Dan Q

Year: 2011

With The Bod

I know that there are about a million things I ought to be writing about; I’ll try to get time at the weekend. In the meantime, I thought I’d share with you this snippet from Outline, the internal newsletter of the Bodleian Libraries:

Welcome to Dan Q: a snippet from Outline, the Bodleian Libraries internal newsletter. Click to embiggen.

What does this tiny appearance on page three mean? Well; it means that the many libraries that I’ll be visiting over the next few weeks (I have a surprising number of meetings set up!) will know I’m coming, for one.

The article mentions geocaching, because the editor asked me for “something personal about me”, and it was the most family-friendly thing I could think of on the spot. I was also asked “what I did”, which I struggled with a little because, despite having been here a week, I’m still not entirely sure what it is that I do. That said, I achieved the first productive parts of my work, yesterday, helping a user with a self-inflicted (probably!) bug in the Libraries’ CMS system. Apart from that, I feel like I’ve spent most of my time running around the city meeting people and networking! Lots of new faces and names to learn!

Two things keep coming up in conversation with people, upon discovering that I’m new here:

  1. Several people have asked “What university I worked for before?” The majority of people here were either Oxford undergrads or worked at other universities: to have somebody come in from the private sector is a little… unusual, it seems.
  2. People keep telling me that I shouldn’t expect (or be expected) to achieve anything for the first six months or so. Six months! It’s taking a while to get started, certainly (I’m still finding my way around all of the systems I’m now responsible for), and I still don’t have logins on half of the computers and services that I’ll need them on, yet, but that’s just ludicrous!
The main Bodleian Libraries website; one of about 32 websites for which I now find myself responsible.

On the other hand, I’m seriously enjoying the comparatively-relaxed attitude that everybody seems to have, here. And I’ve been given a bugs-list as long as my arm that I’m sure they’ve been saving up for me to arrive, so there’s plenty to sink my teeth into even if I will have to go through half a dozen committees before I can implement any of the new features that these websites so desperately need.

× ×

Dan Q couldn’t find GC1Q1TW SideTracked – Oxford

This checkin to GC1Q1TW SideTracked - Oxford reflects a geocaching.com log entry. See more of Dan's cache logs.

It’s not been my day! With the help of the co-ordinates, the clue, and confirmation from another cacher, I’m pretty-much certain that I was in the right place, but it looks like it had been removed. Will try again another time…

Dan Q couldn’t find GC25WGX The ox-stream caching series – Osney Stream

This checkin to GC25WGX The ox-stream caching series - Osney Stream reflects a geocaching.com log entry. See more of Dan's cache logs.

Lots of muggles around which prevented me from mounting a more thorough search. My job will put me in this area from time to time, so I’m sure to mount a proper hunt sometime soon!

The Final Hours

With all of the rush and busyness of this last week, wrapping up a great number of projects, it’s been easy to forget that these are my very final days as an employee of SmartData. As I mentioned last month, I’m soon to start a new job with the Bodleian Library here in Oxford, and my time with SmartData must come to an end.

This, then, is my last day. It crept up on me. In a teleconference with my boss and with the representatives of a client, today (a regular weekly “check in” on a project I’ve been involved with for some time now), we came to the point in the call where we would set an agenda for the next meeting. It took me a moment to remember that I won’t be at the next meeting, and I had to stop myself from saying “Speak to you then!”

In accordance with tradition, we SmartData boys should knock off early this afternoon and go down to the pub to “see me off”. But, of course, I’m not with the rest of the SmartData boys – they’re back in Aberystwyth and I’m working remotely from here on Earth. Instead, I shall try to arrange to visit them – perhaps on one of the upcoming long weekends – and we can go out for our traditional “goodbye pint” then.

I shall be knocking off early today, though! There’s nothing like taking a few days off between jobs, and what I’m doing… is nothing like taking a few days off between jobs. My weekend will be spent in Lancaster at the North-West Regional Conference of Samaritans branches, representing Three Rings. Three Rings now represents the rota management interests of over half of the branches in the North-West of England (and getting-close to half around the UK and Ireland in general), so I managed to wing myself an invitation to go and show the remaining 47% what they’re missing! Then it’s back down here in time to start my new job on Monday morning!

It’s a good job that I’m of the disposition that would rather be busy than bored!

Article posted at UTC on .

1 mention

The Crack

There’s a man in the house. He carries a hammer in his toolbelt and shows the crack of his bottom over the top of his worn workwear even when he’s not crawling around on the floorboards. He’s been sent to repair a few bits of Earth, our perpetually-falling-apart house, and to quote for a handful of further improvements that he’s hoping to persuade the landlord to let him install after we’ve gone.

He repairs the wobbly floorboard in my office while I try to get on with some work. The floorboard sinks considerably when it’s walked over, and feels like it might at any moment send me plummeting down into Paul‘s room. It’ll be good to have it repaired, even if this does occur only weeks before we are due to move out.

I’m listening to a Radio 4 program about disenchantment with contemporary financial establishments and cyber-trading and the recent growth of interest in gold trading as a “safety net”. A panellist says that for the first time in recorded history, the majority of gold is held by private investors, rather than by central banks. At some point, another panellist describes the expertise required by financial traders and a post-capitalist economy as being esoteric.

The builder pulls his head out from below the floorboards and speaks. “Ee-sow-terick?” he says, “I don’t even know what that means!”

“That’s subtly ironic, then!” I reply, not sure whether or not he’s being serious.

The builder makes a grunting sound that I interpret as being a derivation on the word “Huh?”

“Something esoteric is… something known only to a few; to an elite minority, perhaps,” I begin. “Like the word itself, it turns out,” I add, after a pause.

The builder grunts again; a sound that expresses his disinterest even more thoroughly than did his last utterance. He rolls the carpet back to where it belongs, and – by way of demonstration – jumps up and down. Somehow, in the last two minutes, he’s managed to repair the fragile floorboard. I didn’t even see what he was doing: one moment there was a hole in the floor, and now… everything was fine. I’d have been no less surprised if he’d produced the Nine of Spades from behind my ear. Perhaps I was merely distracted by the radio, but I’ve got no idea how he did it.

×

Article posted at UTC on .

1 comment

Best April Fools Pranks 2011

Ah, it’s that time of year again. Here’s a quick round-up of some of my favourite pranks on the web this April Fools’ Day:

  • ThinkGeek can always be relied upon for a good April Fools’, and this year is no exception. Of their prank products, my favourite is clearly the Anti-3D glasses, which completely filter out the left channel from 3D movies, allowing you to watch them in 2D.
  • Geocachers amongst you might be pleased by the Nano Alarm container, which sounds a high-pitched alarm when a human body comes near it, making it easier to find. Actually, I’d have found it a more-amusing prank if they’d claimed it detects interference in GPS signals caused by a nearby GPS receiver.
  • An article on IPv4.5 claims that we ran out of IPv4 addresses completely this morning and, with IPv6 still far from fully-deployed, we’re having to implement IPv4.5 as an emergency measure. IPv4.5 shares IP adddresses between people at opposite sides of the globe, giving priority to those on the “day” side, so there’s a slight risk that some traffic might be mis-directed… but it’ll only be by nocturnal websurfers who are probably just on Facebook or Twitter anyway.
  • EddEgg launches The Secret of the Isle of Monkey, (a parody of The Secret of Monkey Island) and it’s fabulous: far too much work went into this little April Fools’.
  • I’ve found Gay Monopoly on BoardGameGeek, and I’m not sure if it’s a joke or not… BoardGameGeek’s already an April Fools in which they become search engine “Geekdo” (try searching for “Catan”… or any other board game… on it). The photos of Gay Monopoly look remarkably believable, but it’s hard to take anything seriously today.
  • The Pirate Bay has become The Pirat eBay, and has released a blog post claiming that they bought the rights to eBay on eBay and have since re-branded.
  • Google are well known for their April Fools’ Day pranks, and there are a good number of fantastic ones this year, but my favourite is GMail Motion, motion-sensitive controls based on body movements by which you can interact with your email. Well-worth a look.

Have a great April Fools Day! Play a prank on somebody for me. And, if you don’t want to get caught out yourself, why not install the Do Not Fool add-on for Firefox, which passes a Do-Not-Fool header to every web site you visit, requesting that the site does not display to you any prank content but only genuine pages.

Article posted at UTC on .

1 comment

World Backup Day

It’s World Backup Day, folks. That means it’s time for you to look at your data and check that you’re backing it all up to a satisfactory level.

Have a look at the computer you’re sat at. If it’s hard drive(s) broke, irrecoverably, or if it were stolen: what would you lose?

Me? I like my backups to go “offsite”, so I use online redundant storage to shunt my important stuff to (I use a personal Amazon S3 bucket and some software I’ve written for that purpose, but you don’t have to be that geeky to use online backups – just check the World Backup Day website for suggestions). If you’re not quite so paranoid as me, you  might make your backups to CDs or DVDs, or onto a pendrive. It doesn’t take long, and it’s worth it.

Backups are like insurance.

Now go celebrate World Backup Day by making some backups, or by checking that your existing backups restore correctly. You’re welcome.

Article posted at UTC on .

No comments

Passwords

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

This repost was published in hindsight, on 11 March 2019.

Fiona wrote:

I have been uneasy for a while about my passwords, but being dyslexic and a bit lazy there was not an obvious solution to make it more secure and not lock me out. The problem that I have is anything that requires memorising a string of letters numbers and symbols just does not work in my brain. I have over come this for my normal passwords by having a small number (around 5) and adding a new one every so often and losing an old one. I take two to three words that I can spell (not a very long list) and then change them with substitution of some letters for numbers. On one occasion I managed to get punctuation in there also. However, they are used in many sites, and are easily broken in to.

Following Dan’s post on passwords combined with a visit to Dan we started looking at other solutions and settled on last pass. This looked like a good option for us. I very carefully set up the account paying close attention to where it said make sure you remember your password. The first password I chose was tolerably strong, I had not used it before and it followed the proven pattern of how I remember passwords. When I typed it in to change something it would not work. Knowing that lastpass will not let me do anything if I cant remember my password I made a word doc changing each part of the password to see where I went wrong and trying it in the filed, fourth time lucky I got the password. I then realised that this was not going to work as the bit I got wrong was an inconstancy of treating one letter as a number. So I reset my password using the old copied password.

I texted myself my new password and copied it from my phone, checked that it worked with a second sign in. Then I continued to set up my sites for last pass to sign in. When Kit came home we decided it was best if I had to write out my new password as often as possible to get it in to my head, this did not work. And after 20 min of trying every combination I could think of the same way I had before I called Kit through to see if he had any ideas. In the end the only option was the delete account and start again option. So we hit show password on the screen and copied each password in to a word doc, then we shut down the account.

This morning I have set up a new last pass account, and because my dyslexia has not gone away over night I have a new stratagie. I use SuperGenPass to change a simple password in to a more complicated password and the resulting password is used to sign in to Last Pass. This might seem convoluted, but in a world where things that I can remember are so insecure that polite coughing will open them up to anyone who chooses it is one of the few options that give security and will allow me to access my own accounts.

Anyway, I have to now go and change all my passwords again as the were made insecure in the rescue mission, but this time I have confidence of it working.

Repost posted at UTC on .

No comments

Poly and the Census – Part Two

No reply yet from the Office of National Statistics after the letter I sent the other week, but I imagine that they’ve been busy, what with the census and everything. Needless to say, I’ll keep you posted.

However, in the meantime somebody’s one-upped me and has put in a Freedom of Information request, which – of course – the law mandates that they respond to. I should’a thought of that. Anyway, you can read the request here, and there’s options to follow it by RSS and/or email if you want updates.

Update (27th April 2011): Still no word in response to the FoI request.

Article posted at UTC on .

1 mention

Disapora Invites

If anybody’s interested, I’m lugging around a sackload of Diaspora Alpha invitations. If you’re the kind of person who’s likely to want one, then you’re probably the kind of person who already knows what Diaspora is, so I shan’t go in to any further detail here.

Leave a comment if you want one, being sure to fill in the “Email” field of the comment form with the email address you’d like your invitation sent to. See you on the flipside.

Article posted at UTC on .

8 comments

Passwords – The Least You Should Do

If you see me in person, you’ll know that this is something I rant about from time to time. But that’s only because people consistently put themselves and their friends at risk, needlessly, and sometimes those friends include me. So let me be abundantly clear:

If you’re reading this, there is at least a 95% chance that your passwords aren’t good enough. You should fix them. Today.

Let’s talk about what what we mean by “good enough”. A good password needs to be:

  • Long. Some of you are still using passwords that are shorter than 8 characters. The length of a password is important because it reduces the risk of a robot “brute forcing” it. Suppose a robot can guess 1000 passwords a second, and your password uses only single-case letters and numbers. If you have a 4-character password, it’ll be lucky to last quarter of an hour. A 6-character password might last a week and a half. At 8-characters, it might last a few decades. Probably less, if your password makes one of the other mistakes, below. And the robots used by crackers are getting faster and faster, so the longer, the better. My shortest password is around 12 characters long, these days.
  • Complex. Remember how long an 8-character password lasts against a “brute force” attack? If you’re only using single-case letters, you’re reducing that by almost a third. Mix it up a bit! Use upper and lower case letters, and numbers, as standard. Consider using punctuation, too. There’s no legitimate reason for a website to demand that you don’t have a long and complex password, so if one does seem to have unreasonable requirements: write to the owners and threaten to take your business elsewhere if they don’t get with the times.
  • Random. If your password is, is based on, or contains a dictionary word (in any language), a name or brand name, a date, a number plate or (heaven forbid) a national insurance number, it’s not good enough. “Brute force” attacks like those described above are usually the second line of attack against properly-stored passwords: first, a robot will try every word, name or date that it can think of, with and without capitalisation and with numbers before and afterwards. Many will also try common phrases like “iloveyou” and “letmein”. WikiHow has a great suggestion about how to make “random” passwords that are easy to remember.
  • Unique. Here’s the one that people keep getting wrong, time and time again. You should never, never, use the same password for multiple different services (and you should be very wary of using the same password for different accounts on the same service). This is because if a malicious hacker manages to get your password for one site, they can now start breaking into your accounts on other sites. Some people try to get around this by keeping two or three “levels” of passwords, for low-, medium-, and high-security uses. But even if a hacker gets access to all of your “low” security sites, that is (these days, frequently) still a huge amount of data they have with which to commit an identity theft.The other big reason to make sure your passwords are unique is that it makes it safer to share them, if the need arises. Suppose that for some reason you need to share a password with somebody else: it’s far safer for everybody involved if the password you share with them works only for the service you wanted to give them access to. Every person you trust is one more person who might (accidentally) expose it to a hacker by writing it down.Even if you have to memorise a complex “master” password and keep in your wallet a list of random “suffixes” that you append to this master password, different for each site, that’s a huge step forwards. It’s also a very basic level of two-factor authentication: to log in to your Twitter account, for example, you need your master password (which is in your head), plus the Twitter suffix to the password (which is written down in your wallet).

There’s been a wave of attacks recently against users of social networking websites: an attacker will break into an insecure web forum to get people’s email addresses and password, and then will try to log in to their webmail accounts and into social networking sites (Facebook, Twitter, etc.) using those same credentials. When they get a “hit”, they’ll explore the identity of the victim, learning about their language patterns, who their friends are, and so on. Then they’ll send messages or start chats with their victim’s friends, claiming to be their victim, and claim some kind of crisis. They’ll often ask to borrow money that needs to be wired to them promptly. And then they’ll disappear.

In this interconnected world, it’s important that your passwords are good not only for your benefit, but for your friends too. So if you’re guilty of any of the “password crimes” above – if you have passwords that are short (under 8 characters), simple (don’t use a mixture of cases and include numbers), predictable (using dictionary words, names, dates, etc.: even if they include a number), or re-used (used in more than one place or for more than one site) – change your passwords today.

Here’s some resources to help you do it:

  • WikiHow’s guide to choosing secure passwords.
  • PCTools’ great random password generator.
  • The top 500 worst passwords of all time – if yours is in here, it’s probably already been compromised.
  • SuperGenPass – a very good way to use a strong, unique password for every website without having to remember multiple passwords. Free.
  • KeePass – a great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free.
  • LastPass – another great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free (or cheap, for the premium version).