Re: HS: What size U-Haul is needed to hold a hackerspace
Heyya Rion - My responses are below as well On Tue, 2009-04-14 at 14:17 -0400, Rion D'Luz wrote: Hi: I disagree with some of what you posted, but it may be only a matter of semantics. See below: On Tuesday 14 April 2009, H. Kurth Bemis wrote: To start a space you're going to need members that are active in the hacker community. Define hacker community? Well, after thinking about it, there really isn't a community of hackers in the area that I know of, which is how we arrived on this topic. Maybe I should have said members that are current and active hacker-type people. How about just a community that has mutual interests? That's what a community is; a group of people that identify themselves with others based upon common interests. At some point however, some guidelines need to be placed on the type of activities the space and community is interested in hosting. For example, building some super-high-gain wifi antenna are very much within the capabilities of most spaces and members. Rebuilding the engine from an El Camino? Yeah, it can be done at the space, but chances are it's not going to be something the space and community get behind. It's difficult to define which projects the community and space are willing to support. At Foulab, members are pretty much free to work on whatever they like with or without the support of the whole group. Then there are projects the whole group gets behind, like building a DIY CNC machine or a multitouch system. I feel that trying to structure the space in a way that makes it attractive to others is clouding the vision of the space. The space exists for various projects, typically related to electronics or computing. If a member isn't interested in becoming a part of the community of hackers and diy'rs, they why would they join? By trying to include everybody, with every possible interest I think that the space will end up looking simply like a shared workshop instead of a space and organization with a plan and a focus. Members that already have been hacking Arduino for a few years, members that have been working with electronics and chemistry, members that have mAd 5k1Llz in several different areas. If you're missing that diversity, then I think the space will not sustain itself very long. I think you are confusing a specific 'hacker' Event that is being discussed with the concept of a hackerspace, which is different. I'm not sure what you're referring to here. A space is where hacker-types can come together and meet face to face, discuss, mingle, and be social with the community and to learn from one another. The last one, is the most important one, I feel. To learn from one another. If the group or community possess a limited set of skills and knowledge the group isn't very flexible, and there isn't much learning that can take place. All I'm saying is that membership diversity is key. Without diversity, the space will become a limited-minded members only workshop, which is exactly what a hackerspace isn't. So before you get worked up about a space and moving and what not, spend several months attending regular, weekly meetings. Give it a few months, spread the word that you're trying to raise interest to start a space. After that time, you should have a pretty good idea of who is serious about the space and who isn't. To find who is serious about the becoming a member and who isn't, simply charge dues. No matter if there isn't a space at the present time, collect dues and keep records. If the whole thing becomes a wash, then return the dues. Space is necessary to have a place for events, if not for squatting. Space is a major consideration. Defining the Events, the types, the participants, is another matter completely; as is discussion of the way the organization is structured Well, space costs money. Events cost money. Best have a group (community) of folks that are paying into a fund, so that the space has the ability to forcast and plan properly. What if a space is found, a hackerspace opens, and then, because of lack of income, the space closes 2 months later. What good was that? No good. Best to meet in a restaurant weekly, get word out, make sure long term interests exists, then set about finding a space and planning events. I know the instinct is to jump to action, but jumping to actions without a plan in place is a plan for epic fail. It's important to stop thinking of the space as a venture that outsiders will come to, because honestly, you will not want outsiders poking around your workshop or lab. You are defining hackerspace as a geek/nerd thing exclusively; which may work in urban areas, but not in the sticks. Not outsiders, but members, just members who are not techies. There should (IMHO) be a place for that/them; artists, designers, special-interest groups, etc... UNLESS the consensus is that they are not wanted. No. Everybody is
Re: HS: What size U-Haul is needed to hold a hackerspace
On Tue, 2009-04-14 at 14:03 -0400, Kevin Thorley wrote: On Tue, Apr 14, 2009 at 12:11 PM, H. Kurth Bemis ku...@kurthbemis.com wrote: [Lots of good, practical advice] I agree whole-heartedly. For me, at least, this is much more about community than just a space to hang out. I'd like to get up to Foulab, and would be happy to provide a ride for others in the area that want to go. Don't worry, we can take the Subaru so that no one gets packed like a sardine in the back of the Mustang. Tuesday nights are out for me for the next month or so, but I can do most Mondays or Thursdays. Do these days work for anyone else? Leave Burlington at say 5:00 and plan to return by 11:00? Does that timeframe sound reasonable? (I've only been to Montreal once, and I recall it was a 90 minute drive). On another note, I joined the LinkedIn group for the coworking space that Jen posted about. Looks quite interesting. If we get to the point where we decide we need a dedicated space, this may also be a potential group to share with. Kevin Kevin - Our meetings are on Tuesday nights, which is the most activity the lab sees all week in terms of members present and such. Other nights are generally fine, but a heads up would be needed to ensure the lab was open. If it can be arranged, I would hold out for a Tuesday night. The other nights the lab can be open or closed with only a few members (1-3) working or relaxing We have some events planned in the next few weeks, you should watch our Facebook page[1] and our website[2] for dates and such. [1] http://www.facebook.com/group.php?gid=144161830009ref=ts [2] http://foulab.org ~k
Re: VAGUE Project Suggestion
learn something new while helping do something proactive, sounds fun where do i sign? warmest regards, Chris Yarger Founder Yarger Designs web: http://YargerDesigns.org skype: cpyarger msn: elfloc...@hotmail.com aim: patyarg yahoo: christoyarg ASCII ribbon campaign ( ) against HTML e-mail X / \ Samuel Goldwynhttp://www.brainyquote.com/quotes/authors/s/samuel_goldwyn.html - A wide screen just makes a bad film twice as bad. On Wed, Apr 15, 2009 at 5:39 PM, Kevin Thorley elron8...@gmail.com wrote: On Wed, Apr 15, 2009 at 2:47 PM, Stanley Brinkerhoff s...@vtwireless.com wrote: Someones comments about VAGUE not actually doing any projects has stuck in my mind for a few days -- and I wondered -- Would anyone be interested in a collaborative development of a rather simple accounting and tracking system to assist local time-banks such as the Onion River Exchange in Montpelier? The software they use now is rather rudimentary and closed source/closed data/vendor owns all data sort of contract. I have a vague (har har) scope of work and feature set -- but we could collaborate with the ORE to develop what the community needs, and perhaps other Tiem Banks out there who have few options for easy to use software to manage such ventures. Sounds like fun. I'm sure I can find time to write a few lines of code :) Kevin
Re: VAGUE Project Suggestion
You may want to have a look at http://project.cyclos.org Thanks, - balu On 4/15/09, chris yarger cpyar...@gmail.com wrote: learn something new while helping do something proactive, sounds fun where do i sign? warmest regards, Chris Yarger Founder Yarger Designs web: http://YargerDesigns.org skype: cpyarger msn: elfloc...@hotmail.com aim: patyarg yahoo: christoyarg ASCII ribbon campaign ( ) against HTML e-mail X / \ Samuel Goldwynhttp://www.brainyquote.com/quotes/authors/s/samuel_goldwyn.html - A wide screen just makes a bad film twice as bad. On Wed, Apr 15, 2009 at 5:39 PM, Kevin Thorley elron8...@gmail.com wrote: On Wed, Apr 15, 2009 at 2:47 PM, Stanley Brinkerhoff s...@vtwireless.com wrote: Someones comments about VAGUE not actually doing any projects has stuck in my mind for a few days -- and I wondered -- Would anyone be interested in a collaborative development of a rather simple accounting and tracking system to assist local time-banks such as the Onion River Exchange in Montpelier? The software they use now is rather rudimentary and closed source/closed data/vendor owns all data sort of contract. I have a vague (har har) scope of work and feature set -- but we could collaborate with the ORE to develop what the community needs, and perhaps other Tiem Banks out there who have few options for easy to use software to manage such ventures. Sounds like fun. I'm sure I can find time to write a few lines of code :) Kevin
Re: VA's open source, guys; how to use their sw in smaller practices here in northern NE?
The VA has CDs that are considered public domain and, though I am no developer, maybe something can be extracted from them to serve smaller hospitals and medical practices, starting, say, here in VT and NH, and then farmed out nationwide. As a vet, my own experience with the facilities at White River Junction has been outstanding. Arlo is still around and still touring. So that would be my recommendation for the hippie bus. If we do the camo version bus, I'd say we gotta go with either the MASH theme or Still in Saigon by the Charlie Daniels Band. Old Farmer Dave Pavilion Farm (1806) West Montpeculiar, VT Sgt. USAF 1971-77 RVN '72 TLC '74-75 USAR '78-80 On Wed, Apr 15, 2009 at 5:39 PM, Rick White sysoptio...@yahoo.com wrote: Howdy, Old Farmer Dave, Here's an excerpt from your linked site: VistA is an enterprise-wide, fully integrated, fully functional information system built around an electronic health record. It is easily customizable and can be configured to fit any type of healthcare organization, from clinics and medical practices to nursing homes and large hospitals. VistA has been named one of the best healthcare information systems in the nation by the Institute of Medicine. Developed by the Department of Veterans Affairs, the VistA healthcare information system supports the hospitals and clinics serving veterans throughout the US. VistA has been deployed in thousands of healthcare facilities, both domestic and international. Because VistA is available in the public domain, there are no license fees to use the software. This makes VistA an affordable electronic health record system for healthcare organizations. here's the link: http://www.vistasoftware.org//what/index.html The second sentence seems to address your subject line, or (as usual), am I missing something? Rick p.s. The endless loop playing Arlo Guthrie was, of course, an 8-track cartridge. For the young set, this was a long mobius strip of tape that played over and over. --- On Wed, 4/15/09, David Hardy belovedbold...@gmail.com wrote: From: David Hardy belovedbold...@gmail.com Subject: VA's open source, guys; how to use their sw in smaller practices here in northern NE? To: VAGUE@LIST.UVM.EDU Date: Wednesday, April 15, 2009, 4:50 PM http://www.vistasoftware.org//about/index.html
Re: VAGUE Project Suggestion
this may also be an idea for a base system http://www.wedge.coop/is4c/ warmest regards, Chris Yarger Founder Yarger Designs web: http://YargerDesigns.org skype: cpyarger msn: elfloc...@hotmail.com aim: patyarg yahoo: christoyarg ASCII ribbon campaign ( ) against HTML e-mail X / \ Charles de Gaullehttp://www.brainyquote.com/quotes/authors/c/charles_de_gaulle.html - The better I get to know men, the more I find myself loving dogs. On Wed, Apr 15, 2009 at 7:37 PM, Stanley Brinkerhoff s...@vtwireless.comwrote: Cyclos is Java based (can't be inexpensively hosted on a free dreamhost account, or google app engine easily). A goal of our project would be hosting on commodity low cost hosting platforms. Also; Cylcos is actually fairly overkill -- and not superfriendly to use. I evaluated it 6 months ago or so. That being said; it never hurts to have competition. Stan On Wed, Apr 15, 2009 at 7:03 PM, Balu Raman brama...@gmail.com wrote: You may want to have a look at http://project.cyclos.org Thanks, - balu On 4/15/09, chris yarger cpyar...@gmail.com wrote: learn something new while helping do something proactive, sounds fun where do i sign? warmest regards, Chris Yarger Founder Yarger Designs web: http://YargerDesigns.org skype: cpyarger msn: elfloc...@hotmail.com aim: patyarg yahoo: christoyarg ASCII ribbon campaign ( ) against HTML e-mail X / \ Samuel Goldwynhttp://www.brainyquote.com/quotes/authors/s/samuel_goldwyn.html - A wide screen just makes a bad film twice as bad. On Wed, Apr 15, 2009 at 5:39 PM, Kevin Thorley elron8...@gmail.com wrote: On Wed, Apr 15, 2009 at 2:47 PM, Stanley Brinkerhoff s...@vtwireless.com wrote: Someones comments about VAGUE not actually doing any projects has stuck in my mind for a few days -- and I wondered -- Would anyone be interested in a collaborative development of a rather simple accounting and tracking system to assist local time-banks such as the Onion River Exchange in Montpelier? The software they use now is rather rudimentary and closed source/closed data/vendor owns all data sort of contract. I have a vague (har har) scope of work and feature set -- but we could collaborate with the ORE to develop what the community needs, and perhaps other Tiem Banks out there who have few options for easy to use software to manage such ventures. Sounds like fun. I'm sure I can find time to write a few lines of code :) Kevin
Re: Best Practice for non-malicious Cross Site Scripting?
*Short: * A user which exists on one site must be able to use the API of another site without logging in to that site. I think a token mechanism is the way to go but I want input. The *problem* is that John is logged into JT, not CM, and he doesn't have an account on CM. The *proposed solution* 1. John submits his credentials to JT. 2. John is validated. 3. JT makes a request to CM using curl, sending a valid username and password (and possibly the IP address will be checked). 4. CM sends back a token (which CM will store in a database or file). 5. JT then hands that token back to to the browser. 6. The browser, receiving the token, makes a request to CM to login using the token. 7. CM checks the token's timestamp, checks the token, starts the session, and deletes the token. 8. John inputs some new data and submits it to CM via AJAX through the JT interface. *Poll:* Does this sound like a good solution or is there something more simple / elegant which I haven't thought of? * More background* info in case I was too brief above: I have a php site called Contact Manager which holds information for users in different department I have another site on another server called Job Tracker which is used to track support requests from those users. We plan to have other sites like this which use the CM database directly through PHP or indirectly through AJAX. John is logged in to JT and he can see user details from CM. This is done by the php backend by joining the two databases. John also needs to be able to edit these details. This will be done by an AJAX request using an API on CM. P.S. What do you call XSS when you're talking about proper XSS rather than malicious XSS? AJ ONeal
Re: VAGUE Project Suggestion
On Wed, Apr 15, 2009 at 7:37 PM, Stanley Brinkerhoff s...@vtwireless.com wrote: Cyclos is Java based (can't be inexpensively hosted on a free dreamhost account, or google app engine easily). A goal of our project would be hosting on commodity low cost hosting platforms. Not that I'm pushing for Java (I do plenty of that already), but doesn't Google's App Engine support Java now, as of sometime in the last week or so? Kevin
Re: VAGUE Project Suggestion
Not that I'm pushing for Java (I do plenty of that already), but doesn't Google's App Engine support Java now, as of sometime in the last week or so? It supports a subset of Java with a series of heavy limitations, and you need to likely work within an API. I doubt its a cut and paste adventure. Stan
Re: Best Practice for non-malicious Cross Site Scripting?
AJ ONeal coola...@gmail.com writes:
A user which exists on one site must be able to use the API of another site
without logging in to that site. I think a token mechanism is the way to go
but I want input.
[…]
P.S. What do you call XSS when you're talking about proper XSS rather than
malicious XSS?
Rather than cross-site, the general term for this problem is
cross-domain scripting, request, ajax, proxy, json, c.
A common solution – cross-domain proxying – is to have the primary site
(JT) proxy the browser's requests to the secondary domain (CM).
Another approach is to use dynamic insertions of the script
src=http://secondary/script.js; tag to allow pages served from the
primary site to communicate with javascript from the secondary domain.
Since the script returned for the tag was served from the secondary
domain, the same-origin policy allows that script to communicate with
the secondary site. The mix of primary- and secondary-domain scripts
running on the page can communicate via global variables or whatever
(clientStorage, WebWorkers, events, c.). In such a way they can
cooperate to satisfy the full functionality.
People shy away from this solution on the world-*wide* web because it
means letting a perhaps *untrusted* secondary domain insert arbitrary,
perhaps malicious code into your site, which *then* becomes a XSS hole.
But if you control both the primary and secondary domains, you don't
have that risk.
http://snook.ca/archives/javascript/cross_domain_aj/
The proposed solution
1. John submits his credentials to JT.
2. John is validated.
3. JT makes a request to CM using curl, sending a valid username and
password (and possibly the IP address will be checked).
4. CM sends back a token (which CM will store in a database or file).
5. JT then hands that token back to to the browser.
6. The browser, receiving the token, makes a request to CM to login using
the token.
7. CM checks the token's timestamp, checks the token, starts the session,
and deletes the token.
8. John inputs some new data and submits it to CM via AJAX through the JT
interface.
Maybe you mean something different than I read by through the JT
interface in step (8), but steps 5-7 are mutually exclusive with 8: if
5-7 are used (likely via the script hack), then you don't need to
proxy the request through JT in 8. But, if you do proxy through JT,
then only JT needs to keep track of the token/auth with CM¹, so you
don't necessarily need to send it back to the browser.
¹ though it might be a more scalable implementation of such a proxy if
JT really does hand the token back down to the browser, and let the
browser send it back up to JT for JT's proxy-request to CM. Then JT can
remain stateless. If the token is secure,
--
...jsled
http://asynchronous.org/ - a=jsled; b=asynchronous.org; echo $...@${b}
pgpvaXqlWzWOP.pgp
Description: PGP signature
Re: Best Practice for non-malicious Cross Site Scripting?
AJ, Maybe I'm misunderstanding the problem, but this seems like it may be a job for OAuth: http://oauth.net/ Thanks, Bradley On 4/15/09, AJ ONeal coola...@gmail.com wrote: *Short: * A user which exists on one site must be able to use the API of another site without logging in to that site. I think a token mechanism is the way to go but I want input. The *problem* is that John is logged into JT, not CM, and he doesn't have an account on CM. The *proposed solution* 1. John submits his credentials to JT. 2. John is validated. 3. JT makes a request to CM using curl, sending a valid username and password (and possibly the IP address will be checked). 4. CM sends back a token (which CM will store in a database or file). 5. JT then hands that token back to to the browser. 6. The browser, receiving the token, makes a request to CM to login using the token. 7. CM checks the token's timestamp, checks the token, starts the session, and deletes the token. 8. John inputs some new data and submits it to CM via AJAX through the JT interface. *Poll:* Does this sound like a good solution or is there something more simple / elegant which I haven't thought of? * More background* info in case I was too brief above: I have a php site called Contact Manager which holds information for users in different department I have another site on another server called Job Tracker which is used to track support requests from those users. We plan to have other sites like this which use the CM database directly through PHP or indirectly through AJAX. John is logged in to JT and he can see user details from CM. This is done by the php backend by joining the two databases. John also needs to be able to edit these details. This will be done by an AJAX request using an API on CM. P.S. What do you call XSS when you're talking about proper XSS rather than malicious XSS? AJ ONeal -- http://bradley-holt.blogspot.com/
