Dan Q

Tag: geeky

World Backup Day

It’s World Backup Day, folks. That means it’s time for you to look at your data and check that you’re backing it all up to a satisfactory level.

Have a look at the computer you’re sat at. If it’s hard drive(s) broke, irrecoverably, or if it were stolen: what would you lose?

Me? I like my backups to go “offsite”, so I use online redundant storage to shunt my important stuff to (I use a personal Amazon S3 bucket and some software I’ve written for that purpose, but you don’t have to be that geeky to use online backups – just check the World Backup Day website for suggestions). If you’re not quite so paranoid as me, you  might make your backups to CDs or DVDs, or onto a pendrive. It doesn’t take long, and it’s worth it.

Backups are like insurance.

Now go celebrate World Backup Day by making some backups, or by checking that your existing backups restore correctly. You’re welcome.

Article posted at UTC on .

No comments

Passwords – The Least You Should Do

If you see me in person, you’ll know that this is something I rant about from time to time. But that’s only because people consistently put themselves and their friends at risk, needlessly, and sometimes those friends include me. So let me be abundantly clear:

If you’re reading this, there is at least a 95% chance that your passwords aren’t good enough. You should fix them. Today.

Let’s talk about what what we mean by “good enough”. A good password needs to be:

  • Long. Some of you are still using passwords that are shorter than 8 characters. The length of a password is important because it reduces the risk of a robot “brute forcing” it. Suppose a robot can guess 1000 passwords a second, and your password uses only single-case letters and numbers. If you have a 4-character password, it’ll be lucky to last quarter of an hour. A 6-character password might last a week and a half. At 8-characters, it might last a few decades. Probably less, if your password makes one of the other mistakes, below. And the robots used by crackers are getting faster and faster, so the longer, the better. My shortest password is around 12 characters long, these days.
  • Complex. Remember how long an 8-character password lasts against a “brute force” attack? If you’re only using single-case letters, you’re reducing that by almost a third. Mix it up a bit! Use upper and lower case letters, and numbers, as standard. Consider using punctuation, too. There’s no legitimate reason for a website to demand that you don’t have a long and complex password, so if one does seem to have unreasonable requirements: write to the owners and threaten to take your business elsewhere if they don’t get with the times.
  • Random. If your password is, is based on, or contains a dictionary word (in any language), a name or brand name, a date, a number plate or (heaven forbid) a national insurance number, it’s not good enough. “Brute force” attacks like those described above are usually the second line of attack against properly-stored passwords: first, a robot will try every word, name or date that it can think of, with and without capitalisation and with numbers before and afterwards. Many will also try common phrases like “iloveyou” and “letmein”. WikiHow has a great suggestion about how to make “random” passwords that are easy to remember.
  • Unique. Here’s the one that people keep getting wrong, time and time again. You should never, never, use the same password for multiple different services (and you should be very wary of using the same password for different accounts on the same service). This is because if a malicious hacker manages to get your password for one site, they can now start breaking into your accounts on other sites. Some people try to get around this by keeping two or three “levels” of passwords, for low-, medium-, and high-security uses. But even if a hacker gets access to all of your “low” security sites, that is (these days, frequently) still a huge amount of data they have with which to commit an identity theft.The other big reason to make sure your passwords are unique is that it makes it safer to share them, if the need arises. Suppose that for some reason you need to share a password with somebody else: it’s far safer for everybody involved if the password you share with them works only for the service you wanted to give them access to. Every person you trust is one more person who might (accidentally) expose it to a hacker by writing it down.Even if you have to memorise a complex “master” password and keep in your wallet a list of random “suffixes” that you append to this master password, different for each site, that’s a huge step forwards. It’s also a very basic level of two-factor authentication: to log in to your Twitter account, for example, you need your master password (which is in your head), plus the Twitter suffix to the password (which is written down in your wallet).

There’s been a wave of attacks recently against users of social networking websites: an attacker will break into an insecure web forum to get people’s email addresses and password, and then will try to log in to their webmail accounts and into social networking sites (Facebook, Twitter, etc.) using those same credentials. When they get a “hit”, they’ll explore the identity of the victim, learning about their language patterns, who their friends are, and so on. Then they’ll send messages or start chats with their victim’s friends, claiming to be their victim, and claim some kind of crisis. They’ll often ask to borrow money that needs to be wired to them promptly. And then they’ll disappear.

In this interconnected world, it’s important that your passwords are good not only for your benefit, but for your friends too. So if you’re guilty of any of the “password crimes” above – if you have passwords that are short (under 8 characters), simple (don’t use a mixture of cases and include numbers), predictable (using dictionary words, names, dates, etc.: even if they include a number), or re-used (used in more than one place or for more than one site) – change your passwords today.

Here’s some resources to help you do it:

  • WikiHow’s guide to choosing secure passwords.
  • PCTools’ great random password generator.
  • The top 500 worst passwords of all time – if yours is in here, it’s probably already been compromised.
  • SuperGenPass – a very good way to use a strong, unique password for every website without having to remember multiple passwords. Free.
  • KeePass – a great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free.
  • LastPass – another great way to use a strong, unique password for every site and service without having to remember multiple passwords. Free (or cheap, for the premium version).

IE6 Countdown

Microsoft recently tweeted“It’s not often that we encourage you to stop using one of our products, but for IE6, we’ll make an exception”. This coincides with the launch of The Internet Explorer 6 Countdown, a website that tries to encourage people to drop this hideously old and awful browser in favour of better, modern, standards-compliant ones, thereby saving web developers heaps of work.

Internet Explorer 6 usage stats, from IE6 Countdown. I'm honestly shocked that the number is still as high as 12%. Where are they getting that from?

That’s not strictly true; they’re encouraging people to upgrade to Internet Explorer 8 and 9, presumably, which are still a little lacking in support for some modern web standards. But they’re a huge step forward, and everybody who’d like to stick with Internet Explorer should be encouraged to upgrade. There’s no excuse for still using IE6.

 

They’re even providing a tool to let you put a “Upgrade now, damnit!” banner on your website, visible only to IE6 users. It’s similar to the IE6Update tool, really, but has the benefit of actually being supported by the browser manufacturer. That has to count for something.

Will it make a difference? I don’t know. I’m frankly appalled that there are modern, high-tech countries that still have significant numbers of IE6 users: Japan counts over 10%, for example! We’re talking here about a ten year old web browser: a web browser that’s older than MySpace, older than Facebook, older than GMail, older than YouTube. Internet Explorer 6 was released into a world where Lord of the Rings that would take you a long time to read, rather than taking you a long time to watch. A world where in-car CD players still weren’t universal, and MP3 players were a rarity. Do you remember MiniDisc players? Internet Explorer 6 does. The World Trade Center? Those towers were still standing when Internet Explorer was released to the world. And if that’s making you think that 10 years is a long time, remember that in the fast-changing world of technology, it’s always even longer.

Just remember what Microsoft (now, at long last) says: Friends don’t let friends use Internet Explorer 6.

Article posted at UTC on .

No comments

Too Ruby

Ruby, a programming language of which I’m quite fond, is well-known for it’s readability and ease of comprehension, among about thirty-seven other wonderful features.

I rediscovered quite how readable the language is when I genuinely ended up writing the following method last week: 

# On saving, updates the #Shift counters if the #ExperienceLevel of this
# #Volunteer has been changed
def update_counters_if_experience_level_changed
  update_counters if experience_level_changed?
end

For the benefit of those of you who aren’t programmers, I’ll point out that which is obvious to those of us who are: the body of the method (that’s the line that’s indented) is almost identical to the method name (the line that starts with “def”).

This is the equivalent of going to WikiHow and looking up the article on, say, How to Make a Tie Dyed Cake, only to discover that the text of the article simply says, “Choose what colours you want, and then make a cake in those colours”… and you understand perfectly and go and make the cake, because you’ve got that good an understanding. In this metaphor, you’re the Ruby interpreter, by the way. And the cake is delicious.

Okay, I cheated a little: the experience_level_changed? method was provided for me by the Rails framework. And I had to write the update_counters method myself (although it, too, contains only one line of code in its body). But the point is still the same: writing Ruby, and thinking in a Rubyish way, produces beautifully readable, logical code.

×

Article posted at UTC on .

No comments

The Week of Balls

Early this week, I’ve spent quite a bit of time knee deep in the guts of Phusion Passenger (which remains one of the best deployment strategies for Rack applications, in my mind), trying to work out why a particular application I’d been working on wouldn’t deploy properly after a few upgrades and optimisations on the development server. Ultimately, I found the problem, but for a few hours there there I thought I was losing my mind.

This lunchtime, I decided to pull out all of my instant messenger logs (being out of the office, my co-workers at SmartData and I do a lot of talking via an IM system). I’d had a hunch that, so far this week, “balls” would be amongst my most-frequently typed words, chiefly uttered as yet another hypothesis about why the development server wasn’t behaving itself was blown out of the water. A few regular expressions (to strip it down to just the words I typed) and a run through a word-counter, and I had some results!

Here’s my top words of the work week so far:

Position Word(s)
1 – 18 the, to, I, a, it, that, of, in, and, on, but, have, what, is, you, just, so, for
Positions 1 through 18 contain some of the most-common conjunctions and pronouns that I use on a day-to-day basis, as well as some common verbs. Nothing surprising there. So far, so good.
19 Rails
Between the projects I’ve been involved with and those my colleagues are working on, there’s been a lot of discussion about (Ruby on) Rails around the office so far this week.
20 IPN, do
One of the projects I’ve been working on this week has used a payment gateway with an Instant Payment Notification service, so it’s not surprising that “IPN” appeared in the top 20, too…
22 was, this
24 my, know, at
27 up, don’t
Over 50% of “don’t”s were immediately followed by “know”: Monday was one of those days.
29 I’m
30 yeah, be, [name of troublesome web app]
Not unexpectedly, the name of the project that caused so much confusion earlier this week came up more than a little.
33 there, one, if
36 we, see, problem, get balls, back, all
These seven words never all appeared in a sentence together, but I sort of wish that they had. There’s the key word – balls – apparently the joint 36th most-used word by me between Monday morning and Wednesday lunchtime.

Other common words this week so-far included “jQuery“, that great JavaScript library (there was some discussion about how we can best make use of the new features provided by version 1.5), “payment” (again; a lot of talk of payment processing, this week), “means” (mostly where I was explaining the results of my investigations into the troublesome server), “tried” (a disappointing-sounding word), “error” (I saw a few of those, to be sure!), and “somehow” (not a reassuring thing to catch yourself saying).

Also pretty common this week was “boiler”, as I explained to my workmates the saga of the boiler at my house, which broke down at the weekend, leaving us with no hot water nor heating until it was repaired on Tuesday. On the upside, I did get to poke around inside the boiler while the repairman was taking it to bits, and learned all kinds of fascinating things about the way that they work. So, a silver lining, there.

Bits of our boiler: the hip bone's connected to the... leg bone.

With the boiler fixed at home, and the development server fixed at work, it finally feels like this week’s turning into the right kind of week. But for a while there, it didn’t look certain!

×

Article posted at UTC on .

No comments

Free Deed Poll Generator

I talk a lot. If you don’t want to listen to me ramble, and you’re just looking for the free deed poll generator, click here.

After Claire and I changed our names back in 2007, I actually took the time to do a little research into deeds poll (or, more-specifically in this case, deeds of change of name). It turns out that we did it the wrong way. We paid a company to do all of the paperwork for us, and – while it wasn’t terribly expensive – but it wasn’t free, and “free” is exactly how much it ought to cost.

In the intervening years I’ve helped several friends to change their names via deeds poll (yes, “deeds poll” is the correct plural), and I’ve learned more and more about why the whole process should be simpler and cheaper than many people would have you believe.

A deed poll, by definition, is nothing more than a promise signed by one person (it’s not even a contract – it’s got little more weight than a New Year’s resolution), on paper which has straight edges. That’s what the word “poll” actually means: that the paper has straight edges. Why? Because back then, a contract would typically be cut into two on an irregular line, so that when the two halves came together it would be clear that they were originally part of the same document – an anti-forgery measure. A deed poll, because it’s signed only by one person, doesn’t need to be separated like this, and so it has straight edges.

The Charter of the Clerecía de Ledesma, a contract from 1252 - note the cut top edge where it originally joined to the "other half" of the contract.

That means that’s it’s perfectly legitimate for you to write, on the back of a napkin, “I have given up my name [former name] and have adopted for all purposes the name [new name]. Signed as a deed on [date] as [former name] and [new name]. Witnessed by [witnesses signature(s)].”

The problem comes when you send that napkin off to the Inland Revenue, or the DVLA, or the Passport Office, and they send it back and laugh. You see, it helps a hell of a lot if your deed poll looks sort-of official. You ought to put some work into making it look nice, because that makes a world of difference when you ask people to believe it. That’s not to say that they won’t laugh at you anyway – the Passport Office certainly laughed at me – but at least they’ll accept your name change if it has an air of authority and is covered with all of the most-relevant legalese.

Behind the dozens of scam artists who’ll charge you £10, £20, £30, or even more to produce you an “official” deed poll (tip: there’s no such thing), there are one or two “free” services, too. But even the best of these has problems: the site is riddled with advertisements, the document isn’t produced instantly, you’re limited in how many deed polls you can generate, and – perhaps worst of all – you have to give them your email address in order to get the password to open the documents they give you. What gives?

Generate free UK deeds of name change at freedeedpoll.org.uk.

So I’ve made my own. It’s completely free to use and it’s available at freedeedpoll.org.uk: so what are you waiting for – go and change your name! Oh, and it’s also open-source, so if you want to see how it works (or even make your own version), you can.

Why? Well: I don’t like feeling like I’ve been scammed out of money, so if I can help just one person change their name for free who might otherwise have been conned into paying for something that they didn’t need: well, then I’ve won. So change your name or help your friends and family to, on me, or just download my code and learn a little bit about Ruby, Sinatra, and Prawn (the technologies that power the site). What’re you waiting for?

×

Article posted at UTC on .

1 comment

Mobile One-Time-Passwords in Ruby

I recently came across the Mobile One-Time-Passwords project, which aims to make a free, secure alternative to commercial two-factor authentication systems (like SecurID). The thinking is pretty simple: virtually everybody now carries a mobile phone capable of running basic applications, so there’s no reason that such an application couldn’t provide the processing power to generate one-time-passwords based on a shared secret, a PIN number known only to the authenticating party and to the server, and the current date and time stamp.
Great! But it turns out that despite there being libraries to produce server-side implementations of the technology in PHP, Perl, and C, nobody had yet bothered to write one in that most marvelous of programming languages, Ruby.

Well, now I have. So if anybody’s got the urge to add one-time-password based security to their Rails or Sinatra app, or would like to write an MOTP client for their Ruby-capable smartphone: well, now you can.

Article posted at UTC on .

No comments

Copy-Pasting Passwords into Steam

Just want to know how to ‘fix’ Steam’s password field? Scroll down to “How to Fix It”

Steam & Security Theatre

You’re a smart guy. You’re not stupid about computer security. And that’s why you always make sure that you use a different password for every service you use, right? You might even use a different password for every account, even when you have different passwords on the same service. You know that there are really, really good reasons why it’s simply not good enough to, for example, have “high-security”, “general use” and “low security” passwords, and re-use each of them in several places. And if you don’t know that: well, take my word for it and I’ll explain it in detail later.

It’s no great hardship to have lots of long, complex, effectively-random passwords, these days. Tools like SuperGenPass, LastPass, and KeePass, among others, mean that nowadays it’s so easy to use a different password for every service that there’s no excuse not to. So you probably use one of those (or something similar), and everything’s great.
Except for that one application – Steam. I have Steam save my password on my desktop PC (by the time somebody steals my desktop PC and breaks into the encrypted partition on which my data files lie, I have bigger problems than somebody stealing my Just Cause 2 achievements), but it forgets the password every time that Ruth uses her Steam account on my computer. No problem, I think: I can easily copy-paste it from my password manager… nope: Steam won’t let you paste in to the password field.

What? If you ask Valve (Steam’s creators) about this, they’ll say that it’s a security feature, but that’s bullshit: it’s security theatre, at best. And at worst, it means that people like me are inclined to use less-secure passwords because it’s harder to memorize and to type out that a more-secure password would be.

How to Fix It

Well, obviously the best way to fix it would be to successfully persuade Valve that they’re being stupid: others are already trying that. But what would be nice in the meantime would be a workaround. So here is is:

  1. Edit Program FilesSteamPublicSteamLoginDialog.res (Program FilesSteamPublicSteamLoginDialog.res on 64-bit Windows, somewhere else entirely on a Mac) using your favourite text editor (or Notepad if you don’t have a favourite). Take a backup of the file if you’re worried you’ll break it.
  2. In the "PasswordEdit" section (starting at about line 42), you’ll see name/value pairs. Make sure that the following values are set thusly:
  • "tabPosition" "1"
  • "textHidden" "0"
  • style="TextEntry"

The next time you load Steam, you’ll be able to paste passwords into the password field. The passwords won’t be masked (i.e. you’ll see the actual passwords, rather than asterisks), but the dialog never loads with a password pre-populated anyway, so as long as you make sure that nobody’s looking over your shoulder while you type, you’re set!

Update: let’s face it, Valve’s security policies suck in other ways, too. Please read the tale of a friend-of-a-friend who’s desperate to change her Steam username.

Article posted at UTC on .

4 comments

They Say that Programmers Never Die

They just gosub without return. That is, of course, a joke (with all due apologies to those of you to whom it means nothing), but there’s a kernel of truth in the saying. In their own way, programmers are like authors or artists in that their work can easily outlive them, and their unique and distinct style can be found in their creations: and in that created by those that learn from or imitate them.

This morning I was working on some legacy Perl code that holds together a part of a client’s web site. In particular, I was refactoring the code that displays dates and times in an appropriate format, as part of an effort to simplify the code after fixing a bug that would, under some unusual conditions, use the “pm” suffix for morning times (e.g. 11pm, when it means 11am). Under normal circumstances this would have been a simpler job than it was, but this particular piece of software has been passed from developer to developer, and (until it came into my hands) I’m pretty sure that none of them took the time to understand what their predecessors had done. Several different stylistic and semantic styles are used in the code, and several different solutions are used for the same problem, depending on who was in charge at any given time. In short, the code’s a mess, but the client is on a tight budget and can generally only afford to pay for the minimum amount of work, and not for the sweeping overhaul that the system so badly needs.

I came across a particular line of code, today (evidence, perhaps, of a previous developer looking into a related issue to the one with which I was tasked):

$leu_something .= $hour . " - " . $amorpm;

Even without the developer’s name embedded within the variable name, I could have told you who wrote this code because of its distinct style. Even this single line has a defining appearance of its own, to the trained eye. To illustrate this, consider that the line could equally have been written in any of the following ways (among hundreds of others, without even looking at the optional space characters and interchangeable types of quotation marks used), and would have functioned identically:

  • $leu_something = $leu_something .= $hour . " - " . $amorpm;
  • $leu_something .= "${hour} - ${amorpm}";
  • $leu_something = join($leu_something, $hour, " - ", $amorpm);
  • $leu_something .= sprintf('%s - %s', $hour, $amorpm);

Some of these methods have specific advantages or disadvantages, but all have the exact same fundamental meaning meaning. However, even from a glance I could tell that this code belonged to the former developer named Leu (and not any of the other developers whose names I’ve seen in the project) because of the style in which he chose to write it.

Non-programmers often fail to understand why I describe programming as being as much an art as a science. The work of a programmer has been compared to the work of a poet, and I agree with this sentiment. Even merely on a superficial level, both computer code and poetry:

  • Can be good or bad (by consensus, or subjectively).
  • Attach significant importance to proper syntax and style (you need the right rhyming pattern in a limerick and the right number of brackets in a loop).
  • Express a concept through the artistic use of a language.
  • When used to express complex ideas, benefit from creative and sometimes out-of-the-box thinking.
  • Often lose value if they are literally translated to another language.

Not only that, program code can be beautiful. I’ve examined code before that’s made me smile, or laugh, or that has saddened me, or that has inspired me. I shan’t argue that it’s on a par with the standard of spoken-language poetry: but then, programming languages are not designed to appeal to the pathos, and are at a natural disadvantage. Sometimes the comments for a piece of code can in themselves carry a beauty, too: or they can serve simply to help the reader comprehend a piece of code, in the same way as one can sometimes find guidance in the interpretation of a poem from somebody else’s research.

However, it’s possible to say things with code that one simply can’t convey in the same way, using a spoken language. To prove this point, I’ve composed a short haiku in the medium of the Ruby programming language. For this purpose, I’m defining a haiku as a poem whose lines contain 5, 7, and 5 syllables, respectively. It’s an existentially nihilistic piece called Grind:

def grind(age = 0)
  die if age == 78
  grind(age + 1); end

Vocalised, it would be read as follows:

Def grind: age equals zero,
Die if age equals seventy-eight,
Grind (age plus one); end.

I enjoy the subtlety its use of recursion to reinforce the idea that every year of your life gives you a bigger burden to carry (and a larger amount of memory consumed). This subtlety does not adequately translate to a spoken language.

The line of code I showed you earlier, though, is neither interesting nor remarkable, in itself. What makes it interesting to me is that it persisted – until today, when I removed it – in this piece of software. The author, Leu, died several years ago. But there will exist software that he wrote, being read again and again by tireless machines on a daily basis, for years to come.

I wonder how long the code I write today will live.

Article posted at UTC on .

3 comments

The Worst Server Infection I’ve Ever Seen

With my day job at SmartData I’ve recently been doing some work for a client, transporting their data from the Microsoft SQL Server that back-ends their desktop application and converting it to a different schema on a different database for a new, web-based application. Because there’s quite a lot of data, the schema are quite different, and the data needs to be converted in a “smart” way: I’ve written a program to help with the task.

My program takes data from our client’s old server and moves it to their new server, making several alterations along the way.

Unfortunately, it’s  a slow process to move all of the data over. So, to test my program as I continue to develop it, I thought it might be useful if I could take a copy of the “live” database to somewhere more local (like my computer). This would remove the overhead of going through the Internet each time, and reduce the run time of the program significantly – an important consideration during its ongoing development.

Unfortunately, a quirk in the way that Microsoft SQL Server works is that the backup file I can make (ready to restore onto my computer) doesn’t appear on my computer, but appears on the old server. And I don’t have a means to get files off  the old server. Or do I? I have a username and password: I wonder if there are any other services running on the server to which I might have access. To find out, I use a program called Nmap to try to get a picture of what services are running on the server.

The results of running Nmap on the server. That’s a lot of open ports…

And that’s when I realised that something might be wrong. For those of you who aren’t inclined toward understanding the ins and outs of network security, the screenshot above should be considered to be more than a little alarming. There’s pretty obvious and clear signs that this computer is infected with Trinoo, NetBus, Back Orifice, and quite probably other malware. It’s almost certainly being used as part of denial of service attacks against other computers, and could well be stealing confidential information from our client’s server and the other computers on their network.

How have things gotten so out of control? I’m not sure. I’ve never seen such a rampant runaway set of infections on a server system before. Computers belonging to individuals, especially individuals inclined to installing BonziBuddy, Smiley Central/Cursor Mania, and so on, are often littered with malware, but one would hope that a server administrator might have a little more wisdom than to let unauthorised code run on a server for which they were responsible. At the very least, a Windows-based, Internet-accessible server ought to be running a strict firewall and antivirus software (virtually all antivirus software would have detected all three of the infections I’ve named above).

Just about  anybody can get onto the ‘net, these days, and I can just about forgive a regular Jo who says says, “I don’t know anything about computers; I just want to play FarmVille.” It’s disappointing when they end up inadvertently helping to send email advertising “$oft C1ALIS tabs” to the rest of us, and it’s upsetting when they get their credit card details stolen by a Nigerian, but it’s not so much their fault as the fault of the complexities they’re expected to understand in order to protect their new computer. But when somebody’s running a service (as our client is paying for, from a third-party company who’s “managing” their server for them), I’d really expect better.

The Bit for the “Regular Jo”

And if you are a “regular Jo” on a Windows PC and you care enough to want to check that you’re part of the solution and not part  of the problem, then you might be interested in a variety of free, trusted:

  • Anti-virus software (essential)
  • Adware/spyware removal tools (useful if you routinely install crap downloaded from the web), and
  • Firewall software (essential if you connect “directly” to the Internet, rather than via a “router”, or if you’re ever on networks on which you can’t trust the other network users – e.g. free wi-fi access points, shared Internet connections in student houses, etc.)

Edit: And don’t forget to regularly install your Windows Updates. Thanks to Gareth for the reminder that regular Jos should be encouraged to do this, too.

× ×

Article posted at UTC on .

2 comments

Favourite Firefox Four Feature FAIL!

I’ve been playing about with the beta of Firefox 4 for a little while now, and I wanted to tell you about a feature that I thought was absolutely amazing, until it turned out that it was a bug and they “fixed” it. This feature is made possible by a handful of other new tools that are coming into Firefox in this new version:

  1. App tabs. You’re now able to turn tabs into small tabs which sit at the left-hand side.
  2. Tab groups. You can “group” your tabs and display only a subset of them at once.

I run with a lot of tabs open most of the time. Not so many as Ruth, but a good number. These can be divided into three major categories: those related to my work with SmartData, those related to my work with Three Rings, and those related to my freelance work and my personal websurfing. Since an early beta of Firefox 4, I discovered that I could do this:

  1. Group all of my SmartData/Three Rings/personal tabs into tab groups, accordingly.
  2. This includes the webmail tab for each of them, which is kept as an App Tab – so my SmartData webmail is an app tab which is in the SmartData tab group, for example.
  3. Then – and here’s the awesome bit – a can switch between my tab groups just be clicking on the relevant app tab!

Time to do some SmartData work? I just click the SmartData webmail app tab and there’s my e-mail, and the rest of the non-app tabs transform magically into my work-related tabs: development versions of the sites I’m working on, relevant APIs, and so on. Time to clock off for lunch? I click on the personal webmail tab, look at my e-mail, and magically all of the other tabs are my personal ones – my RSS feeds, the forum threads I’m following, and so on. Doing some Three Rings work in the evening? I can click the Three Rings webmail tab and check my mail, and simultaneously the browser presents me with the Three Rings related tabs I was working on last, too. It was fabulous.

Firefox 4 app tabs

The other day, Firefox 4 beta 7 was released, and this functionality didn’t work any more. Now app tabs aren’t associated with particular tab groups any longer: they’re associated with all tab groups. This means:

  • I can’t use the app tabs to switch tab group, because they don’t belong to tab groups any more, and
  • I can’t fix this by making them into regular tabs, because then they won’t all be shown.

I’m painfully familiar about what happens when people treat a bug as a feature. Some years ago, a University Nightline were using a bug in Three Rings  as a feature, and were outraged when we “fixed” it. Eventually, we had to provide a workaround so that they could continue to use the buggy behaviour that they’d come to depend upon.

So please, Mozilla – help me out here and at least make an about:config option that I can switch on to make app tabs belong to specific tab groups again (but still be always visible). It was such an awesome feature, and it saddens me that you made it by mistake.

×

Article posted at UTC on .

1 comment

A Video Game Movie I’d See

Video game movies are notoriously bad, no matter how awesome the game that inspired them. Wing Commander took a classic video game series and completely ruined it. Doom was incredibly dull, even though it was based on one of the most popular game series that have ever exited. Prince of Persia: The Sands of Time had so much potential and the chance to draw from the multi-rebooted Prince of Persia video games, but in the end its only redeeming feature was that it co-starred Richard Coyle, whose earlier appearance in hit comedy series Coupling lead Ruth, JTA and I to rename the film after his character from that series, calling it The Legend of King Jeff, which would honestly have been a better film.

And let’s not forget the truly dire Street Fighter: The Movie, which ultimately lead to the short-lived arcade game Street Fighter: The Movie – The Game, attempting to cash in on the film before the developers realised that this wasn’t actually a very good idea. And it’s only the eighth-worst video game movie of all time, according to this video on GameTrailers. Let’s face it: video games don’t convert well to films.

That said, I’ve had an idea for a video game-inspired film that I think could really be good. Or, at least, so awful it’d be good.

Asteroids: The Movie

Don’t you dare tell me that you wouldn’t go to the cinema to see Asteroids: The Movie: CGI like this just has to be enjoyed on the big screen.

The plot is as follows: Earth governments have been secretly tracking an enormous asteroid for many years. Under the cover story of satellite launches, they’ve been firing nuclear weapons at long distances to try to destroy or deflect the mass, but all they’ve managed is to break it up into many hundreds of smaller (but still devastatingly-huge) rocks, many of which are still headed towards our planet.

We’re introduced to our main characters: a cocky ace fighter pilot who’s just been expelled from his wing group for being too cocky and ace, a young and immature geek who spends his life playing retro video games, and a love interest who spurns both of them and is probably employed by the shady government agency. Early in the film, she acts professionally and doesn’t approve of the other main characters’ respective aggressive self-confidence/childish behaviour, but eventually the three become closer as they work together (and probably save one another’s lives a few times).

Recruited for their various “talents” they’re recruited to pilot an experimental spaceship right out into the asteroid field and fire their cannons to destroy them. All is going well, but there are occasional sightings of fast-moving metallic objects around the edges of the field. These turn out to be aliens (in flying saucer like spaceships) who had originally propelled the enormous rock towards Earth in an effort to wipe out humankind, who they – as a result of their warlike culture – perceive as a threat to their galactic dominance. Earth has been on the brink of cracking faster-than-light travel for a while now, as evidenced by secret test flights of the ships which preceded the vessel used in the movie, and this makes the aliens twitchy.

There’s a fight, and it momentarily looks like the aliens stand to destroy the human ship. “This isn’t a video game: we don’t get extra lives!” shouts the love interest character, at one point. “No,” agrees the geek, “But we do have this…” He engages the highly-experimental “hyperspace jump drive” and the ship disappears just seconds before the alien missiles destroy it.

While drifting in hyperspace, the crew find evidence of the aliens’ culture and history, and the other planets they’ve destroyed. They also discover a possible weakness. They’re just beginning to understand what they have to do when they reappear in normal space, apparently only a split second after they disappeared. The chase is on as the aliens pursue the humans through the asteroid field in an exciting chase scene. Finally, the humans discover what they need to do to penetrate the alien shields, and fire upon them. They rush away as the alien ship explodes, vapourising the remaining asteroids as it goes.

The crew return to Earth as heroes.

Now: isn’t that at least as good as whatever Hollywood would come up with? And it’d certainly be far better than the Super Mario Brothers movie.

Hmm. Further research indicates that this might be already going to happen

×

Article posted at UTC on .

2 comments

Parsing XML as JSON

This morning, I got an instant message from a programmer who’s getting deeply into their Ajax recently. The conversation went something like this (I paraphrase and dramatise at least a little):

Morning! I need to manipulate a JSON feed so that [this JSON parser] will recognise it.

Here’s what I get out of the JSON feed right now: 

<?xml version="1.0" encoding="UTF-8"?>
<module-slots type="array">
  <module-slot>
    <title>Module3</title>
    ...

“Umm…” I began, not quite sure how to break this news, “That’s XML, not JSON.”

“Is that a problem?” comes the reply.

Article posted at UTC on .

No comments

Civilization V Release Day

For those of you in the USA, at least, today is the release day for the much-anticipated Sid Meier’s Civilization V. With the promise that this will be the most groundbreaking Civ game since Civilization II, I’ve managed to acquire a leaked screenshot of the very first thing that players will see when they launch Civilization V for the first time:


With apologies to those of you who haven’t had the experiences to find this funny.

×

Article posted at UTC on .

6 comments

The Modern Programmer’s Dictionary

In the field of  software development, there’s always something new to learn. Whether it’s a new language, framework, API or methodology, your need to study is never through – even if you’re a FORTRAN developer. But one of the more esoteric areas of your education will come in the form of the language programmers use, and I don’t mean programming languages.

And so I present to you a dictionary of modern programmer language (much of it shamelessly lifted from a discussion on Stack Overflow):

Ajah

Ajax, but returning HTML rather than XML (e.g. using jQuery‘s $.load method). Similarly, Ajaj, when you expect script to be returned (e.g. $.getScript).

Bicrement

Adding 2 to a number.

Boolean Zen

A principle of programming lacked by those who perform expressions to compare variables to boolean constants. For example, if (userHasLoggedIn == true) lacks Boolean Zen, because the == true at best does nothing at all, and at worst results in an unnecessary evaluation.

Classtrophobia

When someone chooses not to use the obvious object-oriented approach when it is available.

Common Law Feature

A bug in some software which has existed so long that it has begun to be depended upon by the users, who will complain loudly when it is “fixed”.

Doctype Decoration

In web development, the practice of putting a Doctype Declaration (e.g. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">) into the document despite not actually writing standards-compliant code. Often accompanied by putting a “Valid HTML & CSS” link on the site, but never actually checking that the site passes the validator’s test.

Egyptian Brackets

That style of coding which puts the opening brace { of a block on the same line as the expression (wrapped in parentheses) before it, e.g.:

if (expression){

So called because the ){ sort-of looks like a stereotypical ancient Egyptian pose, depending on your preferred coding font:

Floater

A bug that sits at the top of the bug tracking system, but nobody claims responsibility for it. Everybody just works around it.

Flock of Geese Code

A block of deeply-nested and heavily-indented code forming a tight V-shaped wedge. Often occurs when adding functionality to a complex block of evaluations, by a developer who hasn’t noticed that perhaps a return statement, exception-handling, the && operator or even a goto statement might be more appropriate! Especially poignant when using a bracketed-block language, where you’ll see a string of closing braces flying away at the end of the code.

Hi-Driven Development

A variety of printf-debugging where you pepper your code with alert('hi'); in order to find out where it’s going wrong, rather than breaking out a proper debugger. Other acceptable string literals include “hello”, “here”, “xyzzy”, etc.

Higgs-Bugson

A bug that you believe to exist based on sparse log data and theoretical examination, but you have no evidence to support the idea that it has ever actually been observed, except perhaps vague anecdotal evidence from users.

Hindenbug

A catastrophic bug resulting in a devastating loss (typically of data). “Oh, the humanity!”

headlessCamels

CamelCase words lacking a leading capital letter, as required or recommended for various languages, frameworks, and styles. As opposed to ProudCamels.

Heisenbug

First noticed on Usenet in the 80s, but still awesome: a bug that defies investigation because, during debugging (when you’re observing it), it behaves differently.

Hydra Code

Code so bug-riddled that killing one problem results in two more in it’s place, like the mythological Lernaean Hydra‘s many heads.

IRQed

Interrupted while you were trying to program. Not necessarily by somebody with an actual flag.

Loch Ness Monster Bug

An important bug, if ever it could be proven to exist. Only ever observed once or twice by users who were unable to back up or reproduce their claims. These users often go on to swear by the existence of the bug, blaming it for all kinds of unusual phenomena even in completely unrelated systems for years to come.

Ninja Comments

Comments which are so stealthy that you can’t see them at all. It’s almost as if the code weren’t documented at all!

NOPping

Like napping, but what programmers do while they’re downtiming while waiting for a computer to finish a task. Based on the NOOP or NOP operation found in many low-level languages.

NP Hilarious

An algorithm whose complexity is a joke, whether deliberately (e.g. Bogosort, but not Quantum Bogosort) or not.

Object Oriented Pasta

Spaghetti code wrapped up into classes to look like proper object-oriented code. Also Ravioli.

Pokémon Exception Handling

For when you positively, absolutely, “gotta catch ’em all.” I’m talking about hideous code like this:

try {
MessageBox.Show(message);
} catch(Exception exc) {
MessageBox.Show(exc.Message);
}

See also Try, Catch, Forget.

Refucktoring

As defined by Jason Gorman: refactoring code in such a way that you are now the only person capable of maintaining it. E.g. stripping all comments and whitespace from an arcane bit of code that you wrote in order to give yourself the illusion of being indispensable. Results in Mortgage Code (code which pays your mortgage because you can’t be fired while it exists).

Rubberducking

Sometimes you’re working on a problem and what you really need to do to solve it is to talk through the problem with somebody else. The other person doesn’t even need to be a developer: often, they don’t even need to listen – they just need to be there while you talk your way to your own solution. So much so, that they might as well be replaced with a rubber duck, sat atop your monitor. A name come up with by a programmer who apparently actually did this.

Scar Tissue

Commented-out blocks of old code, after refactoring, that have been checked in to the main codebase.

Shrug Report

A bug report which contains no reproducible information whatsoever, or is so unclear as to be ambiguous. Often contains phrases like “doesn’t work”, or doesn’t show how the anticipated behaviour differs from that observed (e.g. “when I click the print icon, the document is printed onto A4 paper from the feeder tray of the printer”).

Smug Report

A bug report submitted by a user who acts as if they know more about the system than the developer does.

Stringly-Typed

Use of strings for all kinds of inappropriate variables, like strings containing the words “true” and “false” for use in comparisons (not helped by the fact that some languages, like PHP, will let you get away with boolean comparisons on these). Also common among inexperience database developers, who’ll make an entire database of VARCHARs because they’re then able to store whatever they want in there, right?

Troolian Logic

Using a boolean variable to deliberately hold three states of information: true, false, and null. Often requires the use of the === operator to function properly.

Try, Catch, Forget

An exception handling strategy based purely on catching exceptions and then doing nothing with them. In other words, telling your program “if something goes wrong… carry on anyway!” Sometimes also seen as a Trynally – a block of code with a try and a finally block, but no catch blog at all. See also Pokémon Exception Handling.

Unicorny

Adjective used to describe a requested feature that’s so early in the planning stages it might as well be imaginary. Used by Yehuda Katz to describe some of Rails‘ upcoming features.

Yoda Conditions

Expressions that test for (literal == variable) rather than the more-common (variable == literal). The former is preferred by some programmers because it reduces the risk of accidentally using a single-equals rather than a double-equals (this mistake would produce a compiler error rather than simply misbehaving). So-called because it results in Yoda-like phraseology (e.g. “has no errors, the form does”).

×

Article posted at UTC on .

1 comment