Dan Q

Blog

Days Like Weeks

You know how when your life is busy time seems to creep by so slowly… you look back and say “do you remember the time… oh, that was just last week!” Well that’s what my life’s been like, of late.

Enjoying a beer at the launch of Milestone: Jethrik, the latest release of Three Rings.
Enjoying a beer at the launch of Milestone: Jethrik, the latest release of Three Rings.

There was Milestone: Jethrik and the Three Rings Conference, of course, which ate up a lot of my time but then paid off wonderfully –  the conference was a wonderful success, and our announcements about formalising our non-profit nature and our plans for the future were well-received by the delegates. A slightly lower-than-anticipated turnout (not least because of this winter ‘flu that’s going around) didn’t prevent the delegates (who’d come from far and wide: Samaritans branches, Nightlines, and even a representative from a Community Library that uses the software) from saying wonderful things about the event. We’re hoping for some great feedback to the satisfaction surveys we’ve just sent out, too.

The Three Rings Birthday Cake. It boggles my mind how they've managed to make the icing look so much like plastic, on the phone part.
The Three Rings Birthday Cake. It boggles my mind how they’ve managed to make the icing look so much like plastic, on the phone part.

Hot on the heels of those volunteering activities came my latest taped assessment for my counselling course at Aylesbury College. Given the brief that I was “a volunteer counseller at a school, when the parent of a bullied child comes in, in tears”, I took part in an observed, recorded role-play scenario, which now I’m tasked with dissecting and writing an essay about. Which isn’t so bad, except that the whole thing went really well, so I can’t take my usual approach of picking holes in it and saying what I learned from it. Instead I’ll have to have a go at talking about what I did right and trying to apply elements of counselling theory to justify the way I worked. That’ll be fun, too, but it does of course mean that the busy lifestyle isn’t quite over yet.

My sister Sarah, with TAS managing director Adrian Grant, prepare to announce the winner of the Peter Huntley Memorial Award for Making Buses A Better Choice.
My sister Sarah, with TAS managing director Adrian Grant, prepare to announce the winner of the Peter Huntley Memorial Award for Making Buses A Better Choice.

And then on Tuesday I was a guest at the UK Bus Awards, an annual event which my dad co-pioneered back in the mid-1990s. I’d been invited along by Transaid, the charity that my dad was supporting with his planned expedition to the North Pole before he was killed during an accident while training. I was there first and foremost to receive (posthumously, on his behalf) the first Peter Huntley Fundraising Award, which will be given each year to the person who – through a physical activity – raises the most money for Transaid. The award was first announced at my father’s funeral, by Gary Forster, the charity’s chief executive. Before he worked for the charity he volunteered with them for some time, including a significant amount of work in sub-Saharan Africa, so he and I spent a little while at the event discussing the quirks of the local cuisine, which I’d experienced some years earlier during my sponsored cycle around the country (with my dad).

So it’s all been “go, go, go,” again, and I apologise to those whose emails and texts I’ve neglected. Or maybe I haven’t neglected them so much as I think: after all – if you emailed me last week, right now that feels like months ago.

× × ×

Article posted at UTC on .

1 comment

Conference Preparations

Right now, Three Rings seems to be eating up virtually all of my time. It’s hardly the first time – I complained about being incredibly busy with Three Rings stuff just a couple of years ago, but somehow right now it’s busier than ever. There’s been the Milestone: Jethrik release, some complications with our uptime when our DNS servers were hit by a DDoS attack, and – the big one – planning for this weekend’s conference.

Checking the timetable while I wait for inspiration to strike me about what to say about the "engagement" responsibilities of a Three Rings Administrator.
Checking the timetable while I wait for inspiration to strike me about what to say about the “engagement” responsibilities of a Three Rings Administrator.

The Three Rings 10th Birthday Conference is this weekend, and I’ve somehow volunteered myself to not only run the opening plenary but to run two presentations (one on the history of Three Rings, which I suppose I’m the best person to talk about, and one on being an awesome Three Rings Administrator) and a problem-solving workshop. My mind’s been on overdrive for weeks, and I’m pretty sure I’m not even the one working the hardest (that honour would have to go to poor JTA).

Still: all this work will pay off, I’m sure, and Saturday will be an event to remember. I’m looking forward to it… although right now I’d equally happily spend a week or two curled up in bed under a blanket with a nice book and a mug of herbal tea, thanks.

In other news: Matt P‘s hanging out on Earth at the moment, (on his best behaviour I think) while Ruth, JTA and I decide if we’d like to live with him for a while. So far, I think he’s making a convincing argument. He’s proven himself to be house trained (he hasn’t pooped on the carpet even once) and everything.

×

Craziest Internet Explorer Bug Ever?

As web developers, we’re used to working around the bugs in Microsoft Internet Explorer. The older versions are worst, and I’m certainly glad to not have to write code that works in Internet Explorer 6 (or, increasingly, Internet Explorer 7) any more: even Microsoft are glad to see Internet Explorer 6 dying out, but even IE8 is pretty ropey too. And despite what Microsoft claim, I’m afraid IE9 isn’t really a “modern” browser either (although it is a huge step forwards over its predecessors).

But imagine my surprise when I this week found what I suspect might be a previously undiscovered bug in Internet Explorer 8 and below. Surely they’ve all been found (and some of them even fixed), but now? But no. It takes a very specific set of circumstances for the bug to manifest itself, but it’s not completely unbelievable – I ran into it by accident while refactoring parts of Three Rings.

A completely useless Internet Explorer error message.
A completely useless Internet Explorer error message. Thanks, IE.

Here’s the crux of it: if you’re –

  • Using Internet Explorer 8 or lower, and
  • You’re on a HTTPS (secure) website, and
  • You’re downloding one of a specific set of file types: Bitmap files, for example, are a problem, but JPEG files aren’t (Content-Type: image/bmp), and
  • The web server indicates that the file you’re downloading should be treated as something to be “saved”, rather than something to be viewed in your browser (Content-Disposition: attachment), and
  • The web server passes a particular header to ask that Internet Explorer does not cache a copy of the file (Cache-Control: no-cache),

Then you’ll see a dialog box like the one shown above. Switching any of the prerequisites in that list out makes the problem go away: even switching the header from a strict “no-cache” to a more-permissive “private” makes all the difference.

I’ve set up a test environment where you can see this for yourself: HTTP version; HTTPS version. The source code of my experiment (PHP) is also available. Of course, if you try it in a functional, normal web browser, it’ll all work fine. But if you’ve got access to a copy of Internet Explorer 8 on some old Windows XP box somewhere (IE8 is the last version of the browser made available for XP), then try it in that and see for yourself what a strange error you get.

×

Article posted at UTC on .

No comments

On This Day In 1999

Looking Back

On this day in 1999 I sent out the twenty-eighth of my Cool Thing Of The Day To Do In Aberystwyth emails. I wasn’t blogging at the time (although I did have a blog previously), but these messages-back-home served a similar purpose, if only for a select audience. You can read more about them in my last On This Day to discuss them or the one before.

For technical reasons, this particular Cool Things Of The Day appears to have been sent on 27th October, but in actual fact I know that the events it describes took place on 5th November 1999. The obvious clue? The fireworks! I knew that Cool Thing Of The Day as shown here on my blog was out-of-sync with reality, but this particular entry gives a great indication of exactly how much it’s out by. And no, I can’t be bothered to correct it.

Back in 1999 I started as a student at the University of Wales, Aberystwyth (now Aberystwyth University), moved away from home, and had a fantastic time. One bonfire night, I called up two new friends of mine – Rory and Sandra – and persuaded them that we should wander over to nearby Trefechan and climb the hill (Pen Dinas) there to watch the fireworks. It was a wild and windy night, and certainly not the conditions to climb an unknown and occasionally-treacherous hill, but we weren’t dissuaded: we set out!

You know those films or sitcoms where the protagonist (usually through their own stupidity) ends up on a date with two people at the same time, trying to keep each unaware of the other? That’s what I felt like at the time: because (though neither of them knew this at the time) I had an incredible crush on both of them. Of course: back then I was far shyer and far less-good at expressing myself, so this remained the case for a little while longer. Still: my inexperienced younger self still manged to make it feel to me like a precarious situation that I could easily balls-up. Perhaps I should have better thought-out the folks I invited out that night…

A storm blew in furiously, and the fireworks launched from the town scattered around, buffeted and shaken and only occasionally still flying upwards when they exploded. The rain lashed down and soaked us through our coats. We later found ourselves huddled around a radiator in The Fountain (under its old, old ownership), where the barman and the regulars couldn’t believe that we’d been up Pen Denis in the

Looking Forward

A little later, I got to have a ludicrously brief fling with one of the pair, but I was fickle and confused and ballsed it up pretty quickly. Instead, I fell into a relationship with my old friend-with-benefits Reb, which in the long run turned out to be a very bad chapter of my life.

Trefechan – exotically across the river from the rest of Aberystwyth – didn’t seem so far away after a few more years in Aberystwyth… only a stone’s throw from Rummers! But for three new students, just a couple of months into their new home, lost and drunk and fumbling their way using an outdated map and seeing by firework-light, it was an exciting adventure. In 2004, SmartData (my employer at that time) moved into their new premises, right over the road from The Fountain and in the shadow of Pen Denis. The Technium turned out to be a pretty good place for SmartData, and it suited me, too. Some days in the summer, when it was warm and sunny, I’d leave work and take a walk up Pen Dinas. It wasn’t the same without the fireworks, the company, or the mystery of being somewhere for the very first time, but it’s still a great walk.

Sometimes I’d go up there in the rain, too.

This blog post is part of the On This Day series, in which Dan periodically looks back on years gone by.

Article posted at UTC on .

1 comment

A Broken Oath

As part of the ongoing challenges that came about as part of the problems with my dad’s Will, I was required the other week to find myself a local solicitor so that they could witness me affirm a statement (or swear an oath, for those of you who are that-way inclined). Sounds easy, right?

A close-up of my dad's Will, showing where it was clearly re-stapled.
One of the more-significant issues with my dad’s Will was that it was re-stapled sometime after it was signed. This was probably legitimate, but it quickly makes it look like it’s a forgery.

Well: it turns out that the solicitor I chose did it wrong. How is it even possible to incorrectly witness an affirmation? I wouldn’t have thought it so. But apparently they did. So now I have to hunt down the same solicitor and try again. It has to be the same one “because they did it partially right”, or else I have to start the current part of the process all over again. But moreover, I’ll be visiting the same solicitor because I want my damn money back!

I’ll spare you the nitty-gritty. Suffice to say that this is a surprising annoyance in an already all-too-drawn-out process. It’s enough to make you swear. Curse words, I mean: not an oath.

×

Article posted at UTC on .

1 comment

Rave Reviews for Your Password Sucks

Last month, I volunteered myself to run a breakout session at the 2012 UAS Conference, an annual gathering of up to a thousand Oxford University staff. I’d run a 2-minute micropresentation at the July 2011 OxLibTeachMeet called “Your Password Sucks!”, and I thought I’d probably be able to expand that into a larger 25-minute breakout session.

Your password: How bad guys will steal your identity
My expanded presentation was called “Your password: How bad guys will steal your identity”, because I wasn’t sure that I’d get away with the title “Your Password Sucks” at a larger, more-formal event.

The essence of my presentation boiled down to demonstrating four points. The first was you are a target – dispelling the myth that the everyday person can consider themselves safe from the actions of malicious hackers. I described the growth of targeted phishing attacks, and relayed the sad story of Mat Honan’s victimisation by hackers.

The second point was that your password is weak: I described the characteristics of good passwords (e.g. sufficiently long, complex, random, and unique) and pointed out that even among folks who’d gotten a handle on most of these factors, uniqueness was still the one that tripped people over. A quarter of people use only a single password for most or all of their accounts, and over 50% use 5 or fewer passwords across dozens of accounts.

You are a target. Your password is weak. Attacks are on the rise. You can protect yourself.
The four points I wanted to make through my presentation. Starting by scaring everybody ensured that I had their attention right through ’til I told them what they could do about it, at the end.

Next up: attacks are on the rise. By a combination of statistics, anecdotes, audience participation and a theoretical demonstration of how a hacker might exploit shared-password vulnerabilities to gradually take over somebody’s identity (and then use it as a platform to attack others), I aimed to show that this is not just a hypothetical scenario. These attacks really happen, and people lose their money, reputation, or job over them.

Finally, the happy ending to the story: you can protect yourself. Having focussed on just one aspect of password security (uniqueness), and filling a 25-minute slot with it, I wanted to give people some real practical suggestions for the issue of password uniqueness. These came in the form of free suggestions that they could implement today. I suggested “cloud” options (like LastPass or 1Password), hashing options (like SuperGenPass), and “offline” technical options (like KeePass or a spreadsheet bundles into a TrueCrypt volume).

I even suggested a non-technical option involving a “master” password that is accompanied by one of several unique prefixes. The prefixes live on a Post-It Note in your wallet. Want a backup? Take a picture of them with your mobile: they’re worthless without the master password, which lives in your head. It’s not as good as a hash-based solution, because a crafty hacker who breaks into several systems might be able to determine your master password, but it’s “good enough” for most people and a huge improvement on using just 5 passwords everywhere! (another great “offline” mechanism is Steve Gibson’s Off The Grid system)

"Delivery" ratings for the UAS Conference "breakout" sessions
My presentation – marked on the above chart – left people “Very Satisfied” significantly more than any other of the 50 breakout sessions.

And it got fantastic reviews! That pleased me a lot. The room was packed, and eventually more chairs had to be brought in for the 70+ folks who decided that my session was “the place to be”. The resulting feedback forms made me happy, too: on both Delivery and Content, I got more “Very Satisfied” responses than any other of the 50 breakout sessions, as well as specific comments. My favourite was:

Best session I have attended in all UAS conferences. Dan Q gave a 5 star performance.

So yeah; hopefully they’ll have me back next year.

×

Article posted at UTC on .

1 mention

A Three-Sentence Review Of Looper

Looper is a time travel movie of the “self-healing timeline” mechanic (a-la Back To The Future, although Looper “fixes” itself faster and changes to the time stream can be observed and remembered by everybody affected by them). As a result of this, and a few other issues, it suffers from a handful of plotholes and internal inconsistencies: however, it’s still an enormously fun film that I’d recommend that you see.

Looper.
Looper. The second-best film of its category. For a given definition of “category”.

Looper is the second-best of all three movies that feature Bruce Willis travelling back in time and encountering a younger version of himself – and now it’s going to bug you until you work out what the other two are.

×

Article posted at UTC on .

1 comment

Lucy’s Birthday

The other Three Ringers and I are working hard to wrap up Milestone: Jethrik, the latest version of the software. I was optimising some of the older volunteer availability-management code when, by coincidence, I noticed this new bug:

Lucy 173's birthday is in 13/1 days.
Well, at least she’s being rational about it.

I suppose it’s true: Lucy (who’s an imaginary piece of test data) will celebrate her birthday in 13/1 days. Or 13.0 days, if you prefer. But most humans seem to be happier with their periods of time not expressed as top-heavy fractions, for some reason, so I suppose we’d better fix that one.

They’re busy days for Three Rings, right now, as we’re also making arrangements for our 10th Birthday Conference, next month. Between my Three Rings work, a busy stretch at my day job, voluntary work at Oxford Friend, yet-more-executor-stuff, and three different courses, I don’t have much time for anything else!

But I’m still alive, and I’m sure I’ll have more to say about all of the things I’ve been getting up to sometime. Maybe at half term. Or Christmas!

Update: Squee! We’ve got folders!

 

×

Article posted at UTC on .

3 comments

Review of FTL: Faster Than Light

This review originally appeared on Steam. See more reviews by Dan.

FTL: Faster Than Light

Rating: 👍

This game is just pure fun. It’s not easy, and there’s a lot of learning to be done, but it sort-of reminds me of playing NetHack for the first time, if NetHack were set in the Battlestar Galactica universe (or perhaps Firefly) rather than in the Dungeons of Doom. Seriously lots of fun, and great to “come back to”. You’ll never forget your first win.

Review posted at UTC on .

No comments