How To Sell May Ball Tickets

Every year the Students Union here in Aberystwyth puts on the May Ball, an excuse to dress up and party if ever I saw one, for students. For the last few years this has been held on-campus, in the Arts Centre, Students Union, and the concourse in-between the two. Live music and shows, dancing, and a fairground… and hundreds of students in ball gowns and tuxedos… Since the event had been moved “on campus” there have been less tickets available than ever, and demand grows steadily higher. As a result, students queue for hours to get their tickets.

This year, tickets began to be served at 10am, but the queue was 270 people long by forming by midnight: yes, people were willing to stand, all night, for ten hours, to be first in a queue for May Ball tickets. The Students Union have, of course, monopolised on the situation and will be selling drinks to the people queuing. Hey; let’s charge them twice.

Another recent problem has been that of ticket touting. Tickets sell for under £40, but can be re-sold to those desperate to go for as much as £100. Last year, the Students Union would not allow more than 8 tickets to be bought in a single transaction (and with queues so long, there’s no chance of queuing again), but that still meant that sly touts could easily earn up to £480 for a few hours work. This year, only four tickets can be bought by any single person, but this simply resulted in a longer queue, sooner, and I don’t think it’ll stop touting (if I was going to the May Ball, and therefore needed to queue anyway, I would buy my full allotted four tickets, regardless of how many people I was actually purchasing tickets for… and I know of dozens of others who follow this methodology every year, meaning that even as demand goes up, the touts take an even larger share of the profits).

Thankfully, I’ve been to the May Ball once and I’ll happily get by without ever going again. But I got to thinking, having seen the lunacy in those students who’ve spent all of this morning and all of last night queueing, that this isn’t the best way to be arranging this event…

A Better Way

Mockup showing how the May Ball site SHOULD work.

Here’s how it should be done. All the tickets should be sold online, by the Students Union. If you want to buy tickets, you connect to their web site and fill in the following details:

  • Your university user name – this ensures that your ticket is ‘reserved’ for you, and that you cannot buy multiple tickets.
  • The number and type of tickets you want to buy – only two tickets maximum per person.
  • How you’d like to pay and obtain the tickets: you can pay online (and have them posted to you) or you can collect them from the union building for up to a week afterwards and pay in cash.

An e-mail is sent to your university e-mail address to confirm that it really was you who ordered the tickets (and not somebody ordering in your name). If this is not replied to within 24 hours (as will be explained in the e-mail), the order is cancelled. The tickets (which are posted to you or collected from the union) are printed with “Your Name”, and “Guest of Your Name”, eliminating the risk of touting (assuming that reasonable checks are made by security at the gate – just checking the identity of every fifth person in would act as sufficient deterrent to those who would like to go to the ball using a ticket in somebody else’s name).

The e-mail confirmation also gives people a chance to change their mind: if their friends, who they wanted to go with, were unable to get tickets before they all sold out, for example, they would know about it and be able to cancel their order. But it would also ensure the identity of the purchaser without requiring them to pass their password over the network. Students collecting tickets from the union would have to produce photo ID.

Those tickets remaining unsold after the web server is hammered by requests for tickets (for example, those cancelled or released later) would all be sold in a “second wave” (which would be announced in advance).

It is terribly unfair for the union to make students stand out in the cold and the rain, without sleep, to get tickets to an event; it could even be argued as discriminatory (whereas the University ensures that all students have the capacity and tools to use an internet connection). There would be no queues, no touts, and no unfairness. There would be no fights for the limited amount of cash in the on-campus cashpoints. The union would save money in ticket salespeople and policing the queue. And a system like this could be implemented for them for a sum of money that could be measured in the hundreds, not the thousands, of pounds. Hell; I will quote them for it, if they ask: I’ve already knocked up a prototype. Why not send a message to the May Ball organisers and tell them what a good idea it would be, particularly if it would make the difference to you, personally, about going to the May Ball.

They still won’t listen.

×

GMail Accounts

People have asked me for GMail invites again, but one of these people’s @aber.ac.uk e-mail address doesn’t seem to be working, says GMail, so here are some “ready to pick up”:

Get ’em while they’re hot. If one doesn’t work, try another. If they all don’t work, leave a comment (and pull your finger out next time).

Google Wants Your DIY Porn Videos

Got home videos? Send them to Google! That’s the message that Google co-founder Larry Page is trying to put out.

In anticipation of launching a “video search” system, Google wants a stack of material on which they can test their “video spider” – a program which will hunt for keywords (spoken, or on-screen) in video material, so that it’s searchable in much the same way as web pages already are.

Fucking weird.

Ceefax On Scatmania

Do you remember Ceefax, that wonderful service from the BBC that seemed so cool until you discovered the internet? Well I do. And so does a Dutch consultant who set up a system, on the web, for searching Ceefax pages.

Well; in any case; I thought that his site was fun (in a nostalgic kind-of way) but hard-to-navigate, so I’ve developed a sensible front-end that’s far more reminiscent of the way Ceefax works: Ceefax Browser On Scatmania. Give it a go.

Physical Device Fingerprinting Over TCP

A PhD student in San Deigo has written a fascinating paper which will spook internet anonymity freaks – Remote Physical Device Fingerprinting – which describes how a physical computer can be uniquely identified on the internet, regardless of operating system, IP address, or data sent, just by looking carefully at it’s TCP packets (which contain the data for a large amount – perhaps a majority – of the internet’s traffic, including all web and e-mail traffic).

The technique works by observing the deviation in the timestamps sent (in accordance with the widely-adopted RFC 1323: TCP Extensions for High Performance, specified back in 1992). Each computer’s hardware clock is made from a separate piece of quartz, and each quartz crystal is unique in it’s imperfections. By measuring these imperfections across the internet, it’s possible (with enough sample data) to identify a computer individually, which has implications both good (computer forensics) and bad (anonymity).

The paper itself [PDF] is well worth reading. And, for those that are paranoid about their anonymity online, here’s how to “turn off” this feature of TCP for Windows 2000, Windows XP, and Linux:

  • Windows 2000/XP – Run RegEdit; navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters; add (or edit, if already present) the DWORD “Tcp1323Opts” to 1. This disables TCP timestamps, but leaves Window Scaling (a really useful TCP/IP enhancement) enabled.
  • Linuxecho 0 > /proc/sys/net/ipv4/tcp_timestamps

Of course, the absence of timestamps from your machine may, if you’re in a small enough sample group, single you out even more, but at least you’re not globally unique any more; which from an anonymity perspective is a really good thing.

Opera 8’s Solution To IDN Exploit

I’m sure you’ve all seen the recent Internationalized Domain Name exploit, which affects most web browsers (except for Internet Explorer – shocker! – because it doesn’t yet have the power to support internationalized domain names): if you haven’t, why not visit paypal.com – looks just like the real thing; doesn’t it: the browser bar says you’re at PayPal’s real site, but you’re not. That first ‘a’ in the name is an international character (actually the letter ‘a’ from the Cyrillic character set, which is just slightly different from a Western ‘a’, if you look closely. Of course, this leads to potentially thousands of dangerous phishing exploits, tricking users into exposing their bank account details to random Nigerians.

Opera, makers of a stunning web browser that I’m not quite sure I should be abandoning yet, have announced their solution to this problem (which isn’t actually a web browser problem at all, but a specification problem): IDN domain names from outside of places which are expected to need then (e.g. dot-jp, etc.) will be displayed longhand, and secure sites (https) will display their certificate holder’s name – longhand – alongside the domain name in the address bar.

Of course, unless you’re using Opera 8 beta, the only way to be sure you’re safe from this exploit is to manually type in every link you follow.

This Has GOT To Be Anti-Trust/FUD

This screenshot taken from Microsoft Anti-Spyware:

[screenshot removed – later turned out to be a fake]

Firefox Finally Appeals

As you may all know, I’m a die-hard supporter of the Opera web browser, despite many of my friends now claiming that Firefox is superior. I’ve been following the Mozilla project for a long while (haven’t we all), and on the many occasions I’ve tried Firefox (and it’s grandparents) I’ve always been unimpressed. It’s always been the little things that Opera did that kept me coming back to it, time and time again.

With the full release of Firefox 1.0 (download Firefox here), there’s been an explosion in the number of Firefox extensions that have become available, so I decided to try to find a combination of extensions that would at long last give Firefox the capabilities that always kept me coming back to Opera. The theory is – if I can find enough extensions to give me the functionality I need in a web browser (which Opera very-nearly perfectly provides) in Firefox, it’ll make a convert out of me. Here goes –

    • Mouse Gestures 1.0 – One of the great things about Opera is that it really pioneered mouse gestures (waving your cursor in strange patterns in order to facilitate shortcuts), and led the way for years thereafter. Mouse gestures are infectious – once you’ve used them and you get the hang of “doing things faster” (particularly mouse-intensive activities like web browsing), you end up trying to do it elsewhere – I’ve frequently used friends computers (with Internet Exploder, or similar) and tried to do a gesture before remembering that I can’t.The Mouse Gestures extension for Firefox is fully-featured and highly-configurable. I found the original settings a little unresponsive, and had to increase the “diagonal tolerance” (slippage permitted in a non-cardinal direction) to bring it back in line with the speed at which I execute gestures, and of course I’ve customised some of my own gestures. Apart from that, it’s wonderful.

Firefox Downloads Window In Sidebar

    • Download Manager Tweak 0.6.3 – One thing I loved about my customised Opera configuration was that pretty much everything not directly related to browsing – my RSS-feed subscriptions (that let me keep an eye on all my friends’ weblogs in realtime), my downloads, etc. – were set up to all appear in the wonderful “sidebar”: a non-invasive way of keeping information “to hand”. Firefox’s download windows are chunky and ugly, only a little better than the hideous ones provided by Internet Exploder. This plugin allows you to move the download window to the sidebar – a far more sensible place for it – and manage all your transfers from there.
    • Web Developer 0.8 and Nuke Anything 0.2 – As a web developer, I love the web developer tools in Opera. The ability to switch stylesheets, emulate other browsers, change and test content on the fly, and manipulate cookies is invaluable when debugging large, complex web projects. Combining these two excellent extensions gives me all of this, and more. The Web Developer tools can do things like manipulate form data on the fly, edit offline HTML and CSS on-the-fly, simulate different screen resolutions, and validate source code – it’s fantastic. Nuke Anything allows content to be ‘removed’ from the page: a great way of digging through complicated source code to find how a particular trick is being achieved.

Sage Extension For Firefox

  • Sage 1.3 – Now here’s a stunning piece of software. Thanks to Jon for suggesting this one.A great feature of Opera is it’s use as an RSS reader. RSS is a wonderful way to “subscribe” to news sources, weblogs, and the like, and be notified when they’re updated or even have the new content delivered directly to your desktop. It’s so good, that I rarely use Abnib or my friends page any more. Opera makes it easy to set up and manage your subscriptions, and delivers them in the way that suits you best.Now Firefox does natively support syndication, but it doesn’t do a very good job of it. It’s system – “Active Bookmarks”, relies on use of it’s bookmarks list, lots of scrolling, etc. Plus – and here’s the big problem – it doesn’t pass your browser cookies when picking up the feeds – this means that you can’t have it, for example, pick up restricted “friends only” feeds from your friends’ weblogs. Without this feature, there was no way I’d be leaving Opera behind.But Sage pulls it off. It pulls in the feeds and presents them in a brilliant way. It’s default options are a little weird, and it doesn’t support automatic “timed” feed collection, but it still does a great job of this newsfeed lark. I think everybody with Firefox should install Sage.
  • Session Saver – Simply put, this allows Firefox to remember what tabs you had open when it was last closed (even if it crashed or there was a power cut), and re-open them when you run it again, in a very Opera-esque way.
  • MiniT 0.4 – A pet annoyance, but one that would have really annoyed me, is the inability to re-order the tabs while using Firefox’s tabbed browsing. I mean: why wasn’t this included with the program? Most other programs that use the dynamic “document” tab metaphor allow the user to click-drag-reorder them, including my beloved Opera. But no, you need a plug-in like MiniT to do this. It’s good: not as “fluid” as Opera, but quite satisfactory.
  • TabBrowser Preferences 1.1.1 – It didn’t take long of playing with Firefox, particularly on the EasyNews web site, to find another thing which, to me, is a big problem. When people (very rudely) make hyperlinks that request to be opened in “a new window”, Firefox does exactly that: opens them in a new window, rather than in a new tab in the current window (fitting with the tabbed browsing metaphor). I tried a couple of plug-ins to prevent this from happening, but none of them worked consistently (for example, catching JavaScript pop-up windows and tabbing them, for example), as Opera does, until I found this lovely little extension. TabBrowser Preferences has all kind of options I don’t use, but for this one, which I do, it’s wonderful.
  • LastTab 1.1 – By this point, I had very few quirks left unsatisfied on my “web browser wish list”. One was that, in Opera, pressing CTRL-TAB takes you first to your most-recently used other tab, and then (if you keep pressing tab) through the others you have open. This makes sense to me, because you can then use CTRL-TAB as a two-tab “flicker” (like the “last channel” button on a TV remote): perfect for use as a “boss key” (if you don’t know, you don’t need to know). Satisfied.

This only leave one “big” niggle that still pisses me off – I can’t find a plug-in that will allow me to hold down a particular key (e.g. shift) and click on a tab, to close it (really useful for closing multiple tabs at once, after running and completing a multi-tab information seek). If anybody can suggest an extension that does this, let me know!

So; I guess I’m a Firefox convert. I knew it would happen someday, but I’m just surprised it happened so soon.

Freedom Sport And Surf

There’s a lesson here for any business with a web site:

I’m sure that you may be familiar with Freedom Sport & Surf, the sports goods shop on Alexandra Road (opposite the carpet shop formerly known as Rumbletums Cafe). Well; they had a website – FreedomSportAndSurf.com. But they let the domain name expire, and it’s been picked up by a porn site: take a look.

In any case, the owners of the store aren’t internet-savvy, and had completely forgotten they had a web site. Similarly, most of the staff weren’t aware of it, either, until a lady came in, recently, and informed the staff member at the counter they she thought it was “disgraceful” that the shop had “things like that” on it’s website, where “children could view it”.

Today, staff at the shop are frantically scrubbing the web address from their carrier bags. Hilarity.

More Geeky Fun – Hack Security Cameras

This was one of my most-popular articles in 2005. If you enjoyed it, you might also enjoy:

Here’s a giggle – somebody’s found a cleverly crafted Google search string that will reveal the (unprotected) web interfaces of a particular kind of Panasonic web-capable security camera. Just point a web browser at http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22, then select one of the cameras (you might have to try a few before you get a working one). If you get a motorised one, you can even remotely control it! Here’s some I found earlier:

Update 17th August 2011: fixed broken link to Panasonic website!

LiveJournal Sells

Following up yesterday’s rumours, it can now be seen that, officially, LiveJournal has been sold to SixApart. The details look pretty good – the service will remain much as-it-is, nobody will be ‘migrated’ to TypePad or MoveableType, and – better yet – LiveJournal might actually (finally) get some much-needed new features, such as trackback (which can be seen in effect right here, on my post yesterday – this post will be linked as a ‘trackback’ comment, because this post follows it up – with trackback, this kind of thing can be posted cross-journal, too).

Internet Explorer Exploit Of The Day

There’s yet another killer Internet Explorer bug out there, which is manifesting itself in the form of a new trojan, Phel.A. This one only affects Windows PCs updated with SP2 (the supposedly ‘safe’ people) and works by confusing the ‘trusted’ and ‘untrusted’ zones.

I always find reports like this interesting, so I’ve written an exploit of my own. If you’re still using Microsoft Internet Explorer, and you’d like to see why you shouldn’t be:

  1. Click here to look at a web page I’ve set up [update: link long-dead]. It looks kinda boring, I know, but – if you’re using Internet Explorer, it will slyly put a tiny application in your Startup group.
  2. Next time you log into Windows, the tiny application will download and install a bigger application.
  3. Next time after this that you log into Windows, the bigger application will run, and tell you why you shouldn’t be using Internet Explorer.

The information on how to use this exploit is easily available on the web. Before long, we’ll be seeing another wave of web sites that can install software on ant Internet Explorer users’ computer.

If you’re still using Internet Explorer, take a look at BrowseHappy.

ATOM Feed Of Your GMail Inbox?

Checking my GMail account this morning, I noticed an unusual icon in the lower-right corner of the browser window:

Atom feed icon showing in a web browser viewing GMail

It turns out that Google‘s GMail service seems to be testing an ATOM feed – a kind of syndication feed (similar to those used by weblogs and news sites – see Scatmania’s ATOM feed) that can be ‘subscribed’ to from your desktop computer.

Right now, the GMail feed looks pretty bare:

ATOM feed from GMail

Nonetheless, this is an interesting turn of events – didn’t Google recently say that no other automated mail checking tools were to be used except for their own GMail Notifier (sorry, can’t find a news story to link)? But now it looks like they’re working on developing a format by which anybody can ‘subscribe’ to their own inbox (although probably only using a web browser – the non-browser-based XML readers seem to have difficulty with cookies, which are likely to be required.

It’s all interesting.

×

Windows XP SP1 Honeypot Breached In 200 Seconds

The internet is becoming a scarier and scarier place.

In a recent “honeypot” study, a Windows XP computer with Service Pack 1 was infiltrated in just 200 seconds, without even opening a web browser.

For the less techie-minded, a “honeypot” study involves setting up a new PC with a new operating system (in this case, a Windows XP SP1 machine) and connecting it directly to the internet to see how it is attacked and to what end. In this case, all they did was connect said computer to the internet… and less than four minutes later, it had been compromised by an attacker. Within half an hour, it was receiving instructions to act as a bridge to attack other computers.

Four minutes isn’t long enough to download and install ZoneAlarm. It certainly isn’t long enough to install Service Pack 2. And all across the globe, newbie PC users are buying off-the-shelf computers with no firewall, taking them home, and connecting them to the internet, basically ‘volunteering’ their computers and their bandwidth to be zombies and attack others around the world, relay spam, or share their files with anybody, anywhere.

If anybody needs help securing their system, just give me a shout.