Ditch your stock rom
Disclaimer: I am not responsible if you choose to flash your phone and brick it; you will probably loose any and all warranty when you root.
For the better part of a month I have been running a prerelease of Cyanogemod9 on my phone. The experience has been so positive, that my future device purchases will have a custom-rom-support requirement.
In general, the Samsung phone I own is a very nice gadget. Sadly, this manufacturer chooses (like all major vendors at the moment) to include a staggering amount of crappy apps, proprietary services and useless dependencies. This had been more or less acceptable within the confines of the Andriod 2.x series. The OTA update to 4.0.x ICS is what broke the camel's back. Google has put an enormous effort into making the plattform look consistent, pretty and easy to use, Samsung chose to actively circumvent this and rebranded the entire UI to make it look like a Samsung 2.x rom. Not to mention their annoying release policies through which unbranded phones (i.e. phones with a little less crap) received their 4.0.x upgrades last after months and months of waiting for the 4.0.x roll-out.
In summary, I looked forward to ICS and was extremely disappointed by the vendor and thus decided to root my phone and install a custom rom. The procedures involved are relatively easy to find on the web, in short, I flashed a rooted kernel with heimdall, installed Rom Manager and the rest was point and click.
Cyanogenmod really delivers on the promises ICS made: it's pretty, great to use and a great leap forward in pretty much all aspects compared to 2.x. Also, now having root on the device offers other benefits, such as, you know, backups. I cannot fathom what goes on in Samsung's management if they think Kies would be even a partially acceptable excuse for locking their devices down as they did. The far-reaching developer tools are also a nice addition. In my opinion, not having to accept "Samsung Apps" on the device is already worth the risk. The only thing I'm missing is MHL HDMI support over USB, but that seems to be in the pipeline for future releases.
The only thing left is to start a campaign to beg Android developers to stop reinventing the wheel and finally follow the rules in their apps.
Migrating Firefox's password storage to Loxodo
Photo CC-BY by myklroventine
Passwords are inevitable. At least for the next few years. So it makes sense to find a reasonably secure but efficient way of managing them.
For the last few years, I've used a combination of CLI password generator, Firefox's password manager with a master password, a manually encrypted reference and my memory. This was an adequate solution but has certain limitations in terms of dependence on a specific browser profile and manual workarounds when a specific site misbehaves. So I looked around.
Choosing a password manager
There are hunders of password managers available today, so I'm not going to attempt to summarize even a portion of them here. Password Safe stands out from the rest, though. First, it helps that its original author is a credible source. More importantly, though, the file format is documented and alternative clients and libraries are available. Also, there is an Android app available, too, and it comes with sensible permissions. I look forward to using this when away from my laptop.
A Linux client (Beta) now exists of the original Password Manager and I might try it out sometime regarding auto-input, but for now the simplicity of Loxodo appealed to me. I'm unsure whether I'll invest the time to learn wxWidgets to add a grouping pane or whether I'll switch clients at some time. In either case, the underlying file format gives me an easy way to switch back and forth between v3 clients.
Exporting from Firefox
Getting the list of logins in Firefox Password Manager exported requires a separate extension, Password Exporter worked well for me. I based my work on the CSV output. I suggest cleaning the file up a bit before importing. For example, consider removing superfluous headers. Since there isn't an exact match between the title field in Password Safe and the export from Firefox, I used the host entry as title and formSubmitURL as url. The former really doesn't need the http, so stripping that made sense for me:
:%s/^"https:\/\//"/g :%s/^"http:\/\//"/g
Importing to Loxodo
Armed with a CSV file, getting the data into Loxodo was a straighforward process and was made extremely easy through the existing CLI components. Iterating through the CSV file and calling the relevant vault function for adding an entry can be done in Python with a handful of lines, you can find my importer commit on Github. Working with PHP most of the time, I find the elegance, efficiency and fun of Python still suprising every time I have a chance to use it.
Drupal Quick Tip: Overriding strings
Photo CC-BY by smithser
Drupal comes with its own terminology and sometimes the strings returned to the user are not quite the vocabulary he or she uses. For example, a small library might refer to the people who have their library card as patrons or members. If a module to manage those users uses a different term this then can cause inconsistency, confusion, etc. One can, of course, just change the strings within the given contrib module but then upgrading becomes a tedious process of merging changes by hand. There is a much nicer solution available.
String Overrides
Within settings.php one can specify strings which should be overriden, so that a consistent word choice can be implemented without having to mess up core or contrib. The OpenAtrium documentation has a nice explanation of how to use this.
If you don't mind adding one more contrib module to your installation, there is also a gui solution to do this for you, called the String Overrides module.
Tags:
Failing infrastructure
I have been digging through the 27C3 recordings from time to time and one which especially caught my eye was Eleanor Saitta's talk titled "Your Infrastructure Will Kill You" (Youtube, Webm Torrent). Her argument is that infrastructure will be neglected until the point of catastrophic and costly failure. This, she concludes, is primarily due to the fact that the agents in charge of said infrastructure normally do not have any incentive to invest in it. Short term gains, through cost cutting measures are tempting if the problem only occurs years or decades after one leaves the elected office.
Photo CC-BY by reallynothing
Several months after her talk Fukushima happened. Watching the talk after this event underscores the fundamental importance of infrastructure, though it does not address the inherent problematic operation of nuclear power plants. Having only recently come across her talk I was excited to hear her perspective on this topic in regards to the recent crisis on byciclemark's excellent podcast. (Also check out his 26C3 talk and his 24c3 talk.)
Slightly unrelated but also quite interesting is her talk at The Next Hope in 2010 on Buying Privacy in Digitized Cities and others in her list of talks, recordings can be found online with some digging. Overall, she's an interesting person to follow (@dymaxion) with an unusual set of insights.
Learning the basic sciences today
In school, many many people tend to construct a narrative around their skills and abilities to explain why one scores better in one subject than another. Probably the most common trope is being semi-illiterate in mathematics, often extended to include the natural sciences. As is regularly being noted, this cliché is common and acceptable even in highly educated circles to the point of pride (and sadly also often tied into sexism). I have become painfully aware of the fact that I have used a variant of this cliché in my personal narrative for far too long, by claiming to have an aptitude for languages but not the hard sciences.
That's a nice way of saying I was too lazy to study for math because I didn't like it. That's true, to a point. Then I came across Khan Academy and realized that this conflates several different issues. If you have not come across Khan Academy yet, it started as a series of YouTube videos of light/chalkboard math training excercises with voice-over. That sounds incredibly dull and boring and they are. Except when you struggle with your homework and would like to backtrack the last three or four lessons. Or twenty.
In my opinion, this inability to rewind is one of the main pillars of the i-suck-at-math cliché. Classical math education progresses steadily when the instructor has instructed, explained some more, handed out homework and graded. Homework serves as the memorization and familiarization mechanism and those who diligently do it can continue to perform adequately. The lazy ones and those which just need a bit longer than others will then get a bad grade but more importantly those holes in that foundation are never filled in and when you graduate you're glad that the whole thing didn't collapse under the weight of yet another abstract, unconnected method of computation.
And then Khan Academy set up their excercises and it expertly uses gamification elements and motivators (e.g. speed-solving trophies) combined with their video lectures to aid one to become proficient in all those basic building blocks in a mathematical foundation. Not only do the game elements make slightly addictive, the overview clearly shows what is hidden when you hand in your course books at the end of the semester and are not the instructor: A map of specific arithmetical, algebraic and trigonometric skills and their interdependence. It will not get you an advanced degree but it trains far better than any instructor's approach to homework I have ever seen in recognizing what proficiency means and how easy it is to fool oneself into getting it, i.e. reaching those ten-out-of-ten in a row isn't that trivial when you go beyond the first dozen lectures.
Obviously, Khan Academy does not replace a skilled teacher or commitment on the side of the student. I can only say that I would probably have killed, paid a lot been very thankful for it, had Khan Academy been available when I was in school.
Now, if you haven't gotten an urge yet to reclaim or revisit math, have a look at Vihart's fantastic YouTube channel. OMG binary trees. Oh, and of course the Khan TED talk, too.
Liveblogging Drupal Commerce Camp Lucerne 2011 / Sunday
Day three of three has arrived, sadly not with the perfect weather we had the past two days, then again the sessions are indoors anyway.
Writing payment modules for Drupal Commerce
Lorétan from Wunderkraut had worked on payment modules with Ubercart but was less than happy with the overall experience and then looked into Drupal Commerce. First good news: it's not much different. Naturally, security and consistency (process-wise) is vastly more important in the payment area compared to other areas. Paraphrased: If you don't know about security, don't write a payment module. And that's good advice. Also, national and international regulations do affect creating payment modules and have to be considered to some degree.
At the most basic level a manual payment involves entering information, which is validated and then a transaction is created and is pending on the payment gateway, hooks are shown, (in theory) done.
A more complex example is credit card processing via a payment gateway validation and act on answer of the payment gateway. So, in contrast to manual transactions we have local validation and remote validation (which creates an authorization answer) and then create a remoe transaction tied to a local transaction, the latter part is heavily dependent on the payment gateway (i.e. some providers allow you to authorize a card and directly execute the transaction). Commerce Payment does offer helper functions for standard credit card elements which avoid having to redo the obvious tasks of CC number field, expiration, etc., neat! His slides then show examples of how to carry out the transaction, formatting request information for a particular gateway and formatting the output/error codes for the user.
The third option is off-site payment, such as SagePay (or for a Swiss example, Datatrans offers the same). Thus we have enter information, local validation, redirect and the return page is what to act upon.
Tips. Make sure you have a test account, naturally. Have the documentation, error codes can be obtuse; same experience here, incredibly important and not always given. The documentation may also be erroneous and thus have a contact person at the payment provider. Writing tests should be mandatory but is not always possible (also depends on having a test account). Finally, consider what happens after the initial transaction, e.g. reimbursement/refunding/cancelling. The payment gateway can probably do this, but how will this be reflected on your site?
Module migration from D6 to D7
Plüss asks you to clone the module first (if it's in contrib), so your patch can go to upstream later. Obviously change the core version in .info, fix the dependency listing. White screen of death, turn on debugging. Iteratively fix. Kinda waiting on a coder upgrade tutorial.
In the link_node example he uses we now have the module enabled, no errors but a non-working module, his tip is to look for the hooks used, here this is hook_filter() which changed to hook_filter_info(), so check the upgrade guide and API reference.
Audience question on coder upgrade. He hasn't seen it yet, it wasn't ready 3-4 months ago. Damn, I failed at this two weeks ago and the multiple parser dependencies required on my test system.
He recommends submitting even incomplete patches with provide some functionality for D7 so the maintainer has something to work from and consider taking over abandoned modules.
Lunch break.
D7 and XHTML+RDFa
Schaffner starts off by talking about the Google panda update, which does take unique, creative content on the web into account and semantic declarations count. Right now, we have lots and lots of acronyms for standards, microformats and namespaces (OWL, RDF, SPARQL, FOAF, DDC, etc. etc.). D7 integrates RDFa. Some more background infos, still wondering about microdata with schema.org and the Google/Bing/Yahoo announcement a few months ago.
RDF does come to the editor at the level of the content type, where a "RDF Mappings" tab allows setting semantic properties on e.g. type, title, body. To actually do something you apparently need to enable the external RDF vocabulary import module, then you get proposed elements via ajax (e.g. hmedia:Audio).
Interesting other modules to consider are SPARQL Views and VARQL for working with semantic data.Schaffner hasn't yet tried implementing it on taxonomies and terms but he is fairly certain that this is currently not supported. Audience input on possibly using the relation module for this.
And it's over, lots of interesting talks and people to talk to over the last three days. Looking forward to the next event, hopefully something long before Drupalcon Munich 2012 in August.
This is part 3 of 3. See also the commentary on the Friday and Saturday sessions.
Pages
