tag:blogger.com,1999:blog-87819234733680691502023-11-16T03:48:03.814-08:00Privacy GeekPaul Fenwickhttp://www.blogger.com/profile/07302718515823138734noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-8781923473368069150.post-23591443475726231922013-03-22T23:32:00.002-07:002013-03-22T23:46:11.272-07:00The world's easiest guide to installing cpanmA lot of the software I write is in Perl, and the easiest way to install it is almost always using <a href="https://metacpan.org/module/cpanm"><tt>cpanm</tt></a>. Here I present to you the world's easiest guide to getting <tt>cpanm</tt> up and running.<br />
<b><br /></b>
<i><b>If you're in a hurry, just run these and you're done.</b></i><br />
<blockquote>
<pre>curl -L http://cpanmin.us | perl - --self-upgrade
~/perl5/bin/cpanm local::lib
perl -I ~/perl5/lib/perl5 -Mlocal::lib >> ~/.bashrc
</pre>
</blockquote>
Now start a new shell, and you're done.<br />
<a name='more'></a><br />
<b>Full instructions...</b><br />
<br />
Firstly, you need perl installed on your machine. I'm not covering that here, there are lots of good guides. If you're on Ubuntu, Debian, or anything based off Debian, it's just <tt>sudo apt-get install perl</tt>.<br />
<br />
<b>Installing cpanm</b><br />
<br />
First, grab cpanm from the web:<br />
<blockquote>
<pre><b>curl -L http://cpanmin.us | perl - --self-upgrade</b></pre>
</blockquote>
If you don't have curl, then:
<br />
<blockquote>
<pre>wget -O - http://cpanmin.us | perl - --self-upgrade</pre>
</blockquote>
And if you don't have either, just go to <a href="http://cpanmin.us/">http://cpanmin.us/</a>, right click, and save the source as <tt>cpanm</tt>. Then run <tt>perl cpanm --self-upgrade</tt>.<br />
<br />
<b>Installing local::lib</b><br />
<br />
<tt>cpanm</tt> will install itself in <tt>~/perl5/bin/cpanm</tt> by default. It'll also install new modules and supporting files into <tt>~/perl5</tt> . However you probably don't have these in your path. While you can set things up manually, it's much easier to install <tt>local::lib</tt>. We can do that with:<br />
<blockquote>
<pre><b>~/perl5/bin/cpanm local::lib</b>
</pre>
</blockquote>
Now we can use local::lib to set up our environment variables. If you want, you can run <tt>perl -I ~/perl5/lib/perl5/ -Mlocal::lib</tt> to print them. Here's what mine look like:<br />
<blockquote>
<pre>export PERL_LOCAL_LIB_ROOT="/home/pjf/perl5";
export PERL_MB_OPT="--install_base /home/pjf/perl5";
export PERL_MM_OPT="INSTALL_BASE=/home/pjf/perl5";
export PERL5LIB="/home/pjf/perl5/lib/perl5/i686-linux-gnu-thread-multi-64int:/home/pjf/perl5/lib/perl5:$PERL5LIB";
export PATH="/home/pjf/perl5/bin:$PATH";
</pre>
</blockquote>
You could run these, but it's <i>way</i> easier to just add the appropriate command to your .bashrc file and never worry about it again. Assuming you're using bash as your shell:<br />
<blockquote>
<pre><b>perl -I ~/perl5/lib/perl5 -Mlocal::lib >> ~/.bashrc
</b></pre>
</blockquote>
Now start a new shell, and you'll have access to <tt>cpanm</tt>, all Perl programs will be able to find the modules you install (there's no need for root access), and you'll be able to install new things from the cpan with <tt>cpanm Module::Name</tt>.<br />
<br />
Congratulations!Paul Fenwickhttp://www.blogger.com/profile/07302718515823138734noreply@blogger.com0tag:blogger.com,1999:blog-8781923473368069150.post-64986879292337754122013-03-22T21:22:00.000-07:002013-03-22T23:42:35.122-07:00Gamifiy your command line with HabitRPG<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDA1__qR_DcpxgPMAbv2P5osYLgDiKDyPzUyD30s-51RLbcwQp3hHyfnFT0SIf0KJtcUAFd_vrW78V_NuFO7u9WuOZTTFiH-7z1m3VyeuU5X7JTU26r6V2iigDtYawJhD_HhXBsa0pfA4/s1600/hrpg-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDA1__qR_DcpxgPMAbv2P5osYLgDiKDyPzUyD30s-51RLbcwQp3hHyfnFT0SIf0KJtcUAFd_vrW78V_NuFO7u9WuOZTTFiH-7z1m3VyeuU5X7JTU26r6V2iigDtYawJhD_HhXBsa0pfA4/s1600/hrpg-screenshot.png" width="320" /></a></div>
<br />
So, you're using <a href="http://habitrpg.com/">HabitRPG</a> to gamify your life, right? You should be; what could be better than collecting XP and gold for fixing bugs and doing chores and flossing your teeth, and developing a totally kick-arse character you'd want to show off to all your friends?<br />
<br />
Oh yeah, doing all that <i>from the command-line</i>. ;)<br />
<br />
So, I present to you <a href="https://metacpan.org/module/hrpg">hrpg</a>, a command-line tool to integrate with HabitRPG. It's still new, but it's very full featured.<br />
<br />
<a name='more'></a><br />
<b>Setup</b><br />
<br />
To begin with, you'll need a HabitRPG account. Just head over to <a href="http://habitrpg.com/" target="">habitrpg.com</a> and make an account using whatever method you like. If you've already got a HabitRPG account, that's excellent!<br />
<br />
You'll also need to install <a href="https://metacpan.org/module/WebService::HabitRPG">WebService::HabitRPG</a>, which the hrpg client is bundled with. The easiest way to do this is with <a href="http://cpanmin.us/">cpanm</a>. If you don't have cpanm installed, I have a <a href="http://privacygeek.blogspot.com.au/2013/03/the-worlds-easiest-guide-to-installing.html">super-easy guide for you</a>.<br />
<blockquote class="tr_bg">
<pre>cpanm WebService::HabitRPG
</pre>
</blockquote>
On HabitRPG, head over to Settings, and navigate to the API tab. There'll be a user-id and an API-key here. Use your favourite editor to open a <tt>.habitrpgrc</tt> file in your home directory with the following format:<br />
<blockquote class="tr_bq">
<pre>[auth]
user_id = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
api_token = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</pre>
</blockquote>
Replace the long strings of 'x's with your user id and API token from the HabitRPG website, and we're ready to go!<br />
<br />
<b>Using hrpg</b><br />
<br />
The easiest way to get started with hrpg is to run it with no arguments. This will provide you with a help display:<br />
<blockquote class="tr_bg">
<pre>$ hrpg
Usage:
hrpg status : Show current HP/XP/GP
hrpg tasks : Show current tasks
hrpg habit|daily|reward|todo : Show tasks of current type
hrpg new : Create new task 'hrpg new' for help.
hrpg [+-] task : Increment/decrement a task or habit
Debugging commands:
hrpg dump : Dump entire user info
hrpg dump tasks : Dump task info
</pre>
</blockquote>
Most of these commands are pretty straightforward. For example, if I type hrpg status I'll get some basic info about my character:<br />
<blockquote>
<pre>$ hrpg status
Hark, Paul Fenwick! (Lv 3)
HP: 45.7 / 50
XP: 25 / 170
GP: 30 | SP: 54 | CP: 18
</pre>
</blockquote>
However there are a few things which require a little more explanation, and will make your HabitRPG experience much nicer! Firstly, let's find out how to make a task:<br />
<blockquote>
<pre>$ hrpg new
Usage: hrpg new [habit|todo|daily] +- "name" ["note"]
</pre>
</blockquote>
So, there are three different tasks we can make. Daily tasks are things we want to do every day, like brush our teeth, practice our anki cards, or fill in our idonethis log. They give us XP and coins when we complete them, and will damage our HP if we neglect them.<br />
<br />
Todo items are things which need to be done, but only once. Something like paying a bill, or booking a flight.<br />
<br />
Habits are things which we want to get into—or out of—the habit of doing. For example, we might want to get penalised whenever we eat junk food or smoke a cigarette, or rewarded whenever we exercise or respond to a client email. Habits can be triggered multiple times per day.<br />
<br />
The + and - modifiers tell HabitRPG if something is good, bad, or potentially both. For example, you might have a 'pomodoro' habit which rewards you for working solidly for a period of time, or penalises you if you get distracted when you're supposed to be working solidly.<br />
<br />
Finally, all tasks need a name. This is what shows up in the web interface, but most importantly for us any unique abbreviation of this name is how we'll refer to our tasks in hrpg.<br />
<br />
Notes are entirely optional, and will show up as tool-tips in the web interface if you use it.<br />
<br />
So, let's make a few tasks. We'll have one that rewards us for drinking water, and penalises us for drinking unhealthy drinks. We'll have another one for responding to email (something I personally suck at), and another daily goal to floss our teeth.<br />
<blockquote>
<pre>hrpg new habit +- "Drink healthily"
hrpg new habit + "Respond to email"
hrpg new daily + "Floss teeth"
</pre>
</blockquote>
Once we've set up tasks, we can tell HabitRPG that we've completed them. For example, if we drank a refreshing but unhealthy drink, and then flossed our teeth, we could use:<br />
<blockquote>
<pre>$ hrpg - drink
$ hrpg + floss
</pre>
</blockquote>
Note that any unique abbreviation of our task name is acceptable. If we try an abbreviation that isn't unique, hrpg will provide us with a list of options, along with their unique task IDs:<br />
<blockquote>
<pre>$ hrpg + pomodoro
Did you mean...
* Pomodoro of paid work (12fb2922-74be-45d3-b9ed-11e2fa1721c9)
* Pomodoro of anything useful (424e327c-9738-4743-ac74-b9f5c528b555)
</pre>
</blockquote>
As an added bonus, if you're already a user for the <a href="http://privacygeek.blogspot.com.au/2013/02/reimplementing-idonethis-memory-service.html">idone command line client</a> for <a href="http://idonethis.com/">idonethis</a>, then you can mark a habit as done, and record a note in idonethis <i>at the same time</i>:<br />
<blockquote>
<pre>hrpg + email "Sent quote on flux capacitors to Dr Brown"
</pre>
</blockquote>
In the future, if HabitRPG supports logging tasks with notes, these will also be appended to your HabitRPG log.<br />
<br />
<b>Under the hood</b><br />
<br />
hrpg sits on top of the <a href="https://metacpan.org/module/WebService::HabitRPG">WebService::HabitRPG</a> module for <a href="http://perl.org/">Perl</a>. If you're interested in reporting bugs, suggesting features, improving the docs, or even contributing code yourself, you can find the <a href="https://github.com/pjf/WebService-HabitRPG">repository on github</a>. <br />
<br />
<br />Paul Fenwickhttp://www.blogger.com/profile/07302718515823138734noreply@blogger.com2tag:blogger.com,1999:blog-8781923473368069150.post-75920891487736324192013-02-09T20:31:00.004-08:002013-03-22T23:44:14.909-07:00Reimplementing the iDoneThis memory service<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://farm4.staticflickr.com/3023/2808468566_6d19c9e090_o.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="212" src="https://farm4.staticflickr.com/3023/2808468566_6d19c9e090_o.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="https://secure.flickr.com/photos/wadem/2808468566/">Photography</a> by <a href="https://secure.flickr.com/photos/wadem/">wadem</a>, CC-BY-SA</td></tr>
</tbody></table>
There's an excellent website called <a href="http://idonethis.com/">iDoneThis.com</a>,
which implements the most simple yet brilliant of services. Every day,
you record the list of things you've done, and it gives you a check-mark
for that day. This was motivating in two ways: firstly, the desire to keep that chain of check-marks running (what's known as a 'chain calendar' or a 'Seinfeld calendar'), and secondly by emailing you your memories of what you were doing a year (or a week, or a month) ago.<br />
<br />
For me, knowing what I was doing a year ago was <i>really</i> good. I loved waking up each morning to be reminding of something I might otherwise not think of again. The good memories I was emailed would make me feel good again, and bad memories? Well, they'd often make me feel good that I wasn't going through <i>that</i> anymore, or they'd be <i>insightful</i> if I was encountering similar issues now.<br />
<br />
I <i>loved</i> the memory service, and so did my friends, even if they didn't use it. I'd often send them messages about what awesome adventures we were up to a year ago, and that would often make their day.<br />
<br />
Unfortunately, a few months ago, iDoneThis discontinued their memory-posting service. I don't know why; I can only assume they're focusing on the more corporate part of their service, and the network costs of all the personal emails wasn't worth it.<br />
<br />
Today, as part of a <a href="http://lesswrong.com/lw/3w3/how_to_beat_procrastination/">productivity spiral</a>, I reimplemented the old memories service. The code isn't pretty—unfortunately iDoneThis doesn't (yet) provide an API—but I have a bot that can log-in and fetch a day's worth of data. Best of all, that code is open source, and <a href="https://metacpan.org/module/WebService::Idonethis">available from the CPAN</a>, so you can download and use it yourself.<br />
<br />
<a name='more'></a><br />
If you're not a Perl person, then it's pretty easy to install. Simply follow my <a href="http://privacygeek.blogspot.com.au/2013/03/the-worlds-easiest-guide-to-installing.html">world's simplest guide to installing cpanm</a>.<br />
<br />
Now just install the <a href="https://metacpan.org/module/WebService::Idonethis">WebService::Idonethis</a> module:<br />
<blockquote class="tr_bg">
<pre>cpanm WebService::Idonethis</pre>
</blockquote>
To use it, you'll first need to create a ~/.idonethisrc file with your auth details:<br />
<blockquote class="tr_bg">
<pre>[auth]
user=someuser
pass=somepass
</pre>
</blockquote>
If all has gone well, you can now use the <tt>idonethis-memories</tt> command!
<br />
<blockquote class="tr_bg">
<pre>$ idonethis-memories
Here's what you were doing on 2012-02-11:
* Built a robotic dinosaur with lasers with Claudine.
* Played stepmania with Deanna (Spice Girls rock!)
* Invoiced ALL the clients.
* Drank six billion cups of coffee.
</pre>
</blockquote>
It's perfect for putting into a cron job.<br />
<br />
<i>Edit:</i> As of v0.03, you can now submit done items directly from the command line using the <tt>idone</tt> tool:<br />
<blockquote class="tr_bg">
<pre>$ idone "Read a great blog by Paul Fenwick"</pre>
</blockquote>
<i>Edit:</i> As of v0.04, you can also get a list of what you've done today:<br />
<blockquote class="tr_bg">
<pre>$ idone -l
* Flossed my teeth
* Looked at pictures of cats on the Internet
* Defended against a goblin siege in Dwarf Fortress
</pre>
</blockquote>
If you're handy with Perl, or just want to look at the code, there's a <a href="https://github.com/pjf/idonethis-perl">github repository</a>. Patches are extremely welcome!<br />
<br />
Edit: As of v0.08, the <tt>idone -lc</tt> command is the best thing ever. It will list the things you've done today, and allow you to add new things by entering them on stdin. It also has less than a third of the previous dependencies. Paul Fenwickhttp://www.blogger.com/profile/07302718515823138734noreply@blogger.com7tag:blogger.com,1999:blog-8781923473368069150.post-11635709995252670492012-06-17T15:32:00.001-07:002012-06-17T15:32:47.434-07:00Banking Vigilence Fail: Unblocking A Card With Only A Surname<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguwNFg1VA6FScBkePQ1Fh5Cs7UXxop4uOJ9m9nEURgUCH_LE627gVQTRlVua3GjSn6PONG8PmwPckpVvXlUOBWHgk3c2lAmxgSpbfKO25ftN1-3avwcLvOxW2hH4XxZ_NyP5HN2pvf398/s1600/credit-card-3027534098_f568868b9e.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguwNFg1VA6FScBkePQ1Fh5Cs7UXxop4uOJ9m9nEURgUCH_LE627gVQTRlVua3GjSn6PONG8PmwPckpVvXlUOBWHgk3c2lAmxgSpbfKO25ftN1-3avwcLvOxW2hH4XxZ_NyP5HN2pvf398/s320/credit-card-3027534098_f568868b9e.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Photography by <a href="https://secure.flickr.com/photos/andresrueda/3027534098/">Andres Rueda</a>, CC-BY</td></tr>
</tbody></table>
<br />
Every
year I go travelling, and every year my bank suspends my credit card
due to "suspicious behaviour". Luckily, it's easy to get the stops
removed... too easy, in fact.<br />
<br />
Today, when calling the
bank to confirm that I had purchased a US phone service, I was asked
only a single piece of identifying information, and that was my
surname. The bank's representative revealed—without my prompting—the
last four digits of my credit card, and the full details of the
transaction that was considered suspicious.<br />
<br />
The thing is, if you're the one making fraudulent transactions on a card, then you probably already know the cardholder's surname, and you definitely know some recent suspicious transactions.<br />
<a name='more'></a>Better still, I assured my bank that I was travelling for the next few
months, and even that the other cardholder was travelling as well.
Still no verification except for my name.<br />
<br />
To the bank's
credit, this is the first time I've encountered them being so lax with
security. Every other time has involved me needing to provide a variety
of information to verify my identity. If I were to guess a reason why
things were different this time, it would be because I was calling at
7am on a Monday, and the vocal characteristics of the person I was
speaking to suggested that he would really rather be in bed.<br />
<br />
If
you are a fraudster, then calling the client's bank and trying to have
the stops removed sounds like a low-risk, high-gain proposition;
especially if you do it at crazy o'clock on a Monday morning.<br />
<br />
In other news, I was reminded last week as to how easy
it is to gain access to hotel rooms with swipe cards. After my card
stopped working at a conference I was attending, all I needed to get a
new card was my room number, and surname. For some of my friends that I
spoke to, they didn't even need to provide a surname.<br />
<br />
Admittedly,
one does need to hand over a hotel swipe card to give legitimacy to the
"my card has stopped working trick". If I didn't have horrible jetlag, I
probably would have tried the "I've locked my card in my room" line to see what response would have been given. I think there's an excellent chance I would have been issued with a new card.<br />
<br />
I have little doubt that a lot of this lax security is due to "<i>operational complacency</i>". The vast majority of people who call reporting their card has been suspended, or their hotel key has stopped working, are legitimate: consequently, we're trained into feeling that everything is working fine. It's the same reason why we stop testing our backups, or checking to see if the GPS antenna in one's cruise ship is actually connected¹.<br />
<br />
Of course, the cure for operational complacency is well-known. You perform <i>vigilance tests</i>. In the same way a retailer can use <a href="https://en.wikipedia.org/wiki/Mystery_shopper">mystery shoppers</a> to test if staff are asking customers if they'd like to supersize that meal, organisations can employ <i>mystery fraudsters</i> to make sure appropriate security procedures are being followed.<br />
<br />
Even recording calls "for training and quality assurance purposes" gives one the ability to randomly audit interactions to ensure procedures are being followed.<br />
<br />
Discovering my bank's fraud department doesn't record their calls? Priceless. <br />
<br /><div class="csl-bib-body" style="line-height: 1.35; padding-left: 2em; text-indent: -2em;">
<div class="csl-entry">
¹ “Grounding of the Panamanian Passenger Ship Royal Majesty on Rose and Crown Shoal Near Nantucket, Massachusetts”. National Transportation Safety Board, June 10, 1995. <a href="http://www.ntsb.gov/doclib/reports/1997/MAR9701.pdf">http://www.ntsb.gov/doclib/reports/1997/MAR9701.pdf</a>. See pages 34–35 in particular.</div>
</div>Paul Fenwickhttp://www.blogger.com/profile/07302718515823138734noreply@blogger.com0tag:blogger.com,1999:blog-8781923473368069150.post-7291914164476685872011-09-23T22:59:00.000-07:002013-03-22T23:43:25.971-07:00Facebook friends lists are now less private<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhNXMBgcZCWTYEvRUvfswPSnKEmSWZf62kPC_HGKRoy7aojIqaXSR9vAXUog_3FVb3kpOK_Y8h4PQ0kcY_syDt9_YMF6VT46V0YenJSQrVl9YQQI9qAsji1p9ckeZGHDCFXAqw00KzbJE/s1600/breakfast-447277429_2b746456b7.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhNXMBgcZCWTYEvRUvfswPSnKEmSWZf62kPC_HGKRoy7aojIqaXSR9vAXUog_3FVb3kpOK_Y8h4PQ0kcY_syDt9_YMF6VT46V0YenJSQrVl9YQQI9qAsji1p9ckeZGHDCFXAqw00KzbJE/s320/breakfast-447277429_2b746456b7.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Photograph by <a href="http://www.flickr.com/photos/pinksherbet/447277429/">D Sharon Pruitt</a>. CC-BY 2.0</td></tr>
</tbody></table>
Today started with breakfast. A breakfast so good that I decided to tell my friends on Facebook about it. Rather than telling everyone about my breakfast habits, I have a <a href="https://www.facebook.com/help/?faq=200538509990389&ref_query=friends+lists">friends list</a> that I use for the purpose. Actually, I have dozens of lists, with people categorised by interests, social circle, location, shared experiences, personality type, programming language, and all manner of other criteria.<br />
<br />
Telling my friends about my breakfast shouldn't have been a big deal, except when I selected my breakfast list, Facebook informed me that posting to lists has changed, and now <a href="https://www.facebook.com/help/?faq=196729973725708">users will be able to see who else can see a given post</a>. The pop-up cheerfully informed me that they won't be told the <i>name</i> of the list they're on, so everything's okay, right?<br />
<br />
<a name='more'></a><br />
Well, no... Firstly, I don't <i>need</i> to know the name of the list, I can <i>infer</i> it. Let's say I'm reading one of your posts: are you talking about a very personal experience? That's probably your list of close friends. Is your post in Klingon? These are probably your Klingon-speaking friends. Is everyone else in your list a family member? I'm guessing this is your family list. Sometimes you might be sharing your most private and intimate fantasies and details...<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBHheHFOJO2vG33SIo1ri-HW06s1rZpOVyI6baY0c7OSJ15omZWzJ0YLlDUKCq0p_u3jLJkXTtZJL8wQ5W59QVUQDpiB6BZCrMX9mDDiOFSgle3knIsvGkOQNwLS1Xyzy8LlLMMOKG9RU/s1600/jarjar-share-list.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBHheHFOJO2vG33SIo1ri-HW06s1rZpOVyI6baY0c7OSJ15omZWzJ0YLlDUKCq0p_u3jLJkXTtZJL8wQ5W59QVUQDpiB6BZCrMX9mDDiOFSgle3knIsvGkOQNwLS1Xyzy8LlLMMOKG9RU/s1600/jarjar-share-list.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Hovering over the cog gives the view above. Clicking on it reveals a complete list.</td><td class="tr-caption" style="text-align: center;"><br /></td></tr>
</tbody></table>
So, why is this a big deal? Well, I'm blessed with a fabulously diverse selection of friends, and many of them feel safe about sharing an awful lot of their life with me. Consequently, one of my biggest uses for lists is to record my friends' health and lifestyle choices. Cancer survivor? Sexual minority? Circus freak? Transgendered? Member of the Jarjar Binks appreciation society? Ethically flexible geneticist? Emacs user? Incurable stigmatising disease? Useful in a zombie attack? Illegitimate child? Chances are, I have you on a list.<br />
<br />
In the past, I could cheerfully post relevant information to these lists, without fear of outing anyone. Of course, my friends could always out themselves, by commenting or liking a post, but those who chose to just observe remained private. That's no longer the case. To post to a list means outing everyone on that list, at least to each other.<br />
<br />
It's not going to take long before the typical user starts encountering these issues. Am I in your list of close friends? Now, when you share a post with them, not only will I know that I'm special, but I'll know everyone else on that list, too. In fact, I can write a bot to regularly look at the audience of your posts, and see when you add a new person to your close friends list. More interestingly still, I can spot when you remove someone. You wanted me to have that information, right?<br />
<br />
Amazingly, I <i>don't</i> want to share my list of close friends, not even with my close friends themselves. I consider my list of friends, but <i>especially</i> my list of close friends, to be pretty darn private.<br />
<br />
Unfortunately, the workarounds for this change are pitifully few. Reading the <a href="https://www.facebook.com/help/?faq=196729973725708">documentation</a>, we can see that <i>smart lists</i> reveal their names, but not their members. However they're primarily focused on clumping people by geography, and are automatically updated by Facebook, so the opportunity for surprise is rife. The only thing I've found which works is <i>negative</i> inclusion.<br />
<br />
Put simply, if you post to friends, but <i>exclude</i> certain lists, it still shows up as being posted to "friends". So you can still retain privacy by posting to friends, and excluding all the ones <i>without</i> a Jarjar Binks fetish. There might be other ways to hide the audience, but I'm yet to find them.<br />
<br />
Needless to say, this isn't a good workaround, and it requires some seriously heavy-duty list management. If you have dozens of lists, you're going to have to produce the inverse of all them. What's more, every time you get a new friend, you'll need to add them to all the inverted lists, too. That either means you need to be very patient and thorough, or have some sort of code assisting.<br />
<br />
If you feel like writing your own bot, so you can watch to see which lists you happen to be on, then I suggest using the <a href="http://graph.facebook.com/">Graph API</a> to monitor your friends' activities. To actually get the audience, you'll need to call <span style="font-family: "Courier New",Courier,monospace;">https://www.facebook.com/browse/audience/?fbid=</span> as a logged in user (or clever bot) to see it, with the Facebook ID of the post attached to the end.<br />
<br />
I'm hoping Facebook will decide this was a mistake and reverse the changes, otherwise I look forward to harvesting any friends lists you put me on. ;)Paul Fenwickhttp://www.blogger.com/profile/07302718515823138734noreply@blogger.com5