Recently, there has been an article circulating around with a pretty damning accusation. To summarize the post, they claim Dropbox is transferring data on the entire computer, not just folders that are designated to be synced.

This is clearly a bold accusation, with seemingly little evidence to back it.  This speculation is based entirely on filesystem events and unverified network traffic..yep.

At the time of writing this, the author has not disclosed what “unnamed DLP agent” software he is using nor has he provided any real evidence to support his claims.

Let’s explain the filesystem activity:

Just to run a simple test, I’ll be using Process Monitor and setting basic filters to check Explorer and Dropbox filesystem events.

After creating a new file outside of my designated Dropbox directory, you can see it fires filesystem events to query the file. In particular, QueryDirectory operations which involve checking the file path to see if it belongs to a synced directory.

I’d expect another culprit to the the shell integration. Personally, I don’t use the sync indicators myself, as I have other programs that use shell integration and it can cause conflicts. However, I’d imagine that the shell integration in Explorer requires the files/directories to be queried as well to check for sync status.

As for the network activity…the author has not even bothered to check the length of the data and compared it to the suspected files nor has he compared the timestamps between the two. Keep in mind that network activity from a program such as Dropbox is perfectly normal, how else would it be able to sync things in realtime?

So no, based off the limited (see: hardly any) “evidence” provided by the original author, it does not appear that Dropbox is transferring data outside of the designated dirctories.

“Pretend You’re Xyzzy” is a Cards Against Humanity clone that allows you to play online with others. It consists of a Tomcat/JSP server and web page clients.

At the time of writing this, the main server located at pretendyoure.xyz appears to be down, so I decided to set up my own server for a group of friends and myself to play. Initially, there didn’t seem to be much info on setting up the server. The GitHub had a very brief explanation:

This project has only been tested in Tomcat 7 and is known to not work in Tomcat 6 without some finagling. Currently, the only automated way to build is is using the Eclipse project.

While the setup isn’t terribly complicated or anything, I figured I’d post some instructions on how to set things up since a lot of people seem to be having issues doing so and there don’t seem to be any concise instructions on how to do so.

These instructions are for a Debian-based installation, but are easily applicable to other distros/platforms as well.

First you’ll need Apache Tomcat 7 and you’ll want to install the admin panel as well:

sudo apt-get install tomcat7 tomcat7-admin

Next, stop the Tomcat server for the time being so we can modify some permissions:

service tomcat7 stop

Next, we’ll edit the users config so we can administrate the server:

sudo nano /etc/tomcat7/tomcat-users.xml

Add the following line in between the and tags, replacing ‘admin’ and ‘password’ with your own secure credentials:

<user username="admin" password="password" roles="manager-gui,admin-gui"/>

Start the service back up:

service tomcat7 start

Now we want to install PostgreSQL for our database:

sudo apt-get install postgresql

Change over to the postgres user (already set up via the installation process):

sudo -i -u postgres

Then, run the following, replacing ‘password’ with a secure password of your choice:

createdb cahdb
psql template1
CREATE USER cah WITH PASSWORD 'password';
GRANT ALL PRIVILEGES ON DATABASE "cahdb" to cah;
\q
exit

Finally, we need to download the cards database and import it:

wget https://raw.githubusercontent.com/ajanata/PretendYoureXyzzy/master/cah_cards.sql
psql -h localhost -d cahdb -U cah -f cah_cards.sql

Now navigate to http://your_host:8080/manager/html and login.

From here, you can upload your WAR file and deploy it.

If your server does not seem to be loading/seems to be stalling, a possible reason could be Tomcat using a blocking entropy source for session IDs. To implement a non-blocking (and slightly less secure) entropy source, open/create a setenv.sh script in /usr/share/tomcat7/bin and add the following line:

JAVA_OPTS=" $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom "

Save and restart Tomcat.

service tomcat7 restart
Finally, you can access the app via http://your_host:8080/cah.

You can download a pre-built/zipped version of cah.war here. The PostgreSQL parameters are as follows:

Username: cah
Password: password
Database: cahdb

NOTE: Since this version uses insecure/public credentials, make sure to take necessary precautions to secure your server.

If you’d prefer to build your own version, follow the instructions below.

Building the .war file is fairly straightforward. Just download the source from Github via Git or just use the zip functionality.

You will need the JRE v7u75 installed.

Open Eclipse (Java EE) and open the project.

Install Luna if you don’t already have it buy going to Help->Install New Software. Choose “Luna”. Select “Web, Xml, Java EE and OSGi Enterprise Development”, install it and restart.

Set Tomcat 7 as your runtime environment server.

Make sure your build path uses the correct runtime environment as well.

Database credentials can be changed in the hibernate.cfg.xml file.

When all is well, you can go to File->Export->Web->WAR File.

You can upload and deploy that file through the Tomcat admin panel and you’re good to go!

I’m not normally one to get absorbed into drama or gossip on the internet, but this evening I found myself a bit agitated, but not for the reason you might initially assume.

Introducing C+=

C+= (pronounced either C-plus-Equality, or See Equality) is a feminist programming language, created to smash the toxic Patriarchy that is inherent in and that permeates all current computer programming languages. Inspired by the <a href="http://www.hastac.org/blogs/ari-schlesinger/2013/11/26/feminism-and-programming-languages" target="_blank">ground-breaking feminist research of Arielle Schlesinger</a>.

C+= was created by the Feminist Software Foundation, whose language philosophy entails the following:

1. The language is to be strictly interpreted using feminist theory. Under no circumstances should the language be compiled, as compilation and the use of a compiler imposes an oppressive and toxic relationship between the high-level descriptive language and the low-level machine code that does all the labo(u)r. Instead, C+= is interpreted, which fosters communication, itself a strong female trait.


2. No constants or persistence. Rigidity is masculine; the feminine is fluid. I.e., fluid mechanics is hard for men 'because it deals with "feminine" fluids in contrast to "masculine" rigid mechanics'.

3. No state. The State is The Man. 'Nuff said. Hence, the language should be purely functional.

4. Women are better than men with natural language. Hence, the language should be English-based like HyperCard/LiveCode.

5. No class hierarchy or other stigmata of OOP (objectification-oriented programming). In fact, as an intersectional acknowledgement of Class Struggle our language will have no classes at all.

6. On the off chance that objects do mysteriously manifest, there should be no object inheritance, as inheritance is a tool of the Patriarchy. Instead, there will be object reparations.

7. Societal influences have made men often focus on the exterior appearances of women. This poisons our society and renders relationships to be shallow, chauvinistic, and debases our standards of beauty. To combat that, C+= is to tackle only audio and text I/O, and never graphics.

8. Unicode is the preferred character encoding due to its enabling the diverse aesthetic experiences and functionality that is beyond ASCII. UTF-8 is the encoding of choice for C+=.

9. Women are more social than men. Hence, social coding should be the only option. The code only runs if it is in a public repo.

10. Instead of "running" a program, which implies thin privilege and pressure to "work out", programs are "given birth". After birth, a program rolls for a 40% chance of executing literally as the code is written, 40% of being "psychoanalytically incompatible", and 40% of executing by a metaphorical epistemology the order of the functions found in main().

11. Programs are never to be ["forked"](https://en.wikipedia.org/wiki/Fork_(system_call)), as the word has clear misogynistic tendencies and is deeply problematic. Instead, programmers may never demand "forking", but ask for the program to voluntarily give permission. "Forking" will henceforth be called "consenting", and it is entirely up to the program to decide if the consent stands valid, regardless of the progress of the system clock.

12. Forced program termination is not allowed unless the program consents to it. The process is part of the choice of the program, not the programmer.

13. Licensing: the Feminist Software Foundation License.

Here is some example FizzBuzz code written in C+=:

#consider <FEMINIST_RAGE.Xir>;

// TODO replace main() as Progrym entry point; "structured
// programming" is classist oppression
// TODO2: main() is now womain()

// NB one does not argue with C+= Progryms; one makes requests, which
// the Progrym is free to consider or ignore as she pleases
xe womain (xe RequestCount, strong *RequestList[]) {
// NB typically patriarchal fizzbuzz enshrines socially
// constructed limits as immutable fact; here we expose this
// subtle mental tyranny for what it truly is

xe ArbitraryBeginning accepts(present(-50));
xe ArbitraryEnd accepts(present(50));

// naturally, everything revolves around this
xe ThePlaceBetween accepts(present(0));

among(ThePlaceBetween accepts(ArbitraryBeginning),
      ThePlaceBetween honors(ArbitraryEnd),
      ThePlaceBetween improvesBy(present(1))) {
    check(ThePlaceBetween envelops(present(3))) {
        yell(present("Fizz"));
    }
    recheck(ThePlaceBetween envelops(present(5))) {
        yell(present("Buzz"));
    }
    unpack {
        // strength &amp; independence!
        yell(present(ThePlaceBetween));
    };

    yell(present("\n"));
};
present(Satisfaction); };

By now, I hope you would realize that this is in fact satirical. Personally, I found the whole thing quite humorous and well-constructed in regards to the amount of effort and detail put into it, code examples and all. Now I know what you’re thinking. “Gee, how will satire mocking feminism be perceived on the internet?”. This is where things get interesting…

The project was initially hosted on Github, that is until Github decided to pull it due to harassment complaints. Who was being harassed? Nobody. At least not by the project owners. It seems that there were various people, namely feminists, who were being impersonated and had commits to the project being sent under their fraudulent identities. Maybe I’m missing something, but it seems just a tad bit excessive to close the entire repository for an incident caused by a few select individuals who didn’t even own the repository. The project eventually moved to BitBucket and the complaints soon followed, just as baseless and shallow as before. There were even individuals trying to get the domain dropped by CloudFlare. It became quite apparent that these people were acting on emotion and not any sort of actual logic. Naturally, as with any ethical “debate”, there is a astounding amount of hypocrisy and generalizations that just point out the inconsistencies (or possible similarities) between the two parties.

Some people lack the ability to separate a difference of opinion and actual harassment. Pointing fingers at the wrong people (the repository owner) just makes it worse. Just because you don’t agree with the project ethically is no excuse for blatant censorship, it doesn’t matter how to try to spin it. If you do succeed with censoring the other party, you should be aware of the Streisand effect. This becomes even more crucial when you consider that the project was spawned out of 4chan.

Overall, I am quite disappointed in Github for the way that they handled (or mishandled rather) this situation. In an attempt to save face, they jumped the gun and quite possibly set a precedent for similar situations in the future. A repo owner should not have to do background checks on each individuals wanting to commit. The entire situation is a result of hypersensitivity and some people’s inability to take into consideration that their outlash could have real world effects. An incident involving gendered pronouns a few weeks back was depressingly similar.

It’s quite obvious that this project is misogynistic, satirical or not, but that’s not the problem I have with it. My issue with this whole situation is the blatant censorship and corrosive mindset of “I don’t like this, take it down” that constantly plagues the internet. People need to learn to value free speech over their own ideals, otherwise we’re looking at a very bleak future. Attempting to censor those with different opinions will only promote chilling effects, encourage polarization of those involved, and further degrade any sense of intelligent discussion there may be.

As of writing this, BitBucket has not removed the repository. Jesse Yowell from Atlassian has stated:

We are aware of this and it is currently being reviewed by our legal team.

Hopefully they will properly think this through, not just for public relations sake, but for the long-term effects it could pose. It’d be a shame to see them make the same mistake as Github.

C+= Sources:

Homepage

BitBucket Repo

Update 12/15/2013

Erik van Zijst of Atlassian has stated that they will not be removing the repo:

We have no intentions to censor at this point.

Update 12/19/2013

Contradicting the previous statement, the repo has been removed (along with forks, both public and private). Scott Farquhar has commented stating:

After further consideration, we have decided to remove this repository. While our End User Agreement explicitly prohibits the posting of content that is "racially or ethnically offensive," we believe it is consistent with the spirit of our agreement to also prohibit content that is offensive toward a specific gender. We will update our End User Agreement to make this prohibition more explicit.

Great job, updating your end user agreement for the sake of saving face.

4