Communal Blocklist Experiment Day 1

It started with reading Quinn Norton (https://medium.com/@quinnnorton/context-collapse-architecture-and-plows-d23a0d2f7697) on one (incomplete) way of dealing with trolls.

The best technical approach for Twitter abuse I’ve heard of is Ella Saitta’s suggestion of subscribe-able block lists, which could be very like normal lists, but which would make sure you never see the sort of people your friends block. Trolls could shout all they wanted; no one of relevance would be able to see them. It would be a way to never manage to wander into the wrong neighborhood.

After my “cool down period” of a couple weeks, I still wanted to build it, so here goes.

TL;DR: Trying to write this communal blocklist in public here: https://github.com/tonyhschu/communal-blocklist/tree/master

(Here be boring designer-poking-at-dev-tutorials diary)

430ish: Starting with Heroku: https://devcenter.heroku.com/articles/getting-started-with-python-o

5pm-ish: Using Postgres for data storage with Flask: http://blog.y3xz.com/blog/2012/08/16/flask-and-postgresql-on-heroku

5:20ish: Ran into an issue with psychopg2 which is some sort of ORM thing that makes it easier to talk to databases? (update 6:01pm: not sure I need this?)

5:30ish: Started this blogpost.

5:39pm: Downloaded: http://postgresapp.com/ - to run postgres locally, via: https://devcenter.heroku.com/articles/heroku-postgresql

5:45pm: Postgres app



5:47pm: But “$ which psql" doesn’t work…

5:57pm: Oh so you need to put “psql” on your path, which involves adding a line to your .bash_profile file. This is why setting up programming environments is a pain, and unfriendly to non-programmers (or, really, even programmers) … but see: http://postgresapp.com/documentation/cli-tools.html

”$ which psql” now responds with “/Applications/Postgres.app/Contents/Versions/9.3/bin/psql”

Where was I? …

6:02pm: “$ psql -h localhost” opens a command line interface to … something. I guess I have a postgres thing running now.

6:04pm: Oh cool “$ pip install psycopg2" works now, because I have Postgres set up? That would make sense.

Don’t forget to “$ pip freeze > requirements.txt

Where was I before this postgres business?

6:10pm: The next step appears to be setting ups sqlalchemy to magically talk to local postgres or heroku postgres depending on whether it’s running in development mode locally, or on production in heroku.

So I guess I have to “$ heroku create" first.

Creating quiet-servername-1234… done, stack is cedar
http://quiet-servername-1234.herokuapp.com/ | git@heroku.com:quiet-servername-1234.git
Git remote heroku added

6:20pm: Ok, so I “attach” a DB to my heroku instance thing, like so “$ heroku addons:add heroku-postgresql:dev

Adding heroku-postgresql:dev on quiet-servername-1234… done, v5 (free)
Database has been created and is available
 ! This database is empty. If upgrading, you can transfer
 ! data from another database with pgbackups:restore.
Use `heroku addons:docs heroku-postgresql` to view documentation.

6:24pm: From http://blog.y3xz.com/blog/2012/08/16/flask-and-postgresql-on-heroku

Once the database is setup we should promote it such that the DATABASE_URL environment variable will be set:

$ heroku pg:promote HEROKU_POSTGRESQL_COLOR

What does promoting even mean?!

6:32pm: Continuing to follow y3xz’s tutorial … but what about connecting to a localhost postgres when I’m developing?

6:37pm: The beginning of an answer is here: http://beatofthegeek.com/2013/04/how-to-setup-postgresql-python-flask.html

Now we have the database URI. We need to access it in the database. We can do this by simply accessing the $DATABASE_URL environment variable. This is how to do it with a flask app.

SQLALCHEMY_DATABASE_URI = os.environ.get(“DATABASE_URL”,”postgresql://pguser:password/dbname”)

This has an extra hack for accessing the local database. It loads heroku database url in heroku and local url in local dev environment. You obviously need to modify it with your local setup.

but how do I not store my config stuff in source code?

6:40pm: apparently, Heroku config vars: https://devcenter.heroku.com/articles/getting-started-with-python#define-config-vars

6:49pm: Or maybe I don’t need it. “$foreman start” worked with

app.config[‘SQLALCHEMY_DATABASE_URI’] = os.environ.get(“DATABASE_URL”,”postgresql://localhost/communal_blocklist”)

6:50pm: Commit. Break for dinner.

8:00pm: Back. Ok, OAuth with Twitter, hopefully using this: https://github.com/singingwolfboy/flask-dance -

8:05pm: Rabbit hole of Twitter developer docs stuff re: OAuth. Absorbing.

8:12pm: Registered a Twitter Application.

8:19pm: I knew all the pain in setting up Postgres was worth it! Using Postgres to store authentication tokens with flask dance. http://flask-dance.readthedocs.org/en/latest/token-storage.html

8:22pm: Before I forget, I need to set the config vars for with my Twitter app credentials:


8:34pm: Copied/adjusted a bunch of Flask-dance code, tried to run it locally. Ran into an issue where those config variables isn’t set locally. Tangent off to: https://devcenter.heroku.com/articles/config-vars#local-setup

So now I’m setting up a .env file, and put .env in the .gitignore file so I don’t accidentally commit my TWITTER_SECRET.

8:39pm: Let’s see if that works. Yes! The local server started! I got a different error! This counts as a win.

8:59pm: Ok, I think I am truly stuck for now, because I have no idea what this means:

File "/Users/tony_chu/Documents/communal-blocklist/venv/lib/python2.7/site-packages/requests_oauthlib/oauth1_session.py", line 179, in authorized
    if self._client.signature_method == SIGNATURE_RSA:
AttributeError: 'OAuth1' object has no attribute 'signature_method'

Opening a Github Issue. We’ll see how this goes.

9:43pm: Make repository public: https://github.com/tonyhschu/communal-blocklist/tree/master, and sent the nice man behind flask-dance a GitHub issue: https://github.com/singingwolfboy/flask-dance/issues/1

Calling it a night.

9:48pm: Or not. Searched for “requests_oauthlib/oauth1_session.py” and found https://github.com/requests/requests-oauthlib/blob/master/requests_oauthlib/oauth1_session.py - where line 179 is different from the stack trace I saw up there. So maybe I just need to get a newer version of requests_oauthlib?

Oh, the same singingwolfboy updated requests_oauthlib 3 days ago: https://github.com/requests/requests-oauthlib/commit/b94f16472d66f5ed0febb8c1985854f379f7bac3#diff-250e01746fa19f7c1e314df65ebf8a0c

Ok, so I don’t feel like a crazy person. This is good.


Politico’s Matt Wuerker


The most appropriate use of these lyrics ever.

(Source: babykanima, via krislane)

"I submit that the unifying core, the essence of jerkitude in the moral sense, is this: the jerk culpably fails to appreciate the perspectives of others around him, treating them as tools to be manipulated or idiots to be dealt with rather than as moral and epistemic peers. This failure has both an intellectual dimension and an emotional dimension, and it has these two dimensions on both sides of the relationship. The jerk himself is both intellectually and emotionally defective, and what he defectively fails to appreciate is both the intellectual and emotional perspectives of the people around him."

If everyone’s an idiot, guess who’s a jerk? – Eric Schwitzgebel – Aeon


When I was a child, Hong Kong was the deep green hills outside my bedroom window, the ferry my family took every Sunday across the harbor, the sounds of my grandparents and relatives playing mahjong every weekend. In 1995, we moved back to the United States because it was two years before the 1997 Handover, and my father and mother did not want to take any chances. They remembered history, and they did not want their children to be caught in it.

So it is that almost twenty years later, I am glued to the screen: Hundreds of thousands of students, many secondary-school-aged, marching, singing, holding seminars, blocking roads (but allowing ambulances through), withstanding tear gas, withstanding fear, sleeping in the streets, cleaning up trash, organizing first aid stations, collecting supplies, encouraging peace and calm and civil disobedience, for over 100 hours, all to voice a heartfelt desire for true democracy, instead of a fraud election where candidates are vetted by Beijing. I am reading these words, watching these images, and because I grew up in a household where History was a ghost that haunted, I know that the boundaries of the issue are not just universal suffrage; underlying it is something even deeper.


"Why You Should Care About Hong Kong" http://therumpus.net/2014/10/why-you-should-care-about-hong-kong/

So similar to my experience of the last couple weeks, and the experience of many over-seas children of Hong Kong emigrants.

"That doesn’t mean your design team isn’t always right, or deserves unchecked power. A company needs balance across all disciplines. But the reality of software development today is we put design on a pedestal right up until the moment it threatens to affect our deadline. Then design turns into an unaffordable and unreasonable luxury, the word “MVP” starts getting used a lot, and product engineering hustles a half-baked product out the door and high fives themselves for shipping."

Design Courage — Medium

Yikes. What does courage mean in product design?

Also: “When you care more about releasing before the holiday season than the quality of your product, that’s a lack of courage. When you push out a low quality release just because it’s gut-wrenching to throw away a year of bad code, that’s a lack of courage. When you don’t have a head of design with just as much veto power as a head of engineering, that’s a lack of courage.”




Built on Firefox OS, the Matchstick is free software and open source hardware — anything in your Firefox browser-window can be “flinged” into your HDMI TV; it’s an incredible $12 for one stick.

Caveat, this is not from the Mozilla Foundation; it’s from a…

I’m getting two, and I am going to try to make a webRTC + smartphone-as-mic karaoke machine with it.

"The best technical approach for Twitter abuse I’ve heard of is Ella Saitta’s suggestion of subscribe-able block lists, which could be very like normal lists, but which would make sure you never see the sort of people your friends block. Trolls could shout all they wanted; no one of relevance would be able to see them. It would be a way to never manage to wander into the wrong neighborhood."

Context Collapse, Architecture, and Plows — Medium

On how to deal with trolls. Subscribe-able block lists. Man, I wonder if “blocking” can be done through the twitter api …

(The whole thing is great, but this immediately triggered my “let’s build shit” sense.)



This is also a scientific fact but, so what? It is simply not a reason to continue emitting high levels  CO2, methane, etc. Here is an analogy. Being hit by a car has a larger impact on your health than smoking. There is a chance that you will get hit by a car. Does that mean you should smoke? Of course not. There are some things you control and others you don’t. The ones you don’t include ones with far bigger impact. That’s *always* true for individuals, companies and societies. We generally accept that this is not a reason to be complacent.


"My primary concern is to help the members of my team do their most impactful work. This is not the same as their best work. Over time I am seeing that these are greatly different, and I think the open source world is almost built on “best” over “impactful”, so this prioritization is important and somewhat contrary."

Professional Transitions (or: the shutting down of Mozilla Labs)

The whole thing is great, but this particular bit about principles Ian is learning about managing people hits hard.