Uncategorized – Page 4 – hypatia dot ca

Security at the Ubuntu Developer Summit

I’m attending the Ubuntu Developer Summit this week in Budapest, and I wanted to share how to participate in the security track remotely.

You’ll want to look at the schedule of security track sessions, and the icecast streams for the various rooms we’re in. Each session in the schedule has one or both of:

an etherpad for recording discussions
a blueprint which is the “working document” for that particular portion of the project

Both have little icons in the schedule.

You may also want to join the IRC channel for the session; there is one per room, with naming scheme #ubuntu-uds-$room_name_without_accents . There’s also #ubuntu-hardened, for general discussions and continuing to participate in the Ubuntu security community after UDS. If you’re not a big IRC user or your network blocks it, you may prefer web-IRC, which is available here for freenode.

This stuff of course generalizes for any other topic at UDS; check out the schedule for tracks on other topics.

Customizing GnuCash reporting

Before I start: a huge Thank You to the amazing Cheri703 for holding my hand over VOIP while I got the hang of GnuCash. I wouldn’t have finished my taxes without her patient support 🙂

I spent a while looking around for how to customize GnuCash reporting for Canadian taxes, and it ended up taking me some time to figure out quite simple things so I figured I’d document it here for the benefit of those searching for this info.

I started off with “A Simple Checkbook” and added a number of accounts for my consulting business, various expenses, etc. I haven’t gotten into tracking my personal expenses in great detail yet, but I’ll try that for 2011. Feel free to skip the next part: <grumble type=”Canadian Banking System”> The Canadian banking system is behind the times, so I manually downloaded Quicken-compatible files from my 2 banks. Kudos to CIBC for allowing me to download a whole year’s transactions in one go. Boo Hiss to TD for not only making me download things a month at a time, but only keeping credit card records for six months. My books are a bit complicated as I have a USD account and credit card in addition to my CAD one, and I incorporated last year… all told, I had to type in about 18 months worth of various accounts. Lesson learned for next year!</grumble>

When it came time to output all the info for my accountant, I initially used the “Transaction Report” which I copied and pasted into OpenOffice Calc and tidied up… but there was a lot to tidy up, particularly because it did monthly subtotals, which was really overkill and distracting.

Turns out you can customize the Transaction Report! While you’re on the Transaction Report tab, there will be a new menu option in your Edit menu – Report Options. I customized the Accounts tab to just show the accounts relevant to my taxes and added a running balance in the Display tab. In the Sorting tab I checked “Show Full Account Code,” and most importantly (to me) I set the “Secondary Subtotal for Date Key” to “None” to make the cluttery monthly subtotals go away.

Hit apply, copy and paste the whole report into OpenOffice Calc, save as XLS if your accountant hasn’t seen the Free Software light, and presto! Taxes are a go, with GnuCash 🙂

One last tip once things are pasted into OpenOffice – do a find and replace for ^. with & to get rid of all the fussy formatting that makes it impossible to do calculations in OpenOffice, and remove all the useless hyperlinks.

There is lots of additional info on the GnuCash FAQ about other ways of exporting data, but this is the quick and simple way that worked for me. There’s also an official-ish way to export to OO Calc here but I didn’t find that worked any better than just copying and pasting.

Look at what I got in the mail!

Via the inestimable ms. skipp. The shirt was totally a coincidence, I swear!

It's the little things…

My beloved tablet died, so I sent it back to the manufacturer, just under the wire before the warranty expired.

A friend had just returned my old netbook, so I moved my data over to that before sending out the sad tablet. After blowing a few large dust bunnies out of that machine it was only freezing up about once a day.

Ten days, one trip to California, two hackerspaces, and one keynote later, I had the tablet back. I was in a bit of a crunch at school so I didn’t have time to re-do the factory Win7 image exactly to my liking. So I popped the hard drive out of the netbook, replaced the tablet hard drive with the netbook drive, and got back to work. Everything* worked, everything was copacetic, and I was a happy camper with a full keyboard and pressure-sensitive pen tablet once again.

It turns out being able to swap hard drives and have the machine just work is a pretty important feature for me. <3, Ubuntu**.

*except for the BIOS only allowing certain PCI-IDs for WiFi cards… but that’s a story for another time. Manufacturers, please don’t do this. I’m looking at you, HP, Lenovo, Asus….

**yes, I do know this works just fine in other Linux distros. And probably the BSDs, too 🙂

Sunsets Aren't Delicious

Over my years of using it, Delicious quietly became one of my favorite things on the whole internet – in many ways because it shaped how I used the web itself, and how I organize my thoughts.

Hearing that it’s going to be shut down made me kinda sad. But so does the prospect of moving to some other monolithic, single-point-of-failure service.

Anyone interested in building a Free Software federated social bookmarking app? I am, and I think we could put something together pretty easily using the developing ecosystem of federated social protocols which projects such as status.net and Diaspora are using.

If one already exists, I’d love to hear about it too… but I couldn’t find it.

I’ve got a final tomorrow but I’ll get a mailing list up and running Saturday – leave a message in the comments, or email federated@hypatia.ca and I’ll add you when I do.

Soft Circuit Gift Guide

Friends have asked me for a wish-list / getting started type post on soft circuits and the LilyPad Arduino. I’ve been a slacker about getting this posted (folks asked before the holiday season last year), but hopefully it’s not too late for this year – Sparkfun has speedy shipping, and Toronto-local friends can check out Creatron, who will also do phone orders. Tell them you’re a friend of HackLab 🙂

This isn’t exactly a shopping list, but I’ve tried to lay out the supplies that one needs to get going. To save me a bit of time, when there are multiple options I’m only going to link the one I recommend. The others can be found by poking around Sparkfun.

Either of:
- LilyPad Arduino and one power supply – coin cell, AAA, or the LilyPad LiPower. If you’re just getting started, I’d recommend the AAA one.
- LilyPad Mini and Li-Poly battery. (better for simple projects, the Mini has fewer pin-pads.)
Alligator clips for prototyping – the ones Sparkfun has are very expensive; your local hardware store should have cheaper ones, as does Creatron. Conductive thread for the final sewn circuit – I linked to the 4-ply thread which I prefer, but there is 2-ply as well. Medium-sized sewing needles, and plan on breaking a few.
Clear nail polish for sealing off ends of thread.
Programming cable.
A bit of folded-over duct tape or felt to make a LilyPad coaster.
one or more inputs: there are a wide variety of sensors available. Accelerometers are pretty nifty for controlling your project through movement; light and temperature sensors can be used to make clothing react to the ambient environment. Switches and buttons let you turn features on and off or cycle through programs.
one or more outputs: buzzers make sounds; LEDs, in either single colours or RGB, light up your project; vibe boards give you haptic (physical) output.

If you’re feeling ambitious, the LilyPad XBee allows for cool wireless hijinx, and the Bluetooth Mate when combined with the open source Amarino Toolkit allows your wearable creation to talk to your Android phone or device. Another fun thing to play around with is conductive fabric, which can be used for all sorts of neat things such as capacitive-screen-compatible glove and mitten fingers, and soft buttons. For the latter, you just make a felt gasket/O-ring and sew a piece of conductive fabric to each side. The connection is made when you touch the two pieces of fabric together through the gasket.

Leah Buechley’s LilyPad intro is a good place to start. If you get stuck, google for the error message; if you’re still stuck after that, feel free to ping me for help.

Opting out from naked scanning – Canadian edition

Short version of this post: you have the right to opt for a physical pat-down instead of scanning in Canadian airports. Here’s the PDF you need to print out in case CATSA gives you a hard time about this.

Last February, on my way to PyCon in Atlanta, I had the displeasure of being bullied into going through one of the new naked scanners at Pearson International Airport. I’ve filed a complaint with CATSA about this incident, as the screener should have given me correct information when I asked if I had the right to opt out.

Yesterday, I contacted CATSA’s media office in Ottawa and spoke with a fellow named Mathieu Larocque. I asked where the specific policy was regarding opting out of the millimeter wave scanning. He said that it was indeed the policy that one could opt for a physical search, and pointed me at the same PDF flyer that Peter had pointed me at last week on Twitter. As far as I’ve been able to tell, the language in that flyer about the scanners being an alternative to a physical search appears to be the only policy information on the entire CATSA website indicating that one can opt out. Mathieu himself seemed surprised that there wasn’t an item in the FAQ to that effect. If you’d like to see their policy clarified on the website, please leave a comment via their form.

The machines in use in Canada are ProVision Advanced Imaging Technology millimeter wave scanners. As I understand it, these are different from the backscatter scanners being deployed in the US. I looked over the product documentation and it indicates that recording or immediately deleting images is a customizable option. When I brought this up with Mathieu, he said that he wasn’t sure of the technical details, but explained that there’s some additional piece of hardware which CATSA has not implemented, which is required for storing images. One assumes it’s some kind of hard drive or flash-based storage setup. I’m working on filing an Access to Information request to obtain the procurement information around CATSA’s order for these machines to confirm this as well as hopefully obtain more specific information about the implementation details of these machines.

That said – it doesn’t really matter how the storage stuff is implemented. A malicious agent with a cameraphone will still be able to snap a photo of the screen,

So yes, scanning is here in Canada, and yes, you’re entitled to opt out and have a physical search instead, even if CATSA hasn’t bothered making that very public on their website. If you opt for a private search, you have the right to ask for the search to be conducted in private, with an agent of the same gender as well as a second (same-gender) agent witnessing. There are plenty of good reasons to opt out – radiation, religion, privacy, being creeped out by the process, or just not thinking it’s an effective method of doing security, as pointed out by a leading air security expert.

The Privacy Commissioner of Canada has weighed in on this and other issues of travel privacy in a lengthy, informative post, which Mathieu confirmed is an accurate assesment of current CATSA policy.

Thanks to Lisa for pointing me to the Privacy Commision report, and to Peter for pointing me at several of the CATSA links.

Oh, and if you’re thinking of commenting? Please don’t post stuff about US TSA policy, it’s offtopic, and I’ve seen it already, trust me. More importantly, I really don’t want to hear about how you think this is not a big deal, so don’t even bother with comments to that effect 🙂

http://us.pycon.org/2010/about/

Compass Hat

I made a silly hat that tells you which way is North. It tells the people around you where it is via LEDs, and it tells you via a discretely concealed buzzer. I’ve been remiss in posting a writeup about it, but here goes:

Continue reading “Compass Hat” →

Double Major

I’m back in school, as you’ve probably already gathered from my microblogging. I’m finishing up a double major in Computer Science and Equity Studies at the University of Toronto, and if all goes according to plan I’ll be graduating in May 2011.

While this may sound like a strange combination, it makes perfect sense to me – I’m interested in equity issues within the STEM fields, especially computer science.

It turns out the combination of fields come in handy in unexpected ways some times. After proofreading a paper I wrote for a Women and Gender Studies class for me my friend Valerie suggested that some quantitative data might be useful in supporting one of my assertions. In my paper I argued that while early feminist scholarship on sexual harassment failed at intersectionality, more recent scholarship has embraced it. To support this, I wanted to compare the number of citations for Catherine MacKinnon’s Sexual harassment of working women: a case of sex discrimination to Kimberle Crenshaw’s Demarginalizing the Intersection of Race and Sex: A Black Feminist Critique of Feminist Theory and Antiracist Politics. These are both profoundly influential works, but I wanted to quantify how their relative influence on scholarly work.

So I did what any self-respecting CS student would do – I wrote a script to scrape Google Scholar for citation numbers over time and made a graph comparing the two 🙂

For your edification, here’s scholargraph.pl:

# (c) 2010 Leigh Honeywell
# Licensed under the Simplified BSD License, reuse as you will!

use strict;
use LWP::Simple;
use LWP;

# set up LWP user agent and cookies; pretend to be Firefox 4 just to be cheeky
my $lua = LWP::UserAgent->new(
    keep_alive => 1,
    timeout    => 180,
    agent =>
"Mozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre"
);

# edit in your citation numbers from google scholar and the appropriate
# date ranges for what you're trying to do
my $crenshaw = getCites( "10759548619514288444", "1977", "2010" );
my $mackinnon = getCites( "2195253368518808933", "1977", "2010" );

sub getCites {
   (my $cite, my $startyear, my $endyear) = @_;

    for my $year ($startyear .. $endyear) {

        #construct the query URL using the above data
        my $post =
          $lua->get( "http://scholar.google.com/scholar?cites="
              . $cite
              . "&as_ylo="
              . $year
              . "&as_yhi="
              . $year );

        # scrape the returned page for the number of results
        if ( $post->content =~ m#of (?:about )?(d*)</b># ) {
            print $cite. "," . $year . "," . $1 . "n";
        }
        elsif ( $post->content =~ m#did not match any articles# ) {
            print $cite. "," . $year . ",no resultsn";
        }
        else {
            # some kinda error happened, most likely google caught me!
            print $cite. "," . $year . "errorn";
        }
    # don't kill google's servers
    sleep(5);
    }
return 0;
}

Oh and if you’re curious, Crenshaw’s paper was cited far more than MacKinnon’s, pretty much as soon as it was published. Intersectionality FTW!

And as these things always go, of course I spend the evening working on this only to find that there’s a Perl module as well.

Category: Uncategorized