sindro.me - everything

Doing something is always better than doing nothing

2009-06-12T13:31:00Z

From the stage of web2.0 Expo 2008 in San Francisco, Clay Shirky talks about the social revolution carried by web2.0 into contemporary society, from TV to Wikipedia and World of Warcraft. And twitter still had to be globally recognized, in 2008.

Original video file and related discussion here (courtesy of blip.tv). ^{Score: 5 (insightful)}

Rails3: Better, Faster, Stronger

2009-06-04T12:15:00Z

For those who understand italian, I’ve just published an article on therubymine.com on the upcoming Ruby on Rails framework release, version 3.0: the big news is the merger with another ruby web framework, merb.

Have a nice read! :-)

http://therubymine.com/2009/06/04/rails3-better-faster-stronger/

It just takes one person to get the party started

2009-05-31T08:45:00Z

The sad conclusion: «humans are such herd animals»

The good conclusion: «virality has always existed, it’s not an invention of Web2.0. Social networking is just a powerful tool for everyone that wants to change the world»

The mean conclusion: «how much does it take to get people from their computers to the real world after a virtual “heads up” by some “dancing man”?»

More conclusions: read the comments on this video on reddit and on youtube.

E-Privacy 2009: Towards Global Control

2009-05-28T11:06:00Z

The Recipe

Ingredients

The 2009 social environment
A bunch of ha ck er s
Some competent lawyers
A Google Spokesman
The Big Brother Awards
A consistent amount of paranoia

Preparation

Take the whole social environment, utterly unprepared to the media \(r)evolution happening in the last years, and let the hackers observe and talk/write about it. Bring in the lawyers, and let them recognize that “Houston! We’ve got a problem!”, whilst also they define it via lawspeak. Ask questions, and participate to interesting debates.

Now, deliver the 2007 big brother award to the Google Representative, let the sun dive in the hills, add a noticeable amount of Tuscany red wine, and get ready for the next day. Let the paranoia flow, while the hackers show how you can be traced and found via the cellular network and spied via wifi-networked cameras placed there for your safety.

Watch the undelivered Big Brother Awards 2009 sit on the speakers’ desk and suddenly put on sale on ebay, and go back home, where you read about, and watch, a video-edited interview to the italian PM.

Put everything into the fridge, and give your brain two days to metabolize it. Then write it all LOUD.

Photo by lorelei-ranveig

#top

The scenario

We’re connected. We’re utterly connected. We’re sharing, we’re creating multiple identities, we’re exaggerating and becoming addicted, we’re earning money (maybe) from it, and if on one side we’re opening our minds to different cultures and points of view, on the other we’re just narrowing our visions because we find only the informations we search for, treating the Internet as a soft surrogate of the TV, annihilating critical thought, and even worse, demonizing the ‘net (not in the unix meaning of the term) because of the statements of some «politicians», forgetting that everything men have built in history are tools, and any problem tools cause it’s just a matter of how other men actually use them, not the tools themselves.

#top

The arguments

Just follow the leader, and everything will be ok. Or maybe not? Taylor’s model that aims to improve “industrial efficiency” states that Workers are incapable of understanding what they are doing, and as such they have to be reduced to mechanical monkeys (no offense to monkeys intended), able to produce what other media-controlled monkeys have to buy as soon as the Buy & Large says the new color is blue! (cit. Wall-E).

This sounds like “global mind control”, because it’s the only way to convince people to do something. But there’s a finer way, as Benjamin Linus teaches us: To convince someone, act on the Achilles’ heel: and bring him to the solution you had in mind for him, making him/her believe that what he’s doing for you is their solution, not yours. So, as long as we are convinced to believe that more telematic control is for our own safety, we let authorities steal more and more freedom from us, via the questionable statement you’ve got nothing to hide, so why bother?.

Photo by jtu

#top

Why bother

Because our freedom is at stake. I mean freedom to think, freedom to speak, and freedom to live our lives as we like, to act and feel as we deem appropriate on ourselves, as long as we respect others’ freedom to do the same. Sounds like such a simple principle, but it looks like we’re not smart enough to practice it: government to the rescue! They’ll tell you what’s right, what’s wrong, and how you should live.

Don't think (Stay)
Drink your wine (Home)
Watch the fire burn (Be)
His problems not mine (Safe)
Just be that model citizen

NoFX – The Decline – Listen to this song

We should bother, also, because the tools, portrayed as favorites of the evil guys because they permit anonymous and uninterceptible communication, are used everyday by, say, PeaceReporter journalists, because they work in war areas, where information is heavily controlled, and often the truth that governments want to be aired to the media isn’t even close to reality. Need an example? Here it is.

#top

The business side

Mayhem, aka Alessio L.R. Pennasilico, shared in “his talk” his broad experience in assessing and implementing security measures for business firms. The starting point is to think about people as human beings, and not as cheap dice-rolling machines: the biggest value in a company could seem its (digital) data, but it’s easier to recover data once it’s lost rather than find brains and human visions once they’re gone (or fired). Then, let’s think why management would invade users’ privacy to maintain security: because they’re afraid of data theft. In Italy, 60% of criminal charges about data theft was filed against the business’ own employees, and 78% of these people were actually authorized to access the data being stolen.

That’s why there are tales of mad system administrators running around with a silicone gun plugging every USB port they find. :). Or a single e-mail address for 200 employees, whose e-mails have to be printed back and forth and inspected by a manager before being delivered to each side of the conversation.

Again, another case of treathening users’ privacy in the name of security and safety. But this creates a clumsy work environment and imposes procedures that are time- and paper- wasting, while all we need is proper use of technology. DRM, watermarking and backups aren’t rocket science: could be applied to business documents to impose ACLs, prevent tampering and theft, while allowing an employee to feel “free” and as such carry out its work better. We as well need more education about how to use social networks at work, think twice before we share that “amusing photo” or write that “nasty rant”, either because someone could use our information against us or our company or because everything we put on the ‘net is google’s domain, it becomes our online identity, and we may regret it sooner or later.

Photo by bike

#top

The identity side

Guido Scorza, in his keynote, correctly stated that whilst in the medieval age most of our identity was concentrated in our last name (Chi fuor li maggior tui, Dante Alighieri), then in churches’ logs, then in the city register office, eventually in everything we put on the Internet about ourselves. These stripes of identity, disseminated through the ‘net as we write and interact with near and distant people, make up a (or more) comprehensive digital identity(es) for us, and can describe us in unprecedented ways.

As long as ourselves put together and post this information consciously, everything looks good. But what happens when uncontrolled profiling comes into play? Every click we make is full of information, think about google search results: the match between keywords and the clicked result carries both information on how to improve search results for us, and as well information on how we perceive the world, which mistakes we make and, most importantly, what we’re interested about.

We spend every day more time on the Internet and less in the real world, because something that I’ve done is there, 24 hours a day, there, where my identity and all its different shapes are, into the cyberspace.

Who owns this information? Currently, it depends on the specific terms of service of each online service we use. Who has to regulate the use of this information? Laws, of course, but currently laws are bound to territory, and do not know how to cope with a globally connected virtual world (exception made for California, where “if a crime is committed against a californian citizen, the actor is pursuable wherever in the world he/she is”). So, if laws aren’t ready for the digital world, the service provider has to regulate fair use as well.. with all the controversy this can bring.

#top

The Google side

Marco Pancini was literally submerged with questions at the end of his talk, because it doesn’t happen often to have a competent spokesman whose focus is on policy regulation.

Marco is one of those people who try to bridge between users and governments in the google scenario, in order to give better services to the former, and hint on better policies to the latter… allowing Google Inc (GOOG) to survive, I’d add :).

He said that privacy for Google isn’t an useless appendix, and it’s not enough to design privacy policies that adhere to current laws: every Google service has privacy built-in, and people like him also try to advocate this approach into the company as well. Because giving away a free service doesn’t have to imply that the users have to pay in terms of profilation and privacy, companies need new business models (users will want vanity URIs, I’d add) and need to treat user’s data only for the fullfillment of the technical side of the service.

Google operates on three principles: transparency, to give the users human-readable terms of service they’re working on graphical elements (a-la CreativeCommons) and video explanations; choice via persistent opt-in / opt-out to tracking features, like they’re doing on http://google.com/privacy ; security via data retention for 9 months in order to give users a safer and better service.

Personally I think that 9 months data retention for our safety is a moot point, I don’t agree, and please re-read the introduction to this article. I’m an heavy user of google services, and I think they know about me more than my mother and I really hope that they’ll remain “the good guys” for the years to come.

After the talk, vecna asked an interesting question: «Google now knows not only lots of informations, it also knows how to correlate it (e.g. finance + news) and actually knows, in real time, where the world is heading to, and how. This is an enormous strategic power! How do you cope with that?»

Photo by rehvonwald

Marco dribbled a bit: «We always try to be on the “good” side and make “fair” use of our data. About privacy we try to spread knowledge and talk with governments and companies to develop newer and more relevant rules, because e.g. the OCSE policy was enacted before internet became so widely adopted. Always pursuing the goal to give everyone better services»

vecna tried again: «OK, new rules are welcome, but in order to implement targeted and relevant advertising it’s not necessarily required to build a comprehensive database of all users’ search queries..»

Marco: «AdSense database is completely separated from other Google databases, a correlation is not possible, and logs are anonymized and kept for a maximum of 9 months. Furthermore, via chrome (and the privacy setter) you can permanently opt out of the AdSense/Doubleclick cookie: please take these actions as a demonstration of us going in the right direction :).

Also, please remember that Google as a company has to operate into the legal framework, so many of those questions should be directed to the institutions, and not to us. The legal framework is quite a bit “bugged” at the moment, but we hope things will change fast. We absolutely need more discussion to generate a well designed framework about the internet, privacy, and issues shared at the global level.»

mmhmh, the last phrase reminds me the conclusion of the nnsquad convention… quite funny.

The discussion could have continued for the next two or three hours, to the point that even I, noticeably shy at ^{the first day of} conventions, could have asked something ;) but time was precisely scheduled, so Marco Calamari politely asked the parties to stop and caught the moment to deliver the 2007 Big Brother Award to the Google representative for the “most invasive technology” of the time.

Photo by me

#top

The protection side

Security and privacy are perceptions: they cannot be measured neither analitically nor numerically: as such, they are influenced by the environment, and by who tells the news. Luckily the internet weakens the usual control and mass-influence measures, because of its decentralized nature. We can protect ourselves from global control, as long as we are informed enough.

This was the incipit of vecna’s talk, he went on stating that stringent security measures can be accepted by un-informed individuals, because they don’t know the rights they’re losing, and also 1) for limited periods of time 2) if all the people are treated equally and 3) if the infrastructure is managed by the state. This is not what happens nowadays, because both Internet Service Providers and Content Providers are hold by private companies, that care about their business.

So, in this evil world, with a minimal effort we can protect ourselves: we should use cryptography, anonymous networks (e.g. Tor / freenet), and understand the tools we use everyday: DNS filtering is easy to bypass, as long as you know how DNS work. Furthermore, with sniffjoke, a tool developed by vecna itself, protection against sniffers is possible even without the need for both peers to agree on a crypted channel.

Previously the content networks were centralized and under strict control: TV über alles, but also telephony and credit circuits. Today the web is replacing the TV, VoIP is being used for vocal/video communication, and even bank circuits are interoperable (think Paypal). As a demonstration of this thesis: why no one has marketed a crypted GSM phone? Because the bar is set very high to access those networks.

Conclusion: long live Peer-to-Peer decentralized networks, Open Source and Free Software, to allow everyone to know, share, modify, understand. The missing tech-savvyness is the most relevant failure, in my opinion.

Well said, vecna, ^almost straight to the point :).

Picture by vecna

#top

The communication side

Tapping

naif is a keynote machine. It was really difficult to take notes during his talk, because he speaks really fast and he is also very synthetic: an excellent speaker. He works with Phil Zimmerman, the famous inventor of PGP, and they’re working together on ZRTP. Why? Because our cell phones / VoIP calls can be tapped, and it’s such a bad thing.

Fabio started defining the difference between tactical and non-tactical tappings, the former being carried out directly on the telco wires or by intercepting radio signals, so the tappers need telco collaboration; the latter are carried out via telco logs, performed by the institutions. An interceptor could either tap a device (cell phone, computer, etc) or a specific communication line (residential wires, internet cafes, etc). Another kind of tapping is the mysterious echelon) , that implements parametric tapping by analyzing all the data flow and filtering it via some parameters (patterns, correlation, etc). There is no legislation regarding parametric tapping, as of May 2009.

To tap a GSM phone, investigation agencies commonly use fake BTSs, GSM transceiver stations, positioning them near the attacked device so the cell phone attaches to them because of the stronger signal ratio, and establish a Man-in-the-middle attack: tapping devices implementing a fake BTS can be bought for 100k $, or even rent for 2k $ per day.

Tapping a PSTN/ISDN phone it’s relatively easy, because telco cabinets are accessible (maybe using a bit of social engineering and by masking as a telco operator), and the attack is carried directly on the cable.

Fiber tapping is also possible, and makes an attacker able to listen to an entire neighborhood data traffic, by simply accessing a manhole.

Ethernet tapping into an office is extremely easy, either via arp poisoning software or via economic ad-hoc devices.

Last but not least, the weakest link of the chain is people: an employee with a 1300$ salary can be corrupted with a bribe of, say, 15k $, and maybe offer more tapping services that were requested at first.

Source: guardian.co.uk

Protecting

Protection is difficult mainly because of the overabundance of different technologies (PSTN, ISDN, GSM, CDMA, UMTS, 3GPP, VoIP, Sat, ...) and institutes that aim to standardize them (ITU, IETF, Telco consortiums, ISP consortiums, ...) but most of the time these consortiums act on behalf of $big_companies whose interest is business, not standardization. As such, there are no standard security measures for telephony, but there are some best practices.

IMS Overview Source: wikipedia

The weakest form of protection, carried out into the analog domain (and as such on circuit-switched networks) is scrambling, where the original signal is encoded to make it difficult (but not impossible) to recover. Usually scramblers do not remove “unwanted sequences” (e.g. complete silence) that make it easier for an attacker to reverse engineer the method used to encode the signal.

Into the digital domain, luckily, there is availability of cryptography, whereas any bunch of data can be transformed back and forth from gibberish by two algorithms (one for the encoding and another for the decoding) each one of them make use of a key. The strenght of cryptography lies in the secrecy of the keys and not the algorithm, because any algorithm can be reverse-engineered, and peer review permits an higher level of reliability.

So, VoIP calls can be safely encrypted at the protocol level, or can easily be routed through encrypted channels, because they are prosaic streams of data that flow on packet-switched networks. What’s more difficult is mainstream adoption, because (again) there are consistent interests in monitoring and controlling voice calls that put a barrier to the adoption of a standardized way of secure communication. These barriers suddenly materialize in unreachable (for the masses) technology like NSA’s SCIP (currently used on Obama’s BlackBerry) or utterly complex approaches to implementation of secure VoIP channels, like Cisco’s DTLS.

Quick introduction to VoIP: there are mainly two protocols, SIP and RTP. The former carries signalling information, such as “User A is calling B, RING RING!” and “User B picked up the receiver, HELLO?”. The latter carries media information, the digital representation of voice / images. SRTP is the cryptographic counterpart of RTP, but before a secure session can be established, the two peers need to 1) verify each other’s identity and 2) exchange their respective keys. There are two protocols to exchange keys: the aforementioned DTLS (endorsed by Cisco, Cisco and… Cisco :)) and ZRTP (Open Source software designed by PGP author Phil Zimmermann).

The SIP trapezoid, source: networkdictionary.com

Why is DTLS a complicated approach? Because it requires additional headers into SIP messages and extensions to the RFC 3261 to define a new protocol identifier used by the Via: header. DTLS also implements a PKI that requires a CA(Certification Authority), the third party you have to trust. In a VoIP world with different standards, companies and technologies, the road to adoption of another variation of the original SIP standard is long and shaky. Furthermore, the PKI model means that individuals cannot simply download a software, trust each other and start communicating privately.

ZRTP, on the other hand, is built around the KISS principle: Keep it simple, stupid! because simple is always better than complex. ZRTP implements key exchange directly into the media stream, leaving the signalling stream alone and assuring for maximum interoperability with existing infrastructures, even if they’re not SIP-based. Moreover, ZRTP supports Perfect forward secrecy, a cryptographic property that guarantees secrecy of communication even if tapping occurs, and the key material on both sides is compromised.

What about identity verification? DTLS uses a PKI, so this check is done by the software that verifies the exchanged keys (certificates) are signed by the trusted CA; ZRTP on the other hand uses a simple human-based verification: every communication is distinguished by a short authentication string, clearly exposed to the user by the software, so both peers can manually verify it at the start of their call. If you want to use ZRTP today, go download ZFone, it’s free (of course). (ps. It installs a launchd-started daemon on TCP port 3000, so if you’re a Rails developer like me, you should move your mongrels on different ports until Zfone will offer a configurable listening port :)).

Protecting further

What about using the ZRTP key-exchange protocol over non-IP serial pipes? It’s what Fabio presented in his last keynote slides, and it’s the project he’s currently working on. So, ZRTP/S could be used over GSM, UMTS, Satcom, even over Bluetooth: it’s a generic framework for private vocal communication currently working on Nokia’s SymbianOS phones using the Circuit Switched Data line, so it has the added benefit of not charging you if you’ve got a monthly data plan :). Awesome!

#top

Final words

This recap covers only the first day of the e-privacy convention, because the second day was interesting as much as the first, but it was less technical and more lawyer-oriented, apart for Jan Reister keynote regarding Tor usage every day, information that you can find on http://torproject.org/ as well. Have a look also at all the slides presented in the two days.

I also enjoyed Paolo Mazzolari keynote that stated that anonimity is the fundamental principle for data protection, because many times trying to “anonimize” data collected by search engines and so on is not quite useful: think about the AOL search data scandal that happened back in 2006. In this episode, user names were removed from search logs and replaced with random numbers, but preserving an association between user and generated number. This means that, because keywords remained intact, if you searched your name or a place near your location, you could be easily identified and possibly scammed/stalked by criminals.

I suggest you to start caring about these issues, because in the society we’re living nowadays information equals power, and who has more information has got more power. Because it’s so easy to protect yourself by using cryptography and tools that anonymize your location, you’d better starting to use them for your private conversations.

Good luck, and see you at e-privacy 2010 :).

hellais, photo by me

The best way to begin a new day

2009-05-26T08:43:00Z


XFS internal error XFS_WANT_CORRUPTED_RETURN at line 295 of file fs/xfs/xfs_alloc.c.  Caller 0xc018066c
 [<c017fed0>] xfs_alloc_fixup_trees+0x1b0/0x2e0
 [<c018066c>] xfs_alloc_ag_vextent_near+0x31c/0x9c0
 [<c018066c>] xfs_alloc_ag_vextent_near+0x31c/0x9c0
 [<c0180187>] xfs_alloc_ag_vextent+0xf7/0x100
 [<c01824fe>] xfs_alloc_vextent+0x35e/0x420
 [<c019015d>] xfs_bmap_alloc+0x80d/0x12b0
 [<c0111254>] try_to_wake_up+0xa4/0xc0
 [<c02cf248>] schedule+0x308/0x5c0
 [<c01939c4>] xfs_bmapi+0x514/0x1470
 [<c0130069>] find_lock_page+0x29/0xe0
 [<c013013c>] find_or_create_page+0x1c/0xb0
 [<c01d9116>] kmem_zone_zalloc+0x26/0x50
 [<c01a2296>] xfs_dir2_grow_inode+0xf6/0x3c0
 [<c01b57a6>] xfs_iget_core+0x326/0x5a0
 [<c0163315>] alloc_inode+0xd5/0x170
 [<c01b978b>] xfs_idata_realloc+0x3b/0x160
 [<c01a3e2d>] xfs_dir2_sf_to_block+0xad/0x680
 [<c0137882>] cache_grow+0xe2/0x150
 [<c01aa27b>] xfs_dir2_sf_addname+0x9b/0x110
 [<c01a1c51>] xfs_dir2_createname+0x131/0x140
 [<c01d9116>] kmem_zone_zalloc+0x26/0x50
 [<c01cebcb>] xfs_trans_ijoin+0x2b/0x80
 [<c01d4967>] xfs_create+0x407/0x6c0
 [<c017e766>] xfs_acl_vhasacl_default+0x36/0x50
 [<c01df8f4>] linvfs_mknod+0x2c4/0x390
 [<c01a1d62>] xfs_dir2_lookup+0x102/0x110
 [<c01228b8>] in_group_p+0x38/0x70
 [<c01ba9a6>] xfs_iaccess+0xc6/0x1a0
 [<c0157cb7>] permission+0x97/0xd0
 [<c0158f94>] __link_path_walk+0xda4/0xe90
 [<c0157cb7>] permission+0x97/0xd0
 [<c015984c>] vfs_create+0x9c/0x120
 [<c015a00b>] open_namei+0x58b/0x5e0
 [<c014aa9d>] filp_open+0x2d/0x50
 [<c014ac70>] get_unused_fd+0x50/0xc0
 [<c0157ae7>] getname+0x67/0xb0
 [<c014ad9c>] sys_open+0x3c/0x80
 [<c0102867>] sysenter_past_esp+0x54/0x75


xfs_force_shutdown(hda8,0x8) called from line 1091 of file fs/xfs/xfs_trans.c.  Return address = 0xc01e2c5c
Filesystem "hda8": Corruption of in-memory data detected.  Shutting down filesystem: hda8
Please umount the filesystem, and rectify the problem(s)
xfs_force_shutdown(hda8,0x1) called from line 353 of file fs/xfs/xfs_rw.c.  Return address = 0xc01e2c5c
printk: 12 messages suppressed.

Yeah, I’d umount /var, if this box didn’t acted_as_router and didn’t run pppd that didn’t lock /var/run/pppd2.tdb...


pppd   222 root  mem   REG    3,8    88080525 /var/run/pppd2.tdb (path dev=0,0 inode=34)

Of course kill 222 ; pppd call dsl-provider doesn’t work. YUCK. Let’s put a router in front of it.. configure, portforward, and start over.. then fdisk /dev/hdc to recreate partitions structure on the new hard disk, mkfs.xfs on all the new partitions, mount /dev/hdcX /target, pax -r -w -p e /{bin,boot,dev,etc,home,initrd,lib,media,root,sbin,srv,tmp,usr,var} /target... wait a lot for the copy to complete because of damaged sectors on the source hard disk, chroot /target, vi /etc/lilo.conf and substitute boot=/dev/hda with boot=/dev/hdc, run lilo -v while in the chroot verify /etc/fstab, and finally shutdown to remove the faulty disk, and boot again.. restoring lilo.conf. yay!

Girl Geek Dinners Workshop @Apple Store, 16 May 2009, Rome

2009-05-18T13:09:00Z

«Women! The knife grinder is here!» – Apart from funny jokes ;) the italian Apple Store together with Girl Geek Dinners Roma organized on May 16, 2009, a workshop about mobile lifestyle (focusing on the iPhone, of course).

Let’s start from the beginning: what are the Girl Geek Dinners? Linda explained to the audience (nearly 20 people) that a geek is a person passionate about technology in a broader sense: the GGD is a group devoted to aggregate women interested about the internet, new medias and technologic lifestyles. Women are often underestimated in geek communities, and this embarassing clichè generated a lot of discussion in the past, and it’s still unsolved (in my opinion).

The GGD italian group was born in 2007 in Milan, and then arrived to Rome in 2008, and is also present in Bologna and in the Marche and Emilia-Romagna states.

So, the GGD group tries to generate a “critical mass” of geek women, to abolish a stereotype that “computer programmers / power users” are only men: in GGD events boys listen and girls talk, then they blog, exchange vCards (and PGP keys, I’d guess ;) and in general try to harness women power and skills in the field of the computer industry. Networking and a dive into social media is the most efficient way nowadays to reach a great audience, and to build rapidly the aforementioned critical mass: that’s why the GGDs event was focused on social mobile applications and general productivity ones. Presented by two official Apple Trainers (Simona and Riccardo), the workshop started @11.30 AM and lasted nearly one hour.

Social networking

photo: girlgeekdinnersroma

Simona, a long running internet geek with a computer security background, presented the mobile social networking iPhone apps batch: she obivously started with the most prominent as of 2009, Facebook, and presented also LinkedIn: «the two platforms both allow the user to create a profile and reach a consistent userbase, but the target is quite different: FB is more on the “personal” side of things, while LinkedIn is oriented towards a professional/business audience».

Then she went on with twitter and brightkite, two microblogging platforms «that make the user able to broadcast 140-char phrases (tweets) and the kind of usage is completely up to the user. I’ve read people using it as a lifestreaming platform, others using it as a news feed, and even to make something extraordinary :). There are lots of twitter clients for the iPhone, but twittelator pro is my favorite one, because of its lean interface, integration with photo upload services, ability to retweet easily, etc.

Brightkite is similar to twitter but is focused on geolocation: you can check in in the location your iPhone detects while you’re on the go, post 140-char updates and photos, and most importantly makes you able to discover what’s going on nearby. In Italy is quite unknown right now, but it should deserve more attention.».

Bookmark sharing tools: reddit, digg and delicious. Simona: «I think that URL sharing is the basis of information flow, and I always try to share what’s relevant to me» (because sharing is caring I’d add :). All of these platforms also include a mobile version of the site, so that an application is not strictly necessary: it depends on the usage you make, and how you feel more comfortable. Links: digg mobile, reddit mobile, delicious mobile.

Instant Messaging: «Linda previously talked about Skype, the official application for the iPhone was published on the App Store on March 24, 2009, and there are also multi-protocol web services with an iPhone interface that permit the user to connect to multiple IM networks (MSN, GTalk/Jabber, Skype, Facebook, ...): Nimbuzz and Fring. Chatting via iPhone is extremely cool :D and it’s a big money saver over SMS!»

Miscellaneous: «Nearly everyone of you has got a blog, there are apps to blog-post directly from the iPhone (e.g. Wordpress), apps to post photos to flickr and the google mobile apps. Google services are available mainly via the iPhone web browser, Safari, and have got an optimized mobile interface, but others (such as Google Earth) are dedicated native iPhone apps.

Questions?

Q: What can you do on your blog?
A: Nearly everything, post, tag, categories, upload media.

Q: When will the new iPhone be released?
A: Sorry, we don’t know release dates.

Q: What about google maps?
A: It’s already integrated into the iPhone OS, and with the OS 3.0 release mapping facilities will be available in any app. Pretty cool.

Applause

Productivity

photo: girlgeekdinnersroma

Riccardo focused his presentation on productivity apps, and showcased also general utility ones. He started with AroundMe, an application built up by an Italian developer that shows the nearby points of interests using the integrated iPhone A-GPS. This app had some controversy with Google in its early release times, because it was a paid app that mashed up google maps content that is available for free, and then became a free app and Google offered also his participation in the development. AroundMe is fully integrated with Maps, and as such can show also the distance from any chosen PoI and give the user driving directions to it.

Then, iBancomat: «similar to AroundMe but with a comprehensive database of ATMs, with the ability to setup one own’s bank and save on commission costs :). It was free at the beginning, and now is a paid app. But don’t be scared: prices on the App Store start from 0.79 € cents, and periodically many apps are given away for free, offering you free upgrades as well. There is even an app that helps you to find currently given-away ones!»

Further: Free Translator, free app, it’s an useful language translator for words and small phrases and supports dozens of languages, leveraging the Google Translate service. Pretty useful when you’re abroad (and you don’t mind about cellular data networks roaming costs or spot a free wi-fi :)

Shopping List: «it may look odd to write even your shopping list on your iPhone, but its built-in database facilitates data entry, it has got a “recent items” list, and allows you to insert quantities, prices, and “bought” marks.» Simona adds: «It also allows you to geolocate supermarkets, in order to get a price comparision. And, last but not least, it’s a paper saver, so it contributes it’s one of the small things everyone can do to make the world a greener place.»

Xpense tracker: «allows the user to manage trip expenses, produce statistics and cost per KM/Mile, customize expense categories, make photos to paper bills and export reports in CSV format.»

Q: «From how much time is this app on the store, and how many users has it got?»
A: «You can get this information from the App Store itself, and also read user reviews. From a couple of monts ago reviews are also grouped by app version, so if an app received 1-star votes in the past but then evolved and pleased its users, you can follow these improvements and give it a try if you want». Simona adds: «Reviews are very important both for users and for Apple itself, because the company listens to its customers and it’s commited to give them an excellent service, talking with app developers (and removing offensive/badly done apps if appropriate)».

QuickOffice: «This is the big one: it was released one month ago, before that there were no app capable to manage and most importantly edit documents on the go. This mobile office suite is composed of QuickWord, a mobile word processing software for .doc, .docx (ReadOnly ATM), .rtf and .txt files; QuickSheet, a mobile spreadsheet able to edit formulas as well (look out for compatibility issues careful, though); QuickFiles makes you able manage documents on your iPhone like it is an USB pen-drive or you can even use a cloud service like our own MobileMe.

Q: «Is this app available for the iPod Touch?»
A: «Sure, most of the apps for the iPhone are also available on the iPod Touch. The ones that aren’t available use hardware features not available on the iPod, such as the microphone or the A-GPS.»

Q: «What’s the storage capacity?»
A: «It depends on the iPhone/iPod model, part of the storage is of course dedicated to the iPhone OS and to other applications.»

«We’re approaching the end of our review: now I’ll talk you about 1Password: it’s a password keychain for the iPhone (that you can synchronize with the one you’ve got on your Mac via a paid OSX application) and which ciphers all of your passwords using the AES encryption standard, so it’s pretty safe. Remember though: security is guaranteed by the strength of your password, so choose an “easy to remember but complex one”! You can generate these kinds of passwords using Mac OS X Keychain Access as well.»

Simona adds that, because of her computer security background, «I’m a bit paranoid :) so I definitely suggest you to use this app if you’ve got many passwords to manage. And being paranoid, I’ve got different passwords on all the services I use, so this app is a must».

The last reviewed app was Air Sharing, similar to Quickoffice Files, but not limited to .doc/.xls ones: it supports also iWork (Apple’s office suite) documents, PDFs, MS Office docs, RTF, Plain Text, images in a variety of formats, etc.

Q: «Are the docs transferred via Bluetooth?»
A: «Nope, it uses wi-fi.»

Q: «Is iTunes required? It is free?»
A: «Nope, iTunes is not required. This app was free in the past, now it’s a paid one. But on the AppStore there are lots of other choices, check them out!»

Applause, and thanks for coming!

Photo: girlgeekdinnersroma

Conclusions

I enjoyed the event, both because the two trainers presented a bleeding-edge technology that is changing the way we interact with the Internet. I can certainly state that the iPhone is a life-changing device for a geek: having the Internet at hand in any occasion is the definitive power to get fresh information, reference, and to connect with your friends in ways that 5 years ago were sci-fi.

Furthermore, I saw the growth of the internet in the last 10 years, and I can guarantee that women were always subject to discrimination in the geeky world, both because nerds spend their life in front of computers so it’s quite difficult for them (I’d say us ;) to gather social acceptance and get a date with a girl; also because of a long-running annoying clichè that “some things are too complicated for women”.. that is simply plain wrong. We’re all humans, we’ve all got the same brain processing power, and simply because women looks at things differently than men it doesn’t mean they’re uncapable of using technology. They’d just like to be treated as human beings, and not as toys, like the fashion propaganda paints them. I’ll let propagandhi explain it clearly (rated R, maybe):

So, please, women, participate! Engage in communities and discussion, and don’t think that “all men are bastards”: we’re social creatures, not meant to be alone!

Thanks for reading.

Disclaimer: All the trademarks and all the iPhone application logos shown in this page are property of their respective copyright holders.

The conceptual foundations and the economics network neutrality [Part 2] - 14 May 2009, Rome

2009-05-16T23:05:00Z

This is the second part of my recap of the nnsquad.it convention held in Rome on May 14, 2009, and hosted by the ICT consultants foundation Fondazione Ugo Bordoni.

In the first part I described the morning session, dedicated to the definition of Network neutrality, and how global economics can cope with it. The afternoon was dedicated to more technical talks, and I had the occasion to hear telcos spokesmen remarks over the current situation and possible future developments.

The first speech started at 2.15PM and was held by Prof. Vittorio Trecordi (slides available here). He introduced it by stating that net neutrality could possibly contrast with the economic development and security assessment, because of the wiretapping needed for the latter, tap that is strongly against the individual freedom to communicate.

Strangely (or maybe not) enough, no mention was made to current ways to bypass both wiretapping and localization of communicating peers: I’m referring to the tor project, the most known bastion that guarantees privacy and is currently used by journalists working in "hot" areas, among many others.

Another point about legislation is that it isn’t the same in all countries, althought the Internet is spread all over the world; moreover we should define on what networks we should assess neutrality, because not necessarily an IP network is connected to the Internet (think about ISP-owned walled gardens).

Also, again on the Quality of Service: Trecordi stated the Internet succeeded because of its "hourglass model" and “the capability to decouple communications services and network infrastructure”, but QoS requirements (e.g. for VoIP) stress the protocol stack pile, moreover where the network pipes are “overbooked”. Furthermore, even overprovisioning fails, because of the decentralized architecture of the Internet, and bottlenecks are mainly located in interconnection points between ISPs.

So, the Internet is a best-effort platform, where an ISP can’t control how its customers’ packets will be treated when crossing its borders, and reach a geographically far provider. In this area reside the business model of the content delivery networks, that we’re transparently using everyday to access heavily trafficked web sites, and that also caused some funny misunderstandings in the past, when akamai started proxying the microsoft with squid running on Linux, and netcraft shown in its statistics that microsoft servers are running on linux :).

Source: Akamai

Apart from that funny joke (from 2001), CDN shorten the routing path between users and static content of a service, using geographically distributed data centers running Varnish (or equivalent software) and a geolocation-enabled DNS server such as PowerDNS. This way, when some random client tries to resolve an hostname, the DNS answers with the nearest datacenter virtual IP address, and then serves content off the cache.

This are approaches that try to mitigate the best-effort nature of the Internet, but maybe there are better solutions. NGN aims to be one of those, by providing multiple network pipes dedicated to deliver different types of network traffic, with their specific QoS needs. Especially in peering connections between ISPs, which should provide SLAs to assess a global (albeit best-effort :) QoS between networks. Fully guaranteed QoS was and will be assured only into walled gardens.

Another approach to shorten routing paths and single-point network load is to use a distributed hash table, or DHT in short, that implements a decentralized distributed infrastructure upon which can be built efficient services like distributed file systems, peer-to-peer sharing, and in general content distribution systems. bittorrent is an example of DHT, as is the Kademlia used by the popular emule file-sharing software. Another example is RELOAD, currently (still) in draft status, used to implement peer-to-peer SIP, and so a decentralized VoIP infrastructure with no big name behind it. I’m no surprised that RELOAD and P2PSIP weren’t mentioned in the talk.

Of course neither NGNs neither P2P/CDN technologies will cover the entire internet in no time: the good ‘ol net will float upon these new technologies and on legacy ones (such as IPv4) in the next years, because changing network infrastructure imposes heavy costs on ISPs. One may ask whether also content providers should contribute to network infrastructure development, as they’re the ones that would benefit from wider BW and lower latency. Prof. Trecordi said yes, google uses 21 times more bandwidth it pays for. Hell. LaTeX isn’t enough to make content, mr Ph.D. This comment explains my point of view on this matter, and was also exposed later by a member of the audience.

Source: Trecordi’s slides

Whichever networking infrastructure we may adopt in the future, we cannot prescind from a plain fact: just a minority of the users will consume the majority of the bandwidth.. as happened with Napster in 2000, when because of Shawn Fanning software was allegedly consuming 80% of the aggregate external bandwidth of his college. Considering this scenario, the speaker argued that it is reasonable for ISPs to put caps on specific services (file sharing über alles) to limit the “all you can eat” model, because the few users making a massive use actually could impact the ones using fewer resources. I’ve got mixed opinions about this, because ISPs too often cross the line.. and reasonable caps can too easily become unacceptable ones.

Then the professor talked about P4P as a possible mitigation factor of network congestion. P4P means that ISPs collaborate with bittorrent clients implementors to develop custom versions to optimize P2P connections between customers. What is this optimization about? In short, to not favor the fastest clients, but the nearest ones, in terms of routing hops. This happens via a dedicated iTracker set up by the ISP (ouch!) that contains additional information about the physical location of clients, and can thus direct P2P connections to the nearest ones.

The dark side of P4P, as Ernesto’s Torrentfreak founder points out, is that it can open a big can of worms, because the P4P working group "includes some prominent members of the entertainment industry and well known anti-piracy lobbyists" (sorry but the highlighter didn’t work well on this page). I’m unable to say Ernesto is wrong, also because of statement like the one Sony pictures CEO said yesterday May 15 2009: "nothing good has come from the internet, period.". Heh. No comments.

Then, DPI (Deep Packet Inspection). Can ISPs use it? And for which purposes? Security? Well, it could work, as long as automated procedures filter SPAM and Virii out of residential networks, ok.. but AT&T has used Narus and split fibers to identify and collect VoIP calls data bits, DPI can also be used to deliver targeted advertising, and can be abused way too easily: In Italy we had the infamous Tiger Team espionage scandal, so we need precise rules to regulate these possibly evil technologies, and make sure ISPs respect them. We need a huge dose of Faith, I’d guess.

Photo by shrued

Round table with telcos spokesmen

This was the really interesting part of the event: seeing men that represent telcos speak to each other about Internet matters, and referring each other as the companies they represent. Quite funny, considering the quite complicated status quo here in Italy (governative concessions, last mile cables owned by a single company for historic reasons, and so on).

The involved parties (and condensed key points) were:

Paolo di Domenico – Vodafone – (Score: 3)
- Heavy internet users should not be able to degrade user experience for other customers
- We won’t block traffic on an application basis
- We should be able to manage traffic load and put caps when we’re over capacity
- SLAs and TOSs trasparency is a must
Anton Giulio Lombardi – Tre – (Score: 3)
- Devices are iMproving and becoming multi-connected (wifi, gsm, hsdpa), this implies convergence of services that today are separated (telephony and internet)
- Frequencies: on May 6th 2009 in Italy has been voted a law proposal that if will pass, mobile operators will be allowed to make a broader use of frequencies than now
- Content is being partitioned by the producers in order to get more revenue; multi-connected devices which kind of access do they provide? E.g. a PC with an HSDPA module which kind of access does provide? Broadband? UMTS? We need sane regulations in order to alleviate load on the mobile operators, or everyone will start using non-compatible platforms. (I really could not understand his point).
- On regulations again: people could use our mobile phones (70M in Italy) for payment, but legislation is not ready. Also, our company broadcasts RAI television via DVBH, but RAI does not broadcast itself. Quite odd.
Raffaele Mosca – Wind – (Score: 3)
- Neutrality is the common basis upon which to start any further discussion. We cannot block access to a site like CNN or Al Jazeera for any reason
- We could define a greatest common divisor in a service set that gives neutrality and doesn’t need QoS. Because IP is a best-effort protocol, no one should invest in network resources not efficiently used (because of file sharing, editor’s note).
- In the end, we need a sane and precise regulation, because in a multiplayer business context everyone tries to feather his own nest (and I hate this status quo, editor’s note)
Stefano Nocentini – Telecom Italia – (Score: 5, Insightful)
- Think about the internet as an highway, so we can elucubrate more thoughtly.
  - Speed limits equal BW limits, because you can reach them, but not when there’s a traffic jam.
  - An highway is sized upon a mean usage, and so is the network infrastructure: so the idea of an “intelligent departure”, if you plan your trip in hot hours, you’ll be likely to be slowed down by jams.
  - Neutrality: there are laws that deny trucks access to highways in “hot” weekends, except those that carry perishable goods. This is institutional regulation, not ISP one.
  - Costs are spread through multiple factors (distance, vehicle type, etc)
  - DPI: recently italian highways introduced speed cameras), that’s the perfect parallel to DPI on packet networks!
  - Digital divide: not every town is reached by an highway, just like DSLs (but it’s a shame, editor’s note).
- Conclusion: we need sane regulations designed by a scientific round table, and such regulations must be kept up-to-date, because the Internet ecosystem is constantly evolving.
- Applause.
Roberto Scrivo – Fastweb – (Score: 1)
- We need regulations
- We suffer from tech-savvyness failure
- Neutrality isn’t the problem here, it’s just management
- We’ll implement NGNs when they’ll be profitable

And eventually Eugenio Prosperetti from the ISIMM (Hey guys, fix the encoding on your web site ;) made a recap of the concepts expressed by the telco spokesmen and stressed on the need of accessibility of a service that is becoming a common facility to get the work done. We need 4G, we need fiber, and the state should promote these issues (and not demonize the Internet, editor’s note).

Politics

Paolo Gentiloni, former telecommunications minister, said that the State is not just watching: it’ll have a prominent role in the future. He said that Microsoft reported that in 2010 internet usage will overtake traditional TV, and as such work load on the Public Administration will rise, also because the PA missed it (hey this reminds me when Microsoft’s Ballmer stated that we missed the internet). He also reminded of a Caio Report that promises to cover 99% of the population with DSL or fiber within 2011, if works will start in June 2009 (we’ll see, editor’s note).

UPDATE: The Caio Report was leaked on wikileaks on May 15, 2009 (thanks Quinta for sharing).

It’s difficult for EU to implement infrastructure development practices like Asian ones, where the State takes decisions and businesses execute them.. because in a capitalistic world the only thing that counts is ROI. We need to find a sane equilibrium for everyone, and we’re working on this.

Conclusions

In a nutshell, the event was interesting, a bit pleonastic because the same topics were carried over and over through the day, and it was an assessment of the current situation (un-chartered territory) but at least I heard politicians say “yes the internet is important, is valuable, and is worth pushing”. I don’t remember how many times I said these words in the past.

Hope you had a nice read, and congratulations that you made it!

The conceptual foundations and the economics network neutrality [Part 1] - 14 May 2009, Rome

2009-05-16T00:04:00Z

http://www.fub.it/events/seminari/neutralitadellareteeaspettisocioeconomici

http://www.nnsquad.it/

Neutrality – “Economy is dematerializing”

Solicited by a Facebook message sent to all the members of the nnsquad.it – for a neutral Internet members on 6 May 2009, I stumbled upon this interesting event I had the occasion to participate, held in the 17th century Rospigliosi palace in the heart of Rome.

In this photo: Kenneth Carter and Stefano Quintarelli

The preface looked pretty good: technicians, Ph.Ds, telco spokesmen and politicians speaking about the internet, its inborn freedom, and how to cope with this in a society where security measures are constantly increasing, and as such contrast in a virtual world with no barriers whatsoever. Furthermore, it’s a virtual arena in which everything can be free, not only information, and people is becoming accustomed to it.

The first speech was held by prof. Kenneth Carter, directly from the columbia university, and served as a broad introduction about the matters that were explored (and sometimes repeated) through the day. In a nutshell, the big question is: might ISPs offer different degrees of performance over different sites (or charge for better performances), permit/block/surcharge access to certain sites or via certain devices?

Filtering access to network services is a common practice over the internet, as is filtering content, and not necessarily bad: think about spam filters to prevent UCE and NAP filters to prevent and mitigate DDOS attacks, or antivirii/IDS [systems]. Also tiered service plans, where you get lower latency or wider upload bandwidth if you pay more, are acceptable, because “quality of service” isn’t an absolute value: it depends by the kind of services the user uses. And in the majority of cases, he/she doesn’t grasp (or even need to) the concepts behind them.

But what happens when the ISP crosses the line, and starts blocking your VPN software, or your VoIP PBX, or puts you into a big metropolitan network making your boxes inaccessible from the internet, and having you to pay lots of money to buy a public IP address (and for 10 days at most)? Hey, IPv4 addresses shortage is on the way, ok, but there are still lots available, and using legacy IPTV subnets to address residential customers isn’t a smart solution on the long run.

Next generation networks aim to solve addressing issues via IPv6, and its 128bits-wide network addresses, and bandwidth/latency ones, via (fiber) separated pipes, all dedicated to different kinds of data, e.g. VoIP/IPTV: this is what is going to be called “Fractionalized IP”.

As long as competition remains in place, applying surcharges for guaranteed QoS/bandwidth on certain services is a practice that can actually enhance user experience: gamers have entirely different expectations than “e-mailers”, and the formers will willingly pay more for Fast-path DSLs to pwn their friends, while geeks enjoy a static IP address to reach their server at home while they’re on the go. Partitioning resources on user demand can make a more profitable and efficient use of them, as long as it is done wisely and transparently to users. When transparency fails, you get the backlash that Comcast received when it started blocking file-sharing software. In Italy as well a provider known for his harassing phone calls to potential customers currently implements layer7 filtering to block file sharing and to “overbook” its limited bandwidth, thus giving a clumsy service to its users.

The key point, in my opinion, is about tech savvyness failure: no one here understands anything about a media (and its infrastructure) that’s becoming, faster than everything in history, overwhelmingly relevant in everyday life.

Wisely, Prof. Carter identified neutrality issues as the classic problem of the elephant and the blind men: each side of the problem can be tackled from a completely different perspective, bringing to completely different analyses and possible solutions. He made distinctions between vertical conflicts (ISP vs. user), horizontal ones (user vs. user / ISP vs. ISP) and diagonal ones (user on ISP A affects ISP B, and so on).

Applause for Mr. Carter, leaving the stage to Stefano Quintarelli from nnsquad.it. He identified in its presentation five key points upon which build a «neutral Internet without absurd restrictions»:

Transparency: the ISP must give the customer precise statements about its politics of traffic regulation/filtering;
Free choice: whenever the ISP changes its regulations, the user must have the right to be informed and keep the former ones he subscribed to;
Privacy: the ISP cannot discriminate traffic by looking at packet payloads;
ISPs cannot discriminate traffic on a per-user basis
Whenever an ISP applies traffic discrimination sanctioned in the user agreement, the same treatment must be applied to traffic coming from other networks. Failing to apply this principle is an example of the diagonal conflict stated by prof. Carter.

Furthermore, as often happens in big corporations, technology innovation is stopped by possibly uncertain ROIs: Stefano talked about a MESH network project in Assisi, where a self-healing wireless network has an aggregate bandwidth equal to the sum of the nodes’ ones. Big companies have got standard technologies and big infrastructures, but that doesn’t mean small companies lead by visionary people cannot compete with them. And here the next topic begins, with a speech held by Franco Menaglia from the Bordoni foundation

Economics

The Bordoni foundation `acts_as_consultant` for the Italian public administration regarding ICT matters. Dott. Menaglia recognizes that it’s a very complicated and actual debate, mainly because it’s not a simple opinion exchange between technology and market, but because on this matter depend investments of millions of public Euros. Not to forget that ICT is one of the main keys of UE development, that happens via innovative applications and services.

“Neutrality cannot prescind from economic development”, he states, and to ask users to pay more to have better services, users must actually feel the service quality is improved, and to deliver more data rapidly we need a more powerful infrastructure. Who’s gonna pay it? ISPs for sure, but also content providers could make their part (e.g. google).

The key here is all about business models: advertising is dying, and not because of AdBlock Plus, but because comportamental patterns have changed, and, in my opinion, SPAM and phishing play a major role here in making the user feel unconfortable and reluctant to accept offers on some random internet web site. So we need to find more profitable and efficient business models, thinking about the internet as an ecosystem, trying not to push only on our own company, and improving both competitivity and facilitation innovation through interoperability.

In a nutshell, there wasn’t much content neither in the presentation nor in the discussion, because, as Google CEO stated when commenting the 2009 Q1 report in the context of the world financial crisis, we’re in an un-chartered territory. I think that smart people will win in the end, because they’ll invent the next generation service that doesn’t need either low latency or high bandwidth and will be extremely useful to its users. Something capable to reach 200M of users in few years (and more) and being also profitable, without resorting to advertising.

In the second part of this article, I’ll recap about the afternoon session: it started with the interesting technical speech on new generation networks by Vittorio Trecordi and open discussion with five telcos spokesmen (telecom, tre, vodafone, fastweb and wind).

Stay tuned.

UPDATE May 17, 2009: The second part is available: http://sindro.me/2009/5/16/the-conceptual-foundations-and-the-economics-network-neutrality-part-2

Facebook Developer Garage 2009, Milan (Italy)

2009-04-26T21:54:00Z

This is my recap of the first italian facebook developer garage, held in milan on April 23, 2009, and hosted by mikamai. the morning has been dedicated to developer sessions, the afternoon to marketing & communication ones. some videos of the event are available here.

Morning: developer session

The first talk was held by James Leszczenski, facebook engineer, who presented the connect platform vision, mission, and values. interesting, besides the talk, for user participation: the audience was deeply interested about which information they get from facebook, how should they handle it, and which means connect does provide to match identities and find friends on an enabled web site.

Later I had the occasion to ask James about whether FB was inclined or not to adopt OpenID as an authentication method: he said that connect and OpenID both allow users to have unique login credentials to access multiple sites, but connect also allows to exploit the power of facebook social graph to allow users to communicate and share information. so, the short answer is “no”. Then I proposed him to implement OpenID on FB itself, so that connect could become really a superset of openID, but he said that “as a company, these are tough decisions I could not give an answer right now”. Fair enough :).

UPDATE: on April 27th 2009, techcrunch reports they heard that Facebook will embrace OpenID as a mean to authenticate users. Great news, looking forward for an official statement from Facebook! :)

The second talk was held by Vincenzo Acinapura, who described the basic means to create an application on the facebook platform. He explored the technologies behind it (XFBML, FQL, FBJS), the main integration points whitin the platform (notifications, publisher, ...), and he showed sample code to implement some of the most used FBML tags (fb:comments, fb:share, fb:feed, and so on). He eventually remembered the importance of automating the deploy of applications, and suggested to use capistrano to achieve it.

Then, the Facebook Sumo Contest was started: three developers had ~~one~~ two hours to cook up a functional facebook application that would then be judged by Facebook’s James and by the claps of the audience :). In the end only two of them made it, the first one being an italian guy who wrote an app to give gifts to friends; the second one a french (I think) guy who built an app to organize parties with friends, invite people, and enjoy. The former won, but in my opinion at least the latter did show a bit more creativity. Of course both of them were victims of the murphy’s law, because the apps didn’t work on the first shot :).

Third talk by andrea reginato and andrea franz, who started up defining what does viral mean, and how the social graph can allow anyone to distribute content to a very large number of users. in a nutshell, as long as your content is well worded and interesting, word-of-mouth distribution via social networks on which content publishing is “easy as pie” is a powerful way to make your content spread across millions of potential interested people.

How to achieve it? They explored how FB connect can augment our sites and give users ability to comment and interact with them using their facebook credentials, and then spread the interactions via facebook in order to reach a broader audience. it isn’t rocket science, but from my experience, it can work, as long as the content is itself useful and valuable, and most importantly it does not appear fake and as advertisement to the majority of the users. I think that facebook and twitter are also powerful tools to analyze and identify which kind of content is interesting right now for people, and model the viral distribution upon these insights.

There has been much interaction between the audience, interested mainly on how to integrate it within their web site while maintaining their own signup/login system, privacy concerns, policing and caching of information (which one to cache, how, and for how long), and legal issues. When there is complaint on data shown on my web but posted and hosted on facebook servers, who is the legal representative to question about? A spokesman from civile.it stated that the responsible is to be tracked by the owner of the servers on which data is hosted: it’s facebook itself.

The two Andreas eventually showcased a demo game for the fb platform built with sinatra, prototype and FBJS. The app asks you to identify one of your friends by looking at a subset of profile pictures: every one you guess (in 10 seconds at most), another picture appears, and difficulty increases. The number of friends you identified determines the “level”, that you can post on your profile once you’re done :).

After their talk, we did a lunch break and finally I joined with a friend of mine, who arrived late as usual ;).

Afternoon: marketing and communication

The afternoon was dedicated to marketing and communication, and to all the ways you can exploit the facebook platform to bring traffic to your site, or to generate viral information via the social connections between people, and featured some case histories by the authors of who has the biggest brain application, “Ninja Marketing:http://ninjamarketing.it and the makers of skoda in love application (cayenne marketing).

First of all, Lorenzo Visciani (mikamai co-founder) described how facebook pages can help marketers to advertise content and analyze user traffic in order to improve conversions: because facebook permits users to insert much information about themselves, this data can be aggregated and effectively shown in the statistics part of a facebook page. For a more detailed explanation, check out the Facebook pages product guide published back in march 2009.

Then, fun time, because of the projection of a video by the ironic neomelodic singer Manuele D’Amore, with his song lasciarsi su facebook (breaking up on facebook). Who doesn’t know neomelodic neapolitan songs, they are a product of the popular naples culture of which Gigi D’Alessio is one of the most known performers.

Then, politics time. Ivan Scalfarotto (running for 2009 european elections) and Giuseppe Civati were on stage, and talked about politics and social networking, a much buzzed topic these days, mainly because of obama’s successfull usage of it that resulted him taking office at the white house on january 20, 2009. I think that the core of it was his message, not being “vote for myself”, rather being “go vote, you dumbxxx!” :), a perfect example of giving voice to a psico-social tension via the internet. People spread out via facebook, twitter, and other social networks their action of being gone to vote, and as psychologists have explained many times, “People will do things that they see other people are doing”.

The downside of this talk was that was too much politics oriented, and wheter we should talk about politics and the internet, some felt that the guy was pushing it too hard. Hey, that’s what good about social media: give voice to everyone, and when someone is abusing the stage, shout it loud! :).

After politics, deep marketing time: the most interesting (in my opinion) talk of the whole day was the one held by the folks at ninja marketing, who identified the “chemistry of viral marketing” being the “viral DNA” and appropriate “seeding” thru social media. The DNA is about emotions: joy, anger, sadness, fear, and (of course) surprise, but the most important of them all is catharsis. Citing Wikipedia:

[..] the term “catharsis” refers [..] to the sensation, or literary effect, that would ideally overcome an audience upon finishing watching a tragedy (a release of pent-up emotion or energy).

These emotions suddenly identify a psycho-social tension, over which you should be smart enough to build means to give it voice through social media, like the whopper sacrifice marketers did. The tension here was the shared willingness to remove “friends” from our social graph, but the inability to do it in order to avoid possible remarks from them. But when you had a reason to do it to gain a free whopper, here’s that people started to drop others from their friend lists, even if they were not interested in the whopper at all. The Obama experiment also (IMHO) is a vivid example of a psycho-social tension (as I stated before), that was successfully exploited and gave its results.

The penultimate talk, held by Daniela Cangiano, described a case history by the marketers that realized the skoda in love for skoda cars (now unavailable on facebook). In a nutshell, the app asked the user five questions and found out of them the best match for a date by choosing from your friends. The app, by design, chose the results randomly and always gave a percent match greater than 80%. When displaying the match, the advertisement was also shown, inviting the user to buy a skoda car and go out with the matching friend for a date.

The key points of the app were the seasonality (launched some days before valentine day), the wording, very simplicistic and ironic, communication, interactivity, yada, yada yada. The host then pointed out that facebook is an “amplifier of social interactions” (because of the missing physical contact and the written communication, I’d add) and that is a powerful vehicle to convey information to customers. Daniela then stated that businesses should neither underestimate facebook value, being it the “resonance of the pulsating heart of the ‘net”, nor considering it simply a dumb vehicle, because it is “by people, for people”. I think that her claims were valid at a first glance, but quite exaggerated because the key here is “the internet”, not “facebook”. The internet opened up our minds by giving us endless points of view shared by millions of people that daily blog, tweet, and also update their status on facebook. But it’s the internet, dude.

Also, Daniela’s claims weren’t reflected in the application they built, as an audience member noted: “if you say that facebook is by people and for people, why did you made an app that gave them a false result? Which kind of enjoyment did it make to them, apart from finding a false match?”. She answered that the app wasn’t meant to actually find matches, but just to “give some minutes of “fun” to the user, and then convey the advertising message”. To me, it looks awful marketing, abusing an already abused seasonality (valentine day), and it’s just an example on how things should NOT be done.

But, did it work? The audience asked “how many conversions (in terms of cars sold) did you have from the app?” She replied: “well, this is only a part of a broader marketing campaign, and I cannot give out results here. if you’re interested, mail me at daniela DOT cangiano AT cayenne DOT it”. If you mail her, let everyone know by posting a comment, thanks :).

The last talk was held by the lead developer of helloTxt, an app that allows you to update your status on multiple networks by using a single form. He described how, once the core frameworks and interfaces of your web site are up and running, it’s just a matter of weeks to code up a facebook app and start spreading it: they took only 1 developer, 1 designer, 1 copywriter and 1 marketer to have it running.

Conclusions

To me, the event was really interesting and I thank both the hosts and everyone who held talks on stage, my brain was really satiated at the end :). As you’ve read from this post (hey, thanks for making it to the end! :) the topics were spanned on really many fields (technology, sociology, politics, marketing), and it’s amazing that the internet (and social media) can blur all of them into a single platform, and give humans new ways of study and implement them.

I hope only that james AT facebook DOT com will take the advice I gave him before leaving: “BE OPEN!” because we need open technologies, open standards, and open knowledge, so that no private company can control them, for humanity’s sake.

I’d love to hear your opinion, thoughts, and critics. Share them in the comments!

~ vjt@openssl.it

A tweeting (geeky) parrot

2009-04-21T21:54:00Z

I’m searching for a new pet. We already have two lovely cats, but after feeling how alive an house can be with many pets (after a beautiful night @ il quadrato mansion), I’m thinking about having another one to grow and love.

But, what kind of geek am I, if I don’t add a nerdy bit to it? So, after the brain twitter interface about which we talked about so much in the last days, this evening a quite random funny thought has stumbled into my mind: what about getting a grey parrot, grow it, learn it to talk, and letting him .. well, tweet his words using a speech recognition system put right aside its bar and linked to a twitter account? How weird would be that?! :D

Thinking deeply, the weirdest thing is that in 2009, a tweeting parrot makes me think about a “parrot with access to twitter” .. and not a bird emitting its natural verse. Am I overloaded by this social media thingie? Should I take some vacation?

I guess. But not right now. The first italian facebook developer garage is right two days away..

Image courtesy of @ozjulian on flickr, CC BY-NC-SA

Notice to all employees

2009-03-02T22:15:00Z

( As read on full-disclosure )

Subject: Notice to all employees
Date: Tue, 24 Feb 2009 13:06:14 -0500

Dear employees,

Due to the current financial situation caused by the slowdown
of the economy, Management has decided to implement a scheme
to put workers of 40 years of age and above on early retirement.

This scheme will be known as RAPE (Retire Aged People Early).

Persons selected to be RAPED can apply to management to be eligible
for the SHAFT scheme (Special Help After Forced Termination).
Persons who have been RAPED and SHAFTED will be reviewed under the
SCREW programme (Scheme Covering Retired Early Workers). A person
may be RAPED once, SHAFTED twice and SCREWED as many times as
Management deems appropriate.

Persons who have been RAPED can only get AIDS (Additional Income
for Dependants & Spouse) or HERPES (Half Eamings for Retired
Personnel Early Severance).

Obviously persons who have AIDS or HERPES will not be SHAFTED or
SCREWED any further by Management.

Persons who are not RAPED and are staying on will receive as much
SHIT (Special High Intensity Training) as possible. Management
has always prided itself on the amount of SHIT it gives employees.

Should you feel that you do not receive enough SHIT, please bring
to the attention of your Supervisor. They have been trained to
give you all the SHIT you can handle.

Sincerely,

The Management

( I hope you enjoyed this :) There is also an USAF version from 1997 ).

Implementing an image gallery using facebox and will_paginate

2009-02-21T23:12:00Z

On VisitaCSA we’re using defunkt’s facebox to show places images at large. Facebox is a great general-purpose lightbox, because it is fast, stable, is based on jQuery and has got a really clean API.

But we needed more than a simple display lightbox, because we wanted our users to navigate easily between all images, possibly without modifying facebox at all. The solution turned out to be pretty simple, thanks also to the will_paginate plugin we were already using. It all burns out to have:

A Photo model, instrumented with the has_attachment method
Resource routes for photos (map.resources :photos, :only => :show in config/routes.rb)
A show controller method in the PhotosController that calls .paginate with a :per_page argument of 1
An HTML view for the photo resource, that has pagination controls using the will_paginate helper
Some jQuery code hooks onto the pagination links and make the browser load via AJAX the next photo directly into the facebox.

Here is the relevant code, simplified from what’s actually online, because the photo model is actually polymorphic (using STI) and many different collections are handled by the photos controller (photos, flyers, etc) for different models, with different thumbnails :P.

Model [`app/models/photo.rb`]


class Photo < ActiveRecord::Base
  has_attachment :storage => :file_system, :path_prefix => 'public/photos',
    :processor => 'ImageScience', :thumbs => { :thumb => '600x800' }
end

Controller [`app/controllers/photos_controller.rb`]


class PhotosController < ApplicationController
  layout nil
  before_filter :find_place

  # The photo gallery core is here
  def show
    photo = Photo.find(params[:id])
    page = params[:page] || @place.photos.index(photo) + 1
    @photos = @place.photos.paginate(:per_page => 1, :page => page)
    @photo = @photos.first
  end

  def find_place
    @place = Place.find(params[:place_id])
  end
end

View [`app/views/photos/show.html.erb`]


<div class="photo">
  <div style="width: <%= photo_width(@photo) %>px; text-align: center;">
    <%= next_photo_link_for @photo, :in => @photos %>
  </div>
  <p><%=h @photo.title %></p>
  <p>
  <%= will_paginate @photos, :prev_label => '&nbsp;', :next_label => '&nbsp;' %>
  </p>
</div>

The image_size gem is needed to correctly let facebox align itself to the center of the window.

Helpers [app/helpers/photos_helper.rb and app/helpers/application_helper.rb]


require 'image_size'

module PhotosHelper
  def next_photo_link_for(photo, options = {})
    collection = options.delete(:in)

    if collection && collection.respond_to?(:next_page)
      facebox_image_link_to photo, options.merge(:page => collection.next_page || 1)
    else
      image_tag photo.public_filename(:thumb, :alt => h(photo.title), :title => h(photo.title)
    end
  end

  def photo_width(photo, thumb = nil)
    width = ImageSize.new(File.read(photo.full_filename(thumb))).width rescue nil
    return (width.nil? || width < 370) ? 370 : width
  end
end

module ApplicationHelper
  def facebox_image_link_to(photo, thumb = nil, options = {})                                           
    link_options = {:page => options.delete(:page)}
    options.reverse_update(:title => h(photo.title), :alt => h(photo.title))                            

    link_to(
      image_tag(photo.public_filename(:thumb), options),
      formatted_photo_path(photo, 'html', link_options),
      :rel => 'facebox'                                                                                 
    )
  end 
end

The scrollTo plugin is used here to scroll the window view to the top of the facebox.

Javascript [public/javascripts/application.js]


$(document).ready(function() {

  if ($('#facebox').length > 0) {
    $('#facebox div.pagination a, #facebox a[rel*=facebox]').live('click', function() {

      $('#facebox .content').html('<div class="loading"><img src="'+$.facebox.settings.loadingImage+'"/></div>');
      $.get(this.href, null, function(data) { $.facebox.reveal(data); });

      $.scrollTo('#facebox', {offset: -10, duration: 500});

      return false;
    });
  }

});

Well, maybe I should to wrap up all this stuff in a simple-and-nice-to-use plugin, but it’s all built around reusable components, and the effort needed to keep it up-to-date is currently out of order for me because of time constraints. And, sincerely, I see little benefit in it. It’s a “paginate-with-one-item-per-page” hack, after all :).

Have fun!

The obfuscated blinking border

2009-02-20T03:10:00Z

This is the obfuscated piece of Javascript code that implements the red border and loads Google Analytics on the Segmentation Fault site :


     77   <script type="text/javascript">// <![CDATA[
     78   var theLoadSequenceToRunAfterTheDocumentHasBeenLoaded = function() {
     79
     80     // The blinking border
     81     //
     82     (function(t){// (C) 2009 vjt <segmentation-fault@core-dumped.info>
     83       var $=function(_){return(document.getElementById(_));};var ee =[
     84       $('n'),$('s'),$('w'),$('e')],e,_=true;setInterval(function(){for
     85       (var i=ee.length;i&&(e=ee[--i]) ;_) {e.className=e.className?'':
     86       'b';}},t*08); /* .oOo.oOo.oOo. ^^^^^ -*** * *** *** *******- **/
     87     })((4 + 8 + 15 + 16 + 23 + 42) * Math.PI / Math.E + 42/*166.81*/);
     88
     89     // Google analytics
     90     //
     91     try{var pt=_gat._getTracker("UA-1123581-3"); pt._trackPageview();}
     92     catch($aMarvellousErrorThatWontBeDisplayedOnTheUserBrowserAtAll){}
     93
     94   }// end of theLoadSequenceToRunAfterTheDocumentHasBeenLoaded routine
     95   //]]></script>

To me, it looks like a contrived melody, or complicated poetry. It’s evil engineering, I know. But when I was writing it, I felt exactly the same I did while writing verses with rhymes. _why’s words are absolutely pertinent here: “until programmers stop acting like obfuscation is morally hazardous, they’re not artists, just kids who don’t want their food to touch.”.

You can view the code with syntax hilighting on github, or with the “View source” function of your browser while you’re on the segfault site. :)

How to mirror a static copy of the opensource.org website

2009-02-10T17:47:00Z

I currently maintain the italian mirror of the Open Source Initiative web site, and today I realized that the script I wrote some months ago wasn’t doing its job well.. because the CSS files weren’t downloaded at all, causing a rather unpleasant rendering of the site.

To mirror opensource org I’m currently using the plain’ol GNU Wget -r—mirror and so on. While the good’ol wget downloads each page prerequisite defined in the HTML source, it doesn’t support @import CSS rules, and doesn’t download images referenced in CSS with url() rules.

BTW, nothing that can’t be resolved with some regex-fu: that’s why I’m sharing the script I’m currently using to mirror the opensource.org web site, hoping it will generate either a new mirror or some insights on how to do this job better :).

The script: update_opensource_mirror.sh

Enjoy! :)

Continuous evolution

2009-02-03T13:49:00Z


releases$ du -sch *
7.6M    20081209132347
7.0M    20081209133350
7.6M    20081209144343
7.1M    20081209145133
7.1M    20081209151843
7.1M    20081209163013
7.1M    20081209175506
7.1M    20081209183553
7.1M    20081211122939
8.6M    20081212190026
8.3M    20081212201852
8.3M    20081212203943
8.3M    20081212205430
8.3M    20081213014847
8.3M    20081213020357
8.4M    20081213163428
8.4M    20081213173633
8.4M    20081213184749
8.5M    20081214171239
8.5M    20081214174058
8.5M    20081215122638
8.5M    20081215152408
8.5M    20081215171627
8.5M    20081215200430
8.5M    20081215205042
8.5M    20081215235659
8.5M    20081216000247
8.5M    20081216164820
8.6M    20081216200524
8.6M    20081216203210
8.6M    20081216210540
8.6M    20081217193227
8.6M    20081218174354
8.6M    20081218191803
8.6M    20081219152005
8.6M    20081219152907
8.6M    20081219155519
9.0M    20081219193433
8.6M    20081221173121
8.6M    20081221174616
19M    20081222035552
17M    20081222040347
17M    20081222055349
11M    20081222055633
14M    20081222055923
16M    20081222142851
11M    20081228152551
60M    20081228163752
11M    20090105191748
11M    20090106064448
11M    20090106184425
11M    20090106185528
11M    20090106204053
11M    20090106230526
14M    20090107001206
11M    20090107175246
11M    20090107175846
11M    20090107193832
11M    20090107194313
11M    20090107204045
11M    20090107204438
12M    20090109164048
11M    20090109185118
11M    20090112031351
11M    20090113104259
12M    20090113152213
12M    20090113171628
12M    20090113194223
12M    20090113194415
20M    20090113201919
12M    20090114180311
12M    20090114185735
12M    20090115071510
12M    20090115102500
12M    20090115131810
12M    20090115155944
12M    20090115183612
12M    20090116121148
12M    20090116125514
12M    20090116131343
12M    20090116170318
12M    20090116171428
24M    20090116173349
16M    20090118204113
14M    20090120151836
12M    20090122150700
12M    20090122155359
18M    20090122160455
78M    20090125055603
48M    20090126114022
14M    20090126143048
12M    20090126160105
12M    20090126160400
12M    20090126165339
22M    20090126170159
12M    20090126193506
12M    20090126194637
12M    20090126194859
12M    20090127142057
14M    20090127155906
52M    20090127180739
13M    20090129144356
12M    20090201141300
12M    20090201151016
13M    20090202114805
12M    20090203113750

Fascinating, nonetheless.

sindro.me - everything

Doing something is always better than doing nothing

Rails3: Better, Faster, Stronger

It just takes one person to get the party started

E-Privacy 2009: Towards Global Control

Table of contents

The Recipe

Ingredients

Preparation

The scenario

The arguments

Why bother

The business side

The identity side

The Google side

The protection side

The communication side

Tapping

Protecting

Protecting further

Final words

The best way to begin a new day

Girl Geek Dinners Workshop @Apple Store, 16 May 2009, Rome

Social networking

Questions?

Productivity

Conclusions

The conceptual foundations and the economics network neutrality [Part 2] - 14 May 2009, Rome

Round table with telcos spokesmen

Politics

Conclusions

The conceptual foundations and the economics network neutrality [Part 1] - 14 May 2009, Rome

Neutrality – “Economy is dematerializing”

Economics

Facebook Developer Garage 2009, Milan (Italy)

Morning: developer session

Afternoon: marketing and communication

Conclusions

A tweeting (geeky) parrot

Notice to all employees

Implementing an image gallery using facebox and will_paginate

Model [app/models/photo.rb]

Controller [app/controllers/photos_controller.rb]

View [app/views/photos/show.html.erb]

Helpers [app/helpers/photos_helper.rb and app/helpers/application_helper.rb]

Javascript [public/javascripts/application.js]

The obfuscated blinking border

How to mirror a static copy of the opensource.org website

Continuous evolution

Model [`app/models/photo.rb`]

Controller [`app/controllers/photos_controller.rb`]

View [`app/views/photos/show.html.erb`]