Web 2.0 Roundup

I was hoping to get back on a regular schedule with the posting, but this whole unemployment thing is harder work than it seems… With all the buzz and hype on Web 2.0, it’s sort of been harder to find real insight online, but recently I’ve spotted some particularly interesting bits:

  • Designing for the Sandbox – this is peterme’s new blog (dealing with Web 2.0, and issues of openness, control, trust, authencity, and whatever else deemed relevant), spurred by his recent writing and tracking a more interesting angle than the regular biz boosterism
  • Abstract Dynamics: Web 2.0 – Abe Burmeister’s recent critical essay that gives valuable context and perspective to some of the more exhuberant claims (peter responded and Abe responded back)
  • Why Web2.0 Matters: Preparing for Glocalization – probably the most interesting Web 2.0 essay I’ve seen recently, connecting many different disparate threads into a very cohesive thesis, while being appropriately self-reflexive (looks like all that schooling coming in handy)

What’s interesting is that Danah’s primary point, emphasizing social context, is something that she’s been saying for quite a while (but perhaps still not being giving appropriate attention to by developers? to be fair, it is a fairly hard property to quantify). What did strike as particularly interesting from my perspective is the emphasis on articulating scope. For Upcoming.org, the glocalization is rather literal, with local social proximity mapped against geography (and friends) and across interests with tags, and now groups.

While I can’t claim the rigor that others have for creating extended, focused essays, I do want to try to touch on a point that has so far, I think, been underexplored: how these social contexts (communities) relate to identity.

At the strategic level, there seems to be a big push for “identity” which seems to translate, loosely coded, as a person GUID. Beyond the general misguidedness of monolothic identity at a philosophical level, this seems to miss the point (and indeed, work at odds) with where the actual value lies: that identity functions in the context its relationships, and that context is generated primarily by activity.

Related to that line of thought, what we’ve seen in these Web 2.0 is creation of platforms and services, but it seems there’s been a blind-spot to how these services can fit within existing community infrastructure. We’re still seeing “Sign-up for XYZ new site, (re)create social context!” instead of an “Augment an existing community, leverage existing social context!” — and there’s a tangible downside to this blindness that extends beyond the inefficiency, or the “fuck it up” factor of trying to re-articulate what already implicitly exists: the additional friction and artificial infrastructure segmentation is going to ultimately limit your growth.

That could probably do with some unpacking and concrete examples, but it’s getting late.

Setting Up Virtual Mail and SMTP-AUTH on Debian

In general, I don’t consider myself too much of a sysadmin dummy, but it seems that getting my mail set up was much more complex than it should have been for what seems to be a fairly common set up. You’d think that this type of thing would be automated… but, you’d be wrong.

  • Virtual mail – this setup guide worked perfectly (I picked this data-model over the rest I reviewed since it seemed simple and made sense). As long as you tail your mail logs to see what’s going wrong, this shouldn’t be much of an issue.
  • SASL – Using libpam-mysql for SASL? Not a good idea. Here’s a much easier way, install libsasl2-modules-sql and use the auxprop set up as specified. Easy breezy. Be sure to enable TLS in Postfix’s master.cf properly and check if there aren’t MySQL connection problems (enable local TCP/IP if it can’t reach the socket)
  • TLS – use stunnel to connect into/test your SMTP-AUTH

OK, once you’ve found the right guides, it doesn’t seem so hard, but damn if it didn’t take me a whole lot of searching, trial and error, and log debugging to get there.

George Bush Doesn’t Care About Black People

This Gold Digger (“George Bush Doesn’t Care About Black People” Remix) [8.7MiB MP3] is genius. via Mefi

Upcoming on Upcoming.org

Wee…

One side can be wrong

Guardian Unlimited: One side can be wrong

Intelligent design is not an argument of the same character as these controversies. It is not a scientific argument at all, but a religious one. It might be worth discussing in a class on the history of ideas, in a philosophy class on popular logical fallacies, or in a comparative religion class on origin myths from around the world. But it no more belongs in a biology class than alchemy belongs in a chemistry class, phlogiston in a physics class or the stork theory in a sex education class. In those cases, the demand for equal time for “both theories” would be ludicrous. Similarly, in a class on 20th-century European history, who would demand equal time for the theory that the Holocaust never happened?

If complex organisms demand an explanation, so does a complex designer. And it’s no solution to raise the theologian’s plea that God (or the Intelligent Designer) is simply immune to the normal demands of scientific explanation. To do so would be to shoot yourself in the foot. You cannot have it both ways. Either ID belongs in the science classroom, in which case it must submit to the discipline required of a scientific hypothesis. Or it does not, in which case get it out of the science classroom and send it back into the church, where it belongs.

Katrina: untie(‘techies’);

I had personal commitments when Zack had originally contacted me over the weekend, but I was glad to pitch in and make my tiny contribution tonight when I found out that they still needed help crawling some of the online survivor lists for the Katrina List Network , a people finder service that aggregates all these different lists floating around via a People Finder Interchange Format (PFIF 1.1).

The Social Source Softward blog has some interesting commentary from one of the groups behind the project.

Mail Form Email Header Injection

A while back, I saw some mail form email injection attacks hitting my contact form. This was easy to filter for (replace \n’s and \r’s for the headers; also PHPMailer didn’t seem to be be affected by the MIME handling attack), but the continued daily probing has quickly gotten annoying. So, I adapted my IP minefielding code, and now, if you try to inject, you get slapped:

// Test for annoyance
foreach($_POST as $field => $input) {
  $input = stripslashes($input);
  if(preg_match('/Content-Type: multipart\/mixed/i', $input)) $attack++;
  if($field != 'body') {
    if(preg_match('/\n/', $input)) $attack++;
    if(preg_match('/\r/', $input))  $attack++;  
  }
}

if($attack) {  
  $deny = '# ' . date("D M j G:i:s T Y") . "\n";
  $deny .= 'Deny from ' . $_SERVER['REMOTE_ADDR'] . "\n";
  fwrite(fopen('.htaccess', 'a'),$deny);  
  print "You've been detected trying to do stream injection and blocked from further access to this mail form.";  
  exit;
}