Notes from #musetech18 presentations (with a strong “collaboration” theme). Note that these are “live notes” first-and-foremost for my own use and so are probably full of typos. Sorry.

Matt Locke (StoryThings, @matlocke):

  • Over the last 100 years, proportional total advertising revenue has been stolen from newspapers by radio, then television: scheduled media that is experienced simultaneously. But we see a recent drift in “patterns of attention” towards the Internet. (Schedulers, not producers, hold the power in radio/television.)
  • The new attention “spectrum” includes things that aren’t “20-60 minutes” (which has historically been dominated by TV) nor “1-3 hours” (which has been film), but now there are shorter and longer forms of popular medium, from tweets and blog posts (very short) to livestreams and binging (very long). To gather the full spectrum of attention, we need to span these spectra.
  • Rhythm is the traditions and patterns of how work is done in your industry, sector, platforms and supply chains. You need to understand this to be most-effective (but this is hard to see from the inside: newcomers are helpful). In broadcast television as a medium, the schedules dictate the rhythms… in traditional print publishing, the major book festivals and “blockbuster release” cycles dominate the rhythm.
  • Then how do we collaborate with organisations not in our sector (i.e. with different rhythms)? There are several approaches, but think about the rhythmic impact.

Lizzy Bullock (English Heritage, @lizzybethness):

  • g.co/englishheritage
  • Partnered with Google Arts & Heritage; Google’s first single-partner project and also their first project with a multi-site organisation.
  • This kind of tech can be used to increase access (e.g. street view of closed sites) and also support curatorial/research aims (e.g. ultra-high-resolution photography).
  • Aside from the tech access, working with a big company like Google provides basically “free” PR. In combination, these benefits boost reach.
  • Learnings: prepare to work hard and fast, multi-site projects are a logistical nightmare, you will need help, stay organised and get recordkeeping/planning in place early, be aware that there’ll be things you can’t control (e.g. off-brand PR produced by the partner), don’t be afraid to stand your ground where you know your content better.
  • Decide what successw looks like at the outset and with all relevant stakeholders involved, so that you can stay on course. Make sure the project is integrated into contributors’ work streams.

Daria Cybulska (Wikimedia UK, @DCybulska):

  • Collaborative work via Wikimedians-in-residence not only provides a boost to open content but involves engagement with staff and opens further partnership opportunities.
  • Your audience is already using Wikipedia: reaching out via Wikipedia provides new ways to engage with them – see it as a medium as well as a platform.
  • Wikimedians-in-residence, being “external”, are great motivators to agitate processes and promote healthy change in your organisation.

Creative Collaborations ([1] Kate Noble @kateinoble, Ina Pruegel @3today, [2] Joanna Salter, [3] Michal Cudrnak, Johnathan Prior):

  • Digital making (learning about technology through making with it) can link museums with “maker culture”. Cambridge museums (Zoology, Fitzwilliam) used a “Maker in Residence” programme and promoted “family workshops” and worked with primary schools. Staff learned-as-they-went and delivered training that they’d just done themselves (which fits maker culture thinking). Unexpected outcomes included interest from staff and discovery of “hidden” resources around the museums, and the provision of valuable role models to participants. Tips: find allies, be ambitious and playful, and take risks.
  • National Maritime Museum Greenwich/National Maritime Museum – “re.think” aimed to engage public with emotive topics and physically-interactive exhibits. Digital wing allowed leaving of connections/memories, voting on hot issues, etc. This leads to a model in which visitors are actively engaged in shaping the future display (and interpretation) of exhibitions. Stefanie Posavec appointed as a data artist in residence.
  • SoundWalk Strazky at Slovak National Gallery: audio-geography soundwalks as an immersive experiential exhibition; can be done relatively cheaply, at the basic end. Telling fictional stories (based on reality) can help engage visitors with content (in this case, recreating scenes from artists’ lives). Interlingual challenges. Delivery via Phonegap app which provides map and audio at “spots”; with a simple design that discourages staring-at-the-screen (only use digital to improve access to content!).

Lightning talks:

  • Maritime Museum Greenwich: wanted to find out how people engage with objects – we added both a museum interpretation and a community message to each object. Highly-observational testing helped see how hundreds of people engage with content. Lesson: curators are not good judges of how their stuff will be received; audience ownership is amazing. Be reactive. Visitors don’t mind being testers of super-rough paper-based designs.
  • Nordic Museum / Swedish National Heritage Board explored Generous Interfaces: show first, don’t ask, rich overviews, interobject relationships, encourage exploration etc. (Whitelaw, 2012). Open data + open source + design sprints (with coding in between) + lots of testing = a collaborative process. Use testing to decide between sorting OR filtering; not both! As a bonus, generous interfaces encourage finding of data errors. bit.ly/2CNsNna
  • IWM on the centenary of WWI: thinking about continuing the crowdsourcing begun by the IWM’s original mission. Millions of assets have been created by users. Highly-collaborative mechanism to explore, contribute to, and share a data space.
  • Lauren Bassam (@lswbassam) on LGBT History and co-opting of Instagram as an archival space: Instagram is an unconventional archival source, but provides a few benefits in collaboration and engagement management, and serves as a viable platform for stories that are hard to tell using the collections in conventional archives. A suitably-engaged community can take pride in their accuracy and their research cred, whether or not you strictly approve of their use of the term “archivist”. With closed stacks, we sometimes forget how important engagement, touch, exploration and play can be.
  • Owen Gower (@owentg) from Dr. Jenner’s House Museum and Garden: they received EU REVEAL funding to look at VR as an engagement tool. Their game is for PSVR and has a commercial release. The objects that interested the game designers the most weren’t necessarily those which the curators might have chosen. Don’t let your designers get carried away and fill the game with e.g. zombies. But work with them, and your designers can help you find not only new ways to tell stories, but new stories you didn’t know you could tell. Don’t be afraid to use cheap/student developers!
  • Rebecca Kahm @rebamex from Pelagios Commons (@Pelagiosproject): the problem with linked data is that it’s hard to show its value to end users (or even show museums “what you can do” with it). Coins have great linked data, in collections. Peripleo was used to implement a sort-of “reverse Indiana Jones”: players try to recover information to find where an artefact belongs.
  • Jon Pratty: There are lots of useful services (Flickr, Storify etc.) and many are free (which is great)… but this produces problems for us in terms of the long-term life of our online content, not to mention the ethical issues with using services whose business model is built on trading personal data of our users. [Editor’s note: everything being talked about here is the stuff that the Indieweb movement have been working on for some time!] We need to de-siloise and de-centralise our content and services. redecentralize.org? responsibledata.io?

In-House Collaboration and the State of the Sector:

  • Rosie Cardiff @RosieCardiff, Serpentine Galleries on Mobile Tours. Delivered as web application via captive WiFi hotspot. Technical challenges were significant for a relatively small digital team, and there was some apprehension among frontline staff. As a result of these and other problems, the mobile tours were underused. Ideas to overcome barriers: report successes and feedback, reuse content cross-channel, fix bugs ASAP, invite dialogue. Interesting that they’ve gained a print guides off the back of the the digital. Learn lessons and relaunch.
  • Sarah Younaf @sarahyounas, Tyne & Wear Museums. Digital’s job is to ask the questions the museum wouldn’t normally ask, i.e. experimentation (with a human-centric bias). Digital is quietly, by its nature, “given permission” to take risks. Consider establishing relationships with (and inviting-in) people who will/want to do “mashups” or find alternative uses for your content; get those conversations going about collections access. Experimental Try-New-Things afternoons had value but this didn’t directly translate into ideas-from-the-bottom, perhaps as a result of a lack of confidence, a requirement for fully-formed ideas, or a heavy form in the application process for investment in new initiatives. Remember you can’t change everyone, but find champions and encourage participation!
  • Kati Price @katiprice on Structuring for Digital Success in GLAM. Study showed that technical leadership and digital management/analysis is rated as vital, yet they’re also underrepresented. Ambitions routinely outstrip budgets. Assumptions about what digital teams “look” like from an org-chart perspective don’t cover the full diversity: digital teams look very different from one another! Forrester Research model of Digital Maturity seems to be the closest measure of digital maturity in GLAM institutions, but has flaws (mostly relating to its focus in the commercial sector): what’s interesting is that digital maturity seems to correlate to structure – decentralised less mature than centralised less mature than hub-and-spoke less mature than holistic.
  • Jennifer Wexler, Daniel Pett, Chiara Bonacchi on Diversifying Museum Audiences through Participation and stuff. Crowdsourcing boring data entry tasks is sometimes easier than asking staff to do it, amazingly. For success, make sure you get institutional buy-in and get press on board. Also: make sure that the resulting data is open so everybody can explore it. Crowdsourcing is not implicitly democratisating, but it leads to the production of data that can be. 3D prints (made from 3D cutouts generated by crowdsourcing) are a useful accessibility feature for bringing a collection to blind or partially-sighted visitors, for example. Think about your audiences: kids might love your hip VR, but if their parents hate it then you still need a way to engage with them!

Tomorrow’s Web, Today

Maybe it’s because I was at Render Conf at the end of last month or perhaps it’s because Three Rings DevCamp – which always gets me inspired – was earlier this month, but I’ve been particularly excited lately to get the chance to play with some of the more “cutting edge” (or at least, relatively-new) web technologies that are appearing on the horizon. It feels like the Web is having a bit of a renaissance of development, spearheaded by the fact that it’s no longer Microsoft that are holding development back (but increasingly Apple) and, perhaps for the first time, the fact that the W3C are churning out standards “ahead” of where the browser vendors are managing to implement technical features, rather than simply reflecting what’s already happening in the world.

Ben Foxall at Render Conf 2017 discusses the accompanying JSOxford Hackathon.
Ben Foxall at Render Conf 2017 discusses the accompanying JSOxford Hackathon. Hey, who’s that near the top-right?

It seems to me that HTML5 may well be the final version of HTML. Rather than making grand new releases to the core technology, we’re now – at last! – in a position where it’s possible to iteratively add new techniques in a resilient, progressive manner. We don’t need “HTML6” to deliver us any particular new feature, because the modern web is more-modular and is capable of having additional features bolted on. We’re in a world where browser detection has been replaced with feature detection, to the extent that you can even do non-hacky feature detection in pure CSS, now, and this (thanks to the nature of the Web as a loosely-coupled, resilient platform) means that it’s genuinely possible to progressively-enhance content and get on board with each hot new technology that comes along, if you want, while still delivering content to users on older browsers.

And that’s the dream! A web of progressive-enhancement stays true to Sir Tim’s dream of universal interoperability while still moving forward technologically. I’ve no doubt that there’ll always be people who want to break the Web – even Google do it, sometimes – with single-page Javascript-only web apps, “app shell” websites, mobile-only or desktop-only experiences and “apps” that really ought to have been websites (and perhaps PWAs) to begin with… but the fact that the tools to make a genuinely “progressively-enhanced” web, and those tools are mainstream, is a big deal. If you don’t think we’re at that point yet, I invite you to watch Rachel Andrews‘ fantastic presentation, “Start Using CSS Grid Layout Today”.

Three Rings DevCamp 2017
Three Rings’ developers hard at work at this year’s DevCamp.

Some of the things I’ve been playing with recently include:

Intersection Observers

Only really supported in Chrome, but there’s a great polyfill, the Intersection Observer API is one of those technologies that make you say “why didn’t we have that already?” It’s very simple: all an Intersection Observer does is to provide event hooks for target objects entering or leaving the viewport, without resorting to polling or hacky code on scroll event captures.

Intersection Observer example (animated GIF)

What’s it for? Well the single most-obvious use case is lazy-loading images, a-la Medium or Google Image Search: delivering users a placeholder image or a low-resolution copy until they scroll far enough for the image to come into view (or almost into view) and then downloading the full-resolution version and dynamically replacing it. My first foray into Intersection Observers was to take Medium’s approach and then improve it with a Service Worker in order to make it behave nicely even if the user’s Internet connection was unreliable, but I’ve since applied it to my Reddit browser plugin MegaMegaMonitor: rather than hammering the browser with Javascript the plugin now waits until relevant content enters the viewport before performing resource-intensive tasks.

Web Workers

I’d briefly played with Service Workers before and indeed we’re adding a Service Worker to the next version of Three Rings, which, in conjunction with a manifest.json and the service’s (ongoing) delivery over HTTPS (over H2, where available, since last year), technically makes it a Progressive Web App… and I’ve been looking for opportunities to make use of Service Workers elsewhere in my work, too… but my first dive in to Web Workers was in introducing one to the next upcoming version of MegaMegaMonitor.

MegaMegaMonitor v155a Lists feature
MegaMegaMonitor’s processor-intensive “Lists” feature sees the most benefit from Web Workers

Web Workers add true multithreading to Javascript, and in the case of MegaMegaMonitor this means the possibility of pushing the more-intensive work that the plugin has to do out of the main thread and into the background, allowing the user to enjoy an uninterrupted browsing experience while the heavy-lifting goes on in the background. Because I don’t control the domain on which this Web Worker runs (it’s reddit.com, of course!), I’ve also had the opportunity to play with Blobs, which provided a convenient way for me to inject Worker code onto somebody else’s website from within a userscript. This has also lead me to the discovery that it ought to be possible to implement userscripts that inject Service Workers onto websites, which could be used to mashup additional functionality into websites far in advance of that which is typically possible with a userscript… more on that if I get around to implementing such a thing.

Fetch

The final of the new technologies I’ve been playing with this month is the Fetch API. I’m not pulling any punches when I say that the Fetch API is exactly what XMLHttpRequests should have been from the very beginning. Understanding them properly has finally given me the confidence to stop using jQuery for the one thing for which I always seemed to have had to depend on it for – that is, simplifying Ajax requests! I mean, look at this elegant code:

fetch('posts.json')
.then(function(response) {
  return response.json();
})
.then(function(json) {
  console.log(json.something.otherThing);
});

Whether or not you’re a fan of Javascript, you’ve got to admit that that’s infinitely more readable than XMLHttpRequest hackery (at least, without the help of a heavyweight library like jQuery).

Laser Duck Hunt at Render Conf 2017
Other things I’ve been up to include Laser Duck Hunt, but that’s another story.

So that’s some of the stuff I’ve been playing with lately: Intersection Observers, Web Workers, Blobs, and the Fetch API. And I feel all full of optimism on behalf of the Web.

Hello 2013: Goodbye 2012

This post has been censored at the request of Sundeep. See: all censored posts, all posts censored by request of Sundeep.

This is the first in a series of four blog posts which ought to have been published during January 2013, but ran late because I didn’t want to publish any of them before the first one.

2012 was one of the hardest years of my life.

RT @misterjta Dear 2012, Fuck off. Sincerely, JTA.
My retweet of JTA’s sentiments, shortly after midnight on New Year’s Eve, pretty much covers my feeling of the year, too.

It was a year of unceasing disasters and difficulties: every time some tragedy had befallen me, my friends, or family, some additional calamity was lined-up to follow in its wake. In an environment like this, even the not-quite-so-sad things – like the death of Puddles, our family dog, in May – were magnified, and the ongoing challenges of the year – like the neverending difficulties with my dad’s estate – became overwhelming.

My sister Becky with Puddles, on a train.
My sister Becky with Puddles, both younger and more-foolish than they eventually became. I don’t know why Puddles is wearing a t-shirt.

The sudden and unexpected death of my dad while training for his Arctic trek, was clearly the event which had the most-significant impact on me. I’ve written about the experience at length, both here on my blog and elsewhere (for example, I made a self-post to Reddit on the day after the accident, urging readers to “call somebody you love today”).

My dad, climbing Aladdin's Mirror in the Cairngorms.
My dad, climbing Aladdin’s Mirror in the Cairngorms.

In the week of his death, my sister Becky was suffering from an awful toothache which was stopping her from eating, sleeping, or generally functioning at all (I tried to help her out by offering some oil of cloves (which functions as a dental contact anesthetic), but she must have misunderstood my instruction about applying it to the tooth without swallowing it, because she spent most of that evening throwing up (seriously: don’t ever swallow clove oil).

Sandals (with socks), shorts, checked shirt.
My dad’s clothes for his funeral. My sisters and I decided that he ought to be dressed as he would be for a one of his summer hikes, right down to the combination of sandals and socks (the funeral director needed reassurance that yes, he really did routinely wear both at the same time).

Little did she know, worse was yet to come: when she finally went to the dentist, he botched her operation, leaving her with a jaw infection. The infection spread, causing septicæmia of her face and neck and requiring that she was hospitalised. On the day of our dad’s funeral, she needed to insist that the “stop gap” surgery that she was given was done under local, rather than general, anasthetic, so that she could make it – albeit in a wheelchair and unable to talk – to the funeral.

Five weeks later, my dad finally reached the North Pole, his ashes carried by another member of his team. At about the same time, Ruth‘s grandmother passed away, swamping the already-emotional Earthlings with yet another sad period. That same month, my friend S****** suffered a serious injury, a traumatic and distressing experience in the middle of a long and difficult period of her life, and an event which caused significant ripples in the lives of her circle of friends.

VARLEY Margret Of Doddington Lodge, Hopton Wafers, formerly of Newcastle-on-Clun, on April 28, 2012. Funeral Service, at Telford Crematorium, on Tuesday, May 22, at 2pm. Inquiries to LINDA DAWSON Funeral Director Corvedale Road Craven Arms Telephone 01588 673250. Originally printed on May 17, 2012.
The notice of Ruth’s grandmother’s death, as it appeared in the online version of her local newspaper.

Shortly afterwards, Paul moved out from Earth, in a situation that was anticipated (we’d said when we first moved in together that it would be only for a couple of years, while we all found our feet in Oxford and decided on what we’d be doing next, as far as our living situations were concerned), but still felt occasionally hostile: when Paul left town six months later, his last blog post stated that Oxford could “get lost”, and that he’d “hated hated 90% of the time” he’d lived here. Despite reassurances to the contrary, it was sometimes hard – especially in such a difficult year – to think that this message wasn’t directed at Oxford so much as at his friends there.

As the summer came to an end, my workload on my various courses increased dramatically, stretching into my so-called “free time”: this, coupled with delays resulting from all of the illness, injury, and death that had happened already, threw back the release date of Milestone: Jethrik, the latest update to Three Rings. Coupled with the stress of the 10th Birthday Party Conference – which thankfully JTA handled most of – even the rare periods during which nobody was ill or dying were filled with sleepless nights and anxiety. And of course as soon as all of the preparation was out of the way and the conference was done, there were still plenty of long days ahead, catching up on everything that had been temporarily put on the back burner.

My sister Sarah and I at the christening of a bus named after my dad. Click the picture for the full story.
My sister Sarah and I at the christening of a bus named after my dad. Click the picture for the full story.

When I was first appointed executor of my dad’s estate, I said to myself that I could have the whole thing wrapped-up and resolved within six months… eight on the outside. But as things dragged on – it took almost six months until the investigation was finished and the coroner’s report filed, so we could get a death certificate, for example – they just got more and more bogged-down. Problems with my dad’s will made it harder than expected to get started (for example, I’m the executor and a beneficiary of the will, yet nowhere on it am I directly mentioned by name, address, or relationship… which means that I’ve had to prove that I am the person mentioned in the will every single time I present it, and that’s not always easy!), and further administrative hiccups have slowed down the process every step of the way.

A hillside. A sunset. A fast, hard cycle ride. A beer and a Mars bar, just like old times. Wish you were here. Still miss you, Dad.
On the first anniversary of my dad’s death, I cycled up a hill to watch the sunset with a bottle of Guinness and a Mars bar. And sent this Tweet.

You know what would have made the whole thing easier? A bacon sandwich. And black pudding for breakfast. And a nice big bit of freshly-battered cod. And some roast chicken. I found that 2012 was a harder year than 2011 in which to be a vegetarian. I guess that a nice steak would have taken the edge off: a little bit of a luxury, and some escapism. Instead, I probably drank a lot more than I ought to have. Perhaps we should encourage recovering alcoholic, when things are tough, to hit the sausage instead of the bottle.

A delicious-looking BLT.
It’s been a while, old friend. A while since I used this delicious-looking photograph in my blog, I mean! This is the sixth time… can you find them all?

Becky’s health problems weren’t done for the year, after she started getting incredibly intense and painful headaches. At first, I was worried that she was lined-up for a similar diagnosis to mine, of the other year (luckily, I’ve been symptom-free for a year and a quarter now, although medical science is at a loss to explain why), but as I heard more about her symptoms, I became convinced that this wasn’t the case. In any case, she found herself back in the operating room, for the second serious bit of surgery of the year (the operation was a success, thankfully).

The "F" is for "Fuck me you're going to put a scalpel WHERE?"
The “F” is for “Fuck me you’re going to put a scalpel WHERE?”

I had my own surgery, of course, when I had a vasectomy; something I’d been planning for some time. That actually went quite well, at least as far as can be ascertained at this point (part three of that series of posts will be coming soon), but it allows me to segue into the topic of reproduction…

Because while I’d been waiting to get snipped, Ruth and JTA had managed to conceive. We found this out right as we were running around sorting out the Three Rings Conference, and Ruth took to calling the fœtus “Jethrik”, after the Three Rings milestone. I was even more delighted still when I heard that the expected birth date would be 24th July: Samaritans‘ Annual Awareness Day (“24/7”).

Ruth's pregnancy test, showing "pregnant".
One of the many pregnancy tests Ruth took, “just to be sure” (in case the last few were false positives). Photo from Ruth’s blog.

As potential prospective parents, they did everything right. Ruth stuck strictly to a perfectly balanced diet for her stage of pregnancy; they told only a minimum of people, because – as everybody knows – the first trimester’s the riskiest period. I remember when Ruth told her grandfather (who had become very unwell towards the end of 2012 and died early this year: another sad family tragedy) about the pregnancy, that it was only after careful consideration – balancing how nice it would be for him to know that the next generation of his family was on the way before his death – that she went ahead and did so. And as the end of the first trimester, and the end of the year, approached, I genuinely believed that the string of bad luck that had been 2012 was over.

A kitten.
In Ruth’s blog post, she’s used kittens to make a sad story a little softer, and so I have too.

But it wasn’t to be. Just as soon as we were looking forward to New Year, and planning to not so much “see in 2013” as to “kick out 2012”, Ruth had a little bleeding. Swiftly followed by abdominal cramps. She spent most of New Year’s Eve at the hospital, where they’d determined that she’d suffered a miscarriage, probably a few weeks earlier.

Ruth’s written about it. JTA’s written about it, too. And I’d recommend they read their account rather than mine: they’ve both written more, and better, about the subject than I could. But I shan’t pretend that it wasn’t hard: in truth, it was heartbreaking. At the times that I could persuade myself that my grief was “acceptable” (and that I shouldn’t be, say, looking after Ruth), I cried a lot. For me, “Jethrik” represented a happy ending to a miserable year: some good news at last for the people I was closest to. Perhaps, then, I attached too much importance to it, but it seemed inconceivable to me – no pun intended – that for all of the effort they’d put in, that things wouldn’t just go perfectly. For me, it was all connected: Ruth wasn’t pregnant by me, but I still found myself wishing that my dad could have lived to have seen it, and when the pregnancy went wrong, it made me realise how much I’d been pinning on it.

I don’t have a positive pick-me-up line to put here. But it feels like I should.

Ruth and her father at High Green.
A few days before the miscarriage became apparent, Ruth and her dad survey the back garden of the house he’s rebuilding.

And so there we were, at the tail of 2012: the year that began awfully, ended awfully, and was pretty awful in the middle. I can’t say there weren’t good bits, but they were somewhat drowned out by all of the shit that happened. Fuck off, 2012.

Here’s to 2013.

Edit, 16th March 2013: By Becky’s request, removed an unflattering photo of her and some of the ickier details of her health problems this year.

Edit, 11th July 2016: At her request, my friend S******‘s personal details have been obfuscated in this post so that they are no longer readily available to search engines.

Edit, 26th September 2016: At her request, my friend S******‘s photo was removed from this post, too.

Conference Preparations

Right now, Three Rings seems to be eating up virtually all of my time. It’s hardly the first time – I complained about being incredibly busy with Three Rings stuff just a couple of years ago, but somehow right now it’s busier than ever. There’s been the Milestone: Jethrik release, some complications with our uptime when our DNS servers were hit by a DDoS attack, and – the big one – planning for this weekend’s conference.

Checking the timetable while I wait for inspiration to strike me about what to say about the "engagement" responsibilities of a Three Rings Administrator.
Checking the timetable while I wait for inspiration to strike me about what to say about the “engagement” responsibilities of a Three Rings Administrator.

The Three Rings 10th Birthday Conference is this weekend, and I’ve somehow volunteered myself to not only run the opening plenary but to run two presentations (one on the history of Three Rings, which I suppose I’m the best person to talk about, and one on being an awesome Three Rings Administrator) and a problem-solving workshop. My mind’s been on overdrive for weeks, and I’m pretty sure I’m not even the one working the hardest (that honour would have to go to poor JTA).

Still: all this work will pay off, I’m sure, and Saturday will be an event to remember. I’m looking forward to it… although right now I’d equally happily spend a week or two curled up in bed under a blanket with a nice book and a mug of herbal tea, thanks.

In other news: Matt P‘s hanging out on Earth at the moment, (on his best behaviour I think) while Ruth, JTA and I decide if we’d like to live with him for a while. So far, I think he’s making a convincing argument. He’s proven himself to be house trained (he hasn’t pooped on the carpet even once) and everything.

Rave Reviews for Your Password Sucks

Last month, I volunteered myself to run a breakout session at the 2012 UAS Conference, an annual gathering of up to a thousand Oxford University staff. I’d run a 2-minute micropresentation at the July 2011 OxLibTeachMeet called “Your Password Sucks!”, and I thought I’d probably be able to expand that into a larger 25-minute breakout session.

Your password: How bad guys will steal your identity
My expanded presentation was called “Your password: How bad guys will steal your identity”, because I wasn’t sure that I’d get away with the title “Your Password Sucks” at a larger, more-formal event.

The essence of my presentation boiled down to demonstrating four points. The first was you are a target – dispelling the myth that the everyday person can consider themselves safe from the actions of malicious hackers. I described the growth of targeted phishing attacks, and relayed the sad story of Mat Honan’s victimisation by hackers.

The second point was that your password is weak: I described the characteristics of good passwords (e.g. sufficiently long, complex, random, and unique) and pointed out that even among folks who’d gotten a handle on most of these factors, uniqueness was still the one that tripped people over. A quarter of people use only a single password for most or all of their accounts, and over 50% use 5 or fewer passwords across dozens of accounts.

You are a target. Your password is weak. Attacks are on the rise. You can protect yourself.
The four points I wanted to make through my presentation. Starting by scaring everybody ensured that I had their attention right through ’til I told them what they could do about it, at the end.

Next up: attacks are on the rise. By a combination of statistics, anecdotes, audience participation and a theoretical demonstration of how a hacker might exploit shared-password vulnerabilities to gradually take over somebody’s identity (and then use it as a platform to attack others), I aimed to show that this is not just a hypothetical scenario. These attacks really happen, and people lose their money, reputation, or job over them.

Finally, the happy ending to the story: you can protect yourself. Having focussed on just one aspect of password security (uniqueness), and filling a 25-minute slot with it, I wanted to give people some real practical suggestions for the issue of password uniqueness. These came in the form of free suggestions that they could implement today. I suggested “cloud” options (like LastPass or 1Password), hashing options (like SuperGenPass), and “offline” technical options (like KeePass or a spreadsheet bundles into a TrueCrypt volume).

I even suggested a non-technical option involving a “master” password that is accompanied by one of several unique prefixes. The prefixes live on a Post-It Note in your wallet. Want a backup? Take a picture of them with your mobile: they’re worthless without the master password, which lives in your head. It’s not as good as a hash-based solution, because a crafty hacker who breaks into several systems might be able to determine your master password, but it’s “good enough” for most people and a huge improvement on using just 5 passwords everywhere! (another great “offline” mechanism is Steve Gibson’s Off The Grid system)

"Delivery" ratings for the UAS Conference "breakout" sessions
My presentation – marked on the above chart – left people “Very Satisfied” significantly more than any other of the 50 breakout sessions.

And it got fantastic reviews! That pleased me a lot. The room was packed, and eventually more chairs had to be brought in for the 70+ folks who decided that my session was “the place to be”. The resulting feedback forms made me happy, too: on both Delivery and Content, I got more “Very Satisfied” responses than any other of the 50 breakout sessions, as well as specific comments. My favourite was:

Best session I have attended in all UAS conferences. Dan Q gave a 5 star performance.

So yeah; hopefully they’ll have me back next year.

Lucy’s Birthday

The other Three Ringers and I are working hard to wrap up Milestone: Jethrik, the latest version of the software. I was optimising some of the older volunteer availability-management code when, by coincidence, I noticed this new bug:

Lucy 173's birthday is in 13/1 days.
Well, at least she’s being rational about it.

I suppose it’s true: Lucy (who’s an imaginary piece of test data) will celebrate her birthday in 13/1 days. Or 13.0 days, if you prefer. But most humans seem to be happier with their periods of time not expressed as top-heavy fractions, for some reason, so I suppose we’d better fix that one.

They’re busy days for Three Rings, right now, as we’re also making arrangements for our 10th Birthday Conference, next month. Between my Three Rings work, a busy stretch at my day job, voluntary work at Oxford Friend, yet-more-executor-stuff, and three different courses, I don’t have much time for anything else!

But I’m still alive, and I’m sure I’ll have more to say about all of the things I’ve been getting up to sometime. Maybe at half term. Or Christmas!

Update: Squee! We’ve got folders!