return to OCLUG Web Site
A Django site.
January 31, 2013

Michael Richardson
mcr
Michael's musings
» First Experiences using PrestoCard

Our PRESTOcards.ca arrived in the mail on Monday. Hard to blame prestocard for taking 10 days to get them to us, more likely it's Canada Post's Dark Delivery regime... we are still getting Xmas cards. http://www.ottawacitizen.com/business/Mail+delivery+dark+might+brightest+forward+Canada+Post/7673752/story.html

So Meaghan went to work with the Prestocard on Tuesday. It worked fine in the morning. Normal route is 16 or 151-westboro-95 to Bayview, O-train to Greenboro, and if the number 43 driver decides he is picking up passengers, she can avoid a dangerous walk along a usually snow covered non-existant sidewalk north on Bank Street, one stop.

Things went okay on the way. The presto card site noticed what stop she got on. She didn't swipe on the O-train. Should she? She got on the 43, and it saw that too. Curiously, it doesn't say what actual bus route she was on...

The trip home wasn't as good. It saw at location "15", which was the bus back to the O-Train, and then, 27 minutes later, it charged her another half fare (one ticket), at Bayview to come home. No idea why, we asked.

She had noticed this situation on the scanner, and so we checked that night, and everything looked okay last night, but when we looked today, the system had caught up to the extra fare.

We were checking because I tried to yesterday to see if my prestocard had been loaded correctly with my Feb. Bus pass. On Tuesday it gave me a red and told me to see customer service. Oh no, I think... will it work on Friday morning? Today, on my way home, using my paper January pass, I swiped my prestocard again... the machine happily announced that I had been charged a $2.60 fare.

Huh I think? Does it mean... I'm good for a $2.60 fare, or does it mean, that it's gonna try to deduct from me? So far, it hasn't done anything yet. I'll see tomorrow.

My opinion is that it should have simply said: "Your february bus pass will be valid 2013-02-01. See driver if you need to pay a fare"

Comments to G+: https://plus.google.com/103865510556691933694/posts/5vRsQ1rX8na

January 24, 2013

CREDIL news feed
credil
CREDIL: News
» CREDIL - Lunch-and-Learn: Time and task management

Our next Lunch-and-Learn topic at CREDIL Lunch-and-Learn will be on "Time and task management", to be presented by Julien Lamarche on Thursday, February 21, 2013.

If you wish to attend the Lunch-and-Learn, please contact us ahead of time so we can ensure there is enough space for everyone.

January 22, 2013

Rob Echlin
echlin
Talk Software
» Proposed Stack Eschange site for DITA

Anders Svensson has created a proposal for a DITA Stack Exhange Site.
It’s at http://area51.stackexchange.com/proposals/49912

DITA is an OASIS standard for XML documentation.


January 20, 2013

Rob Echlin
echlin
Talk Software
» User Group Connect has a new URL

“User Group Connect 2013″ has a new URL. You can find us at ugconnect.ca

If you don’t know about UGC, it is an opportunity for User Group’s in Ottawa to get together and for the Ottawa technology community to get together to meet some of the 30 or so User Groups in Ottawa.

On Saturday February 9, from 10am to 4pm, join us in the lounge at Shopify, 126 York St. The entrance is at the back of the building, from the parking lot.

Accessibility problems – Unfortunately, this location is not wheelchair accessible. It has stairs, and the washroom is up a flight of stairs.

Also, you can still reach the User Group Connect site at the old URL.


Tagged: groups, Ottawa

January 18, 2013

Michael Richardson
mcr
Michael's musings
» Impressions of PrestoCard Site

I visited the Rideau Centre this morning to attempt to obtain a PrestoCard for myself (Monthly pass), my wife (she uses tickets 3 days/week), and my son (1 ticket every week or so). I also wanted a spare card for when my other-in-law visits. She drives from Farrhaven to our house, and takes the bus with us downtown because she is afraid to drive downtown.

The lineup at the rideau centre was basically out the door, and management seemed to be doing a good job of dealing with the unexpected number of people, but waiting an hour wasn't in my todo list today, so I proceeded to work.

I sat down at my comptuer and went to OCtranspo.com, and was led to prestocard.ca.

javascript needs to be turned on this site. I use NoScript to keep me safe from stupid things. The site should be useable for people without javascript. This is a simple requirement for a site to be accessible to people who have various disabilities. (and there is no reason for the moneris site to need javascript. none)

So, the first use of javascript is to popup a window to show me the usage agreement for the site. That's uselessly long. TOO LONG DIDN'T READ. And it's in a small little window, very hard to read, impossible to change the font size (can you say "Senior citizens"), I didn't find a way to print it. I didn't try copy and pasting it. How will I know if it changes? PLEASE FIRE THE LAWYER WHO WROTE THIS. IT IS USELESS. Visit tos-dr.info.

I walked through the process for my first, card, saw the button "Edit Products", and clicked on it, before I hit pay. Oops, you lost all of the form entry bits. That's really a loss. I tried logging in again, only to realize that actually, you haven't even created my account yet. The technical term for this failure is that your site is not RESTful. This means your web development guys are back in 1998. The .aspx extension on he URLs would seem to confirm that.

I went through things again, and went to payment, at which point I discovered that Moneris really does suck. Once I enable javascript, it gets all confused, so I had to start again.

Now that you have lost my payment, I come back, and discover that I have an account now. Apparently you don't create an account until I click on "Pay", which is a serious mistake in user flow. Oh, since you check to see if my username is unique (rather than using my email address. DUH. Good web people figured that awhile ago), at the page where I enter it, by the time I get to payment, actually, it could already be in use.

so I ask for a card, and I'm asked to view the user agreement again. Another fail. I already agreed to it.

so I click on "get a card" on the left, when I get to payment for my wife's card, and I get myself a card, I get to payment, and you have forgotten about first card. Okay, so you don't really have a shopping cart.

finally, I ordered two cards, having to do two credit card transactions. I've very glad that you are putting the credit card transactions elsewhere, because if it was processed through your site, I would not be using it.

I happened to return to the contact us page (in another tab), to enter another comment, and noticed that the contactus page had expired. WAT? It's a contactus page, there shouldn't be any state at all associated with it.

Given that the web people have had an extra 8 months to fix any issues, I am pretty upset about the quality of this interface. I will have to use this site 6-8 times a year, I really expect it to work properly. I have done sites like this in 6-8 weeks, and they worked way better than this.

» Impressions of PrestoCard Site

I visited the Rideau Centre this morning to attempt to obtain a PrestoCard for myself (Monthly pass), my wife (she uses tickets 3 days/week), and my son (1 ticket every week or so). I also wanted a spare card for when my other-in-law visits. She drives from Farrhaven to our house, and takes the bus with us downtown because she is afraid to drive downtown.

The lineup at the rideau centre was basically out the door, and management seemed to be doing a good job of dealing with the unexpected number of people, but waiting an hour wasn't in my todo list today, so I proceeded to work.

I sat down at my comptuer and went to OCtranspo.com, and was led to prestocard.ca.

javascript needs to be turned on this site. I use NoScript to keep me safe from stupid things. The site should be useable for people without javascript. This is a simple requirement for a site to be accessible to people who have various disabilities. (and there is no reason for the moneris site to need javascript. none)

So, the first use of javascript is to popup a window to show me the usage agreement for the site. That's uselessly long. TOO LONG DIDN'T READ. And it's in a small little window, very hard to read, impossible to change the font size (can you say "Senior citizens"), I didn't find a way to print it. I didn't try copy and pasting it. How will I know if it changes? PLEASE FIRE THE LAWYER WHO WROTE THIS. IT IS USELESS. Visit tos-dr.info.

I walked through the process for my first, card, saw the button "Edit Products", and clicked on it, before I hit pay. Oops, you lost all of the form entry bits. That's really a loss. I tried logging in again, only to realize that actually, you haven't even created my account yet. The technical term for this failure is that your site is not RESTful. This means your web development guys are back in 1998. The .aspx extension on he URLs would seem to confirm that.

I went through things again, and went to payment, at which point I discovered that Moneris really does suck. Once I enable javascript, it gets all confused, so I had to start again.

Now that you have lost my payment, I come back, and discover that I have an account now. Apparently you don't create an account until I click on "Pay", which is a serious mistake in user flow. Oh, since you check to see if my username is unique (rather than using my email address. DUH. Good web people figured that awhile ago), at the page where I enter it, by the time I get to payment, actually, it could already be in use.

so I ask for a card, and I'm asked to view the user agreement again. Another fail. I already agreed to it.

so I click on "get a card" on the left, when I get to payment for my wife's card, and I get myself a card, I get to payment, and you have forgotten about first card. Okay, so you don't really have a shopping cart.

finally, I ordered two cards, having to do two credit card transactions. I've very glad that you are putting the credit card transactions elsewhere, because if it was processed through your site, I would not be using it.

I happened to return to the contact us page (in another tab), to enter another comment, and noticed that the contactus page had expired. WAT? It's a contactus page, there shouldn't be any state at all associated with it.

Given that the web people have had an extra 8 months to fix any issues, I am pretty upset about the quality of this interface. I will have to use this site 6-8 times a year, I really expect it to work properly. I have done sites like this in 6-8 weeks, and they worked way better than this.

January 14, 2013

Digital Copyright Canada
digitalcopyright
Digital Copyright Canada
» Remember Aaron Swartz by working for open society and against government abuses

Dan Gillmor offers great words for those of us mourning Aaron Swartz.

January 12, 2013

Rob Echlin
echlin
Talk Software
» New Java 1.7 vulnerability

I found this in my email:

http://www.h-online.com/developer/news/item/Dangerous-vulnerability-in-latest-Java-version-1781156.html

I will disable Java plugin in all browsers on my machines at work on Monday.

Cert.org is taking this seriously: http://www.kb.cert.org/vuls/id/625617

This could be used against Linux, Mac or Android, not just Windows, if anyone cared to try. They would not have access to root without further exploits, although popping up a window that looks like your Updater, or Microsoft’s, would catch some inexperienced Linux users.


Tagged: security, software

January 10, 2013

CREDIL news feed
credil
CREDIL: News
» CREDIL - Lunch-and-Learn: Git

Our next Lunch-and-Learn topic at CREDIL Lunch-and-Learn will be on "Git", to be presented by Brenda Butler on Thursday, January 17th.

If you wish to attend the Lunch-and-Learn, please contact us ahead of time so we can ensure there is enough space for everyone.

January 2, 2013

Digital Copyright Canada
digitalcopyright
Digital Copyright Canada
» Public Domain Day 2013

January 1'st each year we morbidly celebrate the death of authors and other creative persons. Flaws in the law mean the expiry of the copyright monopoly, and works finally entering the public domain to the enrichment of all humanity, is most often calculated from the year of a creative person's death.

Wallace J.McLean, Meera Nair and Michael Geist all blogged about the celebration.

read more

January 1, 2013

Michael P. Soulier
msoulier
But I Digress
» Jim Butcher on Men vs. Women

I'm reading Jim Butcher's "Cold Days", his latest installment in the Dresden Files, and I felt the need to share this quote:

So, ladies, if you ever have some conversation with your boyfriend or husband or brother or male friend, and you are telling him something perfectly obvious, and he comes away from it utterly clueless? I know it's tempting to think to yourself, "The man can't possibly be that stupid!"

But yes. Yes, he can.

Our innate strengths just aren't the same. We are the mighty hunters, who are good at focusing on one thing at a time. For crying out loud, we have to turn down the radio in the car if we suspect we're lost and need to figure out how to get where we're going.

Umm, yeah, I've had to turn the radio down...

December 24, 2012

Michael P. Soulier
msoulier
But I Digress
» Checking the weather

A while back I needed a way to check the weather forecast, simply, from a terminal, as is the preference of most Unix geeks like me. Being a Canadian, I'm not interested in the Weather Channel as much as the Environment Canada data. Thankfully, they do publish an RSS feed, and good for them.

I'm interested in this one: http://www.weatheroffice.gc.ca/rss/city/on-118_e.xml. So, to check the weather, I need to pull the feed and parse it. Pulling a page in Python is as simple as using urllib. From there, I can walk the elements I want like so:

import urllib
from xml.etree.ElementTree import parse

for elem in parse(urllib.urlopen(rssfeed)).findall('channel/item/title'):

Now, I wanted the option of picking a certain number of lines, and wrapping at a certain number of columns. I wanted this for using the script output as input into other apps, like Conky. Skipping lines is easy, intelligently wrapping them is not. Luckily, Python has a textwrap module in the standard library.

You use it like this:

import textwrap

wrapper = textwrap.TextWrapper(width=options.wrap, subsequent_indent="    ")
lines = wrapper.wrap(s)
for line in lines:
    print line

Put together, it's really that simple. I think the majority of my code is option parsing. The core loop is just this:

options = parse_options()
wrapper = textwrap.TextWrapper(width=options.wrap, subsequent_indent="    ")
count = 0
for elem in parse(urllib.urlopen(rssfeed)).findall('channel/item/title'):
    s = elem.text.encode('utf8', 'ignore')
    lines = wrapper.wrap(s)
    for line in lines:
        count += 1
        if options.lines and count > options.lines:
            break
        else:
            print line
    else:
        continue
    break

The whole thing is here. Sample output looks like this:

No watches or warnings in effect, Ottawa (Kanata - Orléans)
Current Conditions: Light Snow, -11.1°C
Sunday night: A few flurries. Low minus 18.
Monday: Sunny. High minus 9.
Monday night: Increasing cloudiness. Low minus 12.
Tuesday: Chance of flurries. High minus 7. POP 60%
Wednesday: A mix of sun and cloud. Low minus 16. High minus 8.
Thursday: Periods of snow. Low minus 8. High minus 2.
Friday: Sunny. Low minus 12. High minus 7.
Saturday: Periods of snow. Low minus 12. High minus 7.

I love building my own tools like this, it's the ultimate in end-user computing. Unix and Python are my playground.

December 21, 2012

Michael P. Soulier
msoulier
But I Digress
» Signatures in OAuth

Hi again. I already went into the basics of OAuth in a previous post, and alluded to the signatures being the hard part of the implementation. I'm using a python-oauth module for the client, but for the server, I decided to implement my own in Perl and Mojolicious, since I had problems with Net::OAuth that I deemed a protocol violation. Besides, I learn more this way.

There are multiple signature methods supported in OAuth 1.0, specifically three.

  1. PLAINTEXT
  2. HMAC-SHA1
  3. RSA-SHA1

Unsurprisingly, PLAINTEXT is the simplest. In this case, the signature is a simple combination of the consumer secret and the token secret, if there is any yet, with a slight twist. To ensure that the characters are treated properly, they must first be "normalized". This means decoding them as you would any percent-encoded string, and then...

  • convert them to UTF-8

  • escape them with percent-encoding from RFC 3986 like so

    • these characters are not encoded: alphanumerics, "-", ".", "_", "~"
    • all other characters must be encoded
    • any hexidecimal used in encoding must be upper-case

I found that hard to read, but I did find this bit of Perl to solve the problem in Net::OAuth, which I converted to a Mojolicious helper.

helper encode => sub {
    my $self = shift;
    my $str = shift;
    $str = "" unless defined $str;
    unless($SKIP_UTF8_DOUBLE_ENCODE_CHECK) {
        if ($str =~ /[\x80-\xFF]/ and !utf8::is_utf8($str)) {
            warn("your OAuth message appears to contain some "
                . "multi-byte characters that need to be decoded "
                . "via Encode.pm or a PerlIO layer first. "
                . "This may result in an incorrect signature.");
        }
    }
    return
    URI::Escape::uri_escape_utf8($str,'^\w.~-');
};

Decoding is even simpler.

helper decode => sub {
    my $self = shift;
    my $str = shift;
    return uri_unescape($str);
};

In Python, the same code looks like so.

import urllib

def escape(s):
    """Escape a URL including any /."""
    return urllib.quote(s, safe='~')

def _utf8_str(s):
    """Convert unicode to utf-8."""
    if isinstance(s, unicode):
        return s.encode("utf-8")
    else:
        return str(s)

escaped = escape(_utf8_str(s))

# Unquoting is just
unquoted = urllib.unquote(s)

So, this needs to be done to each of the parameters, in this case, the consumer key and the token secret, if any, and then they are combined with an ampersand. So, if your consumer key is, say, "myconsumerkey", and you don't have a token yet, then the initial PLAINTEXT signature is myconsumerkey&.

Now, this isn't too bad, but once you get into HMAC-SHA1 signatures, it gets a lot worse. The signature from the PLAINTEXT method becomes the key for the signature, and you'll already have the code for that now, but the raw input to the HMAC-SHA1 algorithm is a base string, that is rather difficult to construct. The input is the HTTP method, the request URI, both normalized like above and contatenated with an ampersand. Then, this will be contatenated with an ampersand to all of the input parameters in the request, constructed in a particular way.

  1. Take all input parameter names and values from all sources, and normalize them like above. (but skip the oauth_signature parameter)
  2. Sort all parameters by the normalized parameter name.
  3. Pair the names and values, contatenated with an "=".
  4. Concatenate all pairs with ampersands in the sorted order.
  5. Escape the entire string using the method above.

This is the base string to the HMAC-SHA1 algorithm, along with the key we mentioned. The final signature should match what the client generated. Oh, and if you're running your service on a nonstandard port (80 or 443), then you must include the port in the URI.

Example:

A call to http://localhost/initiate on port 80 or 443, a GET request, with the following params:

{'oauth_nonce': '21823552', 'oauth_timestamp': 1356129798,
 'oauth_consumer_key': 'Mitel test', 'oauth_signature_method': 'HMAC-SHA1',
 'oauth_version': '1.0', 'oauth_signature': 'pevzNqSnJ8QtqFUDWVlYhVRp8D0=',
 'oauth_callback': 'oob'}

The base string would look like this:

GET&http%3A%2F%2Flocalhost%2Finitiate&oauth_callback%3Doob%26oauth_consumer_key%3DMitel%2520test%26oauth_nonce%3D21823552%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1356129798%26oauth_version%3D1.0

with a key of:

mitelsharedsecret&

and a final signature of:

pevzNqSnJ8QtqFUDWVlYhVRp8D0=

Oddly, if I used the b64encode method in Digest::HMAC_SHA1, a final "=" sign is missing on the final result, so I had to pull in MIME::Base64 and do this instead:

my $sig = encode_base64($hmac->digest);

The equivalent Python in the oauth library does this:

import binascii

# HMAC object.
try:
    import hashlib # 2.5
    hashed = hmac.new(key, raw, hashlib.sha1)
except:
    import sha # Deprecated
    hashed = hmac.new(key, raw, sha)

# Calculate the digest base 64.
return binascii.b2a_base64(hashed.digest())[:-1]

That just leaves RSA-SHA1, but that requires a pre-existing SSL relationship with the server, using SSL certificates. As such, I'm not worrying about it just yet. I don't think it'll be used much.

I'll need to do some interop testing with a few different clients, I'm hoping that they're not all snowflakes. The point of the rigid nature of the base string construction is that the final product is supposed to be reproducable.

The base string construction is definitely the hardest part, and I've read that the signatures were dropped in OAuth 2.0 because they were too hard to do. I'd rather not drop the added security, and while they're a pain, there are sample implementations to follow. I think that OAuth 1.0 is a better choice. And it's, like, finished.

December 20, 2012

Michael P. Soulier
msoulier
But I Digress
» Understanding OAuth

We meet again. Thanks for stopping by. This post has a high geek factor, so if you're not one, feel free to move along, nothing to see here.

Still here? K, your funeral. At work, I'm trying to add a ReST Web Service to a product that could desperately use it. I want to do this to permit better remote monitoring of said product and remote control for one of our management services and future UIs that I may implement (think apps on Android and iOS).

This is no small task, and it cannot be taken lightly. It will likely be used by many, so it must be easy to debug and integrate with, hence ReST. I'll rant about the evils of SOAP later. It must be secure, which is easy, Apache is already on the system, with SSL support. It must be authenticated. This is tougher.

Since I expect SSL, I could require client certificates, but they're a pain to provision. You don't authenticate to amazon.com with client certificates for this reason. Setting them up is about as much fun as visiting the passport office, and it hurts the wallet too. Why should anyone pay for the privilege of shopping in a store? Oh...I'll rant about CostCo later.

A popular method of authentication for web services is now OAuth. OAuth was designed to fix a particular problem. Example: I like Twitter. I hate Twitter's web interface. I prefer lightweight and simple. Plus, it's terrible to use from a smartphone. Fortunately, Twitter has a ReST web service that uses OAuth for authentication, so a vendor can release a Twitter app for my phone that I can connect to my account. "But," you ask, "surely you don't give this app your Twitter password!" No. I don't. It's a closed-source app and for all I know, they'd send it to themselves for nefarious purposes. I want the app to access my Twitter account, but I do not want them to have my password. How do we do this? Enter OAuth.

How does it work? The idea is simple. I'm going to go to my Twitter account, and tell Twitter to issue a random "token" in my name. If you think you don't know what a token is, think again. I suspect you carry keys, id badges, smartcards, that kind of thing. There isn't any practical difference, beyond keys being functional mechanically. This token I will then securely provide to the Twitter client on my phone, and when Twitter sees it, it will know that the client is mine, and grant access. The token will be transmitted over SSL to avoid spying and replay attacks, the hard part is securely getting the token into the client, and keeping it convenient. We do not want a repeat of SSL client certificates. Provisioning needs to be simple.

But, automating such things is problematic. Even if you implement a request queue for token requests, you don't want it to fill up with spammed garbage requests, and it will if we don't prevent it. Spammers should be pulled into the street and shot, but I digress. A way to prevent this is to at least have an existing relationship between the app vendor and the service. So, if I want to distribute an app, I need to go into Twitter and tell them that I want to be a "consumer" of their service. They'll ask me all kinds of details about who I am, and then issue me a consumer ID, and a shared secret. The shared secret is a random string that only they and I know. Now, when my app asks them for a token, it identifies itself with the consumer ID, and they validate it, which includes checking a signature built from the shared secret, so they know it's a valid request. BTW, this consumer ID can be used for billing later, as not all web services are free. Here comes SAAS.

Furthermore, it's not Twitter staff that need to approve this request, it's the owner of the resource in question, the Twitter account holder. This is good, as the account holder is the one who really cares here, and the Twitter staff would otherwise be overloaded with handling requests like these. Now, HTTP is a stateless protocol, so OAuth needs to add some state in the approval process. So, initially when we request a token, OAuth responds with a temporary one, so that the resource owner can be redirected to Twitter itself to approve access to their account. Assuming that you approve, a new token called a verifier will be issued. This verifier can be provided in the response, or simply displayed in the web page so that you can copy it into the app in an "out-of-band" manner (ie. cut and paste).

This verifier is then used to request the final set of tokens from the service. It proves to the OAuth subsystem attached to the service that:

  1. The client was written by an approved vendor. consumer id
  2. The owner of the account wishes to grant access to this client. token and verifier
  3. The request was not forged by some random ass-hat on the net. signature including shared secrets

Once done, the app has a set of tokens that it can continually use to make HTTP requests to Twitter's web service. The tokens issued can also be limited in permissions, perhaps providing read access but not write access, and perhaps to only specific areas of the API. The tokens can also be revoked, if you wish to pull said access in the future. This is a "good thing". I use this to fetch tweets, to make them, to manage follower lists, etc. All securely and authenticated over HTTPS. And I do it from the command-line, with my own client written in Python, which I dubbed Twit. I pull my data from Google in the same manner, for calendar events and contacts. Thus far it has worked well.

Now, for what I want to do, I'm implementing OAuth 1.0, even though the 2.0 "standard" is kinda coming. I phrase it this way because it's been coming for a while now, and as communities often do, it's already forked, dropped some security in the form of strong signatures, in the name of developer convenience. So, I'm sticking with 1.0. It's harder to implement, but it's done, and it's more secure. I've only just gotten PLAINTEXT and HMAC-SHA1 signatures working, I'll post on that soon. I'm doing the server in Perl and Mojolicious for legacy reasons, and implementing it myself because I've had issues with the Net::OAuth module for Perl. Maybe I'm using it wrong, but thus far I've gotten no response from the author. Plus, I learn much, much more this way.

This post is running a tad long, so I'll end it here, with more to come on my trip into OAuth. Specifically implementing support for the signatures. Funny thing is that the signing part is simple, but constructing the base string is freakin' hard. You'll get what I mean if you read the RFC, or just stay tuned.

See? Geeky. I warned you.

December 19, 2012

Digital Copyright Canada
digitalcopyright
Digital Copyright Canada
» Computer Control in the context of a Gun Control debate

There has been considerable discussion (debate, flamewars) about gun control in the wake of the tragic shooting in Newton, Conn. -- so much that the NRA hid its Facebook page to avoid hosting flame wars.

It is hard for me not to be reminded of the debates about computer control while listening to all the debates on gun control.  (See: Protecting the property, privacy and other rights of owners: Bill C-19 and Bill C-11 , The long computer registry and IT control).

read more

December 17, 2012

Ottawa Android
ottawaandroid
» December Meeting

Decembers meeting will be an extra special one! Schedule We are going to be having Matt Gammache-Asselin do a remote presentation on the Parse API & Android SDK and how you can use it to build your own cloud backed Android apps! John Stewart … Continue reading

December 16, 2012

Michael P. Soulier
msoulier
But I Digress
» Getting started with autotools

So, I'm still reading O'Rielly's 21st Century C. I know, too many books on the go and I read slowly, and not often enough. I'm going through the section on GNU autotools, which I've never been a heavy user of, albiet I'm a heavy consumer of. I just don't spend much time distributing C/C++ across platforms.

I have a little C tool that I figured I'd try it on, a small replacement for GNU tree that I wrote a while back, and since tree isn't available on OS X, it seemed a good excuse to port it. Previously I just had a Makefile that I maintained, and it works fine, but it's a good excuse to learn how to use autotools for the future. I do have some libraries, and they're harder to port, which is where libtool comes in.

This build script outlines the process of using autotools for the first time. This script borrows very heavily from the book's author.

#!/bin/sh

echo "Creating Makefile.am"
cat > Makefile.am <<EOF
bin_PROGRAMS=twig
twig_SOURCES=twig.c
EOF

echo "Running autoscan..."
autoscan

echo "Creating configure.ac..."
sed -e 's/FULL-PACKAGE-NAME/twig/' \
    -e 's/VERSION/1.0/'   \
    -e 's|BUG-REPORT-ADDRESS|msoulier@digitaltorque.ca|' \
    -e '10i\
    AM_INIT_AUTOMAKE' \
        < configure.scan > configure.ac

echo "Creating additional files..."
touch NEWS README AUTHORS ChangeLog

echo "Running autoreconf..."
autoreconf -iv

echo "Running configure..."
./configure

echo "Running make distcheck to package sources..."
make distcheck

At this point, it's not ready to ship, as the NEWS, README, AUTHORS and ChangeLog aren't populated yet. But it's close. The configure script works, and I could then build it on OS X using the expected.

./configure --prefix=/usr/local
make
make install

My next project to package is a shared library for work, so that will be more interesting. Still, if you're looking to use autotools for the first time for something simple, this should take the mystery out of kick-starting it. Sure, there's some magic like the AM_INIT_AUTOMAKE macro, and I've a ton to learn yet, but this worked on the first try, and the resulting tarball is good to push to SourceForge or elsewhere if you want to.

As I pick up more, I'll try to share it. I don't find autotools intuitive at all, but with some simple recipes I think I'll survive.

December 12, 2012

Digital Copyright Canada
digitalcopyright
Digital Copyright Canada
» Discussing The Declared Value system - a proposal to liberate copyright/patent monopolies

I have been contributing to a thread on Google+ about a copyright/patent reform proposal by Karl Fogel.

While the specific proposal is interesting, I am most happy about the overall themes.


  • Recognition that we are talking about statutory monopolies, and all monopolies have a social and economic cost which must be considered.
  • Recognition that there is a need for registration and renewal for this monopoly, after a possible formality-free grace period.
  • Recognition that this monopoly should come at an economic price (registration/renewal fees, taxation, etc) to the monopoly rightsholder.

Whatever specific reforms are suggested, debated and discussed, these offer a critically needed starting point.

read more

December 9, 2012

Digital Copyright Canada
digitalcopyright
Digital Copyright Canada
» The Writers Union becoming a protest group?

While unfortunate, I was not surprised to hear that representatives of the Writers Union of Canada (TWUC) crashed a private meeting of the Association of Canadian Community Colleges (ACCC) on November 12'th. Like a "Yes Men" type of event these uninvited guests forced themselves in front of the assembled members to speak and pamphlet. They were rude enough that they had to be asked to leave the premises. TWUC protesters video taped their intrusion and sent out a press release.

I was worried this type of thing would happen when I heard that John Degen had become the executive director at TWUC. I first met Mr Degen in 2006, and my concern then was that a certain subset of authors he was part of were lobbying to remove choices from author. Suggesting that there is only one true business model to pay authors, and that authors should not be allowed to explore potentially more lucrative alternatives, appears to remain at the heart of the TWUC protest.

read more


Michael P. Soulier
msoulier
But I Digress
» Brewing a better UNIX

Being a Linux user, I'm used to a fairly standard set of tools on my command-line. On OS X, it's essentially BSD UNIX underneath, which I have had some experience with thanks to FreeBSD. The environment is very similar, but not identical, and on FreeBSD, you quickly find yourself using the ports system to install new packages that have been ported to FreeBSD from places like Linux.

It took about five minutes of FreeBSD use for me to go install bash, wget, vim, imagemagick, and a host of other packages. There's a lot already installed with OS X, but a few key things or me were definitely missing. I pulled vim from MacVim, but then I had to look for somewhere to get everything else I needed.

Being UNIX, I had several choices:

  1. Grab the source and build it myself.
  2. Install MacPorts and build it from there.
  3. Install Homebrew and build it from there.

Well, I've done source installs, I've done ports out of FreeBSD, so I figured I'd see how Homebrew works. Basically, it makes /usr/local owned by the user that installs it, which on OS X is me, as an administrative user (like a Windows power user). From there you can double-check that everything is set up properly by running:

brew doctor

It will pick up permission problems, issues with your PATH environment variable, warn you about packages that were built but not symlinked into /usr/local properly, etc. Then it's not much different than using apt-get on Debian, except that the packages are building when they install, they're not pre-built binaries. So wget was just:

brew update
brew install wget

Since then I've installed some essentials, and non-essentials if I include freeciv. Lets see, I have:

msoulier@merlin:~$ brew list
c-ares      git         lame        lua     sdl_mixer
cracklib    glib        libevent    lynx    tmux
feh         gmp         libffi      mutt    tokyo-cabinet
flac        gnupg       libgcrypt   nettle  unrar
fontconfig  gnuplot     libgpg-error p11-kit wget
freeciv     gnutls      libmikmod   pcre    xz
freetype    imagemagick libogg      pkg-config
gd          imlib2      libpng      readline
gettext     irssi       libtasn1    sdl
giblib      jpeg        libvorbis   sdl_image

Rather nicely, the packages are all installed under /usr/local/Cellar/, and symlinked into the right places so they show up in my path, and for building. As I really hate installing from source, because you never know what you have installed or how to uninstall it, or what you'll break if you upgrade it, I like this.

I do find that other packages mess with those careful permissions, so I keep running brew doctor so I know about the issues. I also noticed, thanks to a coworker, that the Perl community has done something similar for install Perl modules called Perlbrew. I'm going to look into that soon, as honestly, it's about damn time. Managing personal Perl modules sucks, has always sucked, and now thanks to Perlbrew will hopefully suck no longer. But I digress, more on that in another post.

I give Homebrew an A. An A+ would be a command to fix permissions problems without my help, and maybe there is one, these things elude me at times. I highly recommend it if you're trying to complete your *nix environment on OS X.