammer (Web Merchants, Inc. aka EdenFantasys) is cleverly crowd-sourcing high-value, high-quality content from its own “community.”

Articles published at SexIs Magazine are syndicated in full to other large hub sites, such as AlterNet.org. Continuing with the above example post by Lorna D. Keach, Anti-Porn Activists Now Targeting Female Porn Addicts, we can see that this content was republished on AlterNet.org shortly after original publication through EdenFantasys’ website on May 3^rd at http://www.alternet.org/story/146774/christian_anti-porn_activists_now_targeting_female_. However, a closer look at the HTML code of the republication shows that each and every link contained within the article points to the same destination: the same article published on SexIs Magazine, as shown in Figure 5.

Figure 5:

Naturally, these syndicated links provided to third-party sites by EdenFantasys are real and function as expected to both human visitors and to search engines indexing the content. The result is “natural,” high-value links to the EdenFantasys website from these third-party sites; EdenFantasys doesn’t merely scrounge pagerank from harvesting the sheer number of incoming links, but as each link’s anchor text is different, they are setting themselves up to match more keywords in search engine results, keywords that the original author likely did not intend to direct to them. Offering search engines the implication that EdenFantasys.com contains the content described in the anchor text, when in fact EdenFantasys merely acts as an intermediary to the information, is very shady, to say the least.

In addition to syndication, EdenFantasys employs human editors to do community outreach. These editors follow up with publishers, including individual bloggers (such as myself), and request that any references to published material provide attribution and a link back to us, to use the words of Judy Cole, Editor of SexIs Magazine in an email she sent to me (see below), and presumably many others. EdenFantasys has also been known to request “link exchanges,” and offer incentive programs that encouraged bloggers to add the EdenFantasys website to their blogroll or sidebar in order to help raise both parties search engine ranking, when in fact EdenFantasys is not actually providing reciprocity.

More information about EdenFantasys’s unethical practices, which are not limited to technical subterfuge, can be obtained via AAGBlog.com.

EDITORIAL

It is unsurprising that the distributed, subtle, and carefully crafted way EdenFantasys has managed to crowd-source links has (presumably) remained unpenalized by search engines like Google. It is similarly unsurprising that nontechnical users such as the contributors to SexIs Magazine would be unaware of these deceptive practices, or that they are complicit in promoting them.

This is no mistake on the part of EdenFantasys, nor is it a one-off occurrence. The amount of work necessary to implement the elaborate system I’ve described is also not even remotely feasible for a rogue programmer to accomplish, far less accomplish covertly. No, this is the result of a calculated and decidedly underhanded strategy that originated from the direction of top executives at Web Merchants, Inc. aka EdenFantasys.

It is unfortunate that technically privileged people would be so willing to take advantage of the technically uneducated, particularly under the guise of providing a trusted place for the community which they claim to serve. These practices are exactly the ones that “the sex shop you can trust” should in no way support, far less be actively engaged in. And yet, here is unmistakable evidence that EdenFantasys is doing literally everything it can not only to bolster its own web presence at the cost of others’, but to hide this fact from its understandably non-tech-savvy contributors.

On a personal note, I am angered that I would be contacted by the Editor of SexIs Magazine, and asked to properly “attribute” and provide a link to them when it is precisely that reciprocity which SexIs Magazine would clearly deny me (and everyone else) in return. It was this request originally received over email from Judy Cole, that sparked my investigation outlined above and enabled me to uncover this hypocrisy. The email I received from Judy Cole is republished, in full, here:

From: Judy Cole <luxuryholmes@gmail.com>
Subject: Repost mis-attributed
Date: May 17, 2010 2:42:00 PM PDT
To: kinkontap+viewermail@gmail.com
Cc: Laurel <laurelb@edenfantasys.com>

Hello Emma and maymay,

I am the Editor of the online adult magazine SexIs (http://www.edenfantasys.com/sexis/). You recently picked up and re-posted a story of ours by Lorna Keach that Alternet had already picked up:

http://kinkontap.com/?s=alternet

We were hoping that you might provide attribution and a link back to us, citing us as the original source (as is done on Alternet, with whom we have an ongoing relationship), should you pick up something of ours to re-post in the future.

If you would be interested in having us send you updates on stories that might be of interest, I would be happy to arrange for a member of our editorial staff to do so. (Like your site, by the way. TBK is one of our regular contributors.)

Thanks and Best Regards,

Judy Cole
Editor, SexIs

Judy’s email probably intended to reference the new Kink On Tap briefs that my co-host Emma and I publish, not a search result page on the Kink On Tap website. Specifically, she was talking about this brief: http://KinkOnTap.com/?p=676. I said as much in my reply to Judy:

Hi Judy,

The URL in your email doesn’t actually link to a post. We pick up many stories from AlterNet, as well as a number from SexIs, because we follow both those sources, among others. So, did you mean this following entry?

http://KinkOnTap.com/?p=676

If so, you should know that we write briefs as we find them and provide links to where we found them. We purposefully do not republish or re-post significant portions of stories and we limit our briefs to short summaries in deference to the source. In regards to the brief in question, we do provide attribution to Lorna Keach, and our publication process provides links automatically to, again, the source where we found the article. :) As I’m sure you understand, this is the nature of the Internet. Its distribution capability is remarkable, isn’t it?

Also, while we’d absolutely be thrilled to have you send us updates on stories that might be of interest, we would prefer that you do so in the same way the rest of our community does: by contributing to the community links feed. You can find detailed instructions for the many ways you can do that on our wiki:

http://wiki.kinkontap.com/wiki/Community_links_feed

Congratulations on the continued success of SexIs.

Cheers,
-maymay

At the time when I wrote the email replying to Judy, I was perturbed but could not put my finger on why. Her email upset me because she seemed to be suggesting that our briefs are wholesale “re-posts,” when in fact Emma and I have thoroughly discussed attribution policies and, as mentioned in my reply, settled on a number of practices including a length limit, automated back linking (yes, with real links, go see some Kink On Tap briefs for yourself), and clearly demarcating quotes from the source article in our editorializing to ensure we play fair. Clearly, my somewhat snarky reply betrays my annoyance.

In any event, this exchange prompted me to take a closer look at the Kink On Tap brief I wrote, at the original article, and at the cross-post on AlterNet.org. I never would have imagined that EdenFantasys’s technical subterfuge would be as pervasive as it has proven to be. It’s so deeply embedded in the EdenFantasys publishing platform that I’m willing to give Judy the benefit of the doubt regarding this hypocrisy because she doesn’t seem to understand the difference between a search query and a permalink (something any laymen blogger would grok). This is apparent from her reply to my response:

From: Judy Cole <luxuryholmes@gmail.com>
Subject: Re: Repost mis-attributed
Date: May 18, 2010 4:57:59 AM PDT
[…redundant email headers clipped…]

Funny, the URL in my email opens the same link as the one you sent me when I click on it.

Maybe if you pick up one of our stories in future, you could just say something like “so and so wrote for SexIs.” ?

As it stands, it looks as if Lorna wrote the piece for Alternet. Thanks.

Judy

That is the end of our email exchange, and will be for good, unless and until EdenFantasys changes its ways. I will from this point forward endeavor never to publish links to any web property that I know to be owned by Web Merchants, Inc., including EdenFantasys.com. I will also do my best to avoid citing any and all SexIs Magazine articles from here on out, and I encourage everyone who has an interest in seeing honesty on the Internet to follow my lead here.

As some of my friends are currently contributors to SexIs Magazine, I would like all of you to know that I sincerely hope you immediately sever all ties with any and all Web Merchants, Inc. properties, suppliers, and business partners, especially because you are friends and I think your work is too important to be sullied by such a disreputable company. Similarly, I hope you encourage your friends to do the same. I understand that the economy is rough and that some of you may have business contracts bearing legal penalties for breaking them, but I urge you to nevertheless consider looking at this as a cost-benefit analysis: the sooner you break up with EdenFantasys, the happier everyone on the Internet, including you, will be (and besides, you can loose just as much of your reputation, money, and pagerank while being happy as you can being sad).

What you can do

If you are an EdenFantasys reviewer, a SexIs Magazine contributor, or have any other arrangement with Web Merchants, Inc., write to Judy Cole and demand that content you produce for SexIs Magazine adheres to ethical Internet publication standards. Sever business ties with this company immediately upon receipt of any non-response, or any response that does not adequately address every concern raised in this blog post. (Feel free to leave comments on this post with technical questions, and I’ll do my best to help you sort out any l33t answers.)
EdenFantasys wants to stack the deck in Google. They do this by misusing your content and harvesting your links. To combat this effort, immediately remove any and all links to EdenFantasys websites and web presences from your websites. Furthermore, do not—I repeat—do not publish new links to EdenFantasys websites, not even in direct reference to this post. Instead, provide enough information, as I have done, so visitors to your blog posts can find their website themselves. In lieu of links to EdenFantasys, link to other bloggers’ posts about this issue. (Such posts will probably be mentioned in the comments section of this post.)
Boycott EdenFantasys: the technical prowess their website displays does provide a useful shopping experience for some people. However, that in no way obligates you to purchase from their website. If you enjoy using their interface, use it to get information about products you’re interested in, but then go buy those products elsewhere, perhaps from the manufacturers directly.
- On the recommendation of my friend Dr. Charlie Glickman, I suggest Good Vibrations.
- On the recommendation of my friend Shanna Katz, I also recommend Fascinations.
Watch for “improved” technical subterfuge from Web Merchants, Inc. As a professional web developer, I can identify several things EdenFantasys could do to make their unethical practices even harder to spot, and harder to stop. If you have any technical knowledge at all, even if you’re “just” a savvy blogger, you can keep a close watch on EdenFantasys and, if you notice anything that doesn’t sit well with you, speak up about it like I did. Get a professional programmer to look into things for you if you need help; yes, you can make a difference just by remaining vigilant as long as you share what you know and act honestly, and transparently.

If you have additional ideas or recommendations regarding how more people can help keep sex toy retailers honest, please suggest them in the comments.

Update: To report website spamming or any kind of fraud to Google, use the authenticated Spam Report tool.

Update: Google provides much more information about why the kinds of practices EdenFantasys is engaged in degrade the overall web experience for you and me. Read Cloaking, sneaky Javascript redirects, and doorway pages at the Google Webmaster Tools help site for additional SEO information. Using Google’s terminology, EdenFantasys’s unethical technology is a very skilled mix of social engineering and “sneaky JavaScript redirects.”

Written by Meitar

May 19th, 2010 at 6:20 pm

Posted in Business & E-Commerce,Content Syndication,Crosspost,JavaScript,Maybe Maimed,Search Engine Optimization,Tech/Computing,Web Design

How to work around “sorry, you must have a tty to run sudo” without sacrificing security

6 comments

While working on $client‘s Linux server last week, I found myself installing a cron job that ran as root. The cron job called a custom bash script that, in turn, called out to various custom maintenance tasks client had already written. One task in particular had to run as a different user.

During testing, I discovered that the odd-ball task failed to run, and found the following error in the system log:

sudo: sorry, you must have a tty to run sudo

I traced this error to a line trying to invoke a perl command as a user called dynamic:

sudo -u dynamic /usr/bin/perl run-periodic-tasks --load 5 --randomly

A simple Google search turned up an obvious solution to the error: use visudo to disable sudo’s tty requirement, allowing sudo to be invoked from any shell lacking a tty (including cron). This would have solved my problem, but it just felt wrong, dirty, and most troublingly insecure.

One reason why sudo ships with the requiretty option enabled by default is, among other reasons, to prevent remote users from exposing the root password over SSH. Disabling this security precaution for a simple maintenance task already running as root seemed totally unnecessary, not to mention irresponsible. Moreover, client‘s script didn’t even need a tty.

Thankfully, there’s a better way: use su --session-command and send the whole job to the background.

su --session-command="/usr/bin/perl run-periodic-tasks --load 5 --randomly" dynamic &

This line launches a new, non-login shell (typically bash) as the other user in a separate, background process and runs the command you passed using the shell’s -c option. Sending the command to the background (using &) continues execution of the rest of the cron job.

A process listing would look like this:

root     28109     1  0 17:10 ?        00:00:00 su --session-command=/usr/bin/perl run-periodic-tasks --load 5 --randomly dynamic
dynamic  28110 28109  0 17:10 ?        00:00:00 bash -c /usr/bin/perl run-periodic-tasks --load 5 --randomly

Note the parent process (PID 28109) is owned by root but the actual perl process (PID 28110) is being run as dynamic.

This in-script solution that replaces sudo -u user cmd with su --session-command=cmd user seems much better than relying on a change in sudo‘s default (and more secure) configuration to me.

Written by Meitar

March 17th, 2010 at 8:21 pm

Posted in Bash/Shell Scripting,Security & Privacy,Tech/Computing,Unix/Linux

Crosspost: My impressions on the new “sex-positive social network” Blackbox Republic

Mainstream sex-positivity or a VIP room in cyberspace? Or both?

Over the past few months, Blackbox Republic has been building a marketing arsenal of anticipation and intrigue. Its creators are successful in non-sexuality-focused spheres of influence: Sam Lawrence is the respected former Chief Marketing Officer of Jive Software, Inc., and April Donato, has experience in community management. They also both jive (pun!) well with the sex-positive movement, discussing it at length in the early stages of their marketing efforts after de-cloaking the new company.

In an interview for Social Networking Watch, Sam Lawrence said,

[Sam Lawrence:] The co-founder [April Donato] and myself are part of [the sex-positive] community. Sex positive means that your sexuality is not an issue. You don’t have an issue with other people’s sexuality. You’re open to what other people are interested in and what their boundaries are, and you’re open with your own.

[…]

[Interviewer:] To what extent do you practice a sex-positive lifestyle?

[Sam Lawrence:] From the perspective of sex not being an issue, I think that love is generated by people being open enough about who they are as people to put all of themselves out on the table. As far as putting all of myself on the table, it’s something that I do every single day.

I have an enormous amount of respect for anyone able to so capably present themselves as authentically as Sam does. On the eve of KinkForAll New York City 2, I met Sam and April at one of their “founder meetups” and had the chance to talk to them face-to-face. Our conversation revolved around the importance of steadfastly holding true to one’s own desires and having appropriate places to express those things with appropriate communication tools. I really liked their emphasis on self-identification over labeling throughout our discussion.

I also really appreciated the way that Sam and April spoke about their target audience. Blackbox Republic will welcome everyone, but it’s not designed for everyone, and I think that’s a good thing. David Evans writing at Online Dating Post says,

BBR has room for everyone, but is not for everyone. Definitely catering to non-mainstream folks, it will soon feature a constellation of micro-communities, or groups, called Camps. BBR doesn’t tell people how to organize their camps; we’ll do it ourselves, thankyouverymuch.

So is Blackbox Republic a dating site, or a social network? Well, both, kind of. Part of BBR’s slogan includes, “Dates will happen. Sex will happen. It matters how you get there.” The implication, of course, being that the current suite of tools for finding love or play online—sites like Alt.com, OkCupid, and countless personals boards—focus too strongly on the end result, turning matchmaking into a meat market instead of the natural process of getting to know one another. The focus BBR is placing on each person’s “journey” is an extremely welcome paradigm shift in the online dating world.

Along with the welcome and (IMHO, painfully obviously better) new approach to online dating, however, Blackbox Republic faces some real challenges. For new users, the service costs a minimum of $5 a month to use (and $9 per month for new sign-ups starting in 2010), which gives access to basic features like a personal profile. For $25 a month, members get added features like the ability to list real-world meet-ups, send private messages, and partake in a virtual “gifting” economy (think LiveJournal’s “virtual gifts“).

For that reason, BBR has been called a “members-only club.” There are some legitimate differences of opinion as to whether this is a positive or a negative thing. In a press release over the summer, Blackbox Republic is reported as stating:

Blackbox Republic will be a members-only experience that will unite the sex-positive community and give them a personal, private and secure way to connect online and in person.

Writing for ZDNet, Oliver Marks likens Blackbox Republic’s approach to online dating to the fashionability of owning an Apple computer:

Think of Blackbox Republic as a fashionable online ‘members-only’ club where you might expect to meet people with similar interests to your own, and ideally the person of your dreams. […] Blackbox Republic is arguably an Apple product to Facebook’s Windows look & feel: a much more intimately crafted, fuller featured personal user interface which should appeal to Apple generation sensibilities.

Many pages on Blackbox Republic's website showcase fashionably dressed women.

Indeed, almost everything about Blackbox Republic’s marketing and design seems to me as though it’s positioning itself as the equivalent of the hip, new, and exclusive nightclub down the street. There are images of super-chic women in short skirts and tight pants all over the Blackbox Republic promotional pages—way more than there are pictures of men. I was (yet again) put-off by this over-prevalence of women in all advertising material.

This isn’t really a criticism of the site, but rather a statement of disappointment that the marketing gurus behind the effort seemed to me to have succumbed to overwhelming cultural pressure to sell their site with old-school sex appeal: women’s sex appeal, of course. How…traditional.

Not only is the Blackbox Republic intro video markedly gender-skewed, but somewhere along the line Sam and April decided to drop the “sex-positive” phraseology from their marketing:

[L]ike most startups, Blackbox decided it needed to change up. Observers were confused by the sex-positive label.

Oh well. I think this just goes to further showcase how much more social change we really need in our culture.

However, while the clubby, cliquey feel is totally my own subjective perception, there are other issues at play here, too. Most notably, as Clarisse Thorn and many others rightfully remind us very often, the sex-positive movement is overwhelmingly white, middle- to upper-class, college-educated, and privileged in a huge number of ways that many people often take for granted. Even without a for-pay social network, not everyone who wants to can participate in the great-sex-for-everyone party atmosphere of many sex-positive niches.

Will creating a “members-only club” of sex-positivity on the Internet really be a positive thing for “the movement”? Well, maybe. Although it has the potential to exclude lower-income people from the experience, who are sadly also often the people with the most pressing need for the kinds of privacy-related tools BBR offers (school teachers spring to mind!), one upside is that Blacbox Republic promises to pledge a portion of membership dues to a charity of the user’s choice.

It’s $25 a month and $5 of those community dues go to charity. One way to think about it is if you’re sex-positive, you can either spend money on expensive coffee every month or upgrade your social life and meet other sex-positive people like you.

Inescapably, the major selling point of any social network is, of course, the network! If your friends aren’t on Twitter, then you’re probably not going to find it useful. The same truth holds for Blackbox Republic: if the users you want to interact with aren’t there, I doubt you’re going to find the experience fruitful. Due to the membership fees and the socioeconomic realities of the sex-positive community, I’m concerned that BBR’s current business model is too exclusive, and as a result it will have a lot of trouble attracting the kind of diverse community its creators seem to be hoping for.

Yet, some others think differently (pun!). For instance, Dennis Howlett welcomes the for-pay model for a social network:

anyone can join provided they’re willing to pay the $25 a month (I like that he has a pay model from the get go. That sorts out the weirdos and hangers on from day one)

I wonder if adopting a free-mium approach might work better. Still, there are real-world limits to business. Everyone needs to make money, and I don’t think Blackbox Republic’s business model is inherently more exclusive than, say, purchasing access to porn. If anything, BBR’s got some real promise to inject much-needed financial awareness to the sexually insensitive corporate infrastructure of our society. Nevertheless, convincing people to join “the Republic” is going to be a hard sell.

Show me the features!

Let’s say you do decide to join. What do you get? Other than the sex-positive mindset, what’s the benefit?

Well, the bulk of the experience is what you’d expect. Profiles (called “personas”), messaging, user search capabilities (called “explore”), and so forth. A Twitter-like “activity stream” dominates the main page where you can post text, picture, or video status updates. Event listings fill the sidebar. (I’m not going to provide internal screenshots in deference to BBR’s strict confidentiality rules.)

While that’s fun, it’s nothing special. What makes Blackbox Republic different is flexibility, and privacy.

Goodbye drop-downs, hello sliders!

An innovative new interface acknowledges (most of) the diversity in human sexual experience and desire.

Blackbox Republic’s most visible feature is the way its interface allows you to flexibly self-identify various facets of yourself. Rather than give you static drop-down menus or radio buttons for things like your sexual orientation and relationship status, you’re presented with sliders you can change at will. Perhaps you’re feeling particularly same-sex attracted one day. Just move the “Orientation” slider towards the “Gay” end and away from the “Hetero” end. If that changes tomorrow, just move the slider back. Sho-weet!

BBR offers you 5 different sliders for your profile. In addition to the one for sexual orientation, you also get one for relationship “status” (ranging from attached to unattached, with Facebook’s famous “it’s complicated” neatly in the middle), whether you’re available for more partners or not, how comfortable you are with casual sexual activity, and how eagerly you’re looking to par-tay. I’m instantly reminded of FetLife‘s innovative, if dull-looking, mechanism for specifying multiple relationships. Blackbox Republic gives you similar flexibility as FetLife does but presented in a superb and far more intuitive interface.

All that said, one slider is conspicuously missing: the one for gender. The sliders are a very interesting idea and might just be the most innovative feature of the entire site. It speaks volumes about the sensitive and thoughtful mindset of the developers, and that’s why I’m so disappointed that the interface for self-identifying gender is relegated to the Sex 1.0 days of a single, binary option of “male” or “female.”

What gives? Are polyamorous people more welcome here than those who don’t fit the gender binary? I hope this is simply an omission that will be fixed as the service matures, since I couldn’t find any other reason why gender was absent from the sliders. For extra credit, I hope to see different profile options for “Sex” and “Gender,” two distinct concepts that frequently and incorrectly get used interchangeably. This would make it possible to represent complex gender presentations like additive gender on a social networking interface for the first time ever, and that’d totally be something to write home about!

Privacy and security

The other major selling point of Blackbox Republic is its careful attention to privacy. The entire offering, including its name, is predicated on letting users very carefully segment their information based on their privacy boundaries. I love some of the things BBR has done to enable this, and I can only imagine it’s going to get better from here.

Blackbox Republic’s Web of Trust

There are three levels of privacy, which (as far as I can figure out) map directly to the level of trust other members have gained within the Republic’s community. It works like a web of trust. New users are “un-vouched.” As they begin to interact with others on the site and, hopefully, make some friends, they should receive “vouches”—or votes of trust—from previously-vouched members. As a member, you get to control whether something you do, such as posting a status update, gets sent to the “public,” (i.e., the entire public-facing Internet), to all Blackbox Republic members (i.e, to both vouched and un-vouched members) or only to vouched members.

Additionally, privacy settings allow you to specify whether you want to allow un-vouched members to send you private messages, to follow your updates, to comment on your posts, or to see you in search results.

Unlike Facebook, which has very good privacy controls that almost nobody on Earth is aware of (thus negating the control’s usefulness), Blackbox Republic makes it a point to highlight their privacy controls at just about every sensical turn. Each of the settings I found defaults to the most private setting, not the most public, which is exactly the right move. I gotta say, I found turning off privacy settings instead of having to turn (or leave) them on to be a really empowering feeling.

You’re not a “friend,” you’re an acquaintance!

Moreover, the Blackbox Republic platform makes a native distinction between “friends” (again, like Facebook, or FetLife) and “followers” (like Twitter). When I friend someone, I’m connected to them in a way that I’m not if I just follow someone. I’m not yet certain what the practical distinction between “friending” and “following” are, other than the fact that your view of the people you’re connected with is segmented based on which button you clicked, but I think the distinction is a very appropriate and natural one to embed in the software.

This separation is probably the single most important innovation in the space of social networks as a medium of communication and collaboration that I can point at. I love that I can indicate without ambiguity which people I want to remain in constant communication with and which I simply want to watch from a distance. After all, aren’t at least some of your “friends” on Facebook really just “acquaintances” in reality? I think that for the first time ever in a social network, Blackbox Republic gets this feature right. Now, if only I could figure out what it actually does. :)

What? No on-the-wire encryption?!

With all that being said, there’s still at least one really frightening problem with Blacbox Republic’s careful attention to privacy: as far as I could tell, no part of my session is SSL/TLS encrypted!

Stunningly, for a site that sells privacy, not even Blackbox Republic's login form is on a secure page.

The entire BlackboxRepublic.com website is served over HTTP, including the login form and—again, as far as I could tell—every page on the inside of the site. This means that it’s trivial for malicious people who don’t even have a Blackbox Republic subscription to intercept, eavesdrop, and modify my interaction with the site. They could watch—and save—private messages between me and one of my friends (or lovers!), for instance.

In Blackbox’s defense, I don’t know of any social network that protects you from this. FetLife is another example of a website that should seriously consider HTTPS-only pages, but as of this writing hasn’t implemented it. Therein lies one of the most frightening oversights in the entire social networking space: regardless of so-called privacy settings, everything you do on the vast majority of social networks, blogs, and other sites on the Internet are the equivalent of passing notes between friends in a classroom. Better hope that big bully who likes to steal your lunch money doesn’t open the note and read it himself while he’s passing along your login details!

The thing is, few other social networking sites place so strong a spotlight on user privacy and security. Since Blackbox Republic seems to be nobly and rightfully holding itself up to a new standard of privacy, I feel justified in pointing out this glaring omission in their service offering. Given everything else they’ve done so well, and how well-aligned the majority of their technical implementation seems to be with their philosophy, this omission came as a big surprise to me.

Until Blackbox Republic only serves HTTPS traffic for all private areas of their site, I can’t make a recommendation in good conscious that it’s the place to be for privacy-conscious people. But again, despite public opinion to the contrary, I’ve never been able to make that claim for FetLife either.

Conclusion

Blackbox Republic is one of the most interesting websites on the Internet today. Its privacy-conscious and sexually open approach to social networking and online dating deserves huge praise. Its technical implementation—although plagued with some glaring oversights for now—is to be seriously respected.

From a social change perspective, I think the site is a mixed bag. Its exclusivity arguably makes the insularity of the sexuality communities an even bigger problem than it already is. On the other hand, the market-value of that very same exclusivity, if steered toward a benevolent purpose, can end up benefiting philanthropic, non-profit, and other sex-positive endeavors that often struggle to find necessary financial support.

Moreover, Blackbox Republic’s internal gifting economy does seem to encourage a sort of altruistic nature among members. How that may or may not translate into increased support for non-commercial activists has yet to be seen. Nay-sayers should remember that this kind of thing simply hasn’t been done before and the net effect could be quite positive.

Having just launched, however, I don’t think Blackbox Republic should be touted as the go-to site for sex-positive people quite yet. Like other social networks, it needs to grow to become truly useful, and its subscription fee business model poses a serious obstacle to many people. I was fortunate to get in with a free “founder” account, but I have mixed feelings about encouraging my friends to join me knowing they—or someone nice enough to “gift” a limited-time subscription to them—will have to pay for the service.

Additionally, its focus on being, well, a black box and its commitment to not allow Google or other search engines to index its internal content simply doesn’t resonate that strongly with me.

Lawrence emphasizes that what members say in Blackbox Republic will stay private. There’s no danger of what they post inside becoming part of their “Google resume,” as he puts it. He says he would resist efforts from search engines to index content the way Facebook and Twitter allow. “The value proposition is this is the first private, large social network out there,” Lawrence says.

Put simply, and noting that I’m probably not the majority case here, I rely on my “Google résumé,” to use Sam’s words, to live the life I want. My lukewarm reaction to this isn’t a criticism of the goal, simply an observation that it turns out I’m not in the ideal target market for Blackbox Republic’s value proposition.

In other words, I think I’m “too out” for this site to be immediately useful to me. The fact that FetLife is not readily available to the public Internet is the single biggest reason why I don’t sign on to that site very often, and so I have the same reason not to spend all that much time behind the curtains of Blackbox Republic.

Nevertheless, many other people do. If you’re among the cross-section of the populace who’d like a sociosexual experience online and would also like to effectively outsource your social reputation management, if you will, but you feel that sites like Facebook just aren’t cutting it, then Blackbox Republic is definitely worth checking out.

If you do check it out, or even if you don’t, I’d love to know what you think in the comments. And if you’re definitely sold, consider signing up via my partner link. Full disclosure: signing up that way earns me a small commission. If you’d rather sign up but not give me a commission for the referral, just register from the front page.

Written by Meitar

December 14th, 2009 at 2:46 pm

Posted in Branding & Identity,Business & E-Commerce,Crosspost,Information & Communication,Internet Marketing,Maybe Maimed,Tech News,Tech/Computing,Web Design,Writing and blogging

HowTo: Use Rules to Automatically Manage Email in Apple Mail

5 comments

After recently moving to San Francisco, I joined the San Francisco Freecyclers’ Network. Freecycle is a really cool set of local groups who prefer to give away items to people who want them instead of throwing them away into the trash. The group uses email to connect people who offer items and those who want them. In order to stay sane, a simple, conventional format for writing an email’s subject line lets you quickly figure out what’s on offer and where.

Thanks to this simple text convention in subject lines, I could trivially automate the process of sorting through the approximately 100 emails a day that the email list generates in order to single out only the emails that interest me. Here’s how I did it.

Define Your Goals

Before setting out on any task, it behooves you to take a moment and think about what it is you’re trying to accomplish. For me, with the San Francisco Freecycling Network (SFFN) email list, I wanted to achieve the following goals:

Keep my inbox clear of email from the SFFN list unless a message was particularly interesting.
Browse the SFFN messages when I wanted to look at them without having to go to the web site.
Highlight particularly interesting messages in my inbox visually and play a special sound to alert me that such email has been found in case Mail was running in the background (since free stuff gets taken fast!).

I defined “particularly interesting” messages as ones that offered items of need for my recent move. With this in mind, I set out to create email rules that accomplished each goal in turn.

Step 1: Create a mailbox to store the appropriate messages

I began by creating a new mailbox to store all the SFFN messages I was getting. This alternate mailbox would be the mailbox I would shunt all SFFN email to so as to keep my inbox clear of it. I called the mailbox simply “SFFN”.

Do this:

From the Mailbox menu, select New Mailbox…. The New Mailbox sheet appears.
Select any location (“On My Mac” is fine, as is the account that receives the mailing list messages), and give it a name.
Click OK.

Step 2: Create an email rule to move all appropriate messages to the new mailbox

With the new mailbox created, I now needed to get all the appropriate messages in there and out of my inbox.

Apple Mail’s email rules work by looking at each incoming message and matching it against a set of conditions that you provide. If the message being evaluated matches the conditions you specify, such as “from the San Francisco Freecycler’s Network mailing list”, then an associated action is automatically performed. Every email you get is evaluated against every rule you have unless a rule moves the message to another mailbox or until you trigger the “stop evaluating rules” action.

Since moving an email message to a new mailbox ends the process of evaluating rules and moving messages to the SFFN mailbox I just created is the goal of the rule I’m creating, I decided to name the rule “END – SFFN”.

Do this:

From the Mail menu, select Preferences…. The Mail Preferences window opens.
Click the Rules button. The Rules pane appears.
Click the Add Rule button. The Add Rule sheet appears:
1. Enter a meaningful description (I chose “END – SFFN”) in the Description: field.
2. Provide the conditions you want to match. Since all SFFN emails must be addressed to the mailing list, I simply provided the email address of the mailing list (sffn@yahoogroups.com) as the condition for the To header.
3. Provide the actions you want Mail to perform. I simply wanted to move the matched messages to the SFFN mailbox.
Click OK.

For me, the above configuration looked like this:

Step 3: Create an email rule to highlight a message of particular interest

At this point, any and all email I receive from the San Francisco Freecyclers’ Network is being moved to the SFFN mailbox I created for it. This is nice because it keeps my inbox clear, but it’s still not very helpful since I still have to go trudging through the SFFN mailbox in order to find anything that might be interesting to me. The whole point of this exercise is to reduce the amount of time I spend actively looking for interesting things and let my computer do that work for me. So the next step is to tell Mail what I’m looking for so it can show the interesting messages to me.

Now, as it happens I’m in need of a wireless router. Since “router” is an appropriately unique word, I’m going to tell Mail to look for that word in a subject line. However, since I only want Mail to tell me when a router is available and not when other people like me are looking for routers, I’ll also tell Mail to look for the keyword “OFFER” in the subject line. (And this is why the Freecycle guidelines tell users to format their subject lines in a conventional way.)

Finally, since I don’t want to have to go digging for the interesting email message and since my inbox is already going to be kept clear by the previous rule, I’ll simply have Mail highlight the message in a bright green color and leave the message in my inbox without moving it to the SFFN mailbox I created earlier.

Do this:

From the Rules pane in Mail’s preferences, click Add Rule.
Enter a meaningful description in the Description: field. (Since I’m looking for a router, I called it “SFFN – Search for OFFERed ‘router’”.)
Provide the conditions you wish to match. For me, this meant email sent to the Freecycler’s mailing list with the two words “OFFER” and “router” in the subject line.
Specify the actions you wish Mail to perform. I wanted Mail simply to color the message green and to leave the email go to the inbox (where it was originally destined for), so I chose “Stop evaluating rules”. (I also decided I’d want Mail to play a special sound to alert me that it had found something interesting. This is optional, of course.)
Click OK.

When I was done creating my rule, the above configuration looked like this:

I can now repeat this step as many times as desired to tell Mail to highlight other messages that may be of particular interest for some other reason. For instance, say instead of looking for a wireless router, I wanted to look for a toaster. I would simply need to click on “Duplicate Rule” and replace all instances of “router” with “toaster”.

Step 4: Place email rules in appropriate order

Since Mail will repeatedly check incoming email against all the active rules, we need to be sure to place the rules in the correct order. You can think of each email rule as part of large Rube Goldberg machine, each message getting funneled through some piece of the logic at each successive rule. That’s why I began the name of the first rule I created with “END,” so that I’d know it should be placed after the rest of the SFFN-related email rules.

I decided that I wanted Mail to look for anything related to cameras and, of course, to toasters. This gave me a total of 4 rules (three to search for items of interest, and one to keep my inbox clear). Since the three highlighting rules all perform the same action, it doesn’t really matter which order they go in, but it is important that all of them appear before the rule to move messages to the SFFN mailbox.

To order rules, simply click-and-drag them into the order you wish Mail to evaluate them in. When I was done, my Rules pane looked like this:

Conclusion

Mail rules are an extremely powerful feature that most email clients have, but that too few people use. They can save you enormous amounts of time and increase your productivity by automating simple yet time-consuming tasks.

The conventional, standardized subject lines that the Freecycle mailing list uses simplifies the logic required to have your computer automatically process your messages for you. This is a useful observation because it can be applied to other areas of your life where using simple conventions can help to organize otherwise overwhelming information tasks into manageable batches. Although this particular example uses stock, simple commands, you can get as fancy as you like by having an action trigger an AppleScript.

Now, hopefully, finding some additional housewares and a wireless router for my new San Francisco apartment will be as easy as checking (but not manually sorting!) my own email!

Written by Meitar

July 27th, 2009 at 4:07 pm

Posted in Crosspost,HOWTO,Information & Communication,Mac OS X,Productivity,Tech/Computing

Tagged with Email, LinkedIn, Mail.app

Guest Appearance on Technocolor NYC Technology Talk Radio Show

6 comments

Last week, I was invited to make a guest appearance on a technology talk radio show called Technocolor, which airs on 90.3 FM locally in New York City. The radio station is WHCR. The invitation was rather unexpected but I had a great time and a fun conversation with the host, Lena Marvin. We had such a fun time, actually, that Lena invited me to make a second guest appearance this week and, unlike the first show, I managed to record the audio stream, so you can replay the taping of the show and download it.

Here are my late-night and very sleepy attempts at listing some of the stuff we talked about, with as many links for show notes as I can manage to find:

April Fools’ Day jokes: GMail Autopilot automatically writes your emails for you, Identi.ca acquires Twitter, The Guardian will publish its archives by tweeting them.
NetFlix will demolish traditional cable television.
Drop.io can replace email attachments.
Skype has an official iPhone client; AT&T is not happy.
Stanford University to offer free iPhone development courses. Why go to college anymore? MIT already offers plenty of educational material from Open Courseware, iTunes University does something similar.
iPod Shuffle randomly maximizes its volume when people exercise. Owch. DRM physically bad for your ears?
New York Public Library offers free access to language learning courses from MangoLanguages.com, a $150 value.
Internet not actually good for job hunts.
Identi.ca hopes to add OpenID support (eventually). It’s a distributed “micro-blogging” platform. Fear vendor lock-in; Laconi.ca implements the open micro-blogging standard. Community organizations are especially vulnerable to vendor-lock in.
Free as in beer is an open source cultural reference. But wait, there is actually a “free beer”.
How to create your own secure, yet memorable, password algorithm: use the name of the site you’re on combined with a secret prefix to create unique passwords for each site.
Financial software to help you do taxes: Mint.com versus Quicken or Microsoft Money. TaxSlayer.com helps you file taxes electronically, possibly for free! Also, online government tools exist at, for instance, the New York State Department of Taxation and Finance.
PDFs should be used better than they are; PDF creators can use PDFs as online, electronic forms. Lots to learn about Adobe’s products for free at CreativeSuitePodcast.com.
Newer Microsoft Word document formats cause pain for the uninformed. Also, will newer versions of the PDF standard stay backwards compatible with older PDF files?

Listening to myself is a bit odd, and makes me realize just how quickly I speak. I need to learn to slow down a little. Nonetheless, I think I did okay, although I suppose I should have plugged my own web dev book a bit more. Meh, whatever. I was just there to have a good time, and I did exactly that—it’s incredible how quickly an hour goes by when you’re having fun!

Still, I’d love to hear feedback from listeners, as I very much welcome constructive criticism of what I could have done better and how. I’m also hopeful that I’ll get even more opportunities to chat with Lena, Javier, and the rest of the Technocolor crew semi-regularly from now on, since she mentioned something about being able to Skype me in even after I move to San Francisco.

Written by Meitar

April 7th, 2009 at 3:45 am

Posted in Crosspost,Tech News,Tech/Computing

Tagged with LinkedIn

Everything In Between

Archive for the ‘Tech/Computing’ Category

Stop wasting energy fighting Internet ID: If you don’t trust the government, fight bills like SOPA & PIPA instead!

On Being a Social Cyborg: How iCalendar Helps Me Fight Loneliness

Creating a Cyborg’s Social Calendar

Internet censorship FACEPALM moment of the day

How to spoof your MAC address on Mac OS X (for reals)

One Minute Mac Tip: Sniffing Wi-Fi traffic and capturing packets with the built-in airport utility

Cross-post: Edenfantasys’s unethical technology is a self-referential black hole

EXECUTIVE SUMMARY

How EdenFantasys’s unethical practices have an impact on you

TECHNICAL DETAILS

The “EF Framework” for obfuscating links

The EdenFantasys Outsourced Link-Farm

EDITORIAL

What you can do

How to work around “sorry, you must have a tty to run sudo” without sacrificing security

Crosspost: My impressions on the new “sex-positive social network” Blackbox Republic

Mainstream sex-positivity or a VIP room in cyberspace? Or both?

Show me the features!

Goodbye drop-downs, hello sliders!

Privacy and security

Blackbox Republic’s Web of Trust

You’re not a “friend,” you’re an acquaintance!

What? No on-the-wire encryption?!

Conclusion

HowTo: Use Rules to Automatically Manage Email in Apple Mail

Define Your Goals

Step 1: Create a mailbox to store the appropriate messages

Step 2: Create an email rule to move all appropriate messages to the new mailbox

Step 3: Create an email rule to highlight a message of particular interest

Step 4: Place email rules in appropriate order

Conclusion

Guest Appearance on Technocolor NYC Technology Talk Radio Show

The Man

The Place

The Latest

The Stuff

Recent Comments

The Archives