As web developers, we’re used to working around the bugs in Microsoft Internet Explorer. The older versions are worst, and I’m certainly glad to not have to write code that
works in Internet Explorer 6 (or, increasingly, Internet Explorer 7) any more: even Microsoft are glad to see Internet Explorer 6 dying out, but even IE8 is pretty ropey too. And despite what Microsoft claim, I’m afraid IE9 isn’t really a “modern” browser either (although it is a huge step forwards over its
predecessors).
But imagine my surprise when I this week found what I suspect might be a previously undiscovered bug in Internet Explorer 8 and below. Surely they’ve all been found (and some of them
even fixed), but now? But no. It takes a very specific set of circumstances for the bug to manifest itself, but it’s not completely unbelievable – I ran into it by accident while
refactoring parts of Three Rings.
A completely useless Internet Explorer error message. Thanks, IE.
Here’s the crux of it: if you’re –
Using Internet Explorer 8 or lower, and
You’re on a HTTPS (secure) website, and
You’re downloding one of a specific set of file types: Bitmap files, for example, are a problem, but JPEG files aren’t (Content-Type: image/bmp), and
The web server indicates that the file you’re downloading should be treated as something to be “saved”, rather than something to be viewed in your browser
(Content-Disposition: attachment), and
The web server passes a particular header to ask that Internet Explorer does not cache a copy of the file (Cache-Control: no-cache),
Then you’ll see a dialog box like the one shown above. Switching any of the prerequisites in that list out makes the problem go away: even switching the header from a strict “no-cache”
to a more-permissive “private” makes all the difference.
I’ve set up a test environment where you can see this for yourself: HTTP version; HTTPS version. The source code of my experiment (PHP) is also available. Of course, if you try it in a functional, normal web browser, it’ll all work fine. But if
you’ve got access to a copy of Internet Explorer 8 on some old Windows XP box somewhere (IE8 is the last version of the browser made available for XP), then try it in that and see for
yourself what a strange error you get.
On this day in 1999 I sent out the twenty-eighth of my Cool Thing Of The
Day To Do In Aberystwyth emails. I wasn’t blogging at the time (although I did have a blog previously), but these messages-back-home served a similar purpose, if only for a select
audience. You can read more about them in my last On This Day to discuss them or the one before.
For technical reasons, this particular Cool Things Of The Day appears to have been sent on 27th October, but in actual fact I know that the events it describes took place on
5th November 1999. The obvious clue? The fireworks! I knew that Cool Thing Of The Day as shown here on my blog was out-of-sync with reality, but this particular entry
gives a great indication of exactly how much it’s out by. And no, I can’t be bothered to correct it.
Back in 1999 I started as a student at the University of Wales, Aberystwyth (now Aberystwyth University), moved away from home, and had a fantastic time. One bonfire night, I called up
two new friends of mine – Rory and Sandra – and persuaded them that we should wander over to nearby Trefechan and
climb the hill (Pen Dinas) there to watch the fireworks. It was a wild and windy night, and certainly not the conditions to climb an unknown and occasionally-treacherous hill, but we
weren’t dissuaded: we set out!
You know those films or sitcoms where the protagonist (usually through their own stupidity) ends up on a date with two people at the same time, trying to keep each unaware of the other?
That’s what I felt like at the time: because (though neither of them knew this at the time) I had an incredible crush on both of them. Of course: back then I was far shyer and far
less-good at expressing myself, so this remained the case for a little while longer. Still: my inexperienced younger self still manged to make it feel to me like a
precarious situation that I could easily balls-up. Perhaps I should have better thought-out the folks I invited out that night…
A storm blew in furiously, and the fireworks launched from the town scattered around, buffeted and shaken and only occasionally still flying upwards when they exploded. The rain lashed
down and soaked us through our coats. We later found ourselves huddled around a radiator in The Fountain (under its old, old ownership), where the barman and the regulars couldn’t believe that we’d been up
Pen Denis in the
Looking Forward
A little later, I got to have a ludicrously brief fling with one of the pair, but I was fickle and confused and ballsed it up pretty quickly. Instead, I fell into a relationship with my
old friend-with-benefits Reb, which in the long run turned out to be a very bad chapter of my life.
Trefechan – exotically across the river from the rest of Aberystwyth – didn’t seem so far away after a few more years in Aberystwyth… only a stone’s throw from Rummers! But for three new students, just a couple of months into their new home, lost and drunk and fumbling
their way using an outdated map and seeing by firework-light, it was an exciting adventure. In 2004, SmartData (my
employer at that time) moved into their new premises,
right over the road from The Fountain and in the shadow of Pen Denis. The Technium turned out to be a pretty good place for SmartData, and it suited me,
too. Some days in the summer, when it was warm and sunny, I’d leave work and take a walk up Pen Dinas. It wasn’t the same without the fireworks, the company, or the mystery of being
somewhere for the very first time, but it’s still a great walk.
Sometimes I’d go up there in the rain, too.
This blog post is part of the On This Day series, in which Dan periodically looks back on
years gone by.
As part of the ongoing challenges that came about as part of the problems with my dad’s Will, I was required the other week to find myself a local solicitor so that they could witness me affirm a statement (or swear an
oath, for those of you who are that-way inclined). Sounds easy, right?
One of the more-significant issues with my dad’s Will was that it was re-stapled sometime after it was signed. This was probably legitimate, but it quickly makes it look like it’s a
forgery.
Well: it turns out that the solicitor I chose did it wrong. How is it even possible to incorrectly witness an affirmation? I wouldn’t have thought it so. But
apparently they did. So now I have to hunt down the same solicitor and try again. It has to be the same one “because they did it partially right”, or else I have to start the current
part of the process all over again. But moreover, I’ll be visiting the same solicitor because I want my damn money back!
I’ll spare you the nitty-gritty. Suffice to say that this is a surprising annoyance in an already all-too-drawn-out process. It’s enough to make you swear. Curse words, I mean: not an
oath.
Last month, I volunteered myself to run a breakout session at the 2012 UAS Conference, an
annual gathering of up to a thousand Oxford University staff. I’d run a 2-minute micropresentation at the July 2011 OxLibTeachMeet called “Your Password Sucks!”, and I thought I’d probably be able to expand that into a larger 25-minute breakout session.
My expanded presentation was called “Your password: How bad guys will steal your identity”, because I wasn’t sure that I’d get away with the title “Your Password Sucks” at a larger,
more-formal event.
The essence of my presentation boiled down to demonstrating four points. The first was you are a target – dispelling the myth that the everyday person can consider
themselves safe from the actions of malicious hackers. I described the growth of targeted phishing attacks, and relayed the sad story of Mat Honan’s victimisation by hackers.
The second point was that your password is weak: I described the characteristics of good passwords (e.g. sufficiently long, complex, random, and unique) and
pointed out that even among folks who’d gotten a handle on most of these factors, uniqueness was still the one that tripped people over. A quarter of people use only a single password for most or all
of their accounts, and over 50% use 5 or fewer passwords across dozens of accounts.
The four points I wanted to make through my presentation. Starting by scaring everybody ensured that I had their attention right through ’til I told them what they could do about it,
at the end.
Next up: attacks are on the rise. By a combination of statistics, anecdotes, audience participation and a theoretical demonstration of how a hacker might exploit
shared-password vulnerabilities to gradually take over somebody’s identity (and then use it as a platform to attack others), I aimed to show that this is not just a hypothetical
scenario. These attacks really happen, and people lose their money, reputation, or job over them.
Finally, the happy ending to the story: you can protect yourself. Having focussed on just one aspect of password security (uniqueness), and filling a 25-minute
slot with it, I wanted to give people some real practical suggestions for the issue of password uniqueness. These came in the form of free suggestions that they could implement today. I
suggested “cloud” options (like LastPass or 1Password), hashing options (like SuperGenPass), and “offline” technical options
(like KeePass or a spreadsheet bundles into a TrueCrypt volume).
I even suggested a non-technical option involving a “master” password that is accompanied by one of several unique prefixes. The prefixes live on a Post-It Note in your wallet. Want a
backup? Take a picture of them with your mobile: they’re worthless without the master password, which lives in your head. It’s not as good as a hash-based solution, because a crafty
hacker who breaks into several systems might be able to determine your master password, but it’s “good enough” for most people and a huge improvement on using just 5 passwords
everywhere! (another great “offline” mechanism is Steve Gibson’s Off The Grid system)
My presentation – marked on the above chart – left people “Very Satisfied” significantly more than any other of the 50 breakout sessions.
And it got fantastic reviews! That pleased me a lot. The room was packed, and eventually more chairs had to be brought in for the 70+ folks who decided that my session was “the place to
be”. The resulting feedback forms made me happy, too: on both Delivery and Content, I got more “Very Satisfied” responses than any other of the 50 breakout sessions, as well as specific
comments. My favourite was:
Best session I have attended in all UAS conferences. Dan Q gave a 5 star performance.
So yeah; hopefully they’ll have me back next year.
Looper is a time travel movie of the “self-healing timeline” mechanic (a-la Back To The Future, although Looper “fixes” itself faster and changes to the time stream can be
observed and remembered by everybody affected by them). As a result of this, and a few other issues, it suffers from a handful of plotholes and internal inconsistencies: however, it’s
still an enormously fun film that I’d recommend that you see.
Looper. The second-best film of its category. For a given definition of “category”.
Looper is the second-best of all three movies that feature Bruce Willis travelling back in time and encountering a younger version of himself – and now it’s going to bug you until you
work out what the other two are.
The other Three Ringers and I are working hard to wrap up Milestone:
Jethrik, the latest version of the software. I was optimising some of the older volunteer availability-management code when, by coincidence, I noticed this new bug:
Well, at least she’s being rational about it.
I suppose it’s true: Lucy (who’s an imaginary piece of test data) will celebrate her birthday in 13/1 days. Or 13.0 days, if you prefer. But most humans seem to be happier
with their periods of time not expressed as top-heavy fractions, for some reason, so I suppose we’d better fix that one.
They’re busy days for Three Rings, right now, as we’re also making arrangements for our 10th
Birthday Conference, next month. Between my Three Rings work, a busy stretch at my day job, voluntary work at Oxford Friend, yet-more-executor-stuff, and three different courses, I don’t have much time for anything else!
But I’m still alive, and I’m sure I’ll have more to say about all of the things I’ve been getting up to sometime. Maybe at half term. Or Christmas!
This game is just pure fun. It’s not easy, and there’s a lot of learning to be done, but it sort-of reminds me of playing NetHack for the first time, if NetHack were set in the
Battlestar Galactica universe (or perhaps Firefly) rather than in the Dungeons of Doom. Seriously lots of fun, and great to “come back to”. You’ll never forget your
first win.
Here are three ideas I’ve had for movies recently. If only the movie studios would stop making pap like Dredd 3D (or as I call it, Judge Dreddful) and take on some of my ideas, perhaps I’d find myself at the cinema more often.
So here are my three pitches:
Knights of the Living Dead
A twist on the Arthurian legends. With zombies.
King Arthur’s trusted White Knight (Lancelot) on a “routine” quest to oust Brandin, a corrupt ruler of a nearby township, who is accused of evil sorcery. Lancelot rallies the townpeople
but Brandin escapes to his lair in a cursed cemetery. Lancelot slays Brandin, but – an an effort to decode a riddle Brandin made about the source of his power – lifts an enormous
metal plate over a mysterious tomb, exposing the world to a dangerous plague that turns those affected into monstrous zombies.
Knights of the Living Dead
Under instruction from the Church, Arthur and his knights set out to find the Holy Grail, which has the power to defeat the curse, questing through zombie-infected lands. There’s lots
of hacking and slashing and eating of brains, Lancelot shags Guinevere, Arthur dies a heroic death to let the others escape (hinting at the time that he knows about the affair and
wants them to be happy together), and ultimately the knights use the Grail to save the world from the zombie plague.
My Daughter’s Hand
A tale of love, homophobia, and the meaning of family, inspired by a true story.
My first thought when I heard this news story was that she should find a man who’s willing to “marry” her, and split the money between the two of them. Hell: for £20M, I’d
fly to Hong Kong and marry her for a fortnight. Where’s my plane ticket.
Hong Kong corporation heiress Gigi Chao (right) with her wife Sean Eav.
But then I thought of an even better variant on the story. In my version, a (disowned, unless she recants and marries a man) lesbian daughter has her partner dress as a
man and pretend to be a suitor. There are slight overtones of the story of Hua
Mulan, a legendary Chinese heroine who pretended to be a man in order to take her aged father’s place in the army, during a conscription drive.
In any case, the partner, disguised as a man, succeeds in impressing the father, and the father eventually comes to admire this young “man” and gives his blessing to marry his daugher.
But as the wedding approaches, their secret is exposed when they’re caught having sex. However: after much soul-searching the father sees that he liked his daughter’s partner as a
person when he believed that she was a man, and so he agrees to accept her into his family as a woman, too.
It’s a story about combating homophobia with deception, I guess.
These gentlemen were in such a rush to get the fame of collecting the most dinosaur bones, that they resorted to ludicrous (and somewhat shocking) measures: using dynamite to blow away
hillsides (probably destroying many fossils as they went), spying on one another (to such an extent that they would sometimes operate through fake companies to try to evade each other’s
spies), and bribing people to keep quiet about the locations of big finds.
I have a vision for a film in the style of A Dangerous Method, which I enjoyed earlier this
year, telling the dramatised story of these men and their rivalry. There’s already been a comic book and even a board game
about them: isn’t it time for a movie, too?
Like the TARDIS, your time machine has a fault. The fault isn’t a failure of its chameleon circuit, but a quirk in its ability to jump to particular dates. Picture courtesy
aussiegall (Flickr), licensed Creative Commons.
You own a time machine with an unusual property: it can only travel to 29th February. It can jump to any 29th February, anywhere at all, in any year (even back
before we invented the Gregorian Calendar, and far into the future after we’ve stopped using it), but it can only
finish its journey on a 29th of February, in a Gregorian leap year (for this reason, it can only jump to years which are leap years).
One day, you decide to take it for a spin. So you get into your time machine and press the “random” button. Moments later, you have arrived: it is now 29th February in a
random year!
Without knowing what year it is: what is the probability that it is a Monday? (hint: the answer is not1/7 – half of your challenge is to work
out why!).
Like the TARDIS, your time machine has a fault. The fault isn’t a failure of its chameleon circuit, but a quirk in its ability to jump to particular dates. Picture courtesy aussiegall
(Flickr), licensed Creative Commons.
You own a time machine with an unusual property: it can only travel to 29th February. It can jump to any 29th February, anywhere at all, in any year (even back before we
invented the Gregorian Calendar, and far into the future after we’ve stopped using it), but it can only finish its
journey on a 29th of February, in a Gregorian leap year (for this reason, it can only jump to years which are leap years).
One day, you decide to take it for a spin. So you get into your time machine and press the “random” button. Moments later, you have arrived: it is now 29th February in a
random year!
Without knowing what year it is: what is the probability that it is a Monday? (hint: the answer is not1/7 – half of your challenge is to work out
why!).
Earlier this month, Ruth and I spent a long weekend in the North to celebrate five years together as a couple.
Technically, I suppose that we should have celebrated it the previous month, but we were up in Edinburgh at the time: we had, after all, first gotten together during our 2007 trip to Edinburgh, in lieu of actually watching any comedy.
Because of our change of date, we ended up celebrating the fifth anniversary of our relationship… on the same weekend as the fifth anniversary of QParty, the celebration of Claire and I’s relationship. QParty in turn took place five months after Claire and I changed our names, which itself happened on approximately the
fifth anniversary of Claire and I meeting for the first time.
In Ruth and I’s case, this five year mark isn’t just a excuse to celebrate our success as a couple, but also to celebrate the success of she, JTA and I as a “vee“. Our unusual arrangement hasn’t been without its share of challenges: many of them challenges that more-conventional
couples don’t face. But here we are, looking back on a busy five years and… well… still kicking ass.
She and I have been talking, on and off, about the idea of a party that the pair of us would like to throw, a little way down the line: something to celebrate us as a
couple. Nothing quite so grand and enormous as Ruth & JTA’s wedding (what could top
that!), but some variety of event. Needless to say, you’ll hear about it when it’s time to!
