Dan Q

Blog

German chat app slacking on hashing fined €20k

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

by Richard Chirgwin (The Register)

German chat platform Knuddels.de (“Cuddles”) has been fined €20,000 for storing user passwords in plain text (no hash at all? Come on, people, it’s 2018).

The data of Knuddels users was copied and published by malefactors in July. In September, someone emailed the company warning them that user data had been published at Pastebin (only 8,000 members affected) and Mega.nz (a much bigger breach). The company duly notified its users and the Baden-Württemberg data protection authority.

Interesting stuff: this German region’s equivalent of the ICO applied a fine to this app for failing to hash passwords, describing them as personal information that was inadequately protected following their theft. That’s interesting because it sets a German, and to a lesser extend a European, precedent that plaintext passwords can be considered personal information and therefore allowing the (significant) weight of the GDPR to be applied to their misuse.

Warp and Weft?

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Warp and Weft by Paul Robert Lloyd (paulrobertlloyd.com)

Earlier this month I had the good fortune to attend Material, a conference that explores the concept of the web as a material and all the intrinsic characteristics that entails. The variety of talks provided new perspectives on what it means to build for – and with – the web, and prompted me to …

What it means for something to be of the web has been discussed many times before. While the technical test can be reasonably objective – is it addressable, accessible and available – culturally it remains harder to judge. But I don’t know about you, I’ve found that certain websites feel more ‘webby’ than others.

Despite being nonspecific on the nature of the feeling he describes, Paul hits the nail on the head. Your favourite (non-Medium) blog or guru site almost certainly has that feel of being “of the web”. Your favourite API-less single-page app (with the growing “please use in Chrome” banner) almost certainly does not.

Repost posted at UTC on .

1 mention

We Watched the Toy Story Porn Parody So You Don’t Have To [NSFW]

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

A wise man once said “To Infinity and Beyond”, Unfortunately there’s no way of knowing who that man was or in what context it was meant to be understood, so let us instead turn our attention to the Toy Story porn parody – Sex Toy Story The XXX Parody Part 1.

It says Part 1, but I searched and there’s no Part 2. Unless they’re doing like a Toy Story 3 thing where they wait like ten years for Andy to grow up and go off to college, in which case we will have to wait with bated breath for ten years for Part 2.

Sex Toy Story title card

We open on an unnamed woman played by Veruca James (Lesbian Anal Vampires, Emo Teen Fucks at Work) getting ready to masturbate. She does so the normal way we all do, by rubbing her clothed body.

“Does it exist?”, I asked, when the conversation drifted perilously close to this topic. Well of course it exists: Rule 34, duh. I was so glad that this article existed, to spare me from having to watch it to work out how much I didn’t want to watch it. Now all I have to do is scrub the idea of this article from my mind, which is hopefully easier than the retina-burning image of the film itself would have been.

Resulting link NSFW, obviously.

Repost posted at UTC on .

1 mention

When to use CSS vs. JavaScript

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

CSS before JS #

My general rule of thumb is…

If something I want to do with JavaScript can be done with CSS instead, use CSS.

CSS parses and renders faster.

For things like animations, it more easily hooks into the browser’s refresh rate cycle to provide silky smooth animations (this can be done in JS, too, but CSS just makes it so damn easy).

And it fails gracefully.

A JavaScript error can bring all of the JS on a page to screeching halt. Mistype a CSS property or miss a semicolon? The browser just skips the property and moves on. Use an unsupported feature? Same thing.

This exactly! If you want progressive enhancement (and you should), performance, and the cleanest separation of behaviour and presentation, the pages you deliver to your users (regardless of what technology you use on your server) should consist of:

  • HTML, written in such a way that that they’re complete and comprehensible alone – from an information science perspective, your pages shouldn’t “need” any more than this (although it’s okay if they’re pretty ugly without any more)
  • CSS, adding design, theme, look-and-feel to your web page
  • Javascript, using progressive enhancement to add functionality in-the-browser (e.g. validation on the client-side in addition to the server side validation, for speed and ease of user experience) and, where absolutely necessary, to add functionality not possible any other way (e.g. if you’re looking to tap into the geolocation API, you’re going to need Javascript… but it’s still desirable to provide as much of the experience as possible without)

Developers failing to follow this principle is making the Web more fragile and harder to archive. It’s not hard to do things “right”: we just need to make sure that developers learn what “right” is and why it’s important.

Incidentally, I just some enhancements to the header of this site, including some CSS animations on the logo and menu (none of them necessary, but all useful) and some Javascript to help ensure that users of touch-capable devices have an easier time. Note that neither Javascript nor CSS are required to use this site; they just add value… just the way the Web ought to be (where possible).

Repost posted at UTC on .

1 mention

Repost #11819

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Disney's tweet: "#TheLionKing. 2019. ??"

Is it just me, or is this some fantastic fucking casting. For the first time perhaps ever, I feel confident that a remake of an already-good film has the potential to be awesome.

Repost posted at UTC on .

1 mention

@RespectableLaw on North Sentinel Island

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

There’s been a lot of talk about the missionary killed by the natives of North Sentinel Island. They’re probably so aggressive because of this weirdo, Maurice Vidal Portman. So here’s a big thread about this creep and some facts from my decade-long obsession with the island.
The Sentinelese are often described as “uncontacted,” but this not strictly true. They had a very significant contact in 1880 with Commander Portman.
Portman, the black sheep third son of some minor noble, was assigned by the English Royal Navy to administer and pacify the Andaman Islands, a job he pursued from 1880-1900 with the full measure of his own perversity.
Portman was erotically obsessed with the Andamanese, and he indulged his passion for photography by kidnapping members of various tribes and posing them in mock-Greek homoerotic compositions.
During his 20 years in a sexualized heart of darkness, Portman measured and cataloged every inch of his prisoner’s bodies, with an obsessive focus on genitals.
Just imagine being a Neolithic person spending a few weeks in this guy’s rotating menagerie.
Portman spent most of his time in the greater Andaman Islands, but in 1880, he landed on North Sentinel. The natives fled, and his party ventured inland to find a settlement which had been abandoned in haste.
But they located an elderly couple and a few children they were able to abduct. The couple quickly died, likely from ailments to which they had no immunity.
The children spent a few weeks with Portman doing god knows what, after which he returned them to the island. Portman returned on a couple occasions, but the Sentinelese hid from him each time.
The story related by the children was certainly passed down among the 100 or so inhabitants of the island, and even today, Portman’s fatal kidnapping is just beyond a human lifetime.
So when the Indian government attempted contact with anthropologists in the 1960s and 70s, the Sentinelese were understandably hostile to outsiders. The Indian government soon gave up.
In 1981, a cargo ship named The Primrose ran aground on the coral reef surrounding North Sentinel. The crew radioed for assistance and settled in for a long wait. But in the morning they saw 50 men with bows on the beach, building makeshift boats.
The crew called for an emergency airlift and were evacuated, and not a moment too soon. Rough waves had thwarted the Sentinelese in their attempts to board, but the weather was clearing.
The ship and its cargo were left at the island, awaiting discovery by Neolithic eyes. Today you can still see the gutted remains on The Primrose on Google Earth.
Imagine climbing on board that ship. A completely alien vessel filled with alien things. Imagine seeing simple machines for the first time. A hinge. A latch. A wheel. Things that would instantly make sense in a satisfying way. Others would be so incomprehensible to avoid notice.
I have never been able to find out what cargo was on The Primrose in all my years of reading. There was about 100 tons of some sort of consumer product on board, and I’m curious what it was. But even absent the cargo, think about all the things that must have been on that ship.
In the 1990s, when anthropologists returned to the island to make new attempts at contact, they were met with a different attitude. Not friendly, exactly. But they were willing to accept gifts. Many would wade into the water with smiles to accept coconuts.

Here is a video of one of those encounters:

And in those videos, you can see that these pre-iron age people now had metal weapons, like the knife carried by this man. They had scavenged metal from the Primrose and cold-forged it into tools.
After collecting gifts for a few minutes, a few members of the tribe would approach and make menacing gestures, signaling that it was time for the outsiders to leave. They have never lost their desire for isolation, despite the gifts.
And they remained consistent in their intolerance against intruders. In 2006, two fishermen were killed after drifting into the island when their anchor detached while they were sleeping.
The Sentinelese are lucky they were so effective at preventing contact. The neighboring Jawara weren’t so fortunate. The tribe went from 9,000 to a couple hundred from lack of genetic immunity and only forestalled annihilation due to aggressive segregation. Their future is bleak.
Yet on North Sentinel, they’ve maintained a small community for 60,000 years which is by all indications happy. There is no way to integrate them into the modern world without wiping out nearly every member of their tribe.
And their aggressiveness is not the mark of savagery. It just that their conception of outsiders is mostly framed by some foot-faced English pervert who murdered some old people and did weird things to their kids. So let’s do them a favor and leave them alone.

What Kind of Person Steals Their Co-workers’ Lunch?

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

For the past month or two, my place of work (this very website) has been plagued by a relatively harmless but deeply mystifying figure: the phantom lunch thief. What’s happened since has followed a trajectory sure to be familiar to anyone who’s ever worked in an office with more than, say, 30 employees: a menacing, all-caps Post-It note was posted, instructing the thief: “PLEASE DO NOT TAKE FOOD THAT DOESN’T BELONG TO YOU.” The appropriate authorities were alerted. The authorities sent out slightly mean emails about how we’re all adults here, and even those of us who didn’t do anything wrong were embarrassed. For a few days, no lunches were stolen. But then, just when you thought it was safe to leave an Amy’s frozen burrito in the shared fridge for 12 days, the lunch thief struck again. Collectively, and publicly — all wanting to make very clear that we were innocent — my colleagues and I wondered: who does this? What kind of person steals lunch from people they work with, and why?

To find out, I had to identify one such person. First, I offered my own office lunch thief immunity (or, well, anonymity) if they came forward to tell me their life story, but nobody took me up on it. I asked Twitter, where many people expressed outrage over the very idea of lunch theft, but again, no actual thieves surfaced. I even made a Google Form about it, and nobody filled out my Google Form. I was very nearly too dejected to continue my search when I remembered: Reddit. If not there, where?

On Reddit, I found a few lunch theft discussion threads, and messaged about 15 or 20 users who indicated that they had stolen, or would steal, lunch from a co-worker, several of whom sounded very pleased with themselves. I told them I was a reporter, and asked if they’d be willing to elaborate on their experiences in lunch theft. Unfortunately, most relevant postings I found were from, like, four years ago, and again it seemed no one would come forward. But then someone wrote me back. Eventually he agreed to speak with me, and we arranged a phone call. His name is Rob, and he’s a programmer in his early 40s. Together we decided there are probably enough programmers in their 40s named Rob that divulging this amount of personal information was okay.

As a non-lunch-stealer, I’ve never understood the mentality either (I’ve been the victim once or twice at work, at more-often way back when I lived in student accommodation), and this interview really helped to humanise a perpetrator. I still can’t condone it, but at least now I’ve got a greater understanding. Yay, empathy!

Repost posted at UTC on .

1 mention

Note #11815

When I watched @Sir_RidleyScott’s #BrainDead (@BrainDeadCBS) in 2016, it was a dark comedy about alien brain parasites driving US political extremism.

When I watched it in 2018 it was a plausible explanation.

When I watch it in 2020 I’m worried it will be a documentary.

Note posted at UTC on .

No comments

Note #11812

AQL advise that my password must be "between 5 and 12 characters". In 2018.

Hey @aqldotcom: why must my password for your enterprise telecommunications platform be no longer than 12 characters? Are you worried my #passwordistoostrong? CC @pwtoostrong

×

This teacher had to tell her deaf students that people can hear farts. Their reaction was hilarious.

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Anna Trupiano is a first-grade teacher at a school that serves deaf, hard-of-hearing, and hearing students from birth through eighth grade.

In addition to teaching the usual subjects, Trupiano is charged with helping her students thrive in a society that doesn’t do enough to cater to the needs of the hard-of-hearing.

Recently, Trupiano had to teach her students about a rather personal topic: passing gas in public.

A six-year-old child farted so loud in class that some of their classmates began to laugh. The child was surprised by their reaction because they didn’t know farts make a sound. This created a wonderful and funny teaching moment for Trupiano.

Trupiano shared the conversation on Facebook.

Repost posted at UTC on .

No comments

Puzzle Montage Art by Tim Klein

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Iron Horse, by Tim Klein

Jigsaw puzzle companies tend to use the same cut patterns for multiple puzzles. This makes the pieces interchangeable, and I sometimes find that I can combine portions from two or more puzzles to make a surreal picture that the publisher never imagined. I take great pleasure in “discovering” such bizarre images lying latent, sometimes for decades, within the pieces of ordinary mass-produced puzzles.

Repost posted at UTC on .

No comments

How My Stupid Bloody Name Finally Paid For Itself

Since changing my surname 11½ years ago to the frankly-silly (albeit very “me”) Q, I’ve faced all kinds of problems, from computer systems that don’t accept my name to a mocking from the Passport Office to getting banned from Facebook. I soon learned to work-around systems that insisted that surnames were at least two characters in length. This is a problem which exists mostly because programmers don’t understand how names work in the real world (or titles, for that matter, as I’ve also discovered).

It’s always been a bit of an inconvenience to have to do these things, but it’s never been a terrible burden: even when I fly internationally – which is probably the hardest part of having my name – I’ve learned the tricks I need to minimise how often I’m selected for an excessive amount of unwanted “special treatment”.

Airport
I plan to make my first trip to the USA since my name change, next year. Place bets now on how that’ll go.

This year, though, for the very first time, my (stupid bloody) unusual name paid for itself. And not just in the trivial ways I’m used to, like being able to spot my badge instantly on the registration table at conferences I go to or being able to fill out paper forms way faster than normal people. I mean in a concrete, financially-measurable way. Wanna hear?

So: I’ve a routine of checking my credit report with the major credit reference agencies every few years. I’ve been doing so since long before doing so became free (thanks GDPR); long even before I changed my name: it just feels like good personal data housekeeping, and it’s interesting to see what shows up.

Message to Equifax asking them to correct the details on my Credit Report.
It started out with the electoral roll. How did it end up like this? It was only the electoral roll. It was only the electoral roll.

And so I noticed that my credit report with Equifax said that I wasn’t on the electoral roll. Which I clearly am. Given that my credit report’s pretty glowing, I wasn’t too worried, but I thought I’d drop them an email and ask them to get it fixed: after all, sometimes lenders take this kind of thing into account. I wasn’t in any hurry, but then, it seems: neither were they –

  • 2 February 2016 – I originally contacted them
  • 18 February 2016 – they emailed to say that they were looking into it and that it was taking a while
  • 22 February 2016 – they emailed to say that they were still looking into it
  • 13 July 2016 – they emailed to say that they were still looking into it (which was a bit of a surprise, because after so long I’d almost forgotten that I’d even asked)
  • 14 July 2016 – they marked the issue as “closed”… wait, what?
Equifax close my request
Given that all they’d done for six months was email me occasionally to say that it was taking a while, it was a little insulting to then be told they’d solved it.

I wasn’t in a hurry, and 2017 was a bit of a crazy year for me (for Equifax too, as it happens), so I ignored it for a bit, and then picked up the trail right after the GDPR came into force. After all, they were storing personal information about me which was demonstrably incorrect and, continued to store and process it even after they’d been told that it was incorrect (it’d have been a violation of principle 4 of the DPA 1998, too, but the GDPR‘s got bigger teeth: if you’re going to sick the law on somebody, it’s better that it has bark and bite).

My message instructing Equifax to fix their damn data about me.
Throwing the book tip-of-the-day: don’t threaten, just explain what you require and under what legal basis you’re able to do so. Let lawyers do the tough stuff.

My anticipation was that my message of 13 July 2018 would get them to sit up and fix the issue. I’d assumed that it was probably related to my unusual name and that bugs in their software were preventing them from joining-the-dots between my credit report and the Electoral Roll. I’d also assumed that this nudge would have them either fix their software… or failing that, manually fix my data: that can’t be too hard, can it?

Apparently it can:

Equifax suggest that I change my name ON THE ELECTORAL ROLL to match my credit report, rather than the other way around.
You want me to make it my problem, Equifax, and you want me to change my name on the Electoral Roll to match the incorrect name you use to refer to me in your systems?

Equifax’s suggested solution to the problem on my credit report? Change my name on the Electoral Roll to match the (incorrect) name they store in their systems (to work around a limitation that prevents them from entering single-character surnames)!

At this point, they turned my send-a-complaint-once-every-few-years project into a a full blown rage. It’s one thing if you need me to be understanding of the time it can take to fix the problems in your computer systems – I routinely develop software for large and bureaucratic organisations, I know the drill! – but telling me that your bugs are my problems and telling me that I should lie to the government to work around them definitely isn’t okay.

Actually, Equifax: no. No no no no no. No.
Dear Equifax: No. No no no. No. Also, no. Now try again. Love Dan.

At this point, I was still expecting them to just fix the problem: if not the underlying technical issue then instead just hack a correction into my report. But clearly they considered this, worked out what it’d cost them to do so, and decided that it was probably cheaper to negotiate with me to pay me to go away.

Which it was.

This week, I accepted a three-figure sum from Equifax as compensation for the inconvenience of the problem with my credit report (which now also has a note of correction, not that my alleged absence from the Electoral Roll has ever caused my otherwise-fine report any trouble in the past anyway). Curiously, they didn’t attach any strings to the deal, such as not courting publicity, so it’s perfectly okay for me to tell you about the experience. Maybe you know somebody who’s similarly afflicted: that their “unusual” name means that a credit reference company can’t accurately report on all of their data. If so, perhaps you’d like to suggest that they take a look at their credit report too… just saying.

Cash!
You can pay for me to go away, but it takes more for me to shut up. (A lesson my parents learned early on.)

Apparently Equifax think it’s cheaper to pay each individual they annoy than it is to fix their database problems. I’ll bet that, in the long run, that isn’t true. But in the meantime, if they want to fund my recent trip to Cornwall, that’s fine by me.

× × × × × × ×