It’s not nearly as thorough as I’d wanted but I did manage to slap that open source license on all of the files and cut out a bunch of extraneous stuff in uploading SocialCastr (the personal broadcasting studio software). You can find the source code here: https://github.com/Patrick-Bay/SocialCastr

This is certainly not for the novice, at least not at this time. There’s some advanced code in there and you need to know your way around Adobe Flash to actually compile it. I’ll be going into much greater detail on the project page but, basically, you’ll need to create (or import), a custom application certificate to sign your code, update the SwagCloud class with your own server address (and optional developer key), and work around any minor issues like missing fonts in the IDE (included).

Eventually there will be very clear details that can be followed verbatim (even by the novice), and by that point I hope to have the project ported over to FlashDevelop (the open source version of Adobe Flash), but until then I’m simply going to include these caveats.

However, if you really don’t care to get your hands dirty and just want to start broadcasting, visit http://www.socialcastr.com/ to download the finished product.

When I mentioned that I’d be releasing the BreakOutBox source code, I didn’t expect that I’d also be able to figure out how to create a portable version of the application, but I did. :) This means that you don’t necessarily have to install it, as you would do with a standard application, so it can run off of a USB stick or possibly even a DVD.

In a nutshell, BreakOutBox detects any browsers you may have installed and opens them in “Tor mode” — ready and set up to communicate through the Tor network via the included Tor binary. This is likely not as secure as something like the Tor Browse Bundle, but it still makes it so that you’re fairly anonymously browsing the web, seemingly from a whole other part of the world.

The source code is not something that a novice will want to be looking into at the moment; it’s currently poorly commented, comes with no documentation, and really not much in the way of explanation. At least for now. And it’s pretty buggy.

But if you’re still willing and able, head on over to the new GitHub repo I’ve set up:

https://github.com/Patrick-Bay/BreakOutBox

You’ll notice a folder in the project called “BreakOutBox_standalone” which is the actual portable app, as compiled by FlashDevelop. It is bulkier than it needs to be but, as with the other pieces, I haven’t yet had much chance to trim down or edit the files. If you want to use the portable version, I recommend just grabbing the whole folder for the time being. Open up the “BreakOutBox.exe” file to run the desktop application from wherever you’ve copied the folder.

Although I’ve included them already, you may also want to check out the supporting libraries that are used in BreakOutBox:

SwAG: https://code.google.com/p/swag-as/
as3crypto: http://as3crypto.googlecode.com/
WRASE: https://code.google.com/p/wrase/
TorAS: https://code.google.com/p/toras/

These are necessary for BoB to operate correctly — SwAG takes care of communicating between the modules, as3crypto provides HTTPS support, WRASE allows the application to work with the Windows Registry, and TorAS makes Tor happen.

As I mentioned, these are already included in the GitHub code so they’re included here simply as a reference. Other than grabbing yourself a copy of the latest FlashDevelop (and the BreakOutBox source code, of course), you should be ready to play around with the software.

Please enjoy.

You may have heard the term “paywall” — it’s when a web site limits the amount of content that you can see unless you sign up with them for a fee. This typically happens after you’ve viewed a predetermined number of articles, and that number is reset on a daily, weekly, or monthly basis (depending on their setup).

All of Toronto’s major daily newspapers have put up paywalls, including the Toronto Star, Toronto Sun, Globe and Mail, and National Post.

And they’re all just awful.

Much hooplah was made about a developer that bypassed the New York Times paywall a couple of years ago, yet little (if anything), has changed since. David Hayes, the developer who cracked the NYT paywall, claims it took him a lunch hour to write the bookmarklet that bypasses the newspaper’s paywall.

A couple of days ago when Sarah was hitting the Star’s paywall I decided to take a quick look at what would be involved in getting around it. Twenty minuted later I had bypassed the paywalls of all of the above papers, including the New York Times (before I’d read anything on the topic, I should add). It took another 30 minutes to produce a small, generic site script that makes the dewalling process just a little easier and faster.

I’m not blowing my own horn here. I’m no super genius and this “hack” could be accomplished by anyone with rudimentary web development experience. In fact, both Hayes’ code and my own are almost unnecessary; with a few extra steps, you can bypass these paywalls with no extra software or crazy hacking skills. Chances are good that you already know how to do it.

I can see some extra benefit to a utility that would assist in automatically navigating the paywall beyond the first article — so that you could click on the web page links instead of having to load article by article — but this was more of a proof-of-concept thing, and the proven concept is that paywalls are unfortunately simple to defeat.

I’m not currently posting my dewalling code publicly. However, I will detail why this problem exists, and what the papers can do to fix it (if you’re from any of the aforementioned newspapers, feel free to give me a shout).

So Why Are Developers So Dumb?

I don’t think they are :) And to be honest, I totally get why things were done this way.

When a typical web browser grabs the web page you request, it sends out some limited information for the listening web server on the other end. This includes listing the browser’s capabilities (what kinds of content it can handle), specifying what it’s looking for (usually the URL of the web page), and cookies.

The receiving web server has that, plus an IP address, to identify an individual reader over the internet.

The IP isn’t unique to you, it’s unique to your internet connection which may be shared by many devices (like the the internet box thing, a.k.a. residential router, in your home). Browser capabilities can’t be assumed to be unique, again, because of that shared internet connection thing. And cookies can be cleared with the click of a button.

Given these limitations, how are web developers supposed to identify unique readers while ensuring that other legitimate readers can still access the site?

Better to err on the side of caution and just use cookies, sometimes along with IP, rather than accidentally block readers. Paywalls are necessarily leaky.

So What Should They Do?

This is a tough one.

It’s tough because it puts the limitations of technology up against corporate culture and profits.

What this does is really call up the need for reflection on how the papers profit from their content, and to me it’s an all-or-nothing proposition.

One option is for the papers go all-in and make certain articles, sections, features, etc. fully pay-only. That means having to log in to access them, otherwise it’s an excerpt, or some sort of teaser, to the general hoi poloi.

Another, more Zuckerbergian option is to offer access in exchange for personal information. I’m not necessarily averse to this, but it also requires a content lock-down of some sort.

The current paywall solution is somewhere just above both of these, being easily circumventable but still acting as a deterrent to the average web user.

I would gravitate towards the nothing end of the scale with a nag solution where on every X views of an article, the non-subscribed reader receives a temporary pop-over message suggesting that they subscribe. IP address on the server could be used to determine how often to do this — it seems unlikely that shared connections would all be connecting to the same content source, and even so, all it would produce is a nagging reminder that people really do like the content. It’d be sort of like a local rating system with an option to subscribe.

Beyond that, there could be a mild nag every time, for non-subscribed users. This starts to get close to being just plain old fashioned inline advertising, which would be the next solution before nothing at all (full, free access to everything).

Of course, since the papers have full control over their sites, there’s theoretically no limit on how inline advertising could be accomplished. There’s the always classy Toronto Sun wall-to-wall background…

…but if that’s not the newspaper’s style, I’m sure there are other and more elegant approaches.

Ultimately, the decision is whether or not to lock away content. Logins are reliable, which is why they’re so popular. Identifying users without them is inherently unreliable. Either content can be locked away completely, or it should be assumed to be open to everyone. The seemingly in-between paywall solution is actually in the second family by reasons which I’ve explained earlier.

Astute web developers will point out that other mechanisms are available to bypass some of these limitations: Flash shared objects, or persistent browser databases. While these are a step beyond simple cookies, both are easily deleted as part of most modern browers’ cache management. In other words, they’re not much better than anything mentioned so far.

Browsers impose these limits to provide a level of privacy protection, and without requiring readers to manually enter additional information like a username and password, it’s tough if not impossible to pinpoint an individual human being. Without this exactness, any paywall or content blocking system is bound to be flimsy. The solution, at least at the present time, won’t involve technology; it’ll require high-level decisions about what will be locked away from the general public and what won’t.

As I mentioned in my first PatrickBay.ca audiocast (which I’m itching to pick up again real soon), one of the topics that got me started on this blog was Canada’s version of the NSA, the Communications Security Establishment of Canada or CSEC.

What both fascinates and terrifies me about organizations such as CSEC is the cloak of secrecy under which they operate. While being all undercover makes a certain amount of sense, it also lends itself to a great deal of abuse. The little bit that we can glean from accounts such as Mike Frost’s book Spyworld leaves a very bad taste in my mouth — the agency has no problems spying on even the highest levels of government for undetermined reasons, meaning that none of us peons are excluded from warrantless surveillance.

Where CSEC feels something is out of its jurisdiction it simply asks a foreign security apparatus to pick up, thereby absolving themselves of any wrongdoing, and the whole thing is anonymized and removed from oversight anyways meaning that even if such actions ever came to light they would never be linked to anyone in particular. It’s a free pass to do whatever they please to anyone they like. And such behaviour has been going on for decades — proposed laws such as Lawful Access are merely an attempt to broaden and legitimize it for wholesale use across Canada (and elsewhere).

Continue reading at: http://patrickbay.ca/blog/?p=4048

Well hey there, it’s me again. Listen, I’m just absolutely beat. The project went live but I have one more day before I can throw in the towel. R&R :D Can’t wait.

Unfortunately, TCL is as much a victim of circumstance as I, but at least things seem to be coming to an end. One more day. :D

Oh, and this is what I’ve been working on:

http://www.rolluptherimtowin.com/en/fun.php?showcontest=en

Or, if you speak the other tongue:

http://www.rolluptherimtowin.com/en/fun.php?showcontest=fr

Roll Up The Rim; finally went live on Sunday night. From what I can see, my piece is the only way to enter the contest. A no-pressure kind of first assignment; relaxed in every way.

There’s also a companion site at http://www.everycup.ca/, but luckily I wasn’t involved in that.

You can enter the game after completing the registration form – the information isn’t validated (to the best of my knowledge), so go forth accordingly. But heck, if you want to enter the contest for realsies, be my guest!  And yes, you can get better at the game. I almost got to 5,000; currently 200th on the high score board, though some of those high scores look somewhat dubious. Gonna have a talk with the team about that tomorrow. And then I’ll be back to posting in no time flat! (I promise … I miss it so!)

I gotta be honest with you, when I finally spotted that big red ball, my hopes were about as deflated as it was. It was folded neatly in front of the cube van in an alley on Elm Street, thus dashing my vision of watching them rolling it up Yonge Street in rush-hour traffic.

So I decided to come home and do a bit of surfing through the local newspapers. I maintain that “surfing” is still used among webby people. As alternatives, we sometimes use “slacking” or “pr0n hounding”.

Anyway, most of it sounded absolutely dreadful. In fact, if it wasn’t for one thing that kept bugging me, I would’ve just flipped to Wipeout so as to at least try to quench my unfulfilled desire for a big red ball.

Because I’ve been whoring this site out quite a bit lately, I’ve noticed that I’ve started to become keenly aware of not only ad placement but also of content. For example, on almost all major news sites, there’s a banner above the main story and the “sweet spot” of advertising gold sitting in the site’s left armpit (your lower-right).

Please allow me to demonstrate:

Here we have a heartwarming reminder about father’s day and a rather cheap looking credit score ad at the top. Usually these ads are placed here based on context or relevance to the article. At least, that’s the idea.

When I started to take more notice of these and the content they were connected to, it highlighted how open the market for contextual advertising still is. Monkeys, infants, and hamsters could all do an equally compelling job.

In the mess above, the computer responsible for deciding which ads go where concluded that a dead guard would probably remind you of your father. The mood called for a murderific Father’s Day gift, but not at the expense of your credit rating.

Here’s another interesting combination:

At least the computer here was being pragmatic. You got old dead man, you gotta wash that old dead man stink out. And hang on to your hard-earned dough ’cause you could be next, sucker.

Pragmatic but awful!

And what about this?

The computer may be trying to herd us out into the middle of the desert for something; get us all stinking drunk, no money, just sand and heat and scorching sun. That’s really the only connection I can see between murder and showing us where we should go to get away from it: Crime-free Nevada.

In case you need further evidence:

We all know that the OLG is run by shifty robots so that doesn’t leave much place for the humans. And they’re being left to die and rot alone in the cities, not like the cramped but happy humans being transported to the Las Vegas processing facility.

Or…the computer that decided to put these ads here is just dumb. Maybe you’ll never look at web sites the same way again. Maybe if I didn’t spend so much time slacking or pr0n hounding, I’d think of something more interesting. Maybe some real content tomorrow. Maybe a big red ball.