When multiple people are working with CVS, what can sometimes happen when you do a “cvs update” is that binary files get “merged” as if they were text files. Naturally, this can cause some file types to become corrupt.
To avoid this happening, type:
$ cvs admin -kb path/to/binary.file
Usually, you have a large number of these files (in my case, I had about ~1000 zip files). So combining the above with Bash’s find can be very useful. Assuming you are in the working directory:
$ find . -name "*.ext" -exec cvs admin -kb {} \;
The “{}” substitutes the found file, which CVS marks as binary for you.
XML Spec says that when someone declares xml:lang somewhere in the ancestor chain of an XML document, element nodes in the DOM are supposed to inherit the value of xml:lang. However, although xml:lang is an inherent part of XML, the DOM Core level 3 specs lacks means to easily find what value of xml:lang an element has inherited (or explicitly has been assigned).
From section 2.12 Language Identification of the XML spec :
The language specified by xml:lang applies to the element where it is specified (including the values of its attributes), and to all elements in its content unless overridden with another instance of xml:lang. In particular, the empty value of xml:lang is used on an element B to override a specification of xml:lang on an enclosing element A, without specifying another language. Within B, it is considered that there is no language information available, just as if xml:lang had not been specified on B or any of its ancestors. Applications determine which of an element’s attribute values and which parts of its character content, if any, are treated as language-dependent values described by xml:lang.
Below is a little useful code snippet to help you find the value of xml:lang. The code simply recurses up the tree till it finds an xml:lang attribute to inherit the value from. If it can’t find one, it just returns an empty string:
function xmlLang(element){
var xmlns = "http://www.w3.org/XML/1998/namespace";
var value = element.getAttributeNS(xmlns,"lang");
//check if we are at the root
if(element === element.ownerDocument.documentElement){
//no xml:lang?
if(!element.hasAttributeNS(xmlns,"lang")){
return "";
}
//we have it, so return it.
return value;
}
//this is an element in the tree
if(!element.hasAttributeNS(xmlns,"lang")){
//no xml:lang? recurse upwards
return xmlLang(element.parentNode);
}
//we have a value, so return it
return value;
}
To make it more useful, it would be good to validate the value derived from the code above against the IANA language tag registry.
Below are the slides for the presentation I gave at the W3C Workshop for Advanced Web APIs. See my other blog post for more information about the workshop and the paper.
Had a brief look to see if anything had changed re: geolocation in Firefox in its first beta release of 4.0. Seems they have started to integrate an indicator into the address bar.
Firefox 4 Beta 1's handling of Geolocation...
The indicator still does not show up when geolocation is active, but it’s a start and it’s good to see that they are working to fix that.
Yesterday, I found this video lecture given by him at Google. Check it out! It covers a lot of things that are in the book.
I’ll just say, it’s a little bit sad to see such few people in the audience. Also, the questions from Google employees are very defensive. In my opinion, Daniel is right to say that people should have more control over Google results about themselves, specially if those results are slanderous.
With iOS 4.0 around the corner, its probably timely to get this post out now. This little post is part of my position paper, “Privacy of Geolocation Implementations”. I’m taking sections out that paper and republishing them here for comment.
A website viewed in Safari on iPhone 3.0 requesting to use the end-user's current location. But what will the data be used for? And where is the application getting the data from?
As can be seen in the screenshot on the right, when a web page attempts to access geolocation services on Mobile Safari, the browser presents the end-user with a dialog that states “[URL] Would Like To Use Your Currrent Location” with two options: “Don’t Allow” and “OK”.
This “click to confirm” model suffers from a number of privacy issues: For one, the confirmation dialog does not give any indication to the end-user how their location is being derived: Is the location-provider the GPS? or is it the WIFI, or the cellular network, or a Web service? or a combination of those? and under what privacy policy does the location-provider provide that information? The iPhone provides no accessible means of viewing or changing the geolocation provider; hence an end-user has no control over the geolocation provider or even of knowing if their data is being encrypted on request.
Another privacy issue of Mobile Safari is that the confirmation prompts are modal: the user cannot fully view or interact with the underlying application to make an assessment of what the application might do with the positioning data, without first rejecting geolocation access to the website. Also, it is generally accepted that this kind of modal confirmation dialog lead to ‘click fatigue’: whereby users simply become accustomed to clicking “OK” to every prompt without grasping the consequences of their actions, and without having any real control over what personally identifiable data gets used, what it will be used for, or how long that data will be kept, or even if it will be made available (sold) to third parties. The privacy policies that govern geolocation services are buried three-levels deep in the “Settings” menu of the iPhone, under the “Legal” option, which contains about 50 a lot of pages of legalese and no searchable index!
The Iphone 3.0 "Legal" screen does not contain an index. Nor are hypelinks active.
Similar confirmation dialogs are found in the iPhone’s native applications (e.g., the Camera and Maps applications). If a user changes their mind about allowing location services, there is usually no way in the application for them to revoke geolocation access without either quitting the application, uninstalling the application, or finding some other convoluted way to revoke access to geolocation services (e.g., having to globally disable location services on the device through the “Settings” menu). What is worst is that once a user grants an application access to geolocation services three times, the system grants access to location services forever – or until the device is “reset”, meaning resetting back to factory default settings.
UPDATE: @andreasbovens pointed out to me on Twitter that the iPhone does, in fact, contain a way to reset location warnings. Go to “Settings > Reset > Reset Location Warnings”. My bad.
Iphone reset location warnings, which I didn't find the first time around
Applications that get granted access then do not generally provide an end-user with a means to revoke that access on an individual basis. This is also true on Mobile Safari: even after clearing the cache, history, and cookies Mobile Safari still grants websites access to geolocation without prompting the user.
In summary, Apple’s Mobile Safari browser (and iPhone 3.0 in general) provides end-users with limited access to privacy controls. It also provides no means of seeing which Websites have access to geolocation, nor once granted can that access be easily revoked by an end-user. The OS, however, provides means of achieving confidentiality by allowing the end-user to globally disable location services, WIFI, and cell-tower communication (via “Airplane Mode”). INSERT: The iPhone OS also provides a “Reset Location Warnings” option for all applications.
It’s a little bit drafty, so any feedback or comments welcomed. I will republish as a HTML file soon.
Investigating privacy in depth has been one of the most interesting things I’ve done in a long time… though it has left me a little bit creeped out. Hopefully I’ll get around to writing a bit more about what I read, what I’ve learned, and what practical changes I’ve made.
The following part of my forthcoming position paper for the W3C Workshop on Privacy and advanced APIs. Because my paper focused on implementation of geo-location, this sections had to be cut out. However, I think the following is relevant to the discussion about privacy and packaged Web applications, which is why I am publishing it here.
When it comes to privacy, it is obviously insufficient to simply define an API in terms of an Interface Definition Language (IDL), such as WebIDL and OMGIDL, within specifications. IDLs are limited in that they only allow one to express simple inputs, outputs, and data type constraints. Nevertheless, implementations exist based on specifications that only provide IDL definitions, which are agnostic to privacy. To overcome these limitations, some implementers leverage digital signatures as the means of enabling privacy-sensitive APIs in an application. For example, if application “X” is signed by company “Y” then allow application “X” to access API “Z”.
Java treats an application as unsigned, and reduces its privileges: meaning some APIs will not be available.
Such an approach to privacy is limited in that it hands control of privacy matters over to a third-party (the signer) and implicitly assumes that the end-users unquestionably, or via a End User License Agreement (EULA), trusts the signer as the authority to enable an API without necessarily informing an end-user as to what is going on “under the hood” – such a model is commonly seen in the Java application space.
Feature Requests
Others have extended the digital signature to enable API model by having software developers explicitly declare what functionality an application will use (lets call them “feature requests“). Upon installation, the end-user is presented with a dialog informing them of the capabilities the application will use, and if they wish to proceed. An example is Chrome’s browser extensions, seen on the right.
Chrome's browser extensions show the capabilities of a packaged application, but lacks information about consequences.
From a privacy perspective, this model is significantly better then simply enabling APIs based on digital signatures. However, this model is also problematic in that it often does not provide any meaningful information about, for instance, what “can access your browsing history” coupled with “access your data on all websites” means. It can be argued that this model unfairly puts the consequences of consent on the end-user, by entering them into an agreement with an application without recourse (i.e., “Yes website/application X, you can access my history data even though I don’t know what you will do with it.”).
The W3C is hosting a workshop on Privacy for Advanced Web APIs and is currently calling for position papers. Although I don’t know what an “advanced Web API” is, it’s great to see members of the W3C taking an active interest in privacy, and emphasizing that the architectural design of APIs have a fundamental role to play in protecting the privacy of individuals. The W3C has opened the workshop up to the public: it would be great to get a diverse range of people together to discuss the role and limits of APIs in protecting privacy, particularly from the academic community. I don’t know how much marketing drive there was behind the workshop, but hopefully a variety of people will submit papers.
Papers are due on the 7th of June. I’m currently trying to put a position paper together which I will post here once I’m done.
Everybody Draw Muhammad Day was a reaction to an angry mob of Muslim attacking Swedish cartoonist Lars Vilks, as well as a reaction to threats of death made against political satirists/creator of the TV show South Park. Lars Vilks is the Danish cartoonist whose cartoon drawings of Muhammad fired up a small number of muslim extremist in 2007. Wikipedia provides a good background to the controversy. According to Wikipedia, Lars Vilks was attacked for attempting to show a banned YouTube video made by an Iranian artist Sooreh Hera entitled “Allah ho gaybar”. The artwork is a montage of religions and homoerotic imagery set to the tune of “I want to take you to a gay bar” by the band Electric Six (YouTube video).
Attack
The video below shows the reaction of the protesters.
Reaction
My initial reaction to seeing the YouTube video was a sense of outrage and anger. But I wanted to understand exactly why I was angry. That is, to go beyond the simple “fucking Muslims! here they go again.” that is most people’s reaction and really does not help anyone, to a more reflective analysis of my own moral position that causes me outrage (well, enough outrage to sit down and “blog-it-out” here). I knew on the face of it that what angered me was that people would react violently towards homosexual imagery and towards Lars Vilks – doubly outraged in an academic institutional setting, which establishes itself as a place of tolerance, debate, dissemination of knowledge, diversity of ideas, and scientific inquiry (things that are a direct affront to religious dictates, which are generally inward looking and discourage questioning and self analysis – I don’t need to give examples of religious persecution of science, women, other religions, etc., as they are so common in history). Upon reflection, to me, the purpose of art is to challenge the viewer and to seek an aesthetic reaction – that reaction may differ from one individual to the next. However, to suggest that attacks were simply motivated by an aesthetic reaction to what was on screen is of course naive. It is clear that the crowd had already gathered there with the intent on disrupting the talk that Lars Vilks was about to give and had no intention in engaging in a well-mannered debate about, well, anything.
In order to understand my outrage, I need to frame what to me constitutes “the good life”: that is, that highest moral authority and rights to which I must afford all human beings in the way I interact with them, and what I expect back from all human beings – something that is clearly at odds with Muslim protesters, for why else do I feel outrage? For this I turn to the Universal Declaration of Human Rights (UDoHR). Faith-wise, this means that I believe that globally applying the UDoHR would yield a better world in which I want to live and in which I want others to live (for an atheist who is influenced by Immanuel Kant, this is a matter of faith). What this also gives us a simple set of criteria by which we can judge our own actions and the action of others upon us in terms of justice, rights, and morality. The assumption being that the UDoHR are, in fact, universally applicable and do not seek to impose a higher (read religious or “god-given”) moral authority, and that the declaration is timeless. It also does away with intermediaries (God, churches, religions) and puts the responsibility of just action and behaviors on individuals: to be clear, you do things because it is the “right” thing to do at the individual level, and not because it suits the norms of a particular time or pleases some community (e.g,. “everyone in my church says abortion is wrong”), commercial entity (e.g., “I signed an NDA”), nature (e.g., “I’m hungry, so I must eat you”), or some constructed moral authority (e.g., “God said being gay is wrong”) – I give the examples because they demonstrate subtle forms of coercion – in each case, the individual is not free because something is influencing what they do. From my understanding of Kant, turning to innate sense of human rights provides a sound basis on which to makes particularly if you apply a “maximizing principle”: simply take a situation, like suppressing someone speech, and maximize it globally. The act can only be moral if it does not violate someone else’s right – that is, justify an action on socio-economic terms, or in the interests of “the good of the people” is immoral (see the deeply flawed Utilitarianism, which seems to dictate much of American foreign policy). It is also fundamentally different from “do to others what you would like to be done to you” (the Golden Rule), for, as stated nicely by George Bernard Shaw and quoted in the criticism section in the Wikipedia article, “The golden rule is that there are no golden rules … Do not do unto others as you would that they should do unto you. Their tastes may not be the same.” Lastly, what is nice about the UDoHR is that it provides us some clear text to point at and quote from, as one would quote from a religious text.
What is clear from the video is that the protesters seem to be angry about some lack of respect for their particular moral norms (by Lars Viks specifically, and by Western Society in general). To show these images or videos seems to affect them as, for instance, an atheists being shown the video of Lars Viks being attacked by a group of Muslims (!) – that is, my reaction of moral outrage is because I see them attacking something that is normal, just, and right to me: the discussion and presentation of art and politico-religious satire within an academic context. This is where a point is drawn about what is just (in the sense of justice) and where religion though and institutions begin the threaten the liberties of individuals. In other words, when one group of people start to attack another group of people on the basis of religious morality (rather then human rights), religion breaches its boundaries and threatens, basically, everything (in the sense that “religion poisons everything”, as Christopher Hitchens puts it ).
The angry protester’s reaction then is framed as one that challenges another norm that is held as a pinnacle: that of freedom of expression. Article 19 of the Universal Declaration for Human Rights declares that, “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.” The protester’s violent attack and violation of norms within a university setting certainly violate that right. The protester go on to violate their right, and other’s participants right to peaceful assembly – Article 20 “(1) Everyone has the right to freedom of peaceful assembly and association.” They take the right away of Lars Vilks to speak, and for others to listen, and even from themselves.
This outrages me: someone (Muslim protesters) has violated someone’s rights. Violation of rights are not just- they are immoral and not in line with my view of “the good life”. If someone’s rights can be violated by this group (Muslim protesters), then one day they might come and violate my rights. And I need my rights to do the right thing by people.
Response: A Picture of Muhammad
Article 18 states that, “Everyone has the right to freedom of thought, conscience and religion; this right includes freedom to change his religion or belief, and freedom, either alone or in community with others and in public or private, to manifest his religion or belief in teaching, practice, worship and observance.” But religion cannot be used to violate people’s rights.
Exercising my right to freedom of expression I give you a picture of the Prophet Muhammad. I drew this picture to portrait Muhammad just standing there. I don’t seek to mock the “prophet” by drawing him as an animal or something offensive.
Article 18 states that, “Everyone has the right to freedom of thought, conscience and religion; this right includes freedom to change his religion or belief, and freedom, either alone or in community with others and in public or private, to manifest his religion or belief in teaching, practice, worship and observance.” But religion cannot be used to violate people’s rights.