geeky

On This Day In 2003

Looking Back

On this day in 2003 I first juggled with flaming clubs! But first, let’s back up to when I very first learned to juggle. One night, back in about 1998, I had a dream. And in that dream, I could juggle.

I’d always been a big believer in following my dreams, sometimes in a quite literal sense: once I dreamed that I’d been writing a Perl computer program to calculate the frequency pattern of consecutive months which both have a Friday 13th in them. Upon waking, I quickly typed out what I could remember of the code, and it worked, so it turns out that I really can claim to be able to program in my sleep.

In this case, though, I got up and tried to juggle… and couldn’t! So, in order that nobody could ever accuse me of not “following my dreams,” I opted to learn!

About three hours later, my mother received a phone call from me.

“Help!” I said, “I think I’m going to die of vitamin C poisoning! How much do I have to have before it becomes fatal?”

“What?” she asked, “What’s happened?”

“Well: you know how I’m a big believer in following my dreams.”

“Yeah,” she said, sighing.

“Well… I dreamed that I could juggle, so I’ve spent all morning trying to learn how to. But I’m not very good at it.”

“Okay… but what’s that got to do with vitamin C?”

“Well: I don’t own any juggling balls, so I tried to find something to use as a substitute. The only thing I could find was this sack of oranges.”

“I think I can see where you’re going wrong,” she said, sarcastically, “You’re supposed to juggle with your hands, Dan… not with your mouth.”

“I am juggling with my hands! Well; trying to, anyway. But I’m not very good. So I keep dropping the oranges. And after a few drops they start to rupture and burst, and I can’t stand to waste them, so I eat them. I’ve eaten quite a lot of oranges, now, and I’m starting to feel sick.”

I wasn’t overdosing on vitamin C, it turns out – that takes a quite monumental dose; perhaps more than can be orally ingested in naturally-occuring forms – but was simply suffering from indigestion brought on as a result of eating lots and lots of oranges, and bending over repeatedly to pick up dropped balls. My mother, who had herself learned to juggle when she was young, was able to give me two valuable tips to get me started:

Balled-up thick socks make for great getting-started juggling balls. They bounce, don’t leak juice, and are of a sensible size (if a little light) for a beginning juggler.
Standing with your knees against the side of a bed means that you don’t have to bend over so far to pick up your balls when you inevitably drop them.

I became a perfectly competent juggler quite quickly, and made a pest of myself in many a supermarket, juggling the produce.

So: fast forward five years to 2003, when Kit, Claire, Paul, Bryn and I decided to have a fire on the beach, at Aberystwyth. We’d… acquired… a large solid wooden desk and some pallets, and we set them up and ignited them and lounged around drinking beer. After a little while, a young couple came along: she was swinging flaming poi around, and he was juggling flaming clubs!

Fire poi! They look fantastic when they're flying around you; scary when they're flying towards you.

I asked if I could have a go with his flaming clubs. “Have you ever juggled flaming clubs before?” he asked. “I’ve never even juggled clubs before,” I replied. He offered to extinguish them for me, first, but I insisted on the “full experience.” I’d learn faster if there existed the threat of excruciating pain every time I fucked up, surely. Right?

Juggling clubs, it turns out, is a little harder than juggling balls. Flaming clubs, even more so, because you really can’t get away with touching the “wrong” end. Flaming clubs at night, after a few drinks, is particularly foolhardy, because all you can see is the flaming end, and you have to work backwards in your mind to interpret where the “catching end” of the stick must be, based on the movement of the burning bit. In short: I got a few minor singes.

But I went home that night with the fire still burning in my eyes, like a spark in my mind. I couldn’t stop talking about it: I’d been bitten by the flaming-clubs-bug.

Looking Forward

I ordered myself a set of flaming clubs as soon as I could justify the cost, and, after a couple of unlit attempts in the street outside my house, took them to our next beach party a few days later. That’s when I learned what really makes flaming clubs dangerous: it’s not the bit that’s on fire, but the aluminium rod that connects the wick to the handle. Touching the flaming wick; well – that’ll singe a little, but it won’t leave a burn so long as you pull away quickly. But after they’ve been lit for a while – even if they’ve since been put out – touching the alumium pole will easily leave a nasty blister.

Me juggling flaming clubs at the barbecue I mentioned, in 2007. I almost look like I know what I'm doing. And more importantly, I feel like a badass.

Still: I learned quickly, and was still regularly flinging them around (and teaching others) at barbecues many years later.

Once, a Nightline training ended up being held at an unusual location, and the other trainers and I were concerned that the trainees might not be able to find it. So we advertised on the email with the directions to the training room that trainees who can’t find it should “introduce themselves to the man juggling fire outside the students union”, who would point them in the right direction: and so I stood there, throwing clubs around, looking for lost people all morning. Which would have worked fine if it weren’t for the fact that I got an audience, and it became quite hard to discreetly pick out the Nightline trainees from the students who were just being amused by my juggling antics.

Nowadays, I don’t find much time for juggling. I keep my balls to-hand (so to speak) and sometimes toss them about while I’m waiting for my computer to catch up with me, but it’s been a long while since I got my clubs out and lit them up. Maybe I’ll find an excuse sometime soon.

This blog post is part of the On This Day series, in which Dan periodically looks back on years gone by.

My New Pet Hate, part II

A few years ago, I talked about a pet hate of mine that still seems to be prevalent: that is – that when people send me a screenshot, they’ll sometimes send me it in a Word document, for no apparent reason. They could just send me the picture, but instead they send me a Word document containing the picture, thereby increasing the file size, requiring that I have a program capable of viewing Word documents, and making it more-complex for me to extract the picture if I need to use it somewhere. And on top of all of that, it takes longer for them to do it this way: everybody loses!

Today, I saw somebody take the abuse of screenshots to a whole new level. My first clue that something was amiss was when the email arrived in my Inbox with a 300K TIFF file in it. “Well, at least it’s not a Word document,” I thought. And I was right. It was something more convoluted than that.

My only explanation for the contents of the file is as follows:

Print Screen. The user took the screenshot using their Print Screen key. So far, so good. They captured their whole screen, rather than just what they were trying to show me, but we’ll let that pass.
Open Paint. The user opened Paint. At this point, they could have pasted, saved, and emailed the file to me, and still been doing perfectly well. But they didn’t.
Resize canvas. The user expanded the canvas to an enormous size. Perhaps they didn’t know that this would be done automatically, if required. Or maybe they thought that I could do with a lot of white space in which to make notes on their screengrab.
Paste and reposition. The user pasted the screenshot into the Paint document, and positioned it near the centre, making sure to leave as much whitespace as possible. Y’know, in case I was running out of it on my computer. They could still at this point have just saved the file and emailed it to me, and I wouldn’t have complained.
Print Screen again. For some reason, the user pressed Print Screen again at this point, thereby taking a screenshot of themselves manipulating a screenshot that they’d already taken. Maybe the user has recently watched Inception, and decided that “a screenshot within a screenshot” was more likely to make an impact on me. We need to go deeper!
Open Photoshop. Paint obviously wasn’t going to cut it: it was time for a bigger graphics program. The user opened up Photoshop (waiting for a few minutes while this beast of a program warmed up).
Create a new document and paste again. Now the user had Photoshop open, containing a picture of Paint being used to display an (oversized) screenshot of what they wanted to show me.
Crop. This was a good idea. If the user had cropped the image all the way back down to the screenshot, I might not even have worked out what they were doing. Sadly, they didn’t. They cropped off Paint’s title bar and half of its toolbar. Then they added another few layers of whitespace to the bottom and right, just to be really sure.
Save as a TIFF. They could have saved as a PNG. Or a GIF. Even a JPEG. They could have saved as a PSD. But no, for some reason, an uncompressed TIFF was the way forwards.

Back in 2009, I predicted that Windows Vista/7’s new “Snipping Tool”, which finally brought screen captures to the level of more-competent operating systems, would see the end of this kind of nonsense. Unfortunately, Windows XP remains the standard at my workplace, so I doubt that this’ll be the last time that I see “matryoshka screenshots”.

Content Freeze

Isn’t memory strange?

Last week, we updated to the latest version of the CMS that powers the Bodleian‘s web site. During the process of installing and testing the new version, we initiated a “content freeze”, disallowing the 100+ regular content editors access to the administration sections: any changes they’d have made wouldn’t have been replicated in the new version, and we didn’t want a discrepancy in content while we were testing that the change had taken! We still had back-end access, of course, and a few minor “emergency” changes were made (on both the old and the new version), but in general, the site was in a read-only mode for several days.

A similar thing happened to my head during this weekend’s house move.

While running a van-load of stuff from Old Earth to New Earth, Ruth, JTA and I stopped off at Argos to buy a few bits and pieces for our new home. We parked in one of the few remaining parking spaces capable of accommodating our extended wheel-base van. Unfortunately this brushed us up very close to an unfortunately-placed tree, whose branches reached in through the door as I clambered out. I spent a while trying to reposition them so as not to slam them in the door while Ruth and JTA walked ahead, towards Argos, and so when I was done they were quite a way ahead. I turned and ran to catch up with them…

BAM! Something struck me on the top of my head. We’re still not all in agreement as to whether it was a branch or the wing mirror of the van, but it hurt like hell. My knees buckled up and I collapsed into a heap.

Before long I was on my feet, but as I began to feel dizzy and nauseous, we started to worry that I might be concussed, and Ruth took me to the hospital. By then, I was unable to keep my eyes open without feeling like the world was spinning and I was going to throw up, and I kept feeling like I was moments away from falling asleep.

By the time I’d seen a doctor, about three hours later, I was starting to feel a little better. We took a leaflet of “things to watch out for after a concussion”, which advised that I shouldn’t lift any heavy things (“But I’m moving house today!”) nor use a computer or drink alcohol (“This is my life you’re talking about!”), all of which I ignored to some degree or another.

I napped on and off for a lot of Sunday and some of Monday, but it was on Monday that the amount of damage I’d done became most apparent. I got out of bed and staggered downstairs to find that Ruth and JTA had at some point bought a shoe rack. They weren’t around, but neither was the van, and I reasoned that they must have been out collecting more boxes, but I thought I might as well make myself useful by assembling this shoe rack they’d gotten. It was of the variety that hangs on the back of a door, so I spent some time deciphering the instructions and putting it together… only to find that it wouldn’t actually fit onto any of the (quite thick) doors in our new house.

That’s when Ruth & JTA arrived. “I saw you’d bought a shoe rack,” I said.

“Yes,” they replied, “We bought it yesterday. We told you about it.”

“Oh. I don’t remember that. Anyway, I built it, but it turns out that it won’t fit any of our doors.”

“Yes, we know: we told you that too. We were about to take it back to the shop.”

I have no recollection whatsoever of that conversation. Or several other conversations, it seems. In the hospital, I remember that Ruth talked to me for an hour or more (I wasn’t capable of conversation myself, some of the time, but it was nice to hear a familiar voice), and I still can’t remember any of it except for snippets (something about her father’s new house?).

For much of Sunday, my brain went into “content freeze”, too. A read-only mode where my memories worked fine, except that I couldn’t construct any new ones: everything just went in one ear and out the other. Maybe this is to be expected: a quick look at some maps of brains and an examination of the bump on my head indicates that the blow came to a point squarely in the centre of the middle frontal gyrus (the dorsolateral prefrontal cortex) of the right hemisphere of my brain: an area associated with emotional self-control, social judgement, lateral thinking, and the transfer of working memory.

Still: it was certainly a strange experience to be told about events from only a day earlier that I simply can’t remember. It also made Tuesday interesting: long weekends are confusing at the best of times, but parts of my memory made it feel like I’d had only a two-day weekend (as parts of Sunday are simply missing from my memory), and so it was even harder than usual to shake the feeling that it was Monday when I arrived at work on Tuesday. That’ll be a pleasant surprise on Friday, anyway, when the weekend “comes early”: maybe I should bang my head every time there’s a long weekend.

Every Full Moon

This is what happens when you let geeks write your billing software:

From the website of Andrews & Arnold ISP.

Leading By Example

This week, I was reading the new EU legislation [PDF] which relates to, among other things, the way that websites are allowed to use HTTP cookies (and similar technologies) to track their users. The Information Commissioner’s Office has released a statement to ask website owners to review their processes in advance of the legislation coming into effect later this month, but for those of you who like the big-print edition with pictures, here’s the short of it:

From 26th May, a website must not give you a cookie unless it’s either (a) an essential (and implied) part of the functionality of the site, or (b) you have opted-in to it. This is a stark change from the previous “so long as you allow opt-outs, it’s okay” thinking of earlier legislation, and large organisations (you know, like the one I now work for) in particular are having to sit up and pay attention: after all, they’re the ones that people are going to try to sue.

The legislation is surprisingly woolly on some quite important questions. Like… who has liability for ensuring that a user has opted-in to third-party cookies (e.g. Google Analytics)? Is this up to the web site owner or to the third party? What about when a site represents companies both in and outside the EU? And so on.

Seeking guidance, I decided to browse the website of the Information Commissioner’s Office. And guess what I found…

…not what I was looking for: just more circular and woolly thinking. But I did find that the ICO themselves does not comply with the guidance that they themselves give. Upon arriving at their site – and having never been asked for my consent – I quickly found myself issued with five different cookies (with lifespans of up to two years!). I checked their privacy policy, and found a mention of the Google Analytics cookie they use, but no indication about the others (presumably they’re not only “opt-out”, but also “secret”). What gives, guys?

Honestly: I’m tempted to assume that only this guy has the right approach. I’m all in favour of better cookie law, but can’t we wait until after the technological side (in web browsers) is implemented before we have to fix all of our websites? Personally, I thought that P3P policies (remember when those were all the rage?) had a lot of potential, properly-implemented, because they genuinely put the power into the hands of the users. The specification wasn’t perfect, but if it had have been, we wouldn’t be in the mess we are now. Perhaps it’s time to dig it up, fix it, and then somehow explain it to the politicians.

World Backup Day

It’s World Backup Day, folks. That means it’s time for you to look at your data and check that you’re backing it all up to a satisfactory level.

Have a look at the computer you’re sat at. If it’s hard drive(s) broke, irrecoverably, or if it were stolen: what would you lose?

Me? I like my backups to go “offsite”, so I use online redundant storage to shunt my important stuff to (I use a personal Amazon S3 bucket and some software I’ve written for that purpose, but you don’t have to be that geeky to use online backups – just check the World Backup Day website for suggestions). If you’re not quite so paranoid as me, you might make your backups to CDs or DVDs, or onto a pendrive. It doesn’t take long, and it’s worth it.

Backups are like insurance.

Now go celebrate World Backup Day by making some backups, or by checking that your existing backups restore correctly. You’re welcome.

Passwords – The Least You Should Do

If you see me in person, you’ll know that this is something I rant about from time to time. But that’s only because people consistently put themselves and their friends at risk, needlessly, and sometimes those friends include me. So let me be abundantly clear:

If you’re reading this, there is at least a 95% chance that your passwords aren’t good enough. You should fix them. Today.

Let’s talk about what what we mean by “good enough”. A good password needs to be:

Long. Some of you are still using passwords that are shorter than 8 characters. The length of a password is important because it reduces the risk of a robot “brute forcing” it. Suppose a robot can guess 1000 passwords a second, and your password uses only single-case letters and numbers. If you have a 4-character password, it’ll be lucky to last quarter of an hour. A 6-character password might last a week and a half. At 8-characters, it might last a few decades. Probably less, if your password makes one of the other mistakes, below. And the robots used by crackers are getting faster and faster, so the longer, the better. My shortest password is around 12 characters long, these days.

Complex. Remember how long an 8-character password lasts against a “brute force” attack? If you’re only using single-case letters, you’re reducing that by almost a third. Mix it up a bit! Use upper and lower case letters, and numbers, as standard. Consider using punctuation, too. There’s no legitimate reason for a website to demand that you don’t have a long and complex password, so if one does seem to have unreasonable requirements: write to the owners and threaten to take your business elsewhere if they don’t get with the times.

Random. If your password is, is based on, or contains a dictionary word (in any language), a name or brand name, a date, a number plate or (heaven forbid) a national insurance number, it’s not good enough. “Brute force” attacks like those described above are usually the second line of attack against properly-stored passwords: first, a robot will try every word, name or date that it can think of, with and without capitalisation and with numbers before and afterwards. Many will also try common phrases like “iloveyou” and “letmein”. WikiHow has a great suggestion about how to make “random” passwords that are easy to remember.

Unique. Here’s the one that people keep getting wrong, time and time again. You should never, never, use the same password for multiple different services (and you should be very wary of using the same password for different accounts on the same service). This is because if a malicious hacker manages to get your password for one site, they can now start breaking into your accounts on other sites. Some people try to get around this by keeping two or three “levels” of passwords, for low-, medium-, and high-security uses. But even if a hacker gets access to all of your “low” security sites, that is (these days, frequently) still a huge amount of data they have with which to commit an identity theft.The other big reason to make sure your passwords are unique is that it makes it safer to share them, if the need arises. Suppose that for some reason you need to share a password with somebody else: it’s far safer for everybody involved if the password you share with them works only for the service you wanted to give them access to. Every person you trust is one more person who might (accidentally) expose it to a hacker by writing it down.Even if you have to memorise a complex “master” password and keep in your wallet a list of random “suffixes” that you append to this master password, different for each site, that’s a huge step forwards. It’s also a very basic level of two-factor authentication: to log in to your Twitter account, for example, you need your master password (which is in your head), plus the Twitter suffix to the password (which is written down in your wallet).

There’s been a wave of attacks recently against users of social networking websites: an attacker will break into an insecure web forum to get people’s email addresses and password, and then will try to log in to their webmail accounts and into social networking sites (Facebook, Twitter, etc.) using those same credentials. When they get a “hit”, they’ll explore the identity of the victim, learning about their language patterns, who their friends are, and so on. Then they’ll send messages or start chats with their victim’s friends, claiming to be their victim, and claim some kind of crisis. They’ll often ask to borrow money that needs to be wired to them promptly. And then they’ll disappear.

In this interconnected world, it’s important that your passwords are good not only for your benefit, but for your friends too. So if you’re guilty of any of the “password crimes” above – if you have passwords that are short (under 8 characters), simple (don’t use a mixture of cases and include numbers), predictable (using dictionary words, names, dates, etc.: even if they include a number), or re-used (used in more than one place or for more than one site) – change your passwords today.

Here’s some resources to help you do it:

WikiHow’s guide to choosing secure passwords.
PCTools’ great random password generator.
The top 500 worst passwords of all time – if yours is in here, it’s probably already been compromised.
SuperGenPass – a very good way to use a strong, unique password for every website without having to remember multiple passwords. Free.
KeePass – a great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free.
LastPass – another great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free (or cheap, for the premium version).

IE6 Countdown

Microsoft recently tweeted: “It’s not often that we encourage you to stop using one of our products, but for IE6, we’ll make an exception”. This coincides with the launch of The Internet Explorer 6 Countdown, a website that tries to encourage people to drop this hideously old and awful browser in favour of better, modern, standards-compliant ones, thereby saving web developers heaps of work.

Internet Explorer 6 usage stats. — Internet Explorer 6 usage stats, from IE6 Countdown. I'm honestly shocked that the number is still as high as 12%. Where are they getting that from?

That’s not strictly true; they’re encouraging people to upgrade to Internet Explorer 8 and 9, presumably, which are still a little lacking in support for some modern web standards. But they’re a huge step forward, and everybody who’d like to stick with Internet Explorer should be encouraged to upgrade. There’s no excuse for still using IE6.

They’re even providing a tool to let you put a “Upgrade now, damnit!” banner on your website, visible only to IE6 users. It’s similar to the IE6Update tool, really, but has the benefit of actually being supported by the browser manufacturer. That has to count for something.

Will it make a difference? I don’t know. I’m frankly appalled that there are modern, high-tech countries that still have significant numbers of IE6 users: Japan counts over 10%, for example! We’re talking here about a ten year old web browser: a web browser that’s older than MySpace, older than Facebook, older than GMail, older than YouTube. Internet Explorer 6 was released into a world where Lord of the Rings that would take you a long time to read, rather than taking you a long time to watch. A world where in-car CD players still weren’t universal, and MP3 players were a rarity. Do you remember MiniDisc players? Internet Explorer 6 does. The World Trade Center? Those towers were still standing when Internet Explorer was released to the world. And if that’s making you think that 10 years is a long time, remember that in the fast-changing world of technology, it’s always even longer.

Just remember what Microsoft (now, at long last) says: Friends don’t let friends use Internet Explorer 6.

Too Ruby

Ruby, a programming language of which I’m quite fond, is well-known for it’s readability and ease of comprehension, among about thirty-seven other wonderful features.

I rediscovered quite how readable the language is when I genuinely ended up writing the following method last week:

# On saving, updates the #Shift counters if the #ExperienceLevel of this
# #Volunteer has been changed
def update_counters_if_experience_level_changed
  update_counters if experience_level_changed?
end

For the benefit of those of you who aren’t programmers, I’ll point out that which is obvious to those of us who are: the body of the method (that’s the line that’s indented) is almost identical to the method name (the line that starts with “def”).

This is the equivalent of going to WikiHow and looking up the article on, say, How to Make a Tie Dyed Cake, only to discover that the text of the article simply says, “Choose what colours you want, and then make a cake in those colours”… and you understand perfectly and go and make the cake, because you’ve got that good an understanding. In this metaphor, you’re the Ruby interpreter, by the way. And the cake is delicious.

Okay, I cheated a little: the experience_level_changed? method was provided for me by the Rails framework. And I had to write the update_counters method myself (although it, too, contains only one line of code in its body). But the point is still the same: writing Ruby, and thinking in a Rubyish way, produces beautifully readable, logical code.

The Week of Balls

Early this week, I’ve spent quite a bit of time knee deep in the guts of Phusion Passenger (which remains one of the best deployment strategies for Rack applications, in my mind), trying to work out why a particular application I’d been working on wouldn’t deploy properly after a few upgrades and optimisations on the development server. Ultimately, I found the problem, but for a few hours there there I thought I was losing my mind.

This lunchtime, I decided to pull out all of my instant messenger logs (being out of the office, my co-workers at SmartData and I do a lot of talking via an IM system). I’d had a hunch that, so far this week, “balls” would be amongst my most-frequently typed words, chiefly uttered as yet another hypothesis about why the development server wasn’t behaving itself was blown out of the water. A few regular expressions (to strip it down to just the words I typed) and a run through a word-counter, and I had some results!

Here’s my top words of the work week so far:

Position	Word(s)
1 – 18	the, to, I, a, it, that, of, in, and, on, but, have, what, is, you, just, so, for Positions 1 through 18 contain some of the most-common conjunctions and pronouns that I use on a day-to-day basis, as well as some common verbs. Nothing surprising there. So far, so good.
19	Rails Between the projects I’ve been involved with and those my colleagues are working on, there’s been a lot of discussion about (Ruby on) Rails around the office so far this week.
20	IPN, do One of the projects I’ve been working on this week has used a payment gateway with an Instant Payment Notification service, so it’s not surprising that “IPN” appeared in the top 20, too…
22	was, this
24	my, know, at
27	up, don’t Over 50% of “don’t”s were immediately followed by “know”: Monday was one of those days.
29	I’m
30	yeah, be, [name of troublesome web app] Not unexpectedly, the name of the project that caused so much confusion earlier this week came up more than a little.
33	there, one, if
36	we, see, problem, get balls, back, all These seven words never all appeared in a sentence together, but I sort of wish that they had. There’s the key word – balls – apparently the joint 36th most-used word by me between Monday morning and Wednesday lunchtime.

Other common words this week so-far included “jQuery“, that great JavaScript library (there was some discussion about how we can best make use of the new features provided by version 1.5), “payment” (again; a lot of talk of payment processing, this week), “means” (mostly where I was explaining the results of my investigations into the troublesome server), “tried” (a disappointing-sounding word), “error” (I saw a few of those, to be sure!), and “somehow” (not a reassuring thing to catch yourself saying).

Also pretty common this week was “boiler”, as I explained to my workmates the saga of the boiler at my house, which broke down at the weekend, leaving us with no hot water nor heating until it was repaired on Tuesday. On the upside, I did get to poke around inside the boiler while the repairman was taking it to bits, and learned all kinds of fascinating things about the way that they work. So, a silver lining, there.

With the boiler fixed at home, and the development server fixed at work, it finally feels like this week’s turning into the right kind of week. But for a while there, it didn’t look certain!

Free Deed Poll Generator

I talk a lot. If you don’t want to listen to me ramble, and you’re just looking for the free deed poll generator, click here.

After Claire and I changed our names back in 2007, I actually took the time to do a little research into deeds poll (or, more-specifically in this case, deeds of change of name). It turns out that we did it the wrong way. We paid a company to do all of the paperwork for us, and – while it wasn’t terribly expensive – but it wasn’t free, and “free” is exactly how much it ought to cost.

In the intervening years I’ve helped several friends to change their names via deeds poll (yes, “deeds poll” is the correct plural), and I’ve learned more and more about why the whole process should be simpler and cheaper than many people would have you believe.

A deed poll, by definition, is nothing more than a promise signed by one person (it’s not even a contract – it’s got little more weight than a New Year’s resolution), on paper which has straight edges. That’s what the word “poll” actually means: that the paper has straight edges. Why? Because back then, a contract would typically be cut into two on an irregular line, so that when the two halves came together it would be clear that they were originally part of the same document – an anti-forgery measure. A deed poll, because it’s signed only by one person, doesn’t need to be separated like this, and so it has straight edges.

That means that’s it’s perfectly legitimate for you to write, on the back of a napkin, “I have given up my name [former name] and have adopted for all purposes the name [new name]. Signed as a deed on [date] as [former name] and [new name]. Witnessed by [witnesses signature(s)].”

The problem comes when you send that napkin off to the Inland Revenue, or the DVLA, or the Passport Office, and they send it back and laugh. You see, it helps a hell of a lot if your deed poll looks sort-of official. You ought to put some work into making it look nice, because that makes a world of difference when you ask people to believe it. That’s not to say that they won’t laugh at you anyway – the Passport Office certainly laughed at me – but at least they’ll accept your name change if it has an air of authority and is covered with all of the most-relevant legalese.

Behind the dozens of scam artists who’ll charge you £10, £20, £30, or even more to produce you an “official” deed poll (tip: there’s no such thing), there are one or two “free” services, too. But even the best of these has problems: the site is riddled with advertisements, the document isn’t produced instantly, you’re limited in how many deed polls you can generate, and – perhaps worst of all – you have to give them your email address in order to get the password to open the documents they give you. What gives?

Generate free UK deeds of name change at freedeedpoll.org.uk.

So I’ve made my own. It’s completely free to use and it’s available at freedeedpoll.org.uk: so what are you waiting for – go and change your name! Oh, and it’s also open-source, so if you want to see how it works (or even make your own version), you can.

Why? Well: I don’t like feeling like I’ve been scammed out of money, so if I can help just one person change their name for free who might otherwise have been conned into paying for something that they didn’t need: well, then I’ve won. So change your name or help your friends and family to, on me, or just download my code and learn a little bit about Ruby, Sinatra, and Prawn (the technologies that power the site). What’re you waiting for?

Mobile One-Time-Passwords in Ruby

I recently came across the Mobile One-Time-Passwords project, which aims to make a free, secure alternative to commercial two-factor authentication systems (like SecurID). The thinking is pretty simple: virtually everybody now carries a mobile phone capable of running basic applications, so there’s no reason that such an application couldn’t provide the processing power to generate one-time-passwords based on a shared secret, a PIN number known only to the authenticating party and to the server, and the current date and time stamp.
Great! But it turns out that despite there being libraries to produce server-side implementations of the technology in PHP, Perl, and C, nobody had yet bothered to write one in that most marvelous of programming languages, Ruby.

Well, now I have. So if anybody’s got the urge to add one-time-password based security to their Rails or Sinatra app, or would like to write an MOTP client for their Ruby-capable smartphone: well, now you can.

Copy-Pasting Passwords into Steam

Just want to know how to ‘fix’ Steam’s password field? Scroll down to “How to Fix It”

Steam & Security Theatre

You’re a smart guy. You’re not stupid about computer security. And that’s why you always make sure that you use a different password for every service you use, right? You might even use a different password for every account, even when you have different passwords on the same service. You know that there are really, really good reasons why it’s simply not good enough to, for example, have “high-security”, “general use” and “low security” passwords, and re-use each of them in several places. And if you don’t know that: well, take my word for it and I’ll explain it in detail later.

It’s no great hardship to have lots of long, complex, effectively-random passwords, these days. Tools like SuperGenPass, LastPass, and KeePass, among others, mean that nowadays it’s so easy to use a different password for every service that there’s no excuse not to. So you probably use one of those (or something similar), and everything’s great.
Except for that one application – Steam. I have Steam save my password on my desktop PC (by the time somebody steals my desktop PC and breaks into the encrypted partition on which my data files lie, I have bigger problems than somebody stealing my Just Cause 2 achievements), but it forgets the password every time that Ruth uses her Steam account on my computer. No problem, I think: I can easily copy-paste it from my password manager… nope: Steam won’t let you paste in to the password field.

What? If you ask Valve (Steam’s creators) about this, they’ll say that it’s a security feature, but that’s bullshit: it’s security theatre, at best. And at worst, it means that people like me are inclined to use less-secure passwords because it’s harder to memorize and to type out that a more-secure password would be.

How to Fix It

Well, obviously the best way to fix it would be to successfully persuade Valve that they’re being stupid: others are already trying that. But what would be nice in the meantime would be a workaround. So here is is:

Edit Program FilesSteamPublicSteamLoginDialog.res (Program FilesSteamPublicSteamLoginDialog.res on 64-bit Windows, somewhere else entirely on a Mac) using your favourite text editor (or Notepad if you don’t have a favourite). Take a backup of the file if you’re worried you’ll break it.
In the "PasswordEdit" section (starting at about line 42), you’ll see name/value pairs. Make sure that the following values are set thusly:

"tabPosition" "1"
"textHidden" "0"
style="TextEntry"

The next time you load Steam, you’ll be able to paste passwords into the password field. The passwords won’t be masked (i.e. you’ll see the actual passwords, rather than asterisks), but the dialog never loads with a password pre-populated anyway, so as long as you make sure that nobody’s looking over your shoulder while you type, you’re set!

Update: let’s face it, Valve’s security policies suck in other ways, too. Please read the tale of a friend-of-a-friend who’s desperate to change her Steam username.

They Say that Programmers Never Die

They just gosub without return. That is, of course, a joke (with all due apologies to those of you to whom it means nothing), but there’s a kernel of truth in the saying. In their own way, programmers are like authors or artists in that their work can easily outlive them, and their unique and distinct style can be found in their creations: and in that created by those that learn from or imitate them.

This morning I was working on some legacy Perl code that holds together a part of a client’s web site. In particular, I was refactoring the code that displays dates and times in an appropriate format, as part of an effort to simplify the code after fixing a bug that would, under some unusual conditions, use the “pm” suffix for morning times (e.g. 11pm, when it means 11am). Under normal circumstances this would have been a simpler job than it was, but this particular piece of software has been passed from developer to developer, and (until it came into my hands) I’m pretty sure that none of them took the time to understand what their predecessors had done. Several different stylistic and semantic styles are used in the code, and several different solutions are used for the same problem, depending on who was in charge at any given time. In short, the code’s a mess, but the client is on a tight budget and can generally only afford to pay for the minimum amount of work, and not for the sweeping overhaul that the system so badly needs.

I came across a particular line of code, today (evidence, perhaps, of a previous developer looking into a related issue to the one with which I was tasked):

$leu_something .= $hour . " - " . $amorpm;

Even without the developer’s name embedded within the variable name, I could have told you who wrote this code because of its distinct style. Even this single line has a defining appearance of its own, to the trained eye. To illustrate this, consider that the line could equally have been written in any of the following ways (among hundreds of others, without even looking at the optional space characters and interchangeable types of quotation marks used), and would have functioned identically:

$leu_something = $leu_something .= $hour . " - " . $amorpm;
$leu_something .= "${hour} - ${amorpm}";
$leu_something = join($leu_something, $hour, " - ", $amorpm);
$leu_something .= sprintf('%s - %s', $hour, $amorpm);

Some of these methods have specific advantages or disadvantages, but all have the exact same fundamental meaning meaning. However, even from a glance I could tell that this code belonged to the former developer named Leu (and not any of the other developers whose names I’ve seen in the project) because of the style in which he chose to write it.

Non-programmers often fail to understand why I describe programming as being as much an art as a science. The work of a programmer has been compared to the work of a poet, and I agree with this sentiment. Even merely on a superficial level, both computer code and poetry:

Can be good or bad (by consensus, or subjectively).
Attach significant importance to proper syntax and style (you need the right rhyming pattern in a limerick and the right number of brackets in a loop).
Express a concept through the artistic use of a language.
When used to express complex ideas, benefit from creative and sometimes out-of-the-box thinking.
Often lose value if they are literally translated to another language.

Not only that, program code can be beautiful. I’ve examined code before that’s made me smile, or laugh, or that has saddened me, or that has inspired me. I shan’t argue that it’s on a par with the standard of spoken-language poetry: but then, programming languages are not designed to appeal to the pathos, and are at a natural disadvantage. Sometimes the comments for a piece of code can in themselves carry a beauty, too: or they can serve simply to help the reader comprehend a piece of code, in the same way as one can sometimes find guidance in the interpretation of a poem from somebody else’s research.

However, it’s possible to say things with code that one simply can’t convey in the same way, using a spoken language. To prove this point, I’ve composed a short haiku in the medium of the Ruby programming language. For this purpose, I’m defining a haiku as a poem whose lines contain 5, 7, and 5 syllables, respectively. It’s an existentially nihilistic piece called Grind:

def grind(age = 0) die if age == 78 grind(age + 1); end

Vocalised, it would be read as follows:

Def grind: age equals zero,
Die if age equals seventy-eight,
Grind (age plus one); end.

I enjoy the subtlety its use of recursion to reinforce the idea that every year of your life gives you a bigger burden to carry (and a larger amount of memory consumed). This subtlety does not adequately translate to a spoken language.

The line of code I showed you earlier, though, is neither interesting nor remarkable, in itself. What makes it interesting to me is that it persisted – until today, when I removed it – in this piece of software. The author, Leu, died several years ago. But there will exist software that he wrote, being read again and again by tireless machines on a daily basis, for years to come.

I wonder how long the code I write today will live.

The Worst Server Infection I’ve Ever Seen

With my day job at SmartData I’ve recently been doing some work for a client, transporting their data from the Microsoft SQL Server that back-ends their desktop application and converting it to a different schema on a different database for a new, web-based application. Because there’s quite a lot of data, the schema are quite different, and the data needs to be converted in a “smart” way: I’ve written a program to help with the task.

My program takes data from our client's old server and moves it to their new server, making several alterations along the way. — My program takes data from our client’s old server and moves it to their new server, making several alterations along the way.

Unfortunately, it’s a slow process to move all of the data over. So, to test my program as I continue to develop it, I thought it might be useful if I could take a copy of the “live” database to somewhere more local (like my computer). This would remove the overhead of going through the Internet each time, and reduce the run time of the program significantly – an important consideration during its ongoing development.

Unfortunately, a quirk in the way that Microsoft SQL Server works is that the backup file I can make (ready to restore onto my computer) doesn’t appear on my computer, but appears on the old server. And I don’t have a means to get files off the old server. Or do I? I have a username and password: I wonder if there are any other services running on the server to which I might have access. To find out, I use a program called Nmap to try to get a picture of what services are running on the server.

The results of running Nmap on the server. That's a lot of open ports... — The results of running Nmap on the server. That’s a lot of open ports…

And that’s when I realised that something might be wrong. For those of you who aren’t inclined toward understanding the ins and outs of network security, the screenshot above should be considered to be more than a little alarming. There’s pretty obvious and clear signs that this computer is infected with Trinoo, NetBus, Back Orifice, and quite probably other malware. It’s almost certainly being used as part of denial of service attacks against other computers, and could well be stealing confidential information from our client’s server and the other computers on their network.

How have things gotten so out of control? I’m not sure. I’ve never seen such a rampant runaway set of infections on a server system before. Computers belonging to individuals, especially individuals inclined to installing BonziBuddy, Smiley Central/Cursor Mania, and so on, are often littered with malware, but one would hope that a server administrator might have a little more wisdom than to let unauthorised code run on a server for which they were responsible. At the very least, a Windows-based, Internet-accessible server ought to be running a strict firewall and antivirus software (virtually all antivirus software would have detected all three of the infections I’ve named above).

Just about anybody can get onto the ‘net, these days, and I can just about forgive a regular Jo who says says, “I don’t know anything about computers; I just want to play FarmVille.” It’s disappointing when they end up inadvertently helping to send email advertising “$oft C1ALIS tabs” to the rest of us, and it’s upsetting when they get their credit card details stolen by a Nigerian, but it’s not so much their fault as the fault of the complexities they’re expected to understand in order to protect their new computer. But when somebody’s running a service (as our client is paying for, from a third-party company who’s “managing” their server for them), I’d really expect better.

The Bit for the “Regular Jo”

And if you are a “regular Jo” on a Windows PC and you care enough to want to check that you’re part of the solution and not part of the problem, then you might be interested in a variety of free, trusted:

Anti-virus software (essential)
Adware/spyware removal tools (useful if you routinely install crap downloaded from the web), and
Firewall software (essential if you connect “directly” to the Internet, rather than via a “router”, or if you’re ever on networks on which you can’t trust the other network users – e.g. free wi-fi access points, shared Internet connections in student houses, etc.)

Edit: And don’t forget to regularly install your Windows Updates. Thanks to Gareth for the reminder that regular Jos should be encouraged to do this, too.