Planet phpBB

Last night I was about to release a new version of django-flatblocks, when I ran into a weird problem:

$ python setup.py check -r                                                                                                                                                                           [develop] 13:58+0100
running check
Traceback (most recent call last):
  File "setup.py", line 32, in <module>
    zip_safe = False,
  File ".../distutils/core.py", line 152, in setup
    dist.run_commands()
  File ".../distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File ".../distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File ".../distutils/command/check.py", line 69, in run
    self.check_restructuredtext()
  File ".../distutils/command/check.py", line 111, in check_restructuredtext
    for warning in self._check_rst_data(data):
  File ".../distutils/command/check.py", line 138, in _check_rst_data
    parser.parse(data, document)
  File ".../docutils/parsers/rst/__init__.py", line 157, in parse
    self.statemachine.run(inputlines, document, inliner=self.inliner)

    .....

  File ".../docutils/parsers/rst/states.py", line 991, in implicit_inline
    return [nodes.Text(unescape(text), rawsource=unescape(text, 1))]
  File ".../docutils/nodes.py", line 331, in __new__
    return reprunicode.__new__(cls, data)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 26: ordinal not in range(128)
</module>

The cause of this issue was a bit unexcected: A string in the release notes of a version I had already released about a year ago. So what changed? Probably the Python version but also most definitely the version of docutils I had installed in order to preview the release notes before every release.

So I started downgrading from 0.8.1 all the way to 0.5.x to finally make the check command not die on me anymore.

There is also an issue in Python's issue tracker which has a patch attached (and committed) that solves this issue. So if you don't want to downgrade docutils in your virtualenv, this is probably the way to go :-)

"When setup.py check fails" was written by Horst Gutmann and is licensed for reuse under Creative Commons Attribution-Share Alike 3.0 Austria License.

I have posted a topic on phpbb.com letting folks know I’m not going to renew my phpBB3 MODs-related domains. If you’re interested, hop on over to phpbb.com and send me a PM to let me know.

First come, first served.

Way back in 2009 phpbb.com was hacked via an exposure in the phplist mailing list software. (Just to be very clear, there was no exploit found in the phpBB code used to run the site, only this supplementary program used to run the email notification system.) One of the results of the hack of phpbb.com was that several thousand user passwords were exposed and posted on the Internet. They were exposed, frankly, because they were too simple, and that’s not phpBB’s fault.

Pet Names Don’t Make Good Passwords

People often struggle with remembering passwords. Yes, there are programs that can help you with that, but are they really that much more secure than writing things down on a piece of paper? Here’s one take from one of my favorite web comic authors:

The bottom line is that a password is supposed to protect an account from unauthorized access. It’s not supposed to prevent authorized access, but for infrequently used resources it can do that as well.

Password Storage

One indicator of concern to me is whether a web site can send you your existing password when you forget it. That means they’re likely using an encryption process rather than a hashing algorithm to store passwords. And that means anyone with access to the decryption key can read every password in the system. phpBB2 uses a hashing algorithm which means as a board owner / administrator I can safely say to any of my users that I cannot tell them what their password is. I can assign them a new one, and of course there is a self-service option available to phpBB2 users that will do just that, but I cannot tell them what their existing password is. In a default phpBB2 installation a user password is hashed and stored as a 32 character string. Similar passwords will generate very dissimilar hash strings, so there is no way for someone to easily guess what a password might be simply based on the results of the hash. For example, here are a few similar input values and the resulting MD5 hash outputs:

test     098f6bcd4621d373cade4e832627b4f6
Test     0cbc6611f5540bd0809a388dc95a615b
tset     751ec45015a704a39dc403001c963e97
test1    5a105e8b9d40e1329780d62ea2265d8a

Despite the similarity of the input values they all have very different hash values. That means that similar hash values are going to have very different input values as well. Also, because a hash is generated by a one-way function there is no way to recreate the input value based on the hash. (There are some cases where two different input values could generate the same output hash; that’s allowed.)

If that’s the case, then how can I tell if a user has entered the correct password when they log in? It’s actually really simple. When a user logs in, phpBB takes the password provided on the form, hashes it, and then compares the resulting hash value to the hash stored in the database. As long as the input values are the same (entering “test” as my password will always generate 098f6bcd4621d373cade4e832627b4f6 as the hash value) then the password matches and the user is logged in.

How, then, were hackers able to decipher the passwords stored in the phpBB.com database if there is no way to reverse a hash process? They didn’t. Instead they used a lookup table (also called a rainbow table) to match up known hash values with their source value. Imagine taking a dictionary and running every word in it through the hashing process. When you’re done, you have a list of hashes and their source. By matching password hash values against the list of known entries the hackers were able to figure out what a number of phpBB.com user passwords were.

To help defeat this sort of process, phpBB3 now uses a salted hash which provides even more security. I imagine someone has back-ported this to phpBB2 as a MOD but I have not had time to look for one yet. But the fact is if a secure password is used (a combination of words and numbers, or as the cartoon above suggests several words run together) the odds of the password appearing in a rainbow table are extremely slim, and even the simple hashing algorithm used in phpBB2 is essentially safe. Even changing the case of one letter helps, as shown in these two hash examples from earlier:

test     098f6bcd4621d373cade4e832627b4f6
Test     0cbc6611f5540bd0809a388dc95a615b

Changing the “t” to a “T” changes the hash. It might be even better to change something other than the first letter, for example changing the “e” to an “E” as in tEst. That’s a very easy word to remember and it’s not likely to show up on any rainbow table, unless a hacker wants to run every possible combination of upper and lower case letters for every possible dictionary word. Ultimately it would be better to use a combination of letters (mixed case), numbers, and even symbols where allowed.

So how important is it that phpBB3 uses a salted algorithm for passwords? If people were smart about what passwords they use then it really would not matter so much. But as shown in some of the related links at the end of this post, people are not very smart about the passwords they pick. In that case, the salting process is quite beneficial.

Social Engineering

Which brings me to my final issue for this post: people can be fond of certain passwords and often use (reuse) them on more than one site. If you use the same password for a phpBB board that you use for your banking system, then change it. Change it now. For one thing, most phpBB board owners do not use a secure protocol (such as HTTPS rather than HTTP) for their sites. That means the password is exposed during the transmission of the form data. Ultimately no matter how a password is stored or how complex the password might be, if people can be tricked into giving up their passwords by phishing emails, web site plugins, and other techniques, that’s a problem. If a hacker manages to grab the password for one site, they may then be able to use it on other sites. I have made a practice of using a unique password on every service I sign up for in order to prevent this for a very long time. But once again, xkcd.com says it better:

Related Links

• phpBB Password Analysis
• 500 Worst Passwords

Animations from an installation at L'Eclaireur in Paris.

L'Eclaireur Sévigné has a unique installation with 147 screens dotted around like picture frames. Early in 2011 I was commissioned to create some original videos for the space, which have been playing for the last six months.

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34656266?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34656394?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34657460?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34657542?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34657573?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34657651?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34657710?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34658252?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34658271?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34658286?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34659879?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

<iframe allowfullscreen="1" frameborder="0" height="329" mozallowfullscreen="1" src="http://player.vimeo.com/video/34659899?portrait=0&amp;loop=1" webkitallowfullscreen="1" width="585"></iframe>

I really like Google+. It is kind of the perfect mix of Twitter's new-like streams and Facebook's user management. That and much more managable discussions than on Twitter. I hope I'm not the only one who has sometimes a problem keeping up with what discussion a certain @reply was now part of.

The killer feature: volume control

The last new feature that heaved Google+ over Twitter for me was the addition of the Circle Stream Volume control introduced just a couple of days before XMAS. This way my main stream has become usable again while before it I mostly moved from circle to circle and stayed as far away from the main stream as possible due to information overload.

Right now I have more or less the following main circles:

• Family (mostly vacant right now but I'm working on that)
• Friends
• Following
• Django
• Brands
• Company

Friends and Family are tuned all the way up while Following and Brands end up not being included in my main stream at all. Django and Company are kind of in the middle ground because news from friends are simply more important than news about Django. This way I can finally use the main stream once again for what is important while keeping the rest of interesting stuff only at max. one click away :-)

The conference use-case

During conferences my priorities shift a little bit. There I first of all want to know what's happening around the conference; something that Twitter and its hashtags excel in right now. Finding nice restaurants to relax after a long conference day is just so easy if you "follow" the conference hashtag.

Here Google+'s search subscription comes in which basically allows you to bookmark a search-term (and/or hashtag) and the search result is auto-updated if you keep the page open (similar to Twitter's search but a bit more automatic. Think of a Twitter-wall).

So basically this use-case would be covered if people would just use Google+ more during conferences ;-) #GDDDE in Berlin this year was a nice start, though which discussions about presentations more or less happening in real-time there.

Topic streams

But what if you could combine search-subscriptions and circles? As you've seen up there one of my main circles is for people being involved with the web framework "Django". Now, naturally, all these people do not only write about Django all day but also about other things that are important in their lives. While definitely interesting I'm mostly following them because their role in the Django community. For the personal stuff I have the "Friends" circle (these two circles are not mutually exclusive ;-)).

What I'd really love to see is a way to search only within a circle, similar to how you can search within a single domain on Google. Something like: "django circle:Django"

Circle operations

Another but only minor issue for me is that there is no easy way to share something only a withset of people. Think about sharing something with people who help you organize a birthday party for a friends. You can't really share it with "Friends" simply because the person whose birthday part you're organizing is probably also in that circle. Or if I wanted to share something with all the Django developers who are Friends, I'd have to pick them name by name. SET OPERATIONS, PLEASE! :-)

Like "+Friends -Peter" and "+Django AND +Friends".

User Content Policy

Something you can't really get around writing about Google+ is their enormous support for the photo community. People like Thomas Hawk and Trey Ratcliff are probably the best advertising Google can get for their social network. With Brian Rose Google+ even has its own community manager for the photography sub-community.

On the other end of the spectrum you have #10 of the User Content and Conduct Policy:

10. Sexually Explicit Material

Do not distribute content that contains nudity, graphic sex acts, or sexually explicit material. Do not drive traffic to commercial pornography sites.
Your Profile Picture cannot include mature or offensive content. For example, do not use a photo that is a close-up of a person’s buttocks or cleavage.

I totally understand that Google+ is owned by a company that has a reputation to uphold, but #10 is far to restrictive. Sure, it bans porn, but it also bans any kind of nuditiy which is far to broad a term esp. when it comes to photography. In this regard I think 500px's approach with the NSFW flag is far more appropriate where you basically have a setting in your profile that either hides or shows nudity. Google+ also has the advantage of providing a way to share content explicitly with certain groups so they won't end up being public.

If you've read the quote above, you've probably also read the last 2 sentences which handle profile picture, something MG Siegler hit a couple of days ago when his profile picture was removed. I guess using that finger in a profile picture kind of violates the whole "mature" part in #10. Wether or not doing that as a rather public figure in a public profile is a different story, though.

Pages

On the other hand and compared to other folks and the topic above I'm far less skeptical when it comes to the so-called "Brand Pages". When Google+ first launched, there was absolutely no support for companies to promote their content. In fact, every G+ profile had to be associated with a real person. When brand pages finally launched more than a month ago, some people felt quite disappointed. There was not a lot of bling and even less features. Brand pages, once again, could only be associated with a single G+ account which caused some really funny situations.

Back then I immediately created a brand page for our local Python usergroup in Graz which I by now use over Twitter for sharing news and informations with the community. And since mid-December we can also finally have more than one account with write and management access to it :D Right now I'm still the only manager of that page but I hope this will change with our first virtual meetup next week :D I'm personally really curious how the hangouts feature of Google+ will work out for something like a community meetup. There are some rumors that Google is working on allowing more than 10 people to join a hangout as visitors but sadly this didn't made it live in time.

The API

During the #gddde in Berlin this November I attended a presentation by Chris Chabot about what Google has planned for the Google+ API and why it has been rolled out so cautiously. It certainly makes sense to first offer access to the content this is already publically available anyway and then slowly add more features. I also kind of doubt that the lack of an official read/write API has hurt the network so far. The mobile apps right now are quite usable and for site-integrations the public part is a good first step.

That said, I'd be surprised if Google+ was still without a write-API in a year. An iPad client would be nice, too ;-)

OK, and now I'm off to enjoy the awesome Google+ integration of my Galaxy Nexus in the finally snowy Klagenfurt!

"Google+ and me" was written by Horst Gutmann and is licensed for reuse under Creative Commons Attribution-Share Alike 3.0 Austria License.

<object height="526" width="935"> <param name="allowfullscreen" value="true"/> <param name="allowscriptaccess" value="always"/> <param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=33854896&amp;server=vimeo.com&amp;show_title=0&amp;show_byline=0&amp;show_portrait=0&amp;color=00adef&amp;fullscreen=1"/><embed allowfullscreen="true" allowscriptaccess="always" height="526" src="http://vimeo.com/moogaloop.swf?clip_id=33854896&amp;server=vimeo.com&amp;show_title=0&amp;show_byline=0&amp;show_portrait=0&amp;color=00adef&amp;fullscreen=1" type="application/x-shockwave-flash" width="935"></embed> </object>

A journey into a Fabergé inspired world.

Music: Tinkle by J. Saunders.

I’ve seen several phpBB boards over the years that swap out the regular graphic objects for holiday objects at certain times of the year. At phpbb.com they have previously done this for Halloween as well as the year-end holidays. I’ve done the same thing for my biggest board “BOB” by replacing the regular logo:

with one of several holiday logos:

And of course this:

During the American Thanksgiving week we used this:

Over at the phpBB2 Refugees site we’ve swapped our normal refugee tent for one with a more holiday feel for the last several weeks:

Right now this is a manual process, which means I have to remember to edit the php code to invoke the new logo (or alternately use ftp to upload a replacement logo with the same name over the current one). Manual process? for Dave?

I’m setting up a database table with dates and alternate logo names, and will set up a cron job that every night at midnight checks to see if holiday logos are needed for the following day or not. On BOB we rotate among several logos, so there could be more than one logo at any given time. The logo information is then written to a cache file where it will be used for the following 24 hours.

Easy as pie.

Holiday pie.

I read this morning a topic in the MOD Authors forum at phpbb.com where the topic poster was trying to figure out a way to encrypt / decrypt private message text. The technical challenge was easily overcome, as someone posted some code that allows the board owner to do exactly that.

The problem is, it accomplishes nothing.

Private messages are often a hot topic for board owners, probably because of the privacy implications of the name “private” message. As most board owners probably know, private messages are not truly private. Anyone with database access can read the private message text. Anyone with access to a backup SQL dump can do the same. But who has this type of access, and what can be done to prevent it?

Board Owner Access

In many cases, only one person owns and manages a web site that includes a phpBB board. In this case, that person is likely to have the administrator passwords for the phpBB board, the SQL database password, and ftp or even shell access to the server itself. Even if that person does not start out knowing the SQL database password, they can get it easily enough by downloading the config.php file and getting it from there. Now suppose that private messages are encrypted as suggested in the topic listed above. Is the data safe?

No, I’m afraid not. The data in the database is encrypted, but by definition the information has to be able to be unscrambled for the PM recipient to be able to see it. All the board owner has to do is download the php code to obtain the encryption key and then use it to decrypt the data. It turns out it’s not the fact that the data is encrypted or not, because the board owner has access to the data and the tools required to decrypt it. The board owner can still read private messages, it just takes longer.

Encryption Versus Hashing

Passwords are hashed, not encrypted. This means that even though the board owner can see what the hash string is in the field in the database, there is no way to de-hash the data. By definition a hashing algorithm is one-way. But if the private message text is hashed, then there would be no way to get the original text back! That’s why as a board owner I can change a password to something new, but I cannot tell you what your original password was.

The point is, hashing is secure. My password is relatively safe. Encryption by definition has to be reversible, and there is really no way to eliminate all avenues of accessing that information as long as access to the raw data is possible.

It’s About Trust Not Technology

Even in a more complex environment where there is more than one person with access to and permissions to manage a web site there is only so much that can be done to compartmentalize the issue. Someone, at least one person, is going to have access to the server. Even if it takes two or more people (one to get into the database, the other to decrypt the data) private messages are still not so private.

It all comes down to trust. If I don’t want someone to read what I wrote, I don’t write it down. I have to trust that a board administrator is not going to go about reading private messages, or that they’re not going to edit my post to make it look like I’m saying something that I didn’t, or that they’re not going to install a key-logger that captures my password as it’s entered on the login screen, or that they’re not going to try to … well, it goes on from there. Adding encryption to private messages doesn’t fix the issue.

And here’s one more loophole. I mentioned above that password information is hashed and therefore I cannot log in as “you” because I cannot determine your password. But I can do this:

• Log in to the SQL database and retrieve the hash for my password
• Also retrieve the hash for your password and save it
• Update your account so that your hash value is equal to mine. No I “know” your password because it’s the same as mine.
• I log in and do whatever I want to do as “you” because I have effectively stolen your identity
• When done, I reset your password hash back to the original value so you can log in again, and you have no idea that anything has happened

Not very nice, but certainly possible. You just have to trust me not to do these things.

It’s for this and other reasons I have removed the PM feature from the boards that I manage. By removing the illusion of privacy implied by the name “private message” I don’t have to deal with this.

• Yes. Thank you Burnley. Fantastic result. #twitterclarets #
• 4 minutes? Where has that come from? Come on Burnley! #twitterclarets #
• Fucking referees. #twitterclarets #
• I'm having kittens here. Please hold on Burnley. Please. #twitterclarets #
• @mikeparsons11 2-1 up at West Ham #
• Have literally just danced around the house #twitterclarets #
• Come on Burnley. We can do this. Come on! #twitterclarets #
• Clarets Player just gone off here! #twitterclarets #
• Come on Burnley! #twitterclarets #
• Bloody hell. Disappointed with that after doing so well first half to defend. #twitterclarets #
• @dazbentleybfc show him what proper highlights are, send him a link to Clarets Player #twitterclarets #
• Bloody hell Yakubu, don't you know Agent Kean is on a mission? #twitterclarets #
• Happy with that. Keep 'em out and get a cheeky winner? #twitterclarets #
• 0-0 at HT please Burnley #twitterclarets #
• Come on Burnley, defend for your lives #twitterclarets #
• Anybody else apart from me and @adamzander not got Clarets Player commentary? #twitterclarets #
• @dazbentleybfc RT @MarkTheDaemon: What time is Clarets Player kicking off today? All quiet at the moment from where I am? #twitterclarets #
• What time is Clarets Player kicking off today? All quiet at the moment from where I am? #twitterclarets #
• Come on Burnley, couple of quid on at 5/1 for us to win today. I can feel it. #twitterclarets #
• Fair old road trip for #Euro2012 this http://t.co/xSAhuQ3P #
• @SkyBet surprised the odds are that short to be honest… #Euro2012 #
• Back to Eurovision! #Euro2012 #
• We can work with that, life is okay #Euro2012 #
• Group D please #Euro2012 #
• Group of absolute death that #Euro2012 #
• Fuck. Group 4 please. #Euro2012 #
• We do not want Group B #Euro2012 #
• Once more with feeling for the technical explanation anyone? #Euro2012 #
• Nice touch by UEFA that, well done #Euro2012 #
• 'enjoyable and forgettable championship' sounds about right #Euro2012 #
• @HayleyMcQueen might not be finished by 7pm if they keep going like this! #Euro2012 #
• @dazbentleybfc it's so bad it's good. Eurovision 6 months early #Euro2012 #
• This is comedy gold. #Euro2012 #
• This is painful. X Factor is tomorrow night… #Euro2012 #
• @bodenknights @jackcork1 BBC2 as well, Jonathan Pearce is doing a good Wogan Eurovision impression #
• 80p for a beer? Let's go. #Euro2012 #
• Pearce is commentating over this thinking 'bollocks, bollocks, bollocks' #Euro2012 #
• Get on with the draw, none of this FIFA warmup bollocks #Euro2012 #
• @jessyka19 I haven't even got an advent calendar… x #
• http://t.co/07RvTDgK great news for Sunderland if true, O'Neill is a quality manager #
• This basically sums up my views on Clarksongate http://t.co/pQkWThCf #
• £36 a ticket? Robbing bastards. #lufc #twitterclarets #
• @cstanworth86 @AgentKean classic, which CM poster has dreamed that up? #twitterclarets #
• Good to see @OrangeHelpers getting rightly blasted for changing the rules of the game half way through people's contracts. Shame on you. #
• Ipswich like a pub side? Insult to a lot of pub sides that, looks like some abject defending for the goals on SSN #twitterclarets #
• Bit of a tash going for #movember can't wait to get rid of it though http://t.co/E99Hiopk #
• Check this video out — Clarets Player – Bringing the boys to you_Nov 2011.mov http://t.co/qCXXBoDL via @youtube #
• Crap effort by @OrangeHelpers increasing the prices on PAYM contracts when you signed up for one amount. Glad my 2 years is nearly up. #
• http://t.co/SDAw6lU1 Joking aren't you @OrangeHelpers ? I'll be taking my business elsewhere when my contract runs out in a month or so. #
• @Natalie_Bromley stick the heating on! Us poor students can't afford to #
• Fuck off BBC, showing Southampton and West Ham's goals but not ours. Do your job and have a midweek highlights show. #twitterclarets #
• @jessyka19 lol, let me know when you're next in town and we'll have a mini tweetup x #
• @jessyka19 yeh I was, we were near the front on the dancefloor when he was on, then on the seats on the left by the bar, where were you? X #
• @jessyka19 lol, I was pretty pissed last night to be fair. Monday night at Tramps does it to you x #
• Agent Kean doing a star performance. Looking forward to his next game I'm sure. #twitterclarets #
• @jessyka19 bit pissed up last night were you? #
• We want 5. #twitterclarets #
• Super super super super stuff Burnley. Fantastic. #twitterclarets #
• Oh @dazbentleybfc don't jinx our clean sheet aspirations! #twitterclarets #
• Super stuff Burnley, keep it up #twitterclarets #
• Sounds like it's blowing a gale in Burnley tonight #twitterclarets #
• Jay/Burnley First Goal Wincast at 7/1. Come on Burnley! #twitterclarets #
• Waking up with Andre… scary RT @dazbentleybfc: A little Freeview video treat from Clarets Player
  http://t.co/xo2HP3uY #twitterclarets #
• @Drudgey sorry, didn't mean to have a go at you earlier, just whoever posted it on YouTube I don't agree with. Hope you're okay x #
• Budweiser is horrible. Even worse when it's at room temp… Eugh. #
• @Drudgey have a good time, we've got another one of the Z Factor rejects coming tonight to sing 2 songs at about 01.45 tomorrow morning #
• Hate to disappoint but RT @TurfmoorJo: @MarkTheDaemon – I love Norad.. Me & my 23 year old son stay up tracking him x-mass Eve.. Excited! #
• @Drudgey same, especially after seeing him on Football Focus Saturday morning. Was completely fine and totally happy, no idea what changed #
• Darts then a cheeky night out? Sounds like a plan to me. #
• @Drudgey just can't see why someone would go "I know, I'll post this on YT" after seeing a man clearly distraught and in bits on the telly? #
• @Drudgey heartbreaking enough for someone to post it on YT? Sure the lad is able to grieve in private, dont agree with it being uploaded imo #
• Incredibly moving 606 tonight, @RobbieSavage8 was in tears at the end. #RIPGarySpeed #
• Balotelli you utter twat. Spoiling my fantasy team by being a total knob. #
• @MaryLNaylor should relight automatically, if it isn't there might be an ignition button – check to see if there is power + gas going to it #
• Shocked. #RIPGarySpeed #

• Install imageMagick
  
• Run this command
  

  Code:

  mogrify -format png *.tif

  
  

• Stunned. We actually won. #twitterclarets #
• Just seen the second goal on SSN again – who the hell was supposed to be tracking the runner? #twitterclarets #
• What a shite game of football that was. Give up with Burnley sometimes. #twitterclarets #
• Not at all convinced about tonight, could be a miserable night in Birmingham. Hope not though #twitterclarets #fb #
• Kean has actually signed a new contract? Confirmed? Fantastic news if true, he's the man for the job #
• @jessyka19 snob! Don't you remember being at uni and not having any money? Iceland is cheap x #

Last weekend I had once again the chance to participate in a Google Developer Day event. While last year's event took place in Munich and had about 1000 attendees, this year's was twice as big with more than 2000 guests. Organized by the local GTUG and Google the event was a great opportunity to learn about new tools provided by Google but also to get a chance to chat face to face with the people behind them.

This year's GDDDE had roughly 5 thematic tracks: Android, Chrome & HTML5, Cloud, Google+ as well as a track dedicated to sessions by two universities in Berlin and Brandenburg. Given that I still don't have an Android device (although they are getting more and more tempting with ICS) I only attended the Chrome, Cloud and Google+ tracks.

To be specific, I attended following talks:

• "Making Your Web Apps Accessible Using HTML5 and ChromeVox" by Mark West (more on that later)
• "Using the Google+ APIs" where +Chris Chabot gave a quick rundown of Google's strategy regarding providing APIs to Google+ step by step
• "Building Integrated Applications on Google's Cloud Technologies" by +Michael Manoochehri mostly about the prediction API in GAE
• "Privacy-related APIs for Google Chrome Extensions" by +Dominic Battre, +Bernhard Bauer and +Pam G where they gave an introduction of some of the extension APIs (like proxy and content settings) currently in the pipeline for Chrome
• "V8 Performance Tuning Tricks" by +Daniel Clifford
• and last but not least "DevTools Tips and Tricks" by +Ido Green

Mariusz Kaczmarek made a nice collection of the slides where available on Google+.

I also wanted to learn more about how Google plans to integrate Go into GAE but, sadly, that talk was cancelled - which was ironically also one of my highlights of the event due to how it was cancelled, which I wrote about on Google+:

Google is looking for their speaker on "Go on App Engine" at #GDDDE. I have to admit, getting stuck at these nice buffets all over the building is pretty easy :-)

Update: LOL, speaker is in Australia right now :D

All the talks were great: well prepared, interesting and highly entertaining. If I had to choose one of these I'd probably go with the very first one about accessibility features for the best talk of the day. It was just great seeing +Mark West explain accessibility issues in the markup right via ChromeVox.

Once again an awesome event which once again killed my todo list (not that it has even remotely recovered since the last conference) :-) A big "thank you" to all the organizers and everyone who made this nice weekend possible :-)

Python Usergroup Berlin

On Thursay before the GDD there was also a meetup of the Python Usergroup Berlin (PUB) where Wesley Chun from Google gave a couple of talks about various topics from things like writing books with OSS to "Python in the Medical Industry". A big thank you to the folks behind this usergroup to organize the meetup.

Sight Seeing

Since I had a bit of time before these two events I also went for a little sight seeing tour through Berlin. Sadly the weather didn't really play nice so the light wasn't really helping when taking some pictures. If you still want to see them, you can find them here :-)

"Google Developer Day 2011 in Berlin" was written by Horst Gutmann and is licensed for reuse under Creative Commons Attribution-Share Alike 3.0 Austria License.

• Bloody Marriner making a name for himself and giving bastards a pen in the last minute. Typical. #
• Anything we can do, bastards can do better? 3-2. Agent Kean strikes again! #twitterclarets #
• @TurfmoorJo Jay #
• @dazbentleybfc do we know if it is the same shoulder as before Daz? #twitterclarets #
• Bastards managed to lose their lead already, that's cheered me up slightly #
• And now bastards are winning. Can this day get any worse? #
• Genuinely fucked off with that last 25 minutes. Crap. #twitterclarets #
• Fucking sloppy, useless, wank defending has cost us yet again. #twitterclarets #
• Very nearly just put my fist through the kitchen worktop. #twitterclarets #
• Penalty all day long. But Grant should have been sent off first half so just about evens? #twitterclarets #
• Grant just handled outside of his area clear as day… #twitterclarets #
• BBC just confirmed a dislocated shoulder for Austin. Terrible news. #twitterclarets #
• Is that the same shoulder as he dislocated before? Looks a serious injury, poor lad was in tears #twitterclarets #
• Out of the loop, what is going on with Paul Fletcher? #twitterclarets #
• Absolute classic, one for the #twitterclarets — Steve Kean is… An Idiot Aboard http://t.co/3MFueSuP via @youtube #
• Little bit of Sit & Go before bed I think #
• Covered a housemates door in tin foil so he can't get in or out. Standard. #
• Sepp, you're a massive twat. Of course there is racism in football, just because the vast majority of it doesn't get reported… #
• Pre drinking with the #crcsocial #
• @Grimdog5 welcome to twitter! #
• Finally in the money in this tourney, been a two hour slog though #
• What happened to iOS5 delta updates? Another ~700MiB download for the iPad 2 iOS 5.0.1update… #
• @jessyka19 camp bed? Is there anything else worse in the world? Even less sleep than usual for you tonight x #
• Came very second in the darts tonight… #

• I am so pissed off right now it's incredible. #
• Love The Jury on ITV1, hate the ad breaks… #
• Tempted to play a bit of late night poker before bed #
• @JamboTheJourno sure you've paid the bill? #
• @jessyka19 flat pack doesn't respond well to the hammer technique x #
• 3-1. Against Bristol City. Really? #twitterclarets #
• Finished. Home time. #

One of the biggest complaints I’ve had with running my boards on phpBB2 is that the javascript used for BBCode and smilies insertion during the posting process offers poor (if any) support for modern browsers. Rather than reinvent the wheel, I spent some time to port parts of the subSilver2 template from phpBB3 back to phpBB2. While testing is not completely done, it seems to have been a success. I copied editor.js straight out; I don’t think I made any changes to that file but I will go back and verify that before I post a MOD. There were some minor changes made to posting_body.tpl and posting_smilies.tpl to call the new functions. For example in phpBB2 to insert a smilie we called the emoticon() function and now it’s calling insert_text() just like the BBCode insertion process.

I used the same function to update my canned messages MOD as well.

Oh, and I updated the color picker just a bit. The original color picker used values of 00, 40, 80, and two more to create an array of colors that was 5×5x5. I changed it to the old “Netscape Safe” color palette and used 00, 33, 66, 99, CC, and FF and created a 6×6x6 grid instead.

I have the new posting form activated on two different boards for the moment. As long as I don’t find too many issues I will write it up as a MOD.

• I'm at Lyberry (Portsmouth) http://t.co/fxUjerXN #
• Sending out a search party for my drink…. #
• @jessyka19 let me know when you're in town, there's a pretty good chance I'll be out at the same time! x #
• @jessyka19 you tearing Worcester up tonight then? x #
• I'm at Yates (Portsmouth) http://t.co/g0Dnfn1w #
• @MaryLNaylor sausage x #
• Cheeky night out in Portsmouth seeing as I'm in the area? Don't mind if I do, let the good times roll #
• @jessyka19 Worcester ftw x #
• @OptaJoe can't claim that as Rooney's goal, surely? Is there a CL dubious goals committee? #
• Final tweet of the night should go to @billysharp10 the ultimate professional. Thoughts to you and your family at this difficult time. #
• Bloody nippy out there tonight, winter certainly on its way #
• ALL ABOARD THE GENK BUS! #
• So which Burnley have turned up tonight? #twitterclarets #
• @Drudgey yes, gimme money please http://t.co/L9q8PUY6 x #
• Two desperately poor products as well, regardless of pitching ability/skills #apprentice #
• Just watched Young Appentice, two words. Pretty poor. Very ordinary candidates all round, nobody stood out as impressive in the least #
• @Josh_Hodkinson don't say that, we need him to last until at least the new year, if not after for the mission to be a success #
• @FlandersClaret you should have a DM #
• @FlandersClaret can't seem to drop you a DM, if you follow me I'll send you my address, cheers #
• @FlandersClaret not at he moment, keep meaning to join up though #twitterclarets #
• Knackered, good to be back in me bed at home. #
• @Drudgey '10 crouches and 2 keepers wouldn't have kept it out' according to sky. Told you it was your loss missing a quality game x #
• @Drudgey where is the burnley match report eh? we won 3-1, should be extended highlights on FL show tonight x #

As I was working through some code last night I found another “in progress” MOD that I wanted to add to the list of MODs in progress that I published yesterday. Over the years I’ve seen cases where someone from the other side of the planet has a dicey Internet connection and they end up submitting the same post twice because their browser submit times out. Or someone might post the same question in more than one forum, thinking that they’ll get more attention. Or a spammer might hit multiple forums with the same post multiple times.

I think I’ve managed to come up with something that definitely helps solve the first two scenarios and as a bonus helps the spammer problem as well. I call this my “Cross Post / Double Post” MOD, and it’s being tested on my beta board now.

The MOD design has so far turned out to be fairly simple. I tie into the flood control process and retrieve the post text for the last three posts by the user. From there I take the current post text and compare it to the prior posts. The first check is a straight equality check, meaning I check for the exact same post text. This will catch the “copy/paste” folks with very little overhead. If the post text is not identical, then next I use a function called similar_text(). (similar text reference at php.net) This function takes three arguments. The first two are the two strings to compare, and the third is a variable to store the results of the comparison, which is a number from 0 to 100. The result code should essentially be treated as a percentage. If the two posts are 95% similar then I check to see if the original post already in the database is in the same forum as the new post being attempted. If the forums are the same, then a “Double post” exception is triggered. If the forums are different, then a “Cross post” exception is triggered instead.

The number of posts (3) and percentage of similarity (95) are both controlled via the board configuration screen, so it’s quite flexible. Setting the percentage threshold to zero (0) is the same as turning the comparison process off.

This MOD is being tested on my “beta release” board right now. The first version of the MOD did not use the similar_text() function mentioned above. I attempted to use the soundex() function instead. However it seemed that the soundex() function did not look at enough text, so posts that were clearly different were still being reported as being the same. Switching functions solved that issue.

I’m now wondering if I need to deal with setting different threshold values for different forums. I hate to do that, as it drastically increases the complexity of the code. But for example there are many forum “games” that people play in an “off topic” type of forum. Some of those games look very repetitive, and would potentially trigger the CP/DP exception handling. Then again, the current logic looks across all forums, so as long as the person is active in more areas than just the off-topic games area it might be okay. I don’t want this feature to get in the way of normal use, but I do want to help out the moderator team by capturing / rejecting double post and cross post events.

Stay tuned for details as we start user testing this week.

What has Dave been working on lately? Not blog posts, obviously. Here are the headlines…

1. Full-Text Search
   I created a full-text index on the post subject and text over a year ago to see if maintaining that index would cause any performance issues. I’m happy to say that I have not seen any challenges from inserts / updates with this index in place. I’m going to be altering the search screen to allow the full syntax offered by MySQL on this type of index and hope to release that in a few months. Some of the challenges I have not yet decided how to solve are things like limiting forums – either by security or user preference – and other criteria that can be entered on the standard search screen.
2. Capture Post Revisions
   I’ve also added some code to capture post revisions. We’ve had a couple of folks that come back to our board and edit their post, removing all of the text and leaving only something like “…” instead. This destroys the continuity of the topic, and as a result we’re going to now track post revisions by capturing the post text history. If needed a moderator will be able to review and then restore a prior post, and ultimately lock that post from further editing. As with the full text search I have done fairly extensive testing on how this is implemented in order to ensure that performance does not suffer, and I’ll have a few blog posts about that process. This MOD is completed and I expect to roll it out onto the main board in a few weeks. (FWIW, I first talked about this post several years ago, and am just now finally getting it completed.)
3. Moderator Posts
   I’ve added a new field to the post table that allows a moderator to designate whether it’s a moderator post or a user post. For example, moderators can certainly participate in a normal board conversation as a regular person. But they may also add posts in their role as a moderator. This new feature will format those posts differently so they stand out, will automatically remove the “personal” aspects of a post such as signatures, and does not increment a moderator post count for this type of post. It is intended to be a way for moderators to be able to separate out their moderator posts from their board participation posts. This MOD is also completed and expected to be released shortly.
4. Including External Content
   I’ve added some cron jobs that parse RSS feeds from several blogs owned by board members. Their blog posts are automatically set up as part of their signature (as “Latest Blog Posts”) and updated once an hour. For bloggers that our community wants to recognize, this is a great way for them to get additional exposure without having to manually update their signature every time they publish a new blog post. This part of the MOD is already in use on our board. Only board admins can currently enter blogger information, as we want to go through a review process and certify blogs rather than allowing just anybody to link to an external site. This was done by altering the administrator user edit form and leaving the regular user profile form alone.

   As an extension to this, I’m also pulling in the content from the blog post and storing that in a hidden forum. As the blog posts are added to the forum they are obviously added to the full-text index because they’re part of the same table. I am also adding these posts to the standard phpBB2 search tables at the same time. That way if someone searches for term “X” and that’s found in an external blog post, they’ll see a link in their search results. The blog address is stored on the topic table and a different icon is used to show the user that they’re leaving our board and heading to an external site. I have all of the main work done; the last requirement is altering search.php so that it offers the ability to include / exclude external content and then react to that setting accordingly. I hope to get this completed in the next few weeks.

5. Social Media Profile Links
   I’ve added Facebook, Twitter, and LinkedIn fields to user profiles. These are displayed along with the other profile links, using smaller 18×18 pixel logos. I’m planning on going back and redoing the other profile links to use the same form factor but that part hasn’t been done yet. Here are the images I’ve made, using logos or other material provided by each service provider.

One thing that many of these MODs have in common is my concern for performance. We’re over 750K posts now, and still running extremely well on a server that is hosting several dozen sites, although none of them as active as our big board. Every time I touch the code performance is a primary goal. Another MOD that I’ve been planning is to port the phpBB3 posting form back to phpBB2 since it does a better job of supporting modern browsers as well as proving some additional formatting features. I haven’t even started on that yet, but I think it would be good. Now that I’ve personally switched to Chrome as my standard browser I’m noticing some interesting quirks.

So that’s what I’ve been up to for the past few months.

• Great performance though, everyone must be happy with that result. UTC! #twitterclarets #
• Really bloody annoyed at not keeping a clean sheet #twitterclarets #
• Let's get a clean sheet, come on lads #twitterclarets #
• Time to go, time to go… 3-0 #twitterclarets #
• Dirty bastard, should be straight off #
• @Drudgey seriously? Your loss #justsaying #
• Wallace tells Bikey to fuck off before planting it in the top corner. Quality. #twitterclarets #
• @Drudgey you watching the Burnley game? STUNNING free kick by Wallace #
• Beautiful ball into the box, fantastic effort 1-0 #twitterclarets #
• @MBrundleF1 commentary box without a window is worth a mention! #
• Pissing it down in Burnley I see, nothing changes #
• Bloody good effort Agent Kean, you've done us proud #twitterclarets #
• YESSSSSSSS GET IN THERE NORWICH! #
• Least Preston are tanking, 3-1 now #
• Bloody hell Norwich #
• Happy days RT @Josh_Hodkinson: Another unhappy day for Judas haha. #
• Oh Owen, how you've let yourself go. Conceding pens now. #
• Fucking bastards, come on Norwich, sort yourselves out #twitterclarets #
• Unbelievable Jeff! #
• Fantastic. Just fantastic. Arsenal 5-3 Chelsea #
• Best game I've seen for quite a while #
• 3-3. Time for a winner? #
• Gary Neville is genuinely pissed off at the qualify of defending in this game. Love it. 2-2. #
• @Fletchian66 and then when he does score, it's offside. Can't win can you? #
• How many great chances have gone amiss in this game already? #
• Even more annoyed we didn't win on Tuesday now, would have had bastards at home #twitterclarets #
• @Drudgey early kick off isn't it? Anybody would think it was a derby. Still, the United 'fans' have a long drive home south I suppose #
• @jessyka19 lol, where are you working? X #
• Second string City side tearing Wolves apart here #CarlingCup #
• Hate football at times. #twitterclarets #
• Deliberate typo? http://t.co/hX1Deyt6 #
• Is it time to be depressed yet? #twitterclarets #
• Loftus Road? That was Chelsea, who is this prat they've got presenting tonight? Bring back Jeff. #
• Would love Aldershot to go 1-0 up tonight #
• @Drudgey you know what I mean! Christ, never happy unless you're ripping me to shreds are you? #
• @Drudgey it was meant in a "she's that loyal and will still be supporting them when she's 80" way, and you know it #
• BBC – Paul Fletcher: From Clapton to Manchester United http://t.co/LENTHsqi #
• @Drudgey You in 50 years time http://t.co/gMn0A4Qi in a red shirt obviously #
• Any #twitterclarets going to Cardiff tonight? #
• He's a comic genius – Mario Balotelli becomes Manchester's ambassador for fireworks safety http://t.co/ZVBQqF6w via @guardian #
• Can't wait for Football Weekly after the United scoreline yesterday #
• @Football_Agent9 550/1 according to @SkyBet #
• Haha this is quality. United must be sick as pigs #
• United outclassed today #
• @jessyka19 post em on twitter? #
• Christ, it's been an awful week in motorsport generally. Can't believe the news about Simoncelli #
• I expect Clarets Mad are predicting a top two finish for us now? #twitterclarets #

• Been up for 27 hours. Knackered. Going to bed. #
• Wolves v Swansea… Could I be less excited about that fixture. Going for under 2.5 goals in that game #
• Always the hardest part of the night is the 01:00-05:00 bit of the shift, even with two Red Bulls and a Tesco sandwich to keep you going #
• @jessyka19 you aren't supposed to scare the customers you know #
• @Natalie_Bromley don't leave us hanging, what was intriguing about him? #
• Pleased to have won the #twitterclarets #capcomp last night, good start to Friday morning #
• He had that catch as well, bloody England #IndvEng #
• @Paul__Fletcher Burnley were one of them according to @dazbentleybfc #twitterclarets #
• Hope we voted against… RT @OliverKayTimes: Only 46 of the 72 Football League clubs voted in favour of EPPP according to @MirrorFootball #
• Dart board up, got to get some practice in now… http://t.co/6pEwhlVF #
• @dazbentleybfc Charlie advises Chris to think about certain posters on message boards when throwing for motivation #capcomp #twitterclarets #
• Having a quick browse of Clarets Mad… Terrible idea. 114 posts on the 'Howe out' thread says it all… #twitterclarets #
• Bloody freezing this morning, need to stick the heating on I think. Very un student thing to do. #
• Massively pissed off with Burnley at the moment #twitterclarets #
• Burnley not turned up again? #twitterclarets #
• Loving Twitter on the iPad, big keyboard makes all the difference compared to the iPhone #
• @kyle_eaton19 iPad only arrived this morning #
• iOS 5 upgrade taking _ages_ #
• England back on form in the cricket I see #
• @Drudgey Something to interest you perhaps? http://t.co/tMAEQEGr #
• Fantastic news RT @dazbentleybfc: BREAKING: Jimmy McIlroy to become next Burnley FC President
  http://t.co/BETZ4y9u #twitterclarets #
• @nickbinns he was busy with a camera last night as well, 200 photos #
• Wow Facebook, what's with all the bloody emails? http://t.co/3IDO9pur #fb #
• Chicken Farmers, bottom of the table. Happy days, I'll sleep sound tonight #twitterclarets #

• Fantasy team this week has been a complete disaster as well. Going to have to get completely pissed tonight to forget about it all #
• @MaryLNaylor ah well, how was the game apart from that? I thought we'd turned a corner with that decent effort against Saints and Forest #
• Shouldn't laugh like but this is the best explanation I've had RT @MaryLNaylor: @MarkTheDaemon because grant nearly killed a bloke #
• And, why were we playing 10 fucking minutes of added time? #twitterclarets #
• @adamzander me@markbarnes.org will do #
• Glad I didn't travel to go and watch today's game if I'm honest #twitterclarets #
• @adamzander can you drop me an email with the details, can't find the fb message you sent #
• Scrappy as fuck, get Rooney on #
• Crap first half that, nearly falling asleep #
• EJ can't get a visa for Korea? #bbcf1 #
• @Drudgey what's it like legally mugging Chelsea fans in their own stadium? Don't forget to put all the takings in the till either… #
• @Drudgey big game tomorrow, what's your prediction? I'll be sat in front of my Sky+HD box watching it #
• @Drudgey You mean you only scored one? #formistemporaryclassispermanent #
• Picked up Senna on DVD at Tesco tonight, amazing documentary. #
• Love a bit of Shameless #
• Watching a Spanish masterclass on BBC2 #
• I do love the Harry / Ruth storyline in Spooks, they should run away and be happy together in the finale #fb #
• My under 2.5 isn't looking super clever for this game… #
• Hartlepool are absolute shite in this game #
• @Natalie_Bromley what are you doing working on a Sunday? Day off Brommers, it's the Lords day #
• @adamzander yeah, was on the piss last night so haven't done anything yet, will sort it out tomorrow #
• Hoping for under 2.5 goals in this game, don't let me down #
• Clarke back on the telly for Sky #twitterclarets #
• Great night out, good to be reunited with the old foresters on a night out again #

• God I love Sky+. How did we ever live without it? #fb #
• @jessyka19 moaning about people moaning? x #
• Useless useless Rooney #
• Beers in, bets on, ready for a good England performance. 80/1 for Eng 5-0 #eng #fb #
• http://t.co/wVXNMsa2 "It's a good place to like get your bus" It's a bus station you bloody idiot #goodoldpreston #twitterclarets #
• #fm2012 demo downloading now. Happy days. #
• Sky Sports – £40. Installation – free. Getting Sky Sports in the uni house – priceless. Good day. #fb #
• Mega work by the Sky lads, installed and ready to go in less than an hour #fb #
• Fucking hell, Steve Jobs is dead? #
• @GirlOnATerrace did you buy the shop as well? Thought it was impossible to spend that much in there #
• @Josh_Hodkinson @Jenni_BFC christ, serious then. Hope the lad is okay #
• @jessyka19 you have a hot tub? x #
• Anybody know what actually happened to Tom Bender at Accy? Sounds serious if the game has been abandoned #
• I can sum up the next hour of tweets with the following 'ZOMGGGG IPHONE4S!!!1!1one!!!' #
• @jamesbird result, love it when that happens #
• LOL. That is all. RT @AndyDean87: Brian Laws is the favourite for the NFFC job. That would be a truly dreadful appointment #twitterclarets #
• Pics or… Actually don't bother RT @Natalie_Bromley: Pensioners protesting outside my office in their pants. I am genuinely speechless … #
• Uni would be great if it wasn't for the lectures #tooearly #
• Morning tweeps, how is the world treating you all today? #
• Wanna go to bed #nightshift #tired #
• @TurfmoorJo probably out looking for a mad runner at 2.30 in the morning #
• And so the long night begins… #
• Martin Atkinson sounds like a walking disaster area today, will have to catch highlights when I get home #motd #

• @nickbinns not staying up for our 30 seconds on the FL show? #twitterclarets #
• Agent Kean doing fantastic work at Bastards, long may this fine run of form continue #twitterclarets #fb #
• If I had a quid for every time someone has said 'You here all night?' … #
• Still, working on a Saturday does have some benefits, like missing the latest instalment of #zfactor #
• 24 hour race meet, going to be a long night with the public. Roll on 7am #
• Cort on international duty? It's not April 1st, come on #twitterclarets #
• Good to see Martin O'Neil doing some punditry for ITV, really rate him as a manager #
• @jtindall1977 if we win like that every week I'll pay for their tickets! Great effort tonight from all the lads #twitterclarets #
• Tevez being a twat? And yet people are still surprised? Why? #
• Got home, still can't believe that result. What an amazing first half, if that's a sign of things to come it's fantastic #twitterclarets #
• Well well well. Can you believe it. 5-1. #twitterclarets #fb #
• Can't believe my eyes. 3-0 up. What's going on here? #twitterclarets #fb #
• Nothing else in the world like a Burnley home game under lights. Can't beat it. I'm going for a 2-0 win #twitterclarets #
• Worshipping at my church again. Win is due tonight, 2-0 (@ Turf Moor for Nottingham Forest vs. Burnley) http://t.co/PCJ1ZvT4 #
• @MsGaynorBoult best place to be, we don't bite you know #
• Bit cynical by the tories to get someone to cut the power at the Labour conference during the leader's speech #
• Bloody freshers flu, everyones got it #