Posted: May 3rd, 2010 | Author: amos | Filed under: version control | Tags: class 12, subversion | No Comments »
The following is a brief example of working within a Subversion version control setup. In this case, we will assume that some overworked server administrator (i.e. me) has set up a repository where a large amount of source code magically is stored and backed up by Subversion, a popular version control system. In our case, the source code is all the example files from this course.
Read the overview of Subversion concepts in the post linked above before proceeding.
The hypothetical setup
The under appreciated developers (i.e. you), just need a way to checkout (i.e. download) the latest copy of the code from the repository (i.e. the server), make some changes to some of the code, and then commit (i.e. upload) your changes back to the repository. You do this so that we can track the changes made to the files and so that everyone else can download new-and-improved version of the source code that you created at their leisure.
Using source control keeps the source code safe from being accidentally deleted, prevents two developers from overwriting the same file at the same time, and it keeps a record of who changed what and when they did it so that your manager (i.e. me) can make sure his minions (i.e. you) are doing their assigned jobs in a timely manner.
Think of it as a backup system with benefits.
The Subversion client
To interface with our Subversion repository, we use a Subversion client application. Just as we use web browser clients to surf web pages on the server, and we use file transfer clients to browse files on the server, we also use Subversion clients to manipulate version-controlled files on the Subversion server.
The popular client applications for Subversion provide nice graphical user interfaces for you to use so you don’t have to manually send Subversion commands to our Subversion repository on the Linux server. Popular Subversion clients that I currently recommend are TortoiseSVN for the PC and SvnX for the Mac. Both add extra Subversion-related options to the context menu (right click menu on PC; control-click on the Mac) within Windows Explorer and Mac Finder, respectively.
Make sure you have one of these clients installed before following the instructions below.
Getting a working copy of the code
To get a “working copy” of the code, meaning to download the latest version of all the code from the Subversion server, you make a folder on your client machine where you want to store your copy of the code.
a folder to hold our working copy of the code
Right click on the folder name and select “Checkout” from the new options that the Subversion client added to your context menu.
Subversion checkout
Enter the URL of the repository: “http://svn.onepotcooking.com/webdev/trunk” and the usual username/password in the screen that pops up.
Checkout settings
Successfully logging in will checkout (i.e. download) a full copy of all the latest source code in the repository and put it into the selected folder on your client. You will see that the folder and files on your computer have special icons next to them indicating their version control status.
Everything's good
The green checkmark icon means that you have not modified any of the files in this folder since last downloading the files from the Subversion server.
You’re now ready to make changes to some code.
Make some changes
Go into the source code you just checked out on your client and open up the file class12/subversion/index.html in your text editor of choice and make some changes to that file.
Update the code
You’re almost ready to “commit” (i.e. upload) your changes back to the repository. But first you have to make sure nobody else changed the same files as you between the time you last downloaded them from the repository and the time you finished editing them.
If two people edit the same file at the same time, you wouldn’t want one person to overwrite the other’s work. So Subversion automatically checks for conflicts. If they are easy to solve, such as if one person edited the top of a file while the other person edited the bottom, Subversion merges the two copies of the file automatically. If the conflicts are complicated, Subversion will as you to manually merge the two versions of the conflicted file.
So update your working copy with a fresh copy of the latest code from the repository by using the Subversion client’s update command on the project folder. This will update everything inside of the folder and check for conflicts between the changes you have made and the changes others have made.
Subversion update
Commit your changes
Once any conflicts have been resolved, you are ready to commit your code to the repository.
Use the Subversion client’s commit option to upload your copy of the entire folder to the repository for safe keeping. You can also just commit specific files rather than the whole folder, but for now we’ll upload any changes we made to any files in the folder to keep things simpler. Subversion is smart enough to only upload the files that have been modified anyway.
Subversion commit
Add a file
Now let’s say you want to add a new file to this project. On your client computer, create a new file in the class12/subversion folder called <your_name>.html, where <your_name> is replaced with your first name and last initial, of course.
By creating this file on your client machine, it is not yet added into the version control system unless you make it so. To add it to the Subversion repository, you need to use the Subversion “add” command. So right-click on the file and click the Subversion add command.
Subversion add
Adding a new file is just like making any other change, whether it be adding, deleting, or modifying a file on your client. The changes you make on your client are not uploaded to the server repository until you commit them using Subversion’s commit command.
So now go ahead and commit the changes you’ve made.
Subversion commit
The next time anyone else updates their “working copy” of the code using the Subversion update command, they will see this new file has been added. In other words, if I don’t see your file the next time I update, I will know you didn’t follow this tutorial! I should have forced you to use this technology from the beginning of this course.
Further changes
From this point onward, always download the latest copy of all files using Subversion’s update command on the project folder before you make major changes. This reduces the chance that your work will have a conflict with another developer’s work, and it will reduce any chance that you are working on an outdated copy of a file.
Posted: May 1st, 2010 | Author: amos | Filed under: facebook, privacy, security | Tags: class 11 | No Comments »
Despite a very vocal minority of concerned citizens, privacy does not seem to be anywhere near as big an issue in the news as it could potentially be.
You should assume that just about everything you do online can be tracked and traced, if someone were to put the effort into doing so. And some people are putting in that effort.
Children’s Privacy & COPPA Compliance
A topic that has received some attention is children’s privacy. The Children’s Online Privacy Protection Act of 1998 (COPPA) defines a set of compliance guidelines for sites that collect personal information from children under the age of 13.
The act itself is a short read. In summary, it declares that websites dealing with children’s information must do their best to obtain parental consent before storing any personally identifiable information or communicating directly to children. Parents of children must also be allowed to request a copy of all the information the site has stored about their children and request that the data be deleted and no further data be collected on their children. The website must disclose how they are using that information, whether they are using it for direct marketing, prize giving in competitions, providing it to third parties, etc.
In practice, parental consent is often obtained by putting a checkbox on the page that could easily be clicked by someone other than the parent. Sometimes, the parent’s email address is required in order to register with the site – an email sent to the parent with a link to approve the collection of information about their children. In general, the burden falls on the website operator to do their best to be compliant with COPPA. Each site, if it runs into legal problems, is evaluated on a case-by-case basis.
Network Eavesdropping
Like all telecommunications, the Internet holds a risk that your communication will be intercepted while en route between you and the intended counter-party, and the data that you assumed was private will be picked up by a third party, be that the government, a hacker, a neighbor, or an employer.
When you visit a website, the data packets that constitute your client request and the server’s response pass through a variety of network nodes on the way to get to their intended destination.
Wi-fi vs. Wired
The first vector of transmission in a typical home or office setup may be between your computer and a router. If you are using a wireless router, your radio transmitter is broadcasting data to anyone within your router’s transmission radius, which can be quite large. Even if you are using an encrypted connection to your wireless router, such as WEP or WPA, a hacker with very little skill will be able to crack your encryption system using free software readily availble online (AirSnort, AirCrack, WEPCrack, Ethereal, etc).
With a wired connection to a router, the hacker would have to have access to tap into the actual wires involved in your connection, which reduces the risk significantly.
Your Employer
If you use the Internet at work, your employer has legal right to view emails you send using their email system. They also have the right to track which websites you visit using their network. Your employer may or may not choose to exercise that right.
Your employer no doubt knows your identity, so they are able to link your Intenet usage to your personal identity without problem.
Your Internet Service Provider
At home or at work, you probably pay an Internet Service Provider (ISP) to provide you with Internet service. When you stop paying for service, they cut it off. When you profusely download illegal copies of movies, your ISP may send you a warning that you must stop doing so or face the legal consequences.
They are able to do all this because all your internet traffic goes through network nodes controlled by the ISP. They are the gateway through which all your internet data passes. And the network connection your computer uses has a unique identifier called an IP address, so they know it’s you and not someone else. The ISP may be (and undoubtedly is to some extent) analyzing your Internet usage.
In order to sign up for service, you have supplied your name, address, phone number, credit card number, and other personally identifiable information to your ISP in order to set up your account. So they are able to tie your IP address and thus your Internet usage to your identity without difficulty.
Your IP address is not just seen by your ISP. Your unique IP address is supplied as a header along with every HTTP request you make on the web. It is standard operating procedure for most sites to log IP addresses of their visitors.
Email
When you send an email, your email program and the recipient’s email program both have copies of that email. If you are both using email programs on your own computers, and the email does not pass through a webmail service, then the main risk to your privacy involves potential interception of that email while it is in transit between your computer and the recipient’s computer.
If, however, either you or the recipient uses a webmail system, those copies of your email reside on servers owned and operated by some other entity, such as Google, Yahoo, a university, and employer, etc. So your email is only as private as the poorest privacy policy of either your or the recipient’s email service provider.
Search & Single sign-on
If you use webmail services provided by companies that additionally offer other services, such as search or other online services, logging in to your webmail account also logs you in to the other services. So if you search, as a logged in user, your search queries are being tied to your email address, which are most likely tied to other aspects of your online and personal identities.
For example, if you use Gmail, your email account and the contents of all the emails inside of it are tied to the blogs you read in your Google Reader Account, all Google searches you’ve done while logged in (and probably some while logged out), and any other behavior or usage you perform with any other Google service, such as Google Maps, Google Wave, Blogger, Youtube, the ads you click on that are operated by Doubleclick, the content of any websites you operate that use Google Analytics to track usage or Google AdSense to server advertising, etc. Google has such a reach across the web due to its advertising that most likely they have a large data set about your behavior online.
If you’re wondering whether Google is obligated to keep any of this information private and to remove your personally identifiable information if they choose to analyze it, you should probably read their Privacy Policy.
Privacy Policies, as you probably have experienced, change frequently. What is written there today may be gone tomorrow. We have all received mail from our banks indicating changes to our policies. Social networks, webmail applications, and other online services do the same. As their business and legal needs change, so do their Privacy Policies. You may receive a letter in the mail indicating this, or a screen that pops up on their website, or some more subtle indicator that something has changed. Usually, you implicitly agree to their new terms by either clicking a button or closing the window.
So just because a site promises to keep your data private today doesn’t mean that it will always be so. How vigilant you want to be about these policies is up to you, obviously.
Social networking
It goes without saying that social networking sites collect personally identifiable data. That is their primary business. All actions you take on any major social networking site, such as Facebook, MySpace, LinkedIn, Twitter, and others are logged for later analysis. Whether or not these sites are obligated to maintain the privacy of these records is of course regulated by their Terms of Service and Privacy Policies, which almost nobody reads.
Facebook, in particular, has a strong advertising revenue model. Like a mini-Google, they target ads directly to the individual viewer so the viewer is more likely to find any given ad relevant and click it. This is done by profiling users, analyzing their likes and dislikes, and predicting what sorts of products and services they may be interested in.
Like other ad-based online services, they collect as much behavioral data as possible. It is not especially paranoid to assume that they could be analyzing all links posted to profiles, the content of all emails sent between users, all posts that a user has clicked to indicate they “Like” it, and all behavior gathered from third-party sites that integrate the Facebook API and the Facebook Social Plugins.
Facebook has just launched a major push to integrate its social networking features on third-party sites across the web. Actually, this is mostly just a repackaging of something they have been doing for a while now. As Facebook content is integrated into more of third-party sites, Facebook will have more data to tie to personal accounts and analyze for potential revenue streams.
Of course, sites like Facebook are wary of breaching the trust of their users. If users distrust the site, they will no longer use it. For this reason, if none other, they are unlikely to expose most of the data they collect. However, who knows how they will operate in the future. Again, it depends on the Privacy Policy and Terms of Service legalese that nobody reads.
If and when any of these sites begin to decline in popularity, and the users start to leave anyway, social networking sites will perhaps look for ways to monetize on the information they have stored about user behavior and tendencies. Perhaps this will include personally identifiable information, perhaps not…. better read that Privacy Policy.
References & other links
Loading ...