Dan Q

Tag: geeky

A New Sensation

I’ve recently gotten a new phone – a HTC Sensation running Android 2.3, and I thought I’d offer up a few thoughts on it. But first…

Hang on: what was wrong with your old phone?

Well-remembered! You’re right, of course, that last year I got a Nokia N900, and that it was the best mobile communications device I’d ever owned. I don’t care so much about a slim profile or an “app store”, but I do care about raw power and geeky hardware features, and the N900 delivers both of those in spades. I’ve had several phones that have, at the time, been the “best phone I’ve ever owned” – my 7110 and my N96 both also earned that distinction, whereas my 7610 and my C550 – the latter of which had only one redeeming feature – fell far short.

Nokia N900 with keyboard extended

Awesome though it is,  with it’s beautiful hardware keyboard, mighty processor, FM receiver and transmitter, Bluetooth and IR, etc., and completely unlocked, tamper-friendly architecture, the N900 suffers from one terrible, terrible flaw: for some reason, the engineers who built it decided to mount the Micro-B USB port (used for charging, tethering, mounting etc. the phone) not to the hard plastic case, but to the fragile inner circuit board. Allow me to illustrate:

A cross-section of a Nokia N900, showing how the USB port is mounted directly to the circuit board, and doesn't touch the hard plastic case.

Why is this a problem? Well, as Katie explained to me at the New Earth housewarming party, most of her other friends who’d had N900s had encountered a problem by now, whereby the USB cable used to charge the device eventually puts a strain on the connection between the port and the board, tearing them apart. “Nope,” I told her, “I’ve never had any such problem with mine.”

A cross-section of a Nokia N900, showing the USB port snapped off by the USB cable.

Looks like I spoke too soon, because that very week, I managed to break my N900 in exactly this way. My theory: that girl is cursed. I shall be attempting to exorcise the anti-technology demons in her the very next time I see her, possibly in some kind of ceremony involving high-voltage direct current. In any case, I found myself with a phone that I couldn’t charge.

So you replaced it?

No, of course not. My N900 remains a fantastic palmtop and a great device. It’s just got a minor problem in that it’s no longer possible to charge or “hard”-tether it to anything any more. The latter problem was an easy one to fix: a separate battery charger (I already carry a spare battery for it, so this was no hardship), bought for about £4 on eBay, made it easy to keep the device rolling. The second problem’s not so much of an issue, because I tend to do all of my synchronisation by Bluetooth and WiFi anyway. But even if these were an issue, it looks like a pretty simple job to re-solder the USB port (and epoxy it to the case, as it should have been to begin with!). I might give it a go, some day, but my current soldering iron is a little big and chunky for such fine and delicate work, and I’m a little out of practice, so I’ll save that project for another day.

The repairing of a Nokia N900 USB port

However, I’m a big believer in the idea that when the Universe wants you to have a new phone, it finds a fault with your current phone. Perhaps this is the geek equivalent of thinking that “When God closes a door, He opens a window”.

So: I’ve got myself a HTC Sensation, which narrowly beat the Sony Ericsson Xperia Arc after carefully weighing up the reviews. I’d always planned that I’d try an Android device next, but I’d originally not expected to do so until Ice Cream Sandwich, later this year. But… when the Universe closes your USB Port, it opens a Gingerbread shop… right?

The New Sensation

After a few difficulties relating to my name – it turns out that my mobile phone network has recorded my name correctly in their database, and I can’t change it, but whenever I use their web-based checkout it asks me to enter a longer surname even though I don’t have a surname field to change – I finally received my new phone.

HTC Sensation seen from the back, front, and side.

The first thing one notices about this phone is that it’s fast. Blindingly fast. I’ve used a variety of Android-powered HTC devices before, as well as other modern touchscreen smartphones like the iPhone, and I’m yet to use anything that consistently ramps up high-end graphics and remains slick and responsive like this does. Its mighty dual-core 1.2GHz processor’s the cause of this, little doubt. I originally worried that battery life might be limited as a result – I don’t mind charging my phone every night, but I don’t want to have to charge it during the day too! – but it’s actually been really good. Using WiFi, GPRS, GPS, playing videos, surfing the web, and other “everyday” tasks don’t put a dent in the battery: I’ve only once seen it dip to under 10% battery remaining, and that was after 40 hours of typical use during a recent camping weekend (with no access to electricity).

It’s also been really well-designed from a usability perspective, too. Those familiar with Android would probably just start using it, but I’ve not had so much exposure to the platform and was able to come to it with completely fresh eyes. Between Android 2.3 and HTC Sense 3, there’s a nice suite of “obvious” apps, and I didn’t have any difficulty synchronising my contacts, hooking up my various email accounts, and so on. There are some really nice “smart” touches, like that the phone rings loudly if it thinks it’s in a bag or pocket, more quietly after you pick it up, and silences the ringer completely if you pick it up from a table and flip it from face-up to face-down. These simple gestural touches are a really nice bit of user interface design, and I appreciate the thought that’s gone into them.

Browsing movies for HD streaming on the HTC Sensation.

The Android Marketplace is reasonable, although I feel as though I’ve been spoiled. On the N900, if there was an application I needed, I usually already knew what it was and where I’d find it: then I’d either apt-get it, or download the source and compile it, right there on the device. For somebody who’s already perfectly confident at a *nix command-line, the N900 is fab, and it feels a little restrictive to have to find equivalent apps in a closed-source environment. It’s not that the pricing is unreasonable – most of the applications I’ve wanted have been under a quid, and all have been under £4 – it’s just that I know that there are FOSS alternatives that would have been easy to compile on my old device: I guess it’s just a transition.

On the other hand, the sheer volume of applications so-easily available as the Android Market is staggering. I’ve been filled with app ideas, but every idea I’ve had but one or two already exist and are just waiting to be installed. It’s a little like being a kid in a candy store.

It’s also taking me quite some time to get used to the way that process management works on an Android device. On Android devices, like the iPhone/iPad, returning to the home screen doesn’t (necessarily) close the application, but it might – that’s up to the developer. If it doesn’t, the application will probably be “paused” (unless it’s a media player or it’s downloading or something, then it’ll likely keep going in the background). And when you re-launch the same application, it could be simply unpausing, or perhaps it’s relaunching (in which case it may or may not restore its previous state, depending on the whim of the developer)… You see all of the keywords there: mightprobablylikelycouldperhaps. Great for most users, who don’t want to have to think about what their phone is doing in the background, but it feels like a step backwards to me: I’m used to being able to ALT-TAB between my currently-running applications, to know what’s running, when (and I can always use top and find out exactly what resources a process is eating). Putting all of this process management into the hands of developers feels to me like giving up control of my device, and it’s a challenging change to undergo. Yes: despite the openness of the platform, Android feels just a little out of my control compared to what I’m used to.

Hacker's Keyboard, my preferred keyboard layout for SSH, etc.

Switching from a physical to a virtual keyboard for the first time is a significant change, too, and it’s slowed me down quite a lot, although applications like SwiftKey X – with its incredibly intelligent personalised predictions – and Hacker’s Keyboard – which gives me back some of the keys I was “missing” – have helped to ease the transition a lot.

In summary: the HTC Sensation seems to be a fantastic device, and I’m really enjoying using it. I’ve got a few niggles to contend with, but these are all things that were destined to catch me out upon switching away from a platform as open as the N900, and they’re not severe enough to make me give up and get an N950 instead: I’m reasonably confident that I’ll come to love the Sensation and we’ll go on to be very happy together.

But will it become my latest “best phone ever”? Time will tell, I guess.

× × × × ×

On This Day In 2003

Looking Back

On this day in 2003 I first juggled with flaming clubs! But first, let’s back up to when I very first learned to juggle. One night, back in about 1998, I had a dream. And in that dream, I could juggle.

I’d always been a big believer in following my dreams, sometimes in a quite literal sense: once I dreamed that I’d been writing a Perl computer program to calculate the frequency pattern of consecutive months which both have a Friday 13th in them. Upon waking, I quickly typed out what I could remember of the code, and it worked, so it turns out that I really can claim to be able to program in my sleep.

In this case, though, I got up and tried to juggle… and couldn’t! So, in order that nobody could ever accuse me of not “following my dreams,” I opted to learn!

About three hours later, my mother received a phone call from me.

“Help!” I said, “I think I’m going to die of vitamin C poisoning! How much do I have to have before it becomes fatal?”

“What?” she asked, “What’s happened?”

“Well: you know how I’m a big believer in following my dreams.”

“Yeah,” she said, sighing.

“Well… I dreamed that I could juggle, so I’ve spent all morning trying to learn how to. But I’m not very good at it.”

“Okay… but what’s that got to do with vitamin C?”

“Well: I don’t own any juggling balls, so I tried to find something to use as a substitute. The only thing I could find was this sack of oranges.”

“I think I can see where you’re going wrong,” she said, sarcastically, “You’re supposed to juggle with your hands, Dan… not with your mouth.”

“I am juggling with my hands! Well; trying to, anyway. But I’m not very good. So I keep dropping the oranges. And after a few drops they start to rupture and burst, and I can’t stand to waste them, so I eat them. I’ve eaten quite a lot of oranges, now, and I’m starting to feel sick.”

I wasn’t  overdosing on vitamin C, it turns out – that takes a quite monumental dose; perhaps more than can be orally ingested in naturally-occuring forms – but was simply suffering from indigestion brought on as a result of eating lots and lots of oranges, and bending over repeatedly to pick up dropped balls. My mother, who had herself learned to juggle when she was young, was able to give me two valuable tips to get me started:

  1. Balled-up thick socks make for great getting-started juggling balls.  They bounce, don’t leak juice, and are of a sensible size (if a little light) for a beginning juggler.
  2. Standing with your knees against the side of a bed means that you don’t have to bend over so far to pick up your balls when you inevitably drop them.

I became a perfectly competent juggler quite quickly, and made a pest of myself in many a supermarket, juggling the produce.

So: fast forward five years to 2003, when Kit, Claire, Paul, Bryn and I decided to have a fire on the beach, at Aberystwyth. We’d… acquired… a large solid wooden desk and some pallets, and we set them up and ignited them and lounged around drinking beer. After a little while, a young couple came along: she was swinging flaming poi around, and he was juggling flaming clubs!

Fire poi! They look fantastic when they're flying around you; scary when they're flying towards you.

I asked if I could have a go with his flaming clubs. “Have you ever juggled flaming clubs before?” he asked. “I’ve never even juggled clubs before,” I replied. He offered to extinguish them for me, first, but I insisted on the “full experience.” I’d learn faster if there existed the threat of excruciating pain every time I fucked up, surely. Right?

Juggling clubs, it turns out, is a little harder than juggling balls. Flaming clubs, even more so, because you really can’t get away with touching the “wrong” end. Flaming clubs at night, after a few drinks, is particularly foolhardy, because all you can see is the flaming end, and you have to work backwards in your mind to interpret where the “catching end” of the stick must be, based on the movement of the burning bit. In short: I got a few minor singes.

But I went home that night with the fire still burning in my eyes, like a spark in my mind. I couldn’t stop talking about it: I’d been bitten by the flaming-clubs-bug.

Looking Forward

I ordered myself a set of flaming clubs as soon as I could justify the cost, and, after a couple of unlit attempts in the street outside my house, took them to our next beach party a few days later. That’s when I learned what really makes flaming clubs dangerous: it’s not the bit that’s on fire, but the aluminium rod that connects the wick to the handle. Touching the flaming wick; well – that’ll singe a little, but it won’t leave a burn so long as you pull away quickly. But after they’ve been lit for a while – even if they’ve since been put out – touching the alumium pole will easily leave a nasty blister.

Me juggling flaming clubs at the barbecue I mentioned, in 2007. I almost look like I know what I'm doing. And more importantly, I feel like a badass.

Still: I learned quickly, and was still regularly flinging them around (and teaching others) at barbecues many years later.

Once, a Nightline training ended up being held at an unusual location, and the other trainers and I were concerned that the trainees might not be able to find it. So we advertised on the email with the directions to the training room that trainees who can’t find it should “introduce themselves to the man juggling fire outside the students union”, who would point them in the right direction: and so I stood there, throwing clubs around, looking for lost people all morning. Which would have worked fine if it weren’t for the fact that I got an audience, and it became quite hard to discreetly pick out the Nightline trainees from the students who were just being amused by my juggling antics.

Nowadays, I don’t find much time for juggling. I keep my balls to-hand (so to speak) and sometimes toss them about while I’m waiting for my computer to catch up with me, but it’s been a long while since I got my clubs out and lit them up. Maybe I’ll find an excuse sometime soon.

This blog post is part of the On This Day series, in which Dan periodically looks back on years gone by.

× ×

Article posted at UTC on .

1 comment

My New Pet Hate, part II

A few years ago, I talked about a pet hate of mine that still seems to be prevalent: that is – that when people send me a screenshot, they’ll sometimes send me it in a Word document, for no apparent reason. They could just send me the picture, but instead they send me a Word document containing the picture, thereby increasing the file size, requiring that I have a program capable of viewing Word documents, and making it more-complex for me to extract the picture if I need to use it somewhere. And on top of all of that, it takes longer for them to do it this way: everybody loses!

Today, I saw somebody take the abuse of screenshots to a whole new level. My first clue that something was amiss was when the email arrived in my Inbox with a 300K TIFF file in it. “Well, at least it’s not a Word document,” I thought. And I was right. It was something more convoluted than that.

My only explanation for the contents of the file is as follows:

  1. Print Screen. The user took the screenshot using their Print Screen key. So far, so good. They captured their whole screen, rather than just what they were trying to show me, but we’ll let that pass.
  2. Open Paint. The user opened Paint. At this point, they could have pasted, saved, and emailed the file to me, and still been doing perfectly well. But they didn’t.
  3. Resize canvas. The user expanded the canvas to an enormous size. Perhaps they didn’t know that this would be done automatically, if required. Or maybe they thought that I could do with a lot of white space in which to make notes on their screengrab.
  4. Paste and reposition. The user pasted the screenshot into the Paint document, and positioned it near the centre, making sure to leave as much whitespace as possible. Y’know, in case I was running out of it on my computer. They could still at this point have just saved the file and emailed it to me, and I wouldn’t have complained.
  5. Print Screen again. For some reason, the user pressed Print Screen again at this point, thereby taking a screenshot of themselves manipulating a screenshot that they’d already taken. Maybe the user has recently watched Inception, and decided that “a screenshot within a screenshot” was more likely to make an impact on me. We need to go deeper!
  6. Open Photoshop. Paint obviously wasn’t going to cut it: it was time for a bigger graphics program. The user opened up Photoshop (waiting for a few minutes while this beast of a program warmed up).
  7. Create a new document and paste again. Now the user had Photoshop open, containing a picture of Paint being used to display an (oversized) screenshot of what they wanted to show me.
  8. Crop. This was a good idea. If the user had cropped the image all the way back down to the screenshot, I might not even have worked out what they were doing. Sadly, they didn’t. They cropped off Paint’s title bar and half of its toolbar. Then they added another few layers of whitespace to the bottom and right, just to be really sure.
  9. Save as a TIFF. They could have saved as a PNG. Or a GIF. Even a JPEG. They could have saved as a PSD. But no, for some reason, an uncompressed TIFF was the way forwards.
I N C E P T I O N. A screenshot of a screenshot within a screenshot.

Back in 2009, I predicted that Windows Vista/7’s new “Snipping Tool”, which finally brought screen captures to the level of more-competent operating systems, would see the end of this kind of nonsense. Unfortunately, Windows XP remains the standard at my workplace, so I doubt that this’ll be the last time that I see “matryoshka screenshots”.

×

Content Freeze

Isn’t memory strange?

Last week, we updated to the latest version of the CMS that powers the Bodleian‘s web site. During the process of installing and testing the new version, we initiated a “content freeze”, disallowing the 100+ regular content editors access to the administration sections: any changes they’d have made wouldn’t have been replicated in the new version, and we didn’t want a discrepancy in content while we were testing that the change had taken! We still had back-end access, of course, and a few minor “emergency” changes were made (on both the old and the new version), but in general, the site was in a read-only mode for several days.

A similar thing happened to my head during this weekend’s house move.

While running  a van-load of stuff from Old Earth to New Earth, Ruth, JTA and I stopped off at Argos to buy a few bits and pieces for our new home. We parked in one of the few remaining parking spaces capable of accommodating our extended wheel-base van. Unfortunately this brushed us up very close to an unfortunately-placed tree, whose branches reached in through the door as I clambered out. I spent a while trying to reposition them so as not to slam them in the door while Ruth and JTA walked ahead, towards Argos, and so when I was done they were quite a way ahead. I turned and ran to catch up with them…

BAM! Something struck me on the top of my head. We’re still not all in agreement as to whether it was a branch or the wing mirror of the van, but it hurt like hell. My knees buckled up and I collapsed into a heap.

Before long I was on my feet, but as I began to feel dizzy and nauseous, we started to worry that I might be concussed, and Ruth took me to the hospital. By then, I was unable to keep my eyes open without feeling like the world was spinning and I was going to throw up, and I kept feeling like I was moments away from falling asleep.

By the time I’d seen a doctor, about three hours later, I was starting to feel a little better. We took a leaflet of “things to watch out for after a concussion”, which advised that I shouldn’t lift any heavy things (“But I’m moving house today!”) nor use a computer or drink alcohol (“This is my life you’re talking about!”), all of which I ignored to some degree or another.

I napped on and off for a lot of Sunday and some of Monday, but it was on Monday that the amount of damage I’d done became most apparent. I got out of bed and staggered downstairs to find that Ruth and JTA had at some point bought a shoe rack. They weren’t around, but neither was the van, and I reasoned that they must have been out collecting more boxes, but I thought I might as well make myself useful by assembling this shoe rack they’d gotten. It was of the variety that hangs on the back of a door, so I spent some time deciphering the instructions and putting it together… only to find that it wouldn’t actually fit onto any of the (quite thick) doors in our new house.

That’s when Ruth & JTA arrived. “I saw you’d bought a shoe rack,” I said.

“Yes,” they replied, “We bought it yesterday. We told you about it.”

“Oh. I don’t remember that. Anyway, I built it, but it turns out that it won’t fit any of our doors.”

“Yes, we know: we told you that too. We were about to take it back to the shop.”

I have no recollection whatsoever of that conversation. Or several other conversations, it seems. In the hospital, I remember that Ruth talked to me for an hour or more (I wasn’t capable of conversation myself, some of the time, but it was nice to hear a familiar voice), and I still can’t remember any of it except for snippets (something about her father’s new house?).

For much of Sunday, my brain went into “content freeze”, too. A read-only mode where my memories worked fine, except that I couldn’t construct any new ones: everything just went in one ear and out the other. Maybe this is to be expected: a quick look at some maps of brains and an examination of the bump on my head indicates that the blow came to a point squarely in the centre of the middle frontal gyrus (the dorsolateral prefrontal cortex)  of the right hemisphere of my brain: an area associated with emotional self-control, social judgement, lateral thinking, and the transfer of working memory.

Still: it was certainly a strange experience to be told about events from only a day earlier that I simply can’t remember. It also made Tuesday interesting: long weekends are confusing at the best of times, but parts of my memory made it feel like I’d had only a two-day weekend (as parts of Sunday are simply missing from my memory), and so it was even harder than usual to shake the feeling that it was Monday when I arrived at work on Tuesday. That’ll be a pleasant surprise on Friday, anyway, when the weekend “comes early”: maybe I should bang my head every time there’s a long weekend.

Every Full Moon

This is what happens when you let geeks write your billing software:

I would like to be billed... every full moon. Seriously?

From the website of Andrews & Arnold ISP.

×

Article posted at UTC on .

3 comments

Leading By Example

This week, I was reading the new EU legislation [PDF] which relates to, among other things, the way that websites are allowed to use HTTP cookies (and similar technologies) to track their users. The Information Commissioner’s Office has released a statement to ask website owners to review their processes in advance of the legislation coming into effect later this month, but for those of you who like the big-print edition with pictures, here’s the short of it:

From 26th May, a website must not give you a cookie unless it’s either (a) an essential (and implied) part of the functionality of the site, or (b) you have opted-in to it. This is a stark change from the previous “so long as you allow opt-outs, it’s okay” thinking of earlier legislation, and large organisations (you know, like the one I now work for) in particular are having to sit up and pay attention: after all, they’re the ones that people are going to try to sue.

The legislation is surprisingly woolly on some quite important questions. Like… who has liability for ensuring that a user has opted-in to third-party cookies (e.g. Google Analytics)? Is this up to the web site owner or to the third party? What about when a site represents companies both in and outside the EU? And so on.

Seeking guidance, I decided to browse the website of the Information Commissioner’s Office. And guess what I found…

Hey! I didn't opt-in to any of these cookies, Mr. Information Commissioner!

…not what I was looking for: just more circular and woolly thinking. But I did find that the ICO themselves does not comply with the guidance that they themselves give. Upon arriving at their site – and having never been asked for my consent – I quickly found myself issued with five different cookies (with lifespans of up to two years!). I checked their privacy policy, and found a mention of the Google Analytics cookie they use, but no indication about the others (presumably they’re not only “opt-out”, but also “secret”). What gives, guys?

Honestly: I’m tempted to assume that only this guy has the right approach. I’m all in favour of better cookie law, but can’t we wait until after the technological side (in web browsers) is implemented before we have to fix all of our websites? Personally, I thought that P3P policies (remember when those were all the rage?) had a lot of potential, properly-implemented, because they genuinely put the power into the hands of the users. The specification wasn’t perfect, but if it had have been, we wouldn’t be in the mess we are now. Perhaps it’s time to dig it up, fix it, and then somehow explain it to the politicians.

×

Article posted at UTC on .

1 mention

World Backup Day

It’s World Backup Day, folks. That means it’s time for you to look at your data and check that you’re backing it all up to a satisfactory level.

Have a look at the computer you’re sat at. If it’s hard drive(s) broke, irrecoverably, or if it were stolen: what would you lose?

Me? I like my backups to go “offsite”, so I use online redundant storage to shunt my important stuff to (I use a personal Amazon S3 bucket and some software I’ve written for that purpose, but you don’t have to be that geeky to use online backups – just check the World Backup Day website for suggestions). If you’re not quite so paranoid as me, you  might make your backups to CDs or DVDs, or onto a pendrive. It doesn’t take long, and it’s worth it.

Backups are like insurance.

Now go celebrate World Backup Day by making some backups, or by checking that your existing backups restore correctly. You’re welcome.

Article posted at UTC on .

No comments

Passwords – The Least You Should Do

If you see me in person, you’ll know that this is something I rant about from time to time. But that’s only because people consistently put themselves and their friends at risk, needlessly, and sometimes those friends include me. So let me be abundantly clear:

If you’re reading this, there is at least a 95% chance that your passwords aren’t good enough. You should fix them. Today.

Let’s talk about what what we mean by “good enough”. A good password needs to be:

  • Long. Some of you are still using passwords that are shorter than 8 characters. The length of a password is important because it reduces the risk of a robot “brute forcing” it. Suppose a robot can guess 1000 passwords a second, and your password uses only single-case letters and numbers. If you have a 4-character password, it’ll be lucky to last quarter of an hour. A 6-character password might last a week and a half. At 8-characters, it might last a few decades. Probably less, if your password makes one of the other mistakes, below. And the robots used by crackers are getting faster and faster, so the longer, the better. My shortest password is around 12 characters long, these days.
  • Complex. Remember how long an 8-character password lasts against a “brute force” attack? If you’re only using single-case letters, you’re reducing that by almost a third. Mix it up a bit! Use upper and lower case letters, and numbers, as standard. Consider using punctuation, too. There’s no legitimate reason for a website to demand that you don’t have a long and complex password, so if one does seem to have unreasonable requirements: write to the owners and threaten to take your business elsewhere if they don’t get with the times.
  • Random. If your password is, is based on, or contains a dictionary word (in any language), a name or brand name, a date, a number plate or (heaven forbid) a national insurance number, it’s not good enough. “Brute force” attacks like those described above are usually the second line of attack against properly-stored passwords: first, a robot will try every word, name or date that it can think of, with and without capitalisation and with numbers before and afterwards. Many will also try common phrases like “iloveyou” and “letmein”. WikiHow has a great suggestion about how to make “random” passwords that are easy to remember.
  • Unique. Here’s the one that people keep getting wrong, time and time again. You should never, never, use the same password for multiple different services (and you should be very wary of using the same password for different accounts on the same service). This is because if a malicious hacker manages to get your password for one site, they can now start breaking into your accounts on other sites. Some people try to get around this by keeping two or three “levels” of passwords, for low-, medium-, and high-security uses. But even if a hacker gets access to all of your “low” security sites, that is (these days, frequently) still a huge amount of data they have with which to commit an identity theft.The other big reason to make sure your passwords are unique is that it makes it safer to share them, if the need arises. Suppose that for some reason you need to share a password with somebody else: it’s far safer for everybody involved if the password you share with them works only for the service you wanted to give them access to. Every person you trust is one more person who might (accidentally) expose it to a hacker by writing it down.Even if you have to memorise a complex “master” password and keep in your wallet a list of random “suffixes” that you append to this master password, different for each site, that’s a huge step forwards. It’s also a very basic level of two-factor authentication: to log in to your Twitter account, for example, you need your master password (which is in your head), plus the Twitter suffix to the password (which is written down in your wallet).

There’s been a wave of attacks recently against users of social networking websites: an attacker will break into an insecure web forum to get people’s email addresses and password, and then will try to log in to their webmail accounts and into social networking sites (Facebook, Twitter, etc.) using those same credentials. When they get a “hit”, they’ll explore the identity of the victim, learning about their language patterns, who their friends are, and so on. Then they’ll send messages or start chats with their victim’s friends, claiming to be their victim, and claim some kind of crisis. They’ll often ask to borrow money that needs to be wired to them promptly. And then they’ll disappear.

In this interconnected world, it’s important that your passwords are good not only for your benefit, but for your friends too. So if you’re guilty of any of the “password crimes” above – if you have passwords that are short (under 8 characters), simple (don’t use a mixture of cases and include numbers), predictable (using dictionary words, names, dates, etc.: even if they include a number), or re-used (used in more than one place or for more than one site) – change your passwords today.

Here’s some resources to help you do it:

  • WikiHow’s guide to choosing secure passwords.
  • PCTools’ great random password generator.
  • The top 500 worst passwords of all time – if yours is in here, it’s probably already been compromised.
  • SuperGenPass – a very good way to use a strong, unique password for every website without having to remember multiple passwords. Free.
  • KeePass – a great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free.
  • LastPass – another great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free (or cheap, for the premium version).

IE6 Countdown

Microsoft recently tweeted“It’s not often that we encourage you to stop using one of our products, but for IE6, we’ll make an exception”. This coincides with the launch of The Internet Explorer 6 Countdown, a website that tries to encourage people to drop this hideously old and awful browser in favour of better, modern, standards-compliant ones, thereby saving web developers heaps of work.

Internet Explorer 6 usage stats, from IE6 Countdown. I'm honestly shocked that the number is still as high as 12%. Where are they getting that from?

That’s not strictly true; they’re encouraging people to upgrade to Internet Explorer 8 and 9, presumably, which are still a little lacking in support for some modern web standards. But they’re a huge step forward, and everybody who’d like to stick with Internet Explorer should be encouraged to upgrade. There’s no excuse for still using IE6.

 

They’re even providing a tool to let you put a “Upgrade now, damnit!” banner on your website, visible only to IE6 users. It’s similar to the IE6Update tool, really, but has the benefit of actually being supported by the browser manufacturer. That has to count for something.

Will it make a difference? I don’t know. I’m frankly appalled that there are modern, high-tech countries that still have significant numbers of IE6 users: Japan counts over 10%, for example! We’re talking here about a ten year old web browser: a web browser that’s older than MySpace, older than Facebook, older than GMail, older than YouTube. Internet Explorer 6 was released into a world where Lord of the Rings that would take you a long time to read, rather than taking you a long time to watch. A world where in-car CD players still weren’t universal, and MP3 players were a rarity. Do you remember MiniDisc players? Internet Explorer 6 does. The World Trade Center? Those towers were still standing when Internet Explorer was released to the world. And if that’s making you think that 10 years is a long time, remember that in the fast-changing world of technology, it’s always even longer.

Just remember what Microsoft (now, at long last) says: Friends don’t let friends use Internet Explorer 6.

Article posted at UTC on .

No comments

Too Ruby

Ruby, a programming language of which I’m quite fond, is well-known for it’s readability and ease of comprehension, among about thirty-seven other wonderful features.

I rediscovered quite how readable the language is when I genuinely ended up writing the following method last week: 

# On saving, updates the #Shift counters if the #ExperienceLevel of this
# #Volunteer has been changed
def update_counters_if_experience_level_changed
  update_counters if experience_level_changed?
end

For the benefit of those of you who aren’t programmers, I’ll point out that which is obvious to those of us who are: the body of the method (that’s the line that’s indented) is almost identical to the method name (the line that starts with “def”).

This is the equivalent of going to WikiHow and looking up the article on, say, How to Make a Tie Dyed Cake, only to discover that the text of the article simply says, “Choose what colours you want, and then make a cake in those colours”… and you understand perfectly and go and make the cake, because you’ve got that good an understanding. In this metaphor, you’re the Ruby interpreter, by the way. And the cake is delicious.

Okay, I cheated a little: the experience_level_changed? method was provided for me by the Rails framework. And I had to write the update_counters method myself (although it, too, contains only one line of code in its body). But the point is still the same: writing Ruby, and thinking in a Rubyish way, produces beautifully readable, logical code.

×

Article posted at UTC on .

No comments

The Week of Balls

Early this week, I’ve spent quite a bit of time knee deep in the guts of Phusion Passenger (which remains one of the best deployment strategies for Rack applications, in my mind), trying to work out why a particular application I’d been working on wouldn’t deploy properly after a few upgrades and optimisations on the development server. Ultimately, I found the problem, but for a few hours there there I thought I was losing my mind.

This lunchtime, I decided to pull out all of my instant messenger logs (being out of the office, my co-workers at SmartData and I do a lot of talking via an IM system). I’d had a hunch that, so far this week, “balls” would be amongst my most-frequently typed words, chiefly uttered as yet another hypothesis about why the development server wasn’t behaving itself was blown out of the water. A few regular expressions (to strip it down to just the words I typed) and a run through a word-counter, and I had some results!

Here’s my top words of the work week so far:

Position Word(s)
1 – 18 the, to, I, a, it, that, of, in, and, on, but, have, what, is, you, just, so, for
Positions 1 through 18 contain some of the most-common conjunctions and pronouns that I use on a day-to-day basis, as well as some common verbs. Nothing surprising there. So far, so good.
19 Rails
Between the projects I’ve been involved with and those my colleagues are working on, there’s been a lot of discussion about (Ruby on) Rails around the office so far this week.
20 IPN, do
One of the projects I’ve been working on this week has used a payment gateway with an Instant Payment Notification service, so it’s not surprising that “IPN” appeared in the top 20, too…
22 was, this
24 my, know, at
27 up, don’t
Over 50% of “don’t”s were immediately followed by “know”: Monday was one of those days.
29 I’m
30 yeah, be, [name of troublesome web app]
Not unexpectedly, the name of the project that caused so much confusion earlier this week came up more than a little.
33 there, one, if
36 we, see, problem, get balls, back, all
These seven words never all appeared in a sentence together, but I sort of wish that they had. There’s the key word – balls – apparently the joint 36th most-used word by me between Monday morning and Wednesday lunchtime.

Other common words this week so-far included “jQuery“, that great JavaScript library (there was some discussion about how we can best make use of the new features provided by version 1.5), “payment” (again; a lot of talk of payment processing, this week), “means” (mostly where I was explaining the results of my investigations into the troublesome server), “tried” (a disappointing-sounding word), “error” (I saw a few of those, to be sure!), and “somehow” (not a reassuring thing to catch yourself saying).

Also pretty common this week was “boiler”, as I explained to my workmates the saga of the boiler at my house, which broke down at the weekend, leaving us with no hot water nor heating until it was repaired on Tuesday. On the upside, I did get to poke around inside the boiler while the repairman was taking it to bits, and learned all kinds of fascinating things about the way that they work. So, a silver lining, there.

Bits of our boiler: the hip bone's connected to the... leg bone.

With the boiler fixed at home, and the development server fixed at work, it finally feels like this week’s turning into the right kind of week. But for a while there, it didn’t look certain!

×

Article posted at UTC on .

No comments

Free Deed Poll Generator

I talk a lot. If you don’t want to listen to me ramble, and you’re just looking for the free deed poll generator, click here.

After Claire and I changed our names back in 2007, I actually took the time to do a little research into deeds poll (or, more-specifically in this case, deeds of change of name). It turns out that we did it the wrong way. We paid a company to do all of the paperwork for us, and – while it wasn’t terribly expensive – but it wasn’t free, and “free” is exactly how much it ought to cost.

In the intervening years I’ve helped several friends to change their names via deeds poll (yes, “deeds poll” is the correct plural), and I’ve learned more and more about why the whole process should be simpler and cheaper than many people would have you believe.

A deed poll, by definition, is nothing more than a promise signed by one person (it’s not even a contract – it’s got little more weight than a New Year’s resolution), on paper which has straight edges. That’s what the word “poll” actually means: that the paper has straight edges. Why? Because back then, a contract would typically be cut into two on an irregular line, so that when the two halves came together it would be clear that they were originally part of the same document – an anti-forgery measure. A deed poll, because it’s signed only by one person, doesn’t need to be separated like this, and so it has straight edges.

The Charter of the Clerecía de Ledesma, a contract from 1252 - note the cut top edge where it originally joined to the "other half" of the contract.

That means that’s it’s perfectly legitimate for you to write, on the back of a napkin, “I have given up my name [former name] and have adopted for all purposes the name [new name]. Signed as a deed on [date] as [former name] and [new name]. Witnessed by [witnesses signature(s)].”

The problem comes when you send that napkin off to the Inland Revenue, or the DVLA, or the Passport Office, and they send it back and laugh. You see, it helps a hell of a lot if your deed poll looks sort-of official. You ought to put some work into making it look nice, because that makes a world of difference when you ask people to believe it. That’s not to say that they won’t laugh at you anyway – the Passport Office certainly laughed at me – but at least they’ll accept your name change if it has an air of authority and is covered with all of the most-relevant legalese.

Behind the dozens of scam artists who’ll charge you £10, £20, £30, or even more to produce you an “official” deed poll (tip: there’s no such thing), there are one or two “free” services, too. But even the best of these has problems: the site is riddled with advertisements, the document isn’t produced instantly, you’re limited in how many deed polls you can generate, and – perhaps worst of all – you have to give them your email address in order to get the password to open the documents they give you. What gives?

Generate free UK deeds of name change at freedeedpoll.org.uk.

So I’ve made my own. It’s completely free to use and it’s available at freedeedpoll.org.uk: so what are you waiting for – go and change your name! Oh, and it’s also open-source, so if you want to see how it works (or even make your own version), you can.

Why? Well: I don’t like feeling like I’ve been scammed out of money, so if I can help just one person change their name for free who might otherwise have been conned into paying for something that they didn’t need: well, then I’ve won. So change your name or help your friends and family to, on me, or just download my code and learn a little bit about Ruby, Sinatra, and Prawn (the technologies that power the site). What’re you waiting for?

×

Mobile One-Time-Passwords in Ruby

I recently came across the Mobile One-Time-Passwords project, which aims to make a free, secure alternative to commercial two-factor authentication systems (like SecurID). The thinking is pretty simple: virtually everybody now carries a mobile phone capable of running basic applications, so there’s no reason that such an application couldn’t provide the processing power to generate one-time-passwords based on a shared secret, a PIN number known only to the authenticating party and to the server, and the current date and time stamp.
Great! But it turns out that despite there being libraries to produce server-side implementations of the technology in PHP, Perl, and C, nobody had yet bothered to write one in that most marvelous of programming languages, Ruby.

Well, now I have. So if anybody’s got the urge to add one-time-password based security to their Rails or Sinatra app, or would like to write an MOTP client for their Ruby-capable smartphone: well, now you can.

Article posted at UTC on .

No comments

Copy-Pasting Passwords into Steam

Just want to know how to ‘fix’ Steam’s password field? Scroll down to “How to Fix It”

Steam & Security Theatre

You’re a smart guy. You’re not stupid about computer security. And that’s why you always make sure that you use a different password for every service you use, right? You might even use a different password for every account, even when you have different passwords on the same service. You know that there are really, really good reasons why it’s simply not good enough to, for example, have “high-security”, “general use” and “low security” passwords, and re-use each of them in several places. And if you don’t know that: well, take my word for it and I’ll explain it in detail later.

It’s no great hardship to have lots of long, complex, effectively-random passwords, these days. Tools like SuperGenPass, LastPass, and KeePass, among others, mean that nowadays it’s so easy to use a different password for every service that there’s no excuse not to. So you probably use one of those (or something similar), and everything’s great.
Except for that one application – Steam. I have Steam save my password on my desktop PC (by the time somebody steals my desktop PC and breaks into the encrypted partition on which my data files lie, I have bigger problems than somebody stealing my Just Cause 2 achievements), but it forgets the password every time that Ruth uses her Steam account on my computer. No problem, I think: I can easily copy-paste it from my password manager… nope: Steam won’t let you paste in to the password field.

What? If you ask Valve (Steam’s creators) about this, they’ll say that it’s a security feature, but that’s bullshit: it’s security theatre, at best. And at worst, it means that people like me are inclined to use less-secure passwords because it’s harder to memorize and to type out that a more-secure password would be.

How to Fix It

Well, obviously the best way to fix it would be to successfully persuade Valve that they’re being stupid: others are already trying that. But what would be nice in the meantime would be a workaround. So here is is:

  1. Edit Program FilesSteamPublicSteamLoginDialog.res (Program FilesSteamPublicSteamLoginDialog.res on 64-bit Windows, somewhere else entirely on a Mac) using your favourite text editor (or Notepad if you don’t have a favourite). Take a backup of the file if you’re worried you’ll break it.
  2. In the "PasswordEdit" section (starting at about line 42), you’ll see name/value pairs. Make sure that the following values are set thusly:
  • "tabPosition" "1"
  • "textHidden" "0"
  • style="TextEntry"

The next time you load Steam, you’ll be able to paste passwords into the password field. The passwords won’t be masked (i.e. you’ll see the actual passwords, rather than asterisks), but the dialog never loads with a password pre-populated anyway, so as long as you make sure that nobody’s looking over your shoulder while you type, you’re set!

Update: let’s face it, Valve’s security policies suck in other ways, too. Please read the tale of a friend-of-a-friend who’s desperate to change her Steam username.

Article posted at UTC on .

4 comments

They Say that Programmers Never Die

They just gosub without return. That is, of course, a joke (with all due apologies to those of you to whom it means nothing), but there’s a kernel of truth in the saying. In their own way, programmers are like authors or artists in that their work can easily outlive them, and their unique and distinct style can be found in their creations: and in that created by those that learn from or imitate them.

This morning I was working on some legacy Perl code that holds together a part of a client’s web site. In particular, I was refactoring the code that displays dates and times in an appropriate format, as part of an effort to simplify the code after fixing a bug that would, under some unusual conditions, use the “pm” suffix for morning times (e.g. 11pm, when it means 11am). Under normal circumstances this would have been a simpler job than it was, but this particular piece of software has been passed from developer to developer, and (until it came into my hands) I’m pretty sure that none of them took the time to understand what their predecessors had done. Several different stylistic and semantic styles are used in the code, and several different solutions are used for the same problem, depending on who was in charge at any given time. In short, the code’s a mess, but the client is on a tight budget and can generally only afford to pay for the minimum amount of work, and not for the sweeping overhaul that the system so badly needs.

I came across a particular line of code, today (evidence, perhaps, of a previous developer looking into a related issue to the one with which I was tasked):

$leu_something .= $hour . " - " . $amorpm;

Even without the developer’s name embedded within the variable name, I could have told you who wrote this code because of its distinct style. Even this single line has a defining appearance of its own, to the trained eye. To illustrate this, consider that the line could equally have been written in any of the following ways (among hundreds of others, without even looking at the optional space characters and interchangeable types of quotation marks used), and would have functioned identically:

  • $leu_something = $leu_something .= $hour . " - " . $amorpm;
  • $leu_something .= "${hour} - ${amorpm}";
  • $leu_something = join($leu_something, $hour, " - ", $amorpm);
  • $leu_something .= sprintf('%s - %s', $hour, $amorpm);

Some of these methods have specific advantages or disadvantages, but all have the exact same fundamental meaning meaning. However, even from a glance I could tell that this code belonged to the former developer named Leu (and not any of the other developers whose names I’ve seen in the project) because of the style in which he chose to write it.

Non-programmers often fail to understand why I describe programming as being as much an art as a science. The work of a programmer has been compared to the work of a poet, and I agree with this sentiment. Even merely on a superficial level, both computer code and poetry:

  • Can be good or bad (by consensus, or subjectively).
  • Attach significant importance to proper syntax and style (you need the right rhyming pattern in a limerick and the right number of brackets in a loop).
  • Express a concept through the artistic use of a language.
  • When used to express complex ideas, benefit from creative and sometimes out-of-the-box thinking.
  • Often lose value if they are literally translated to another language.

Not only that, program code can be beautiful. I’ve examined code before that’s made me smile, or laugh, or that has saddened me, or that has inspired me. I shan’t argue that it’s on a par with the standard of spoken-language poetry: but then, programming languages are not designed to appeal to the pathos, and are at a natural disadvantage. Sometimes the comments for a piece of code can in themselves carry a beauty, too: or they can serve simply to help the reader comprehend a piece of code, in the same way as one can sometimes find guidance in the interpretation of a poem from somebody else’s research.

However, it’s possible to say things with code that one simply can’t convey in the same way, using a spoken language. To prove this point, I’ve composed a short haiku in the medium of the Ruby programming language. For this purpose, I’m defining a haiku as a poem whose lines contain 5, 7, and 5 syllables, respectively. It’s an existentially nihilistic piece called Grind:

Grind

def grind(age = 0)
  die if age == 78
  grind(age + 1); end

Vocalised, it would be read as follows:

Def grind: age equals zero,
Die if age equals seventy-eight,
Grind (age plus one); end.

I enjoy the subtlety its use of recursion to reinforce the idea that every year of your life gives you a bigger burden to carry (and a larger amount of memory consumed). This subtlety does not adequately translate to a spoken language.

The line of code I showed you earlier, though, is neither interesting nor remarkable, in itself. What makes it interesting to me is that it persisted – until today, when I removed it – in this piece of software. The author, Leu, died several years ago. But there will exist software that he wrote, being read again and again by tireless machines on a daily basis, for years to come.

I wonder how long the code I write today will live.