terriko: (Default)
2014-02-16 10:48 pm
Entry tags:

Photogenic Mailbox in Snow

The snow is gone at this point (now it's all "risk of flooding" and "high winds" out here), but I thought I'd share a photo from last weekend:

Photogenic Mailbox in snow

This mailbox has a little spotlight above it (presumably so people don't drive into it or so that the mail carrier can find it), which always amuses me. I personally refer to it as "photogenic mailbox" because of the spotlight. Photogenic mailbox is apparently also photogenic in the snow, not just the dark.

I imagine I'll use photogenic mailbox in a presentation about GNU Mailman, someday!

Note: you can actually see the spotlight, or evidence of it, if you look at the photo carefully. I should have photoshopped that out, but it turns out photoshop was installed on the hard drive that died, so I haven't sorted that out and gotten it re-installed yet.
terriko: (Default)
2013-10-17 05:23 pm

I'm joining Intel's Open Source Technology Center!

I'm pleased to announce that I will be joining Intel's Open Source Technology Center (OTC), starting October 21st.

This is a big transition for me: not only have I physically moved to the Portland area from Albuquerque, but I'm also moving from academia to industry. However, I'm not moving away from either security or research: my official job title is "Security Researcher - Software Security Engineer."

There are lots of crazy smart people at Intel, especially at OTC, and I'm really excited (and a little scared!) about joining their ranks. This is exactly the job I wanted: I'll be doing security in an open source context (not only behind closed doors!), working with interesting people on interesting projects, and I'll be positioned such that my work can have an impact on the state of computer security in a global sense. It sounds like I'll be working primarily on web and Android security, which is challenging, fascinating, intimidating, and highly important. Wish me luck!
terriko: (Default)
2013-07-10 12:20 am
Entry tags:

Google Hangouts/XMPP Server does not use any supported authentication method

With all the noise about google switching away from XMPP, I was pretty concerned when Pidgin stopped connecting to Google Hangouts (aka gtalk or xmpp) with the following error:

"Server does not use any supported authentication method"

I wasted some time updating things hoping that would solve it before I finally figured out my problem: It wsn't google changing things at all; it was me. I'd changed the hostname of my (relatively new) laptop. But what I hadn't done was put the new hostname into /etc/hosts under A quick edit later, and the newly christened laptop is back on the air.

I found the solution here, but I had to dig for it a bit so I'm puting up this post that shortcuts to the answer without the debugging, just in case anyone else runs into this one and needs help.
terriko: (Pi)
2013-03-13 11:31 am
Entry tags:

PyCon PyCon PyCon PyCon

I'm not leaving yet, but it's just becoming increasingly hard to think about anything else. Which is really unfortunate, because my deal to myself was that I'd work this week (which is spring break at UNM) in exchange for taking next week off for hacking.

So, uh, yeah, back to work now. :)
terriko: (Default)
2012-10-22 01:36 pm
Entry tags:

Home for a rest?

I'm mildly discombobulated since my flight got in quite delayed last night and I swear, there wasn't enough time between travel even though I had more than a week, but here's updates:

(1) GSoC Mentor Summit was amazing, filled with open source folk who were also passionate about mentoring. It was cool having lots in common with every person I talked to all weekend.

(2) I have pictures, largely of playing powerpoint karaoke yesterday. Also of some of the guys playing rugby in the hot tub. ;) (Well, okay, just tossing a ball around, but still!) They need some serious culling so expect most of them later in the week. Arc pulled the best ones off my camera and they're here: https://plus.google.com/u/0/109741359399131092509/posts/VHbodBCsBPJ (Thanks to Denis of Gentoo for being our photographer!)

(3) Oh yeah, the big announcement is that I'm going to be the Org admin for the Python Software Foundation next year. Doomed! So yeah, I go from managing my 3 students, 7 mentors for Mailman (and backup managing another 3 students from Systers), to around 30 students spread across a pile of sub-organizations. Should be fun. Or terrifying. :) I'll probably write more about this later once it's had more time to sink in.

(4) I need to also make time to encourage folk to come to Pycon. There is financial aid available and the application is up. I'm going to be sending more personal notes out to my new contributors from GHC12 and my GSoC students from Systers and Mailman. The Mailman sprint last year was probably the most satisfying hacking event I've ever attended, and I want others to have that experience. :)

(5) I did get all my GHC12 pictures up before I left: https://secure.flickr.com/photos/terrio/sets/72157631687919350/

(6) My last official GHC12 blog post (about the open source day hackathon) is pending now that I have photos to go with it. I've got notes for a few more, but not sure I'll have time to write them.

In theory, I'll be home in New Mexico and not traveling again 'till December. Which is good, because I need to put together academic applications, write a paper with my remaining thesis research (the tech report got cited twice already, which is a sign that I should have something more peer-reviewed out there), and get the research done for my next paper. Plus, you know, squash all the open bugs/add all the missing features in Postorius, make sure the port of dynamic sublists to Mailman 3 is finished, and purchase flights for my trip home in December.

I feel like I should be a lot more stressed about all that I've got on my plate, but after a weekend with open source folk, I'm feeling pretty relaxed and pleasant and like it's all going to work out somehow. And to be honest, that feeling may be the most important thing I'm bringing back from Mountain View this week. :)
terriko: (Default)
2012-01-16 09:01 pm
Entry tags:

"Accomplishments" of a technical nature this weekend

The scare quotes are because neither of these things should have been accomplishments at all, since they should have just worked. Since they didn't, though, I'm blogging for posterity with links to the things that helped me solve the problems.

Short version: I now have 8gb of ram that works, a backup drive that doesn't, a Mailman dev environment that half works, and I kinda hate Apple. )

I'm tired and cranky, but I'm determined to win this... tomorrow.

Also, I made myself cookies, so that's something.
terriko: I am a serious academic (Twlight Sparkle looking confused) (Serious Academic)
2011-12-05 02:26 pm
Entry tags:

Looking for open source projects with good test suites

This was originally posted on But Grace, but I don't want my regular blog to wind up devoid of technical content so I'll be crostposting all my posts from there in their entirety, I suspect.

One of the cool things going on at work is some software we have that automates the creation of small bug fixes. We're looking to try it on some more active projects with real bugs, but we need projects with reasonable test case coverage so that the automated system can also ensure that it isn't causing other things to break in making the fix. Basically, we're potentially offering up a bunch of free bugfixes if your open source project has decent test cases. Pretty good deal, I hope.

Open source projects with good test suites

But how do we find software with good test cases? Here's a few I know of off the top of my head:

Open source projects with good test suites

Name/URLTest suite?Notes
Firefox A brief search turns up some automated tests My fuzzy memory suggests there was more than these...
Gnumeric Extensive regression tests for each function The function tests are in .xls spreadsheets, so we could potentially apply them to other spreadsheet software.
SQLite They claim extensive test coverage Very promising!
Webkit (Chrome, Safari) a brief web search turns up regression tests for javascript I believe the Chromium project has even more tests

Can anyone suggest other software or more details (and better links) on the things I have mentioned already?

Open source routing software

For various reasons, I've been encouraged to try experiments on open source routing software. There's some existing academic literature on the types of bugs found in open source routers, and it seems like our automated patch creation system would be a good fit especially since router bugs often cause huge outages or security problems and having a temporary patch to solve the problem right away could be a huge boon.

My query on twitter generated a nice list of open source router software, but no one seems to know anything about test suites. Here's a table summarizing what I've found thus far:

Open source router software test suite information

Name/URLTest suite?Notes
Click Unknown Nothing obvious, and given that it's on a university website, I'll be shocked if it has testing. ;)
dd-WRT Unknown Nothing obvious in the wiki, but there were lots of hits I haven't investigated.
OpenWRT Unknown Clearly there was interest in automated test suites in Jan 2011 but it's unclear to me if these are now around somewhere. Need to look more.
pfSense No evidence of a test suite Searching the dev wiki for "test" yields nothing likely, so I'm guessing there isn't one.
Quagga There is a tests/ directory, but it looks unsuitable "make test" doesn't work and "make check" pokes a bunch of directories but doesn't seem to do what I need. There's a directory called tests/ in the repository, but I'm not sure what it does. I can run the tests manually, but the output is currently meaningless to me. No one answered my question on #quagga, although another open source friend on #kernel.org suggested that the test suite may have been abandoned.
Tomato No evidence of a test suite The web site contains nothing useful, so if there is a test suite, it's likely being provided by someone else.
XORP There is a tests/ directory, unsure if suitable but look promising These look promising, but I'm having some build errors and haven't been able to run them yet

You'd think, perhaps, that reasonable test suites for routers would already exist. A generic test suite would be totally sufficient for my needs at the moment. And in fact, I've found a set of routing tests from the University of New Hampshire InterOperability Laboratory, but while their tests are well-described, it doesn't look like something we can run locally and repeatedly as we'd need to in order to test the auto-generated patches. I haven't yet found others.

Let's be clear: I don't really care what the router supports in great detail. The important thing for these tests are that there be a good test suite, and preferably a good bug queue so we can grab candidate bugs and bug test cases to try to solve them. Generally speaking, the bugs have been easier to find than the regression tests.

In summary...

I am looking for:

1. More information about router test suites.
2. Updates to my current tables of information. This represents a morning's work, so I'd be shocked if they're perfectly correct.
3. Any open source/free software projects with good test suites (and preferably good bug queues).

Again, the key here is that I need good test suites. I'm most interested in routing software at the moment, but I'm building up a list of alternative ideas if that doesn't pan out, so anything with good automated tests I'll be able to run repeatedly is of potential interest. We've got access to a reasonable amount of computing power, so heavier weight tests are fine as long as they aren't going to take all month to run.

We would love to contribute any fixes we find back to the community, so if you think your project might qualify please get in touch! I think the end result is going to be awesome for all involved: free bug fixes for the project, more impressive real-world validation of our automated patch creation system, and maybe even an academic paper out of it for some of the folk around here.
terriko: (Pi)
2011-11-15 12:24 am

Trying to use my post-GHC energy wisely

Honestly, I think I make more resolutions after GHC than I do at new year's. I'm always so inspired!

Thing 1: Pushing the development of the GNU Mailman UI

Two things came together for me at the conference:

1. One thing I heard frequently while working the free and open source software booth is that there are plenty of folk interested in getting involved with open source, but they're not sure where to start.

2. I came home with a suitcase full of paper prototypes and pictures from the Mailman 3.0 part of the codeathon for humanity on Saturday. I was looking at spending my evenings digitizing them and turning them into functional prototypes.

So... I asked for help! Transcribing paper prototypes isn't the most glamorous of work, but it's a great place for a beginner to start, and given that we're hoping to have a Mailman 3.0 release as soon as possible, new contributors would have a chance to ramp up to doing real code commits very quickly. Plus they'd be able to see their code go out and be used in the real world sooner rather than later!

I posted to the Systers list knowing I wasn't the only one feeling the post GHC rush, and I posted to the Mailman list knowing we had a would-be contributor who wanted to help.

What I wasn't expecting was that I'd have talked to NINE volunteers in less than 24 hours. How awesome is that? And most of them are women as well!

Now I have the problem of making sure I have enough for everyone to do, but with a variety of skill levels I'm sure we won't have any trouble finding stuff for everyone. I'm so excited, and I hope they are too!

Associated goals:
- Allocating more of my time to serious Mailman development.
- Getting more women involved in open source.
- Improving the usability of Mailman 3.0
- Speeding up development of the Mailman 3.0 UI.
- Doing some teaching/mentoring since I love it but won't be doing it at work this year.

Thing 2: e-textiles

The first thing I did after I got home from GHC11 was sleep. But when I woke up in the middle of the night, the second thing I did was order stuff from SparkFun. :)

I've ordered a couple of simple e-textiles kits and the goal will be to play with them. I made an awesome monster at the GHC e-textiles workshop and I was eager to do more. The end goal is to build a set of lights into my new coat that respond to my movement in some way (See the tentative wishlist), but for now I'm going to make a lit cuff/armband for walking at night and experiment with the neat little aniomagic chip 'cause it looks like so much fun!

Associated goals:
- meeting more people in the local community
- actually becoming a member of a hacklab to support my projects
- making it safer for me to walk home in my beautiful-but-not-visible new black coat
- experimenting with e-textiles
- doing some more hardware-oriented projects
- making sure I had a project that would take me away from the computer

Not-quite-a-Thing 3: Not biting off more than I can chew

A common theme at GHC is reminding people that we have to really be careful about time management so that we don't get overloaded, so I'm choosing those two things that cover lots of my personal goals, and I'll aim to do them well and save the other things I want to try for later. Wish me luck!

I'd love to hear how other people are using what they learned at GHC11!
terriko: (Default)
2011-11-10 12:45 am

GHC11: Day 1 - Volunteering is a great way to meet people!

People often comment on the number of ribbons on my badge, and I always tell them that I get a lot of them because I like volunteering at GHC. Volunteering every year keeps me with a nice balance of meeting new people and having an excuse to sit and chat with friends who I met volunteering in previous years. Plus, badge ribbons are just fun:

My day started with an orientation for Hoppers, and I was not nearly awake enough to take pictures of that.

From there, I headed to the Free and Open Source Software booth, which is kinda unusual among the booths at GHC11 in that we're a collection of people working on completely unrelated projects, and you'll get to hear about completely different things if you come back a few hours later. Plus, some of the coolest and most inspirational women I know are working at the booth. One of the things about open source is that it attracts a lot of people who are willing to just Get Things Done and who are able to not only get the technical details right, but also able to organize their own time and other people's to make sure things happen. If you went to Jo's session in the afternoon and realized you want to be known as the sort of person who really gets stuff done, you should be looking to these people for tips!

Then I moved on to the PhD Forum. Here's pictures of the lovely presenters, but I'm too tired to dig out my session notes so I'll just suggest you mosey on over to Valerie's blog about the session.

There's a blur of meeting people and chatting and getting caught up between every session. It's awesome!

I also got a chance to meet with the other community volunteers, yet another illustrious crew of smart awesome women who are passionate about using social media and all our other tech tools to share the experience of being at GHC11 online. Anyone who comes to GHC11 and takes a picture, writes a blog post, tweets, and participates in our online communities can be part of our team! If you want to know how to contribute your stuff to the online communities, just ask!

A few people were willing to humour me today by playing "real life angry birds" with me at the open source booth. I crocheted a bunch of birds to play with, and used it as an excuse to take pictures as a community volunteer. Lots of people have asked if they can have one, and I wish I had time to crochet them for everyone, but alas, I'd get a hand cramp long before I finished! However, please stop by the booth and play with them and take pictures over the next few days, just remember to leave them for the next visitors.

Next up, I went to Jo Miller's session on building your personal brand. Once again, I suggest you visit Valerie's blog to learn more about Jo's talk. I'm going to echo what someone I talked to today said and point out that the neat thing about Jo is how she really motivates this stuff. Brand-building sounds like marketing or startup culture speak to me, but she had a great story about a women she met who felt she was "the best-kept secret of the company" -- but you don't want to be a secret! I may write a post about this later, but for now, read Valerie's. :)

Towards the end of the session they did a speed-networking thing, and I totally made the rookie mistake of leaving my business cards in my purse when we got up to stand on this weird grid thing to facilitate moving and networking. The most amusing moment for me was when we got over and everyone was too busy networking to listen to the instructions on how we should network!

Then it was back to the open source booth for me, where I got to talk to more super cool people and play more angry birds:

I talked about how open source is awesome when you're in grad school. I talked about to get internships at open source companies or through google summer of code (we loooove students!) I talked about what drew me to GNU Mailman (short answer: technology that helps build communities and fun developers to work with!) And I got to hear about people's backgrounds and worries and projects and how their companies use open source software.

Then my final job of the evening was as a Hopper working the registration desk. I figured after the bustle of the open source booth, working a quiet registration desk would be boring... But I sat down next to Kate and had a blast talking about Margaret Atwood, working in technology while wearing a skirt or even a suit, our (relatively) new jobs, and everything else we could think of for a few hours. It was great!

And then back to the free and open source booth where I got to sit and chat with Mel who I admit I probably fangirled all over because I love the way she's been blogging about viewing academia from an open source perspective, and she is just totally one of those people who always seems to be doing cool things and thinking about them in insightful ways and I was so very exited to meet her. Hopefully i didn't talk her ear off too much, given how tired we all were by this point!

When the show floor closed up, it was time to head back to the hotel, and now I've stayed up too late processing photos and blogging. Oops! Tomorrow's 7:45am breakfast meeting with my security panel is going to feel very early!

But thankfully, you don't have to get up before 7:45 to talk about the panel; you can all just come see the finished product at 11:30am-12:30pm in B113-115 where I'm on a panel about online security for technical women. Hope to see you there!
terriko: (Default)
2011-08-16 04:07 pm
Entry tags:

I'm moving to Albuquerque!

The job: Postdoc at the University of New Mexico

I'm going to be starting a postdoc at the University of New Mexico this fall.

I was fortunate enough to have some great interviews and offers, but I chose UNM because I was guaranteed to be doing the sort of research I find most interesting there, and because the people are fantastic. It was actually the only place where I got much chance to meet my prospective colleagues so I know I'm joining a very interesting team of biologists, software engineers and security folk. Part of my job will involve being the glue between the 4 teams, so I'm likely going to work with a lot of different people on a regular basis!

One of the researchers compared the project to skynet, and it's actually disturbingly apt, although thus far without the homicidal AI. Maybe that's where I come in? More seriously, I'll be working on biologically-inspired artificial life / computer immunology for security applications. Their early results are insanely promising, and I'm really excited about working in a space where no one will be fazed by my use of biological metaphors for things. (I was raised by wolves biologists, recall.)

And yes, for those of you who heard about some of my other contract negotiations: this postdoc does mean that I'll be able to continue working in open source and more specifically that I'll be able to continue working on Mailman. I'm all excited about doing some informal user testing on the work our Summer of Code students have produced, so expect to see me asking for help with that once I'm settled.

The move: Albuquerque, NM

John and I were down house hunting this past week, and have secured the most beautiful apartment for Sept 1st. I wish I'd taken pictures to show you; it's really gorgeous with high ceilings, this nifty kitchen, and even a hammock in the backyard. The landlords actually knew and could name their neighbours, which makes me feel better about the neighbourhood, and it'll be an easy bike ride in to the university which alleviates my need to buy a car right away. It'll be just me there for at least the first few months, but there's enough space for John to move in later. There is also a full guest bedroom, so please consider coming to visit!

Moving is... going to be a pain. The quotes I've got today run $5-6.5k, and I've been allotted a $1.5k moving allowance. The cheap quote is from PODS, assuming I move a 8x8x16 pod which they recommend for a 2-bedroom, but I may phone them again for the 8x7x7 sized quote since I'm planning on leaving a lot of my furniture behind. Currently planning on taking my bed, a couple of the good bookshelves, clothes, kitchenalia, and a few boxes of books. It may make more sense to ditch the bed and just ship small boxes, though; we'll see. Moving recommendations appreciated.

The thesis

Is not yet complete -- my supervisor just got back from a family event last night and is back to editing today, so I'll be back to revisions later this evening. I really hope this can be done soon!
terriko: (Default)
2011-06-28 04:42 pm
Entry tags:

Uniquely defining an HTML element

As some of you may know, my last paper was on visual security policy (ViSP), a neat idea I had about how to add security policy to a website in a way that was more in line with how sites are designed. I based it on my own knowledge working as a web designer, as well as ideas from a variety of friends who have or do work in the web space professionally and not.

You can read my presentation the larger run-down or read the paper, but the idea behind ViSP is that it's sometimes very useful to subdivide pages so that, say, your advertisement can't read your password, or that funny video you wanted to embed doesn't get access to post blog entries, or whatever. Sadly, right now anything embedded in the page gets access to anything else unless some awfully fancy work has been done to encapsulate parts of the page. (And given how much people tend to care about security in practice, this doesn't get done as often as it should.) We currently just trust that any includes will play well, which is super awkward since malicious code can be inserted into around 70% of websites and you can't very well expect malicious code to play nicely.

Anyhow, I digress.

I'm updating this particular policy tool so that I can generate some policies to test, because I'm tired of building them manually, and my not-terribly-scientific method of clicking randomly on things to make policy has turned up a problem: what happens if you want to set policy for an element that's just one of many paragraph tags or whatever, not assigned an id?

With ViSP, we assigned an index based on how many such tags we'd seen, but I figured while I'm updating this surely I could find something more standard...

Turns out, no, that really is the best way to do it. At least according to the selectors API, which includes a nth-of-type() pseudo-class that seems to do pretty much what I want.

So now, if you're using my tool and wanted to define policy for a given tag, any given tag, we can make that work for you by building up a CSS selector to find it. Of course, it'd probably be cleaner to read if you only set policy on tags with ids or classes, but I don't have to require that as an additional hurdle to policy creation. I figure this is likely a net usability win when it comes to policy generation, and let me tell you, security policy is not a field known for usability wins. (So much so that if I google search for the words security policy and usability... I see a post by me on the front page suggesting usability studies on CSP.)

Anyhow... Thanks to having to learn querySelector earlier, I was already primed to create querySelectors for uniquely defining tags. Thanks Mozilla documentation! You're a terrific coding wingman, introducing me to all these awesome apis. ;)
terriko: (Default)
2011-06-27 03:39 pm
Entry tags:

Notes from building Firefox on Mac OS 10.6 using fink

This is my (slightly cranky) record of building Firefox. I am reminded of why I don't do much open source dev directly on my mac -- documentation tends to be weak, and searching error messages yields many people being told by devs "I'm sorry, I don't have a mac to test this." Frustrating. Actually, I probably should have thrown more of the error messages into this document for those people... but I'm not going and breaking my build again to do that, so this is mostly for my own reference.

Mozilla does, a few layers deep, tell you that fink is not recommended for building Mozilla. It's buried in this document, but of course that came well after the "getting the source code" document which said fink was fine, and is surrounded by instructions on how to use fink. Oh well.

I had to upgrade fink to get Mercurial installed properly, so I'm feeling stubborn about it now and want to see if it can be done. So here's what I've had to do....

  1. Reinstall fink to get mercurial

  2. Get the source. Which takes a good long while, but takes even longer when it hangs the first time and you don't bother to fix it for an hour.

  3. Make a mozconfig file in the source directory. Mine currently contains:

    . $topsrcdir/browser/config/mozconfig
    mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/ff-dbg
    mk_add_options MOZ_MAKE_FLAGS="-s -j4"
    ac_add_options --disable-optimize
    ac_add_options --enable-debug
    ac_add_options --enable-tests
    ac_add_options --disable-webm

    The very last line is because webm threw an error, and I didn't care enough to debug it just now.

  4. Then you can start trying to run make -f client.mk and see what breaks, such as webm as I mentioned above.

  5. You'll need autoconf2.13 because Mozilla is stuck in the past requires some features from it. The fink package is called autoconf2.13-legacy, and when you run fink -b install autoconf2.13-legacy it will install non-intuitively in /sw/lib/autoconf2.13 to avoid conflicts. I then added a link so that mozilla's default config file could find it:

    ln /sw/lib/autoconf2.13/bin/autoconf /sw/bin/autoconf2.13

  6. Next I was missing libIDL-2.0, which is libidl2 in fink. Yet another fink -b install libidl2 and some waiting.

  7. I thought my next problem is due to missing Java libraries, available from Apple, but it turns out that it was actually something else, so I have no idea if these are really necessary.

  8. The "something else" is that I don't have the 64bit libraries thanks to not having selected "64 bit only" when installing fink. Bank to reinstalling fink... *sigh*

    I'm awfully glad I started making this list, though, as I'm now going to have to go through it all again.

  9. Get some hideous error:

    IOError: $MACOSX_DEPLOYMENT_TARGET mismatch: now "10.3" but "10.5" during configure

    It seems related to this bug in python2.7, although it doesn't seem like it's python's fault so much as fink's if my python was build for 10...

    Fastest solution: uninstall python 2.7. Which uninstalls mercurial since it was based on 2.7, but I don't need to check anything in for a while and care more about having a functioning build atm.

  10. Over an hour of compiling later... Success! I can run TumucumaqueDebug.app (yes, that's Firefox) from obj-ff-uni/x86_64/dist -- not that this was helpfully given to me anywhere. After some fruitless directory clicking, I found it by searching for *.app.

Final mozconfig:

. $topsrcdir/build/macosx/universal/mozconfig
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-ff-uni
mk_add_options MOZ_MAKE_FLAGS="-s -j2"
mk_add_options MACOSX_DEPLOYMENT_TARGET=10.6
ac_add_options --disable-optimize
ac_add_options --enable-debug
ac_add_options --disable-webm
terriko: (Default)
2011-06-26 12:24 pm
Entry tags:

Upgrading fink from mac os X 10.5 to 10.6

More notes from getting myself set up to write code:

The fink project has a page about upgrading from 10.5 to 10.6 with fink.

It's very easy to get distracted by the nice step-by-step description that takes up most of the page.

The pertinent bit of information is at the top, though:

you will probably find it easier to do a clean install from source instead.

I probably should have just done that first, since the lovely instructions didn't work at all for me. Oh well.
terriko: (Default)
2011-06-26 10:27 am
Entry tags:

hasAttribute deprecated? using querySelector.

I have a Firefox add-on I made several years ago to help me explore page composition and generate (theoretical) web security policies, and I decided to pull it out of storage and see if it could still be helpful. Of course, my browser decided to update Right Then, and I decided it wasn't worth fighting to stop it from doing so.

So I updated the add-on so that it included versions 5.* and actually, it mostly still worked (despite having been written for, I believe, a very early version of Firefox 3, or maybe a late version Firefox 2? This is one of my earliest add-ons.) except that apparently hasAttribute/getAttribute doesn't exist anymore.

I can't seem to find anywhere telling me that they've been deprecated, and more importantly, what I should be using instead, which is irritating. But the end result is that it doesn't work, so I needed to find something else. It looks like the solution for at least some of my code is to instead use a querySelector to look for all elements with that attribute.

Of course, I never seem to want to do exactly what the darned examples show. So in case you're like me, the way to search for any tag with a given attribute using querySelector is like this:


And if you wanted to search just a specific type of tag, then you'd specify that instead of *. So if you were looking for the alt tags for every image, you'd do...


But I'm concerned by this note in the querySelectorAll documentation, which tells me that it "Returns a non-live NodeList of all elements descended from the element on which it is invoked that match the specified group of CSS selectors."

There's a big warning elsewhere that it's non-live too, unlike other such methods. So my questions are... why is it non-live, and what do I need to do to get a live list? For my particular purpose at the moment I don't think I need it to be live, but for some of the older code that I might want to update in the future I probably do.

I'm mostly just recording this for my own reference later, but if someone happens to be able to tell me if there's another function that more directly replaces hasAttribute, or there's a good way to get a live list of elements with a given attribute, I'd love to know!
terriko: (Default)
2011-06-24 03:54 am

The Ada Initiative

One last blog post for today, I promise!

The Ada Initiative Seed 100 campaign: donate in June to support women in open technology and culture

Donate to the Ada Initiative’s Seed 100 campaign to support women in open tech and culture!

I've been completely remiss in mentioning this. (I blame thesis, as usual.) My friends Mary and Valerie have started the Ada Initiative to support women in open technology and culture, and they're looking for a few more donors to round out their initial funding round.

I regret that right now I don't have money to support them financially or time to be a bigger part of what they're building, but what I can do right now is tell you why those of you who can donate should do so.

Some of you may already know one or both of them. If you don't, you should know that Valerie and Mary are both awesome at getting things done.

When Mary was running Linuxchix, not only did she keep things in basic working order, but she also had a great vision for driving things ahead and doing more. While the new coordinators have done a good job of keeping things going, I'm really sad that when she left we lost that extra push to go beyond our original mission. After a women-in-tech BoF Valerie organized (and I attended) at the Linux Symposium, she went on to write the HOWTO Encourage Women in Linux, making sure that the things we'd discussed could be brought to a wider audience. They go beyond the level of keeping afloat as non-stereotypical geek, and towards making things better.

There's a lot of frustrating things that come up as a geeky woman, some big, some small. I'm trying to do my part by writing for geek feminism and bringing attention both to the good and bad. But Valerie and Mary believe they could have an even bigger impact on the problems if they worked on this full time rather than relying on all of us already busy people to work that second shift.

These are women who can recruit teams of top-notch volunteers, build networks, and seriously make a difference in the world, so if you're interested in supporting women in open tech and culture and want to know your dollar's going to have an impact, The Ada Initiative is a great cause.
terriko: (Default)
2011-06-12 09:11 pm
Entry tags:

Linux Symposium

I'm pretty busy with thesis this week, but the organizers of the Linux Symposium generously offered me a free pass, so I can stop by and say hi! Right now, my plan is to stop by for a bit tomorrow afternoon (Monday) if I get my other work done far enough along and then maybe again on Wednesday. I'm sad to miss Jon's kernel report (and I hope he's awake for it), but I know if I go in the morning I won't get enough work done for Tuesday's deadline.

Most of my usual OLS crowd decided to try out LinuxCon this year, so I'll be down a few friends, but I'm still looking forwards to the chance to socialize. Thesis-writing can be very isolating! And I gather I'm easy to spot at OLS, so make sure you say hi if you're there!
terriko: (Default)
2010-08-30 03:42 pm

Too Few Women in Tech? There's more than you think.

This post entitled Too Few Women In Tech? Stop Blaming The Men was making the rounds when I got back from camping yesterday. It's a "just do it" rallying cry, which is not unreasonable (more women trying will likely result in more succeeding) but one that's made a bit blindly, unaware of some of the barriers that those who try are facing.

There's already an excellent response out there which says most of what I wanted to say: Too Few Women in Tech? Stop Playing the Blame Game. Basically, quit trying to blame it all on men or women or society or math test scores and try working together to create solutions. All of these things (and more) are to blame, but pointing it out isn't nearly as helpful as finding work-arounds.

But there's still one thing I'd like to pull out of the original article:

We beg women to come and speak. (...) And you know what? A lot of the time they say no. Because they are literally hounded to speak at every single tech event in the world because they are all trying so hard to find qualified women to speak at their conference.

Let me tell you a story. One year, it was announced that one student in my department was going to get a special job. Over the months afterwards, I heard a lot of grumbling. The problem was not that said student couldn't do the job: the person was an excellent candidate. The problem was that the student had been the only candidate. The university had quite a number of other talented students, and they had not been made aware of the upcoming position or given a chance to apply. The person who got the job was the same person regularly nominated for special scholarships, invited to special events, seemingly given first right of refusal in many other projects. The upper academia equivalent of a teacher's pet.

The problem was that the university saw themselves as having a single exceptional candidate, when in fact they had probably 10, 30, or more.

I think this is what's starting to happen when it comes to women in tech. Sure, there might not be enough of us. Sure, it's no where near the 50% of the population. But that doesn't mean you get to ask the 5 women you know or have seen speak before and then sigh and say "it's too bad no women want to participate." Like the university, you're probably missing at least 10 times as many who are qualified, but haven't been quite so heaped with honours so they're harder to find.

If all the women you're asking are all busy, it's not necessarily a sign that all possible excellent candidates are busy; it could just be a sign that you're looking in the same place as everyone else.

Because I interact with a lot of other techcnical women, I know there are many good people who just don't hear about speaking opportunities. And others have so many requests they can't handle them all.

So in the spirit of being useful, here's some wider places you should look if you're trying to find some great women speakers. Maybe not all of them have given keynotes and been interviewed a dozen times, but they're still interesting people who could enhance your event:

  • The Grace Hopper 2010 schedule includes a many women speakers on a number of topics. (I'm on the open source track!) I found the calibre of speakers at GHC 09 to be especially high, so it's a great place to start when looking for a great speaker. Feeling overwhelmed by the sheer number of candidates? Talk to @ghc and ask for help making the right connections.

  • Geekspeakr.com is intended to help events find technical women speakers and vice versa. You can search by keywords or just browse around. These folk have all signed up saying they're willing to speak!

  • My university Women in Science and Engineering group ran the Carleton Celebration of Women in Science and Engineering last spring, and I was especially impressed with the the technical speakers during the day (i.e. before 5pm) because they were presenting graduate level research and ideas in ways that were accessible and fascinating. These women are definitely a cut above when it comes to science communicators!

  • There are many women's groups around you can ask. I'm a member of Systers (originally for women in SYStems, now a more general women in technology group) and Linuxchix (a group for women and allies interested in Linux or other open source). But there's lots more such groups.

And that's only scratching the surface of places I'd look if I wanted to find good female speakers. Need some more help? Just ask!
terriko: (Default)
2010-07-08 04:47 pm

HotSec & LinuxCon or How I wound up speaking in 2 cities in 3 days (totally different topics too!)

My paper was accepted to HotSec! This is the web visual security policy research I've been working on for a while in various forms, but this is my first proper paper on the subject (although some of the related issues were touched upon in my W2SP paper). Getting in to HotSec is rather a big deal, as it's among the top publishing venues available to me. I was one of 11 papers chosen (out of 57). Go me! So I'll be heading down to DC on August 10th to present it. If you're curious, we should have the final camera-ready copy done in a few days.

My HotSec acceptance causes a bit of a logistical problem, though, since I've also been accepted to speak at LinuxCon on August 12th. It's a bit of a long story as to how I ended up applying at all, but the short and relevant part is just that I wasn't originally planning on submitting to HotSec and didn't realise I'd have such a conflict. (There's a longer story involving speaker diversity issues and good folk willing to go out of their way to work on solving them.)

Anyhow, I really *should* send my regrets to LinuxCon as, academically speaking, it makes a lot more sense for me to go to USENIX Security immediately following HotSec. Especially this year, as I'm hoping to graduate soonish (more ish than soon; don't get too excited) and should be networking as much as possible. But I chatted with my supervisor, and he agreed that it's a bit of a toss-up as to which is more valuable to me: it's nearly as likely that the person I need to meet will be at LinuxCon and that I'll wind up finding a job through open source connections. Raising my open source speaking profile may be just as useful.

What's clear is that Mailman benefits more if I go to LinuxCon, since I'm going to be talking about upcoming awesomeness in version 3.0. The other day, I had someone comment that they didn't even realise Mailman was in active development... ouch. I think getting people interested now, while we're in alpha, is probably absolutely perfect timing. Plus I'm hoping to have some nice stuff to show off from my excellent GSoC students, if they're willing to let me talk about what they've been doing with the archives, and maybe some of the other projects as well.

If you're interested in coming out to LinuxCon, they helpfully gave me a 20% discount code to share. Drop me a note and I'll pass it along (they asked we not just post the code publicly, but I can pop it in a private post later). If you can offer me a job then I'll be able to tell my supervisor I made the right choice. Heh. No, seriously, it's just nice to see people.

Anyhow, I'll make my final decision when I see if the travel arrangements are ridiculous, but it *should* be relatively easy to go from DC to Boston after HotSec, so let's hope this all works out!
terriko: (Default)
2010-03-24 02:20 pm

Ada Lovelace Day profile: Jennifer Redman

Ada Lovelace Day is an international day of blogging (videologging, podcasting, comic drawing etc.!) to draw attention to the achievements of women in technology and science.

Women’s contributions often go unacknowledged, their innovations seldom mentioned, their faces rarely recognised. We want you to tell the world about these unsung heroines, whatever they do. It doesn’t matter how new or old your blog is, what gender you are, what language you blog in, or what you normally blog about – everyone is invited.

To be honest, I didn't feel much like writing for Ada Lovelace Day. It feels like writing is all I do lately: a paper and a poster proposal due this week, plus the all-consuming nature of my thesis proposal that I finally submitted this month after more than a year of work. I love research/coding and I even like writing, but when they're too far out of balance I start to feel like I'm one of those people who's all talk and no action.

But Jennifer Redman is one of the people who's been pulling me out of talking and into doing, which makes it even more important that I honour her today.

I don't honestly remember when I first met Jen online -- probably through Linuxchix or maybe Mailman -- but I got to meet her for the first time in person at GHC09 after she invited me to help out with the Systers code sprint.

Jen really grabbed my attention because she was using Systers to focus on something that sometimes gets overlooked: getting individual women who already know how to code to the point of making open source contributions. And not just in a general supportive way, but in a specific, defined, "here's a project, let's hack!" sort of way. And it doesn't hurt that geeking out with other women is fun. Not that computers for girls isn't a great idea, but getting more women involved now means we've got the role models we want for those girls. And here's Jen with some grand ideas and bugs to fix and a pile of virtual machines to get women playing around in open source software sooner rather than later.

I often hear talk of such ideas, but often no one has time to follow through. What makes Jen especially incredible is how dedicated she is to the follow through. She helps keep the Systers mailing lists running (and on-topic!) She got that code sprint together, and already has plans for next year. And now she's assembling an all-star team of mentors for the Systers GSoC 2010 projects, getting us all talking and thinking, and making sure we're committed, and ready to go both mentally and technically as the students start to arrive. She's got a great level head and a willingness to say what needs saying when things get rough -- her sane commentary on some really horrendous geek feminism issues made me feel just that much more grounded when we chatted at GHC. And I'm sure she's doing all sort of other awesome stuff that I don't even know about because I'm so wrapped up in my own world.

I've been scaling back my volunteer/open source activities for the past few years as I get more deeply involved in my PhD, which means that I say no to a lot of things. But Jen and Robin Jeffries chatted with me about doing archives at the code sprint, and managed to come up with exactly my perfect project: Mailman development (on archives, no less!) where I get to work one-on-one with students and women in computing. That's three of my favourite things right there! But I'd probably still have said no if some stranger came up and offered that to me. What makes this a project worth rearranging my life for is Jen: I don't know everyone else yet, but I know that if she's involved, things will happen, and I'm going to be proud to have been involved.

So thank you, Jen. Here's to a great summer!
terriko: Yup, I took this one. The eyes are paper, not photoshop (chair)
2010-01-25 07:16 pm
Entry tags:

Re: [*****SUSPECTED SPAM*****] Investigating the Role of Proximity on OSS Project Innovativeness and Success

This is a letter I just sent to several researchers who were conducting a survey on open source developers. As you can see below, I never answered the survey, and I explain why in hopes that future researchers will learn from these mistakes and present more compelling research initiatives.

Dear Barbara Scozzi and Antonio Messeni Petruzzelli,

I just wanted to let you know why I never took part in your survey, despite the fact that I have taken part in similar surveys in the past.

The first reason should be readily apparent from the subject line of this message: your message really looked like spam. This was especially true when I received multiple copies of the message from your team, to the same email address.

The second is that you sent the survey in Microsoft word (.doc) format, which seems like an inappropriate choice when contacting open source software developers. Typically, OSS developers prefer to use open source alternatives such as Open Office, and many people have been burned by years of MS Word viruses and are justifiably hesitant to open such an attachment. And honestly, I would have preferred to do a quick web survey rather than spend time opening, editing and returning a document to you. There are a variety of survey tools available and I highly recommend you investigate these options for future research. They can make the task of responding to your survey much less onerous for participants.

The third is that you managed to mis-spell my first name in the salutation of the first email I received from your research team, despite the fact that my first name is spelled correctly in the Sourceforge user data you seem to have used to find me. While this may seem minor, this sort of small rudeness did leave me with a negative first impression of your team.

Finally, you may wish to be aware that if you are reaching current GNU Mailman developers, as seemed to be the case, you may do better searching on Launchpad, which we switched to for development over a year ago, if memory serves.

You may wish to take a look at Mary Gardiner's writings regarding how best to present yourselves and your research when doing such surveys. She has a very short summary here:


And further discussion of related issues here:


Thank you for your time, and I hope this letter helps you engage more participants in your future endeavours.