Dan Q

Kind: Reposts

The Revenge of the Hot Water Bottle

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Imagine a personal heating system that works indoors as well as outdoors, can be taken anywhere, requires little energy, and is independent of any infrastructure. It exists – and is hundreds of years old.

A hot water bottle is a sealable container filled with hot water, often enclosed in a textile cover, which is directly placed against a part of the body for thermal comfort. The hot water bottle is still a common household item in some places – such as the UK and Japan – but it is largely forgotten or disregarded in most of the industrialised world. If people know of it, they usually associate it with pain relief rather than thermal comfort, or they consider its use an outdated practice for the poor and the elderly.

Imagine my surprise to discover that not only are hot water bottles confined almost-entirely to the UK and Japan (more-strictly, I suppose the article should say “the British Isles”; friends in Ireland tell me that they’re popular there too), but that they’re so distinctly confined to these isles that English speakers elsewhere in the world need this article to explain to them what a hot water bottle is and why they’d want one!

I’m a fan of hot water bottles; I’ll sometimes take one – or even two, during a cold snap – to bed. But reading this article feels like reading a guide for aliens living on Earth: explaining everyday things as if you’d never come across them before.

Repost posted at UTC on .

1 comment

STAR T/W R/A E/R K/S

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Fun little trick in the Sunday New York Times crossword yesterday: the central theme clue was “The better of two sci-fi franchises”, and regardless of whether you put Star Wars or Star Trek, the crossing clues worked

Sunday New York Times crossword puzzle in which the answer to 70 across can be answered in two different ways.

Matt Tomic

This is a (snippet of an) excellent New York Times crossword puzzle, but the true genius of it in my mind is that 71 down can be answered using iconic Star Wars line “It’s a trap!” only if the player puts Star Trek, rather than Star Wars, as the answer to 70 across (“The better of two sci-fi franchises”). If they answer with Star Wars, they instead must answer “It’s a wrap!”.

Matt goes on to try to make his own which pairs 1954 novel Lord of the Rings against Lord of the Flies, which is pretty good but I’m not convinced he can get away with the crosswise “ulne” as a word (contrast e.g. “rise” in the example above).

Of course, neither are quite as clever as the New York Timespuzzle on the eve of the 1996 presidential election whose clue “Lead story in tomorrow’s newspaper(!)” could be answered either “Clinton elected” or “Bob Dole elected” and the words crossing each of “Clinton” or “Bob Dole” would still fit the clues (despite being modified by only a single letter).

If you’re looking to lose some time, here’s some further reading on so-called “Schrödinger puzzles”, and several  more crosswords that achieve the same feat.

Sunday New York Times crossword puzzle in which the answer to 70 across can be answered in two different ways.×

Repost posted at UTC on .

No comments

Gutenberg versus Elementor – the beginners challenge

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

What happens when you give Gutenberg and Elementor to complete Beginners? In this challenge, Meg and Lily (two of my daughters) are tasked with re-creating a webpage. They’ve never used Elementor or Gutenberg before, and I only gave them 30 minutes each.

Jamie of Pootlepress challenged his daughters – who are presumably both digital natives, but have no WordPress experience – to build a page to a specific design using both Gutenberg and Elementor. In 30 minutes.

Regardless of what you think about the products under test or the competitors in the challenge (Lily + Gutenberg clearly seems to be the fan favourite, which I’d sort-of expect because IMO Gutenberg’s learning curve is much flatter that Elementor’s), this is a fantastic example of “thinking aloud” (“talkalong”) UX testing. And with (only) a £20 prize on offer, it’s possibly the best-value testing of its type I’ve ever seen too! Both the participants do an excellent job of expressing their praise of and frustration with different parts of the interface of their assigned editing platform, and the developers of both – and other systems besides – could learn a lot from watching this video.

Specifically, this video shows how enormous the gulf is between how developers try to express concepts that are essential to web design and how beginner users assume things will work. Concepts like thinking in terms of “blocks” that can resize or reposition dynamically, breakpoints, assets as cross-references rather than strictly embedded within documents, style as an overarching concept by preference to something applied to individual elements, etc… some as second nature once you’re sixteen levels deep into the DOM and you’ve been doing it for years! But they’re rarely intuitive… or, perhaps, not expressed in a way that makes them intuitive… to new users.

Repost posted at UTC on .

No comments

Emma GoldCoin

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

EGX fixes all the problems with all the existing cryptocurrencies once and for all. In particular it fixes the problems around security, environmental impact and ease of use that beset all other known blockchain-based cryptocurrency offerings.

  • Security

Due to the unique way in which the EGX blockchain is constructed, EGX cannot be hacked and will never be hacked. Period. There are and never will be any security issues with EGX. No other cryptocurrency on or off the planet can claim this.

  • Environment

Whether based on Proof Of Work or Proof of Stake, all other blockchains have a non-negligible and non-zero environmental impact. EGX however is based on neither of these. Instead it is based on Proof Of Existence, described below. PoE has a minimum environmental impact that is provably zero. Individual EGX implementations may have greater environmental impact than this, but that is entirely on the implementor. EGX PoE can be as low as zero if you wish, and we can prove this.

  • Ease Of Implementation

Due to its unique properties, no other cryptocurrency is or ever will be easier to implement and work with as EGX. This is not an empty claim – again, we can prove this.

Now here’s a cryptocurrency I can get behind. Shut up and take my money!

Repost posted at UTC on .

6 comments

“DOONT” — A Bad Lip Reading of Dune

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

You may remember that I was excited to hear about the upcoming release of Dune (which I suppose should be called Dune: Part One). It turns out to be excellent and I’d recommend it to anybody.

But once you’ve seen it and while you’re in the two-year wait for Dune: Part Two (argh!), can I suggest you also enjoy this wonderful creation by the folks at Bad Lip Reading, whose work I’ve plugged before. Note: minor spoilers (amazingly) if you haven’t seen Dune yet.

Repost posted at UTC on .

No comments

GB number plate sticker no longer valid abroad

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

GB sticker being affixed to a car.

British motorists driving outside the UK must now remove old-style GB stickers or cover them up.

Instead they should display a UK sticker or have the UK identifier on their number plate.

The UK government guidance has been in place since Tuesday 28 September.

With the replacement of “GB” stickers with “UK” ones, I’ll soon be able to add another joke to my list of jokes that aged badly. I first read this in a joke book when I was a kid:

A young man gets his first car and his younger sister comes to look at it. “What’s this ‘L’ sticker for?” she asks.

“It stands for ‘Learning’,” replies man, “Because I’m still having driving lessons.”

Some time later, after he’s passed his test, the man is preparing to take a trip to France with his friends. His sister points to a sticker on his car. “Does this ‘GB’ mean you’re ‘Getting Better’?”

GB sticker being affixed to a car.×

Repost posted at UTC on .

No comments

What’s wrong with what3words?

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

In his latest video, Andrew provides a highly-accessible and slick explanation of all of the arguments against what3words that I’ve been making for years, plus a couple more besides.

Arguments that he makes that closely parallel my own include that what3words addresses are (a) often semantically-ambiguous, (b) potentially offensive, (c) untranslatable (and their English words, used by non-English speakers, exaggerates problem (a)), and (d) based on an aggressively-guarded proprietary algorithm. We’re of the same mind, there. I’ll absolutely be using this video to concisely explain my stance in future.

Andrew goes on to point out two further faults with the system, which don’t often appear among my arguments against it:

The first is that its lack of a vertical component and of a mechanism for narrowing-down location more-specifically makes it unsuitable for one of its stated purposes of improving addressing in parts of the developing world. While I do agree that what3words is a bad choice for use as this kind of addressing system, my reasoning is different, and I don’t entirely agree with his. I don’t believe that what3words are actually arguing that their system should be used alone to address a letter. Even in those cases where a given 3m × 3m square can be used to point to a single building’s entryway, a single building rarely contains one person! At a minimum, a “what3words”-powered postal address is likely to specify the name of the addressee who’s expected to be found there. It also may require additional data impossible to encode in any standardisable format, and adding a vertical component doesn’t solve this either: e.g. care-of addresses, numbered letterboxes, unconventional floor numbers (e.g. in tunnels or skybridges), door colours, or even maps drawn from memory onto envelopes have been used in addressed mail in some parts of the world and at some times. I’m not sure it’s fair to claim that what3words fails here because every other attempt at a universal system would too.

Similarly, I don’t think it’s necessarily relevant for him to make his observation that geological movements result in impermanence in what3words addresses. Not only is this a limitation of global positioning in general, it’s also a fundamentally unsolvable problem: any addressable “thing” is capable or movement both with and independent of the part of the Earth to which it’s considered attached. If a building is extended in one direction and the other end demolished, or remodelling moves its front door, or a shipwreck is split into two by erosion against the seafloor, or two office buildings become joined by a central new lobby between them, these all result in changes to the positional “address” of that thing! Even systems designed specifically to improve the addressability of these kinds of items fail us: e.g. conventional postal addresses change as streets are renamed, properties renamed or renumbered, or the boundaries of settlements and postcode areas shift. So again: while changes to the world underlying an addressing model are a problem… they’re not a problem unique to what3words, nor one that they claim to solve.

One of what3words’ claimed strengths is that it’s unambiguous because sequential geographic areas do not use sequential words, so ///happy.adults.hand is nowhere near ///happy.adults.face. That kind of feature is theoretically great for rescue operations because it means that you’re likely to spot if I’m giving you a location that’s in completely the wrong country, whereas the difference between 51.385, -1.6745 and 51.335, -1.6745, which could easily result from a transcription error, are an awkward 4 miles away. Unfortunately, as Andrew demonstrates, what3words introduces a different kind of ambiguity instead, so it doesn’t really do a great job of solving the problem.

And sequential or at least localised areas are actually good for some things, such as e.g. addressing mail! If I’ve just delivered mail to 123 East Street and my next stop is 256 East Street then (depending on a variety of factors) I probably know which direction to go in, approximately how far, and possibly even what side of the road it’ll be on!

That’s one of the reasons I’m far more of a fan of the Open Location Code, popularised by Google as Plus Codes. It’s got many great features, including variable resolution (you can give a short code, or just the beginning of a code, to specify a larger area, or increase the length of the code to specify any arbitrary level of two-dimensional precision), sequential locality (similar-looking codes are geographically-closer), and it’s based on an open standard so it’s at lower risk of abuse and exploitation and likely has greater longevity than what3words. That’s probably why it’s in use for addresses in Kolkata, India and rural Utah. Because they don’t use English-language words, Open Location Codes are dramatically more-accessible to people all over the world.

If you want to reduce ambiguity in Open Location Codes (to meet the needs of rescue services, for example), it’d be simple to extend the standard with a check digit. Open Location Codes use a base-20 alphabet selected to reduce written ambiguity (e.g. there’s no letter O nor number 0), so if you really wanted to add this feature you could just use a base-20 modification of the Luhn algorithm (now unencumbered by patents) to add a check digit, after a predetermined character at the end of the code (e.g. a slash). Check digits are a well-established way to ensure that an identifier was correctly received e.g. over a bad telephone connection, which is exactly why we use them for things like credit card numbers already.

Basically: anything but what3words would be great.

Repost posted at UTC on .

1 comment

Chrome is the new Safari. And so are Edge and Firefox.

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

I am not saying Apple’s approach is wrong. What Apple is doing is important too, and I applaud the work Apple has been doing in improving privacy on the web.

But it can’t be the only priority. Just imagine what the web would look like if every browser would have taken that approach 20 years ago.

Actually, no, don’t imagine it all. Just think back at Internet Explorer 6; that is what the web looked like 20 years ago.

There can only be one proper solution: Apple needs to open up their App Store to browsers with other rendering engines. Scrap rule 2.5.6 and allow other browsers on iOS and let them genuinely compete.

As a reminder, Safari is the only web browser on iOS. You might have been fooled to think otherwise by the appearance of other browsers in the App Store or perhaps by last year’s update that made it possible at long last to change the default browser, but it’s all an illusion. Beneath the mask, all browsers on iOS are powered by Safari’s WebKit, or else they’re booted from the App Store.

Comic showing Scooby-Doo character Fred removing the mask from the ghosts of different iOS web browsers to find Safari's WebKit beneath all of them.

Neils’ comparison to Internet Explorer 6 is a good one, but as I’ve long pointed out, there’s a big and important difference between Microsoft’s story during the First Browser War and Apple’s today:

  • Microsoft bundled Internet Explorer with Windows, raising the barrier to using a different web browser, which a court ruled as monopolistic and recommended that Microsoft be broken into smaller companies (this recommendation was scaled back on appeal).
  • Apple bundle Safari with iOS and prohibit the use of any other browser’s rendering engine on that platform, preventing the use of a different web browser. Third-party applications have been available for iOS – except, specifically, other browser rendering engines and a handful of other things – for 13 years now, but it still seems unlikely we’ll see an antitrust case anytime soon.

Apple are holding the Web back… and getting away with it.

Comic showing Scooby-Doo character Fred removing the mask from the ghosts of different iOS web browsers to find Safari's WebKit beneath all of them.×

Repost posted at UTC on .

No comments

London civil servant’s bus odyssey sparks Twitter storm

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

When Jo Kibble, a 39-year-old civil servant from Greenwich, set out to travel as far as he could from London in one day only using public bus routes it was supposed to be a personal project. But he ended up sparking a Twitter storm, causing a debate about how to build a fairer country along the way.

“I like travelling by public transport and by bus; I think it’s a great way to see the country,” Mr Kibble explains.

..

Mr Kibble figured the furthest he could get in one day would be Morecambe in Lancashire – some 260 miles from Charing Cross, the geographical centre of London.

I’m sure that many of you, like me, really enjoyed The Political Travelling Animal‘s Twitter adventure up the country, last week. If you missed it (and you should really go read it if you did): Jo decided to see how far he could get from London within 24 hours via local bus routes only, and live-tweeted the entire experience for the world to enjoy too. Perhaps unsurprisingly, I particularly enjoyed that fact that he gave a nod to Preston’s unusual and iconic bus station.

Reading it, though, I found myself reminded of a time, long ago, that I planned (although never took) a similar journey. In 1999 I moved away from my family in Preston to Aberystwyth to go to university.

Before he became a bus my father was a bus industry professional and at a rest stop during the journey to Aberystwyth as he dropped me off, he and I perused the (paper) timetables to explore a hypothesis that the pair of us had come up with.

Our question: Is it possible to travel from Aberystwyth to Preston, in a single day, using local bus routes only?

After much consideration, we determined that yes, it was possible, but better than that: it was possible to do so (at the time) entirely on Arriva buses. This presented an unexploited opportunity: for the price of an “all day” Arriva ticket (£2.20, IIRC), an enterprising and poor student could, in a pinch, find their way back from Aberystwyth to Preston over the course of about 16 hours for only a fraction more than the price of a pint of beer.

This was utterly academic: in the years that followed, I would almost invariably leave Aberystwyth by train. Sometimes I’d do this to go to London: a route for which, I discovered, I could catch the 6am train, hide aboard it as it was vacated at its Birmingham New Street terminus and take a nap, safe in the knowledge that the same rolling stock would subsequently become a train to London Euston! Other times I’d return to Preston; a journey for which not even floods could stop me.

But regardless, for my first full term at university I kept on the corner of the desk in my study room the sum of £2.20, as an “insurance policy”. No matter what happened in this new phase of my life, that small pile of coins could, at a stretch, get me back “home”.

By Christmas 1999 I’d re-purposed the coins to do my laundry (the washing machines in the halls’ laundrette took pound coins and the dryers 20p pieces, so this was a far more-valuable use of spare change in those denominations). By this point I’d settled in and had become confident that Aberystwyth was likely to be my home almost year-around, and indeed I’d go on to live there another decade before saying goodbye for Oxfordshire.

But we answered the question, at least in theory: a hypothetical but symbolic question about the versatility and utility of an interconnected network of local bus routes. And that’s just great.

Repost posted at UTC on .

No comments

Using every car parking space in a supermarket car park

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

For the last six years I’ve kept a spreadsheet listing every parking spot I’ve used at the local supermarket in a bid to park in them all. This week I completed my Magnum Opus! A thread.

I live in Bromley and almost always shop at the same Sainsbury’s in the centre of town, here’s a satellite view of their car park. It’s a great car park because you can always get a space and it is laid out really well. Comfortably in my top 5 Bromley car parks.

After quite a few years of going each week I started thinking about how many of the different spots I’d parked in and how long it would take to park in them all. My life is one long roller coaster.

A glorious story from a man with the kind of dedication that would have gotten him far in CNPS back in the day (I wonder if Claire ever got past 13 points…).

This is the kind of thing that I occasionally consider adding to the list of mundane shit I track about my life. But then I start thinking about the tracking infrastructure and I end up adding far more future-proofing than I intend: I start thinking about tracking how often my hayfever causes me problems so I can correlate it to the time and the location data I already record to work out which tree species’ pollen affects me the most. Or tracking a variety of mood metrics so I can see if, as I’ve long suspected, the number of unread emails in my inboxen negatively correlates to my general happiness.

Measure all the things!

Repost posted at UTC on .

No comments

Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software.

Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.

Moxie Marlinspike (Signal)

Recently Moxie, co-author of the Signal Protocol, came into possession of a Cellebrite Extraction Device (phone cracking kit used by law enforcement as well as by oppressive regimes who need to clamp down on dissidents) which “fell off a truck” near him. What an amazing coincidence! He went on to report, this week, that he’d partially reverse-engineered the system, discovering copyrighted code from Apple – that’ll go down well! – and, more-interestingly, unpatched vulnerabilities. In a demonstration video, he goes on to show that a carefully crafted file placed on a phone could, if attacked using a Cellebrite device, exploit these vulnerabilities to take over the forensics equipment.

Obviously this is a Bad Thing if you’re depending on that forensics kit! Not only are you now unable to demonstrate that the evidence you’re collecting is complete and accurate, because it potentially isn’t, but you’ve also got to treat your equipment as untrustworthy. This basically makes any evidence you’ve collected inadmissible in many courts.

Moxie goes on to announce a completely unrelated upcoming feature for Signal: a minority of functionally-random installations will create carefully-crafted files on their devices’ filesystem. You know, just to sit there and look pretty. No other reason:

In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.

That’s just beautiful.

Repost posted at UTC on .

4 comments

Tips for Text-based Interviews

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Since joining the hiring team at Automattic in the fall of 2019, I’ve noticed different patterns and preferences on text-based interviews. Some of these are also general interviewing tips.

  1. Send shorter messages
  2. Avoid Threads if possible
  3. Show your thought process
  4. Don’t bother name dropping
  5. Tell the story
  6. It’s not that different

Fellow Automattician Jerry Jones, whose work on accessibility was very useful in spearheading some research by my team, earlier this year, has written a great post about interviewing at Automattic or, indeed, any company that’s opted for text-based interviews. My favourite hosting company uses these too, and I’ve written about my experience of interviewing at Automattic, but Jerry’s post – which goes into much more detail than just the six highlight points above, is well worth a look if you ever expect to be on either side of a text-based interview.

Repost posted at UTC on .

No comments

Big List of Naughty Strings

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

# Reserved Strings
#
# Strings which may be used elsewhere in code
undefined
undef
null
NULL

then
constructor
\
\\

# Numeric Strings
#
# Strings which can be interpreted as numeric
0
1
1.00
$1.00
1/2
1E2

Max Woolf

Max has produced a list of “naughty strings”: things you might try injecting into your systems along with any fuzz testing you’re doing to check for common errors in escaping, processing, casting, interpreting, parsing, etc. The copy above is heavily truncated: the list is long!

It’s got a lot of the things in it that you’d expect to find: reserved keywords and filenames, unusual or invalid unicode codepoints, tests for the Scunthorpe Problem, and so on. But perhaps my favourite entry is this one, a test for “human injection”:

# Human injection
#
# Strings which may cause human to reinterpret worldview
If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.

Beautiful.

Repost posted at UTC on .

No comments