A passive-aggressive response to the lack of separate privacy controls for Facebook comments and likes

September 13, 2012 by

Social networks’ ease of sharing exposes …unfortunate behaviour by some users.

Variants of the following text have been popping up on multiple friends’ timelines recently:

To my FB friends : I want to stay PRIVATELY connected with you. However, with the recent changes in FB, the public can now see activities in any wall. This happens when a friend hits “like” or “comments”, automatically, their friends would see your posts too. Unfortunately, we cannot change this setting by ourselves because Facebook has configured it this way. So I need your help. PLEASE place your mouse over my name above (do not click), a window will appear, now move the mouse on “FRIENDS” (also without clicking), then down to “Settings”, click here and a list will appear. REMOVE the CHECK on “COMMENTS & LIKE” by clicking on it. By doing this, my activity amongst my friends and my family will no longer become public. Many thanks! Paste this on your wall so your contacts would follow suit too, if you care about your privacy

I was a little puzzled about what the original author was trying to achieve. After all, Facebook has been simplifying its privacy settings so that most users can now make sense of them. It turns out that this simplification is part of the problem here: comments and likes have the same visibility as the shared item that they relate to. This makes reasonable sense – it would be somewhat confusing for the stream of comments on a shared item to have multiple visibilities; different people would see different pieces of the conversation – however it means that users don’t have direct control over the visibility of their comments and likes, that control is held by the person who shared the item in the first place. For those commenting and liking, the only way to exert any control is to not comment/like at all.

After some reflection and digging, I’ve finally gotten my head around what the original author was trying to do. It’s a little passive aggressive, in effect the author is saying to each of his/her Facebook friends:

I don’t trust you, so please adjust your newsfeed settings to suit me (so my misbehaviour is less likely to be visible to you).

The thinking is that if all of the original author’s Facebook friends did so, then (s)he would be free to treat Facebook as a private space because things that (s)he did in one place would no longer be seen by other Facebook friends not directly involved. This is kind of dumb: anything that you share on Facebook is already in effect permanently public, but worse, it reveals that in the original author’s mind there is a distinction between Facebook friends and, erm, “real” friends in that what he/she wants to achieve is that “my activity amongst my friends and my family will no longer become [visible to my Facebook friends]”.



52ed3f0090fa307b5f02125542471581 != NaN

August 15, 2012 by

First post!

How is this possible? Even its newline-challenged cousin appears in just 3 results in a Google search; do I expect a visit from the men in black helicopters?

(For my non-crypto-geek friends: this is something of an inside joke. A very inside joke. What’s important about it is that the string of letters and digits at the start of the title has apparently never been expressed in public before, even though by rights it really, really should have been. No, I am not going to explain; the point of posting this is (a) bragging rights for being first and (b) the joy of discovery for someone who does think to look for it – that joy being enhanced both by the length of time between my posting it and their thinking to look for it and its uniqueness when they do. Think of it as a shibboleth for a tiny community, or perhaps as an easter egg hidden in plain view.)

Rao and Reiley’s “The Economics of Spam” grossly understates the economic costs of spam.

August 14, 2012 by

Spam costs society at least twice the $20 billion/year that the authors estimate, and probably a great more than that. Their paper is well argued and mostly well researched, however they do make one peculiar and wholly unsupported assertion

False positives … are … so rare that we ignore them in this estimate

which falls down on at least two fronts:

  • false-positive errors (legitimate messages not reaching inboxes) occur at a rate of the same order as that at which false-negative errors (spam reaching inboxes) do, and
  • false-positive errors inflict more variable, and typically far higher, costs than false-negative errors do.

As part of my work with TrustSphere I’ve been involved in the analysis of email security systems from most vendors and the review of those systems’ assessments of around half a billion messages received by a variety of customer types located in multiple regions and have observed that false-positive errors occur at similar rates in all cases. The consequences of a single false-positive error range from “no impact” through time wasted searching spam folders/quarantines all the way to compliance failures, lost sales, missed deadlines/appointments, loss of trust in an organisation and its infrastructure, angry customers, supply chain disruptions, etc.

Inconveniently, TrustSphere has not yet published its findings in a peer-reviewed journal. Things to look forward to…

(thanks and thanks)

Further thoughts:

(Cross-posted in Lost in Reception)

Thunderbird 4 works. On Mars. On Neil Armstrong’s birthday.

August 6, 2012 by

I have nothing to add.

Quick and dirty PostgreSQL to JSON exporter

July 30, 2012 by

On GitHib

Transit of Venus

May 28, 2012 by

Inspired by the upcoming transit of Venus, here are some photos of the previous transit that I’ve been meaning to upload for, erm, 8 years…

The apparatus:

A piece of paper with a hole in it covering a shaving mirror

A piece of paper with a hole in it covering a shaving mirror

Attached to a tripod with a cable tie

Attached to a tripod with a cable tie


Pointed through a bedroom window (the reflection of the sun is visible through the window in this shot)

Pointed through a bedroom window (the reflection of the sun is visible through the window in this shot)


The projection of the sun onto the rear wall (and tripod from which larger pictures were taken)

The projection of the sun onto the rear wall (and tripod from which larger pictures were taken)

All in order to produce lots of images like this, sadly a bit out of focus because (a) I was struggling with the autofocus on the camera and (b) the hole in the paper was too large so the image on the wall wasn’t so sharp to begin with:

Early transit

Early transit

I’d like to do better this year, but I’ll be in Berlin meaning that it will only be visible from dawn (4:46!) through 6:54; I’m likely to be asleep throughout…

“perl: warning: Setting locale failed.” “perl: warning: Please check that your locale settings:”

March 25, 2012 by

Another nit:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = "en_AU.UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

The fix – at least for English-speakers – is:

apt-get install language-pack-en

2012-05-06 UPDATE: While rehabilitating a batch of old blog posts, I noted that I’d posted a solution to this problem before. It doesn’t quite work as written, but did lead me to discover that the key is a tool called locale-gen. To deal with the problem above (non-existence of en_AU.UTF-8), simply do:

# locale-gen en_AU.UTF-8
Generating locales...
en_AU.UTF-8... done
Generation complete.

Apache commons logging, log4j, “WARN No appenders could be found for logger” and “WARN Please initialize the log4j system properly”

March 25, 2012 by

Using Apache’s HTTP client implementation in Java I’ve been seeing this:

log4j:WARN No appenders could be found for logger (org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager).
log4j:WARN Please initialize the log4j system properly.

The sensible fix appears to be:

System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.Jdk14Logger");

(As all J2SE versions since 2002 (!) have had a workable logger built in; this would seem like a more sensible default. If it was a developer’s desire to benefit not merely from the standardised API but also from the common implementation then, presumably, using Log4J directly would be what they’d do…)

Also useful to remove unnecessary chatter:


Directing a shell script’s entire output to syslog

March 22, 2012 by

Typical use:

exec > >(logger -t something[$$]) 2>&1

Use for an EC2 userdata script:

exec > >(logger -t user-data -s 2>/dev/console) 2>&1

Using pulseaudio remotely via ssh

February 1, 2012 by

It’s a little untidy and socat fails to exit when ssh does, but:

$ ssh -L 4000:localhost:4000 user@host socat TCP-LISTEN:4000,fork UNIX-CONNECT:/tmp/pulse-something/native
$ PULSE_SERVER=localhost:4000 vlc

UPDATE 2012-02-04: I’d left out the -L option…