The message I see when I try to log in to Facebook. Sadly, I'm also prohibited from using Pidgin to connect to Facebook Chat, which is just about the only thing I use Facebook for
these days.
Okay, that’s not what that message actually says, but that’s how I chose to read it. It turns out that my name isn’t
real. I went through their forms to tell them that “no, really, this is my name”. They also asked me “what I use Facebook for”, to which I – of course – answered “chatting to friends
and stalking exes, same as everybody else – why, what do YOU use Facebook for?” But when I submitted the form, it just ran me back around in a circle back to where I started.
Also: Facebook! Is that exposed HTML code in your message? Dear me.
I’d be less frustrated if I didn’t just send them a copy of my driving license earlier this year, in order to prove that my name was really my name. I guess that the media
claims that Facebook keeps all of your information indefinitely aren’t true, and in actual fact they have the memory of a proverbial goldfish.
I’d be more frustrated if I actually used Facebook for anything more than pushing blog posts out to people who prefer to see them on Facebook, and occasionally chatting to people,
thanks to the wonderful pidgin-facebookchat plugin.
So on average, I suppose, I’m pretty indifferent. That’s the Facebook way.
Long ago, I used desktop RSS readers. I was only subscribed to my friends’ blogs back then anyway, so it didn’t matter that I could only read them from my home computer. But then RSS
feeds started appearing on news sites, and tech blogs started appearing about things related to my work. And smartphones took over the world, and I wanted to be able to synchronise my
reading list everywhere. There were a few different services that competed for my attention, but Google Reader was the best. It was simple, and fast, and easy, and it Just Worked in
that way that Google products often do.
I put up with the occasional changes to the user interface. Hey, it’s a beta, and it’s still the best thing out there. Hey, it’s free, what can you say? I put up with the fact that from
time to time, they changed the site in ways that were sometimes quite hostile to Opera, my web
browser of choice. I put up with the fact that it had difficulty with unsigned HTTPS certificates (it’s fine now) and that it didn’t provide a mechanism to authenticate against services
like LiveJournal (it still doesn’t). I even worked around the latter, releasing my own tool and updatingit a few times until LiveJournal blocked it (twice) and I had to instead recommend that
people switched to rival service FreeMyFeed.
The new Google Reader (with my annotations - click to embiggen). It sucks quite a lot.
I know that they’re ever-so-proud of the Google+ user interface, but rebranding all of the other services to look like
it just isn’t working. It’s great for Google+, not-bad for Search, bad for GMail (but at least you can turn it off!), and fucking awful for Reader. I like
distinct borders between my items. I don’t like big white spaces and buttons that eat up half the screen.
The sharing interface is completely broken. After a little while, I worked out that I still can share things with other people, but I can’t any longer see what other
people are sharing without clicking over to Google+. This sucks a lot. No longer can I keep track of which shared items I have and haven’t read, and no longer can I read the interesting
RSS feeds my friends have shared in the same place as I read (and share) my own.
So that’s the last straw. Today, I switched everything over to Tiny Tiny RSS.
Tiny Tiny RSS - it's simple, clean, and (in an understated way) beautiful.
Originally I felt that I was being pushed “away” from Google Reader, but the more I’ve played with it, the more I’ve realised that I’m being drawn “towards” Tiny Tiny, and wishing that
I’d made the switch further. The things that have really appealed are:
It’s self-hosted. Tiny Tiny RSS is a free, open-source solution that you host for yourself (or I suppose you can use a shared host; there are a few around). I know
that this is a downside to most people, but to me, it’s a serious selling point: now, I’m in control of what updates are applied, when, and if I don’t like the
functionality of a part of the system, I can change it – I’m in control.
It’s simple and clean. It’s got a great user interface, in an understated and simplistic way. It’s somewhat reminiscent of desktop email clients,
replacing the “stream of feeds” idea with a two- or three-pane view (your choice). That sounds like it’d be a downside, until you realise…
…with great keyboard controls. Tiny Tiny RSS is great for keyboard lovers like me. The default key-commands (which are of course customisable) are based on
Emacs, so if that’s your background then it’s easy to be right at home in minutes and browsing feeds faster than ever.
Plus: it’s got a stack of nice features. I’m loving the “fresh” filter, that helps me differentiate between the stuff I’ve “saved for later” reading and the
stuff that’s actually new and interesting. I’m also impressed by the integrated authentication, which removes my dependency on FreeMyFeed-like services and (because it’s self-hosted)
lets me keep my credentials securely under my own control. It supports authentication using SSL certificates, a beautiful and underused technology. It allows you to customise the
update frequency of your feeds, so I can stalk by friends’ blogs at lightning-quick rates and stall my weekly update subscriptions so they don’t get checked so frequently. And unlike
Google Reader, it actually tells me when feeds break, so I don’t just “get no updates” for a while before I think to check the site (and it’ll even let me change the
URLs when this happens, rather than unsubscribing and resubscribing).
Put simply: all of my major gripes with Google Reader over the last few years have been answered all at once in this wonderful little program. If people are interested in how I set up
Tiny Tiny RSS and and made the switchover as simple and painless as possible, I’ll write a blog post to talk you through it.
I’ve had just one problem: it’s not quite so tolerant of badly-formed XML as Google Reader. There’s one feed in my list which, it turns out, has (very) invalid XML in it’s
feed, that Google Reader managed to ignore and breeze over, but Tiny Tiny RSS chokes on. I’ve contacted the site owner to try to get it fixed, but if they don’t, I might have to hack
some code to try to make a workaround. Not ideal, and not something that everybody would necessarily want to deal with, so be aware!
If, like me, you’ve become dissatisfied by Google Reader this week, you might also like to look at rssLounge, the
other worthy candidate I considered as a replacement. I had a quick play but didn’t find it quite as suitable for my needs, but it might be to your taste: take a look.
The new sidebar, showing what I'm reading in my RSS reader lately.
Oh, and one more thing: if you used to “follow” me on Google Reader (or even if you didn’t) and you want to continue to subscribe to the stuff I “share”, then
you’ll want to subscribe to this new RSS feed of “my shared stuff”, instead: it can also be found syndicated in
the right-hand column of my blog.
Update:this guy’s made a
bookmarklet that makes the new Google Reader theme slightly less hideous. Doesn’t fix the other problems, though, but if you’re not quite pissed-off enough to jump ship, it
might make your experience more-bearable.
Update 2: others in the blogosphere are saying good things about Reader rival NewsBlur, which recently turned one year old. If you’re looking for a hosted service, rather than something “roll-your-own” like
Tiny Tiny RSS, perhaps it’s the tool for you?
From an elevated position in the exhibition room, I run a few tests of the technical infrastructure whilst other staff set up, below.
In particular, something I’ve been working on are the QR codes. This
experiment – very progressive for a sometimes old-fashioned establishment like the Bodleian – involves small two-dimensional barcodes being placed with the exhibits. The barcodes are
embedded with web addresses for each exhibit’s page on the exhibition website. Visitors who scan them – using a tablet computer, smartphone, or whatever – are directed to a web page
where they can learn more about the item in front of them and can there discuss it with other visitors or can “vote” on it: another exciting new feature in this exhibition is that we’re
trying quite hard to engage academics and the public in debate about the nature of “treasures”: what is a treasure?
A QR code in place at the Treasures of the Bodleian exhibition.
In order to improve the perceived “connection” between the QR code and the objects, to try to encourage visitors to scan the codes despite perhaps having little or no instruction, we
opted to embed images in the QR codes relating to the objects they related to. By cranking up the error-correction level of a QR code, it’s possible to “damage” them quite significantly and still have them scan perfectly well.
One of my “damaged” QR codes. This one corresponds to The Laxton Map, a 17th Century map of common farming land near Newark on Trent.
We hope that the visual association between each artefact and its QR code will help to make it clear that the code is related to the item (and isn’t, for example, some kind of asset tag
for the display case or something). We’re going to be monitoring usage of the codes, so hopefully we’ll get some meaningful results that could be valuable for future exhibitions: or for
other libraries and museums.
Rolling Your Own
If you’re interested in making your own QR codes with artistic embellishment (and I’m sure a graphic designer could do a far better job than I did!), here’s my approach:
I used Google Infographics (part of Chart Tools) to produce my QR codes. It’s fast, free,
simple, and – crucially – allows control over the level of error correction used in the resulting code. Here’s a sample URL to generate the QR code above:
500×500 is the size of the QR code. I was ultimately producing 5cm codes because our experiments showed that this was about the right size
for our exhibition cabinets, the distance from which people would be scanning them, etc. For laziness, then, I produced codes 500 pixels square at a resolution of 100 pixels per
centimetre.
H specifies that we want to have an error-correction level of 30%, the maximum possible. In theory, at least, this allows us to do the maximum
amount of “damage” to our QR code, by manipulating it, and still have it work; you could try lower levels if you wanted, and possibly get less-complex-looking codes.
0 is the width of the border around the QR code. I didn’t want a border (as I was going to manipulate the code in Photoshop anyway), so I use
a width of 0.
The URL – HTTP://TREASURES.BODLEIAN.OX.AC.UK/T7 – is presented entirely in capitals. This is because capital letters use fewer bits
when encoded as QR codes. “http” and domain names are case-insensitive anyway, and we selected our QR code path names to be in capitals. We also shortened the URL as far as possible:
owing to some complicated technical and political limitations, we weren’t able to lean on URL-shortening services like bit.ly, so we had to roll our own. In
hindsight, it’d have been nice to have set up the subdomain “t.bodleian.ox.ac.uk”, but this wasn’t possible within the time available. Remember: the shorter the web address, the simpler
the code, and simpler codes are easier and faster to read.
Our short URLs redirect to the actual web pages of each exhibit, along with an identifying token that gets picked up by Google Analytics to track how widely the QR codes are being used (and which ones are most-popular amongst visitors).
By now, you’ll have a QR code that looks a little like this.
Load that code up in Photoshop, along with the image you’d like to superimpose into it. Many of the images I’ve had to work with are disturbingly “square”, so I’ve simply taken
them, given them a white or black border (depending on whether they’re dark or light-coloured). With others, though, I’ve been able to cut around some of the more-attractive parts of
the image in order to produce something with a nicer shape to it. In any case, put your image in as a layer on top of your QR code.
Move the image around until you have something that’s aesthetically-appealing. With most of my square images, I’ve just plonked them in the middle and resized them to cover a whole
number of “squares” of the QR code. With the unusually-shaped ones, I’ve positioned them such that they fit in with the pattern of the QR code, somewhat, then I’ve inserted another
layer in-between the two and used it to “white out” the QR codes squares that intersect with my image, giving a jagged, “cut out” feel.
Test! Scan the QR code from your screen, and again later from paper, to make sure that it’s intact and functional. If it’s not, adjust your overlay so that it covers less of the QR
code. Test in a variety of devices. In theory, it should be possible to calculate how much damage you can cause to a QR code before it stops working (and where it’s safe to cause the
damage), but in practice it’s faster to use trial-and-error. After a while, you get a knack for it, and you almost feel as though you can see where you need to put the images so that
they just-barely don’t break the codes. Good luck!
Another of my “damaged” QR codes. I’m reasonably pleased with this one.
Give it a go! Make some QR codes that represent your content (web addresses, text, vCards, or whatever) and embed your own images into them to make them stand out with a style of their
own.
In my review of my new HTC Sensation earlier this month, I tried to explain how
my new phone – with it’s swish and simple interface – didn’t feel quite… geeky enough for me. I picked up on the way that it’s process management works, but I’ve since
realised that this is only symptomatic of a deeper problem. This is entirely to do with the difference between traditional computers (of which my old N900 was one) and modern consumer-centric devices (which, inspired by the iPod/iPhone/iPad/etc.) try
to simplify things for the end-user and provide strong support for centralised repositories of pre-packaged “apps” for every conceivable purpose.
To take an example of the difference: my N900 ran Linux, and felt like it ran Linux. As a reasonably-sensible operating system, this meant that all of the applications on it
used pretty much the same low-level interfaces to do things. If I wanted, I could have installed (okay, okay – compiled) sshfs, and be reasonably confident that every application on my phone, whether it’s a media player or a geocaching application
or whatever, would use that new filesystem. I could store my geocaching .gpx files on an SSH-accessible server somewhere, and my phone could access them, and my geocaching
app wouldn’t know the difference because I’d have that level of control over the filesystem abstraction layer.
Similarly, if I installed a game which made use of Ogg Vorbis to store
its sound files, which therefore installed the Vorbis codecs, then I can expect that my media player software will also be able to make use of those codecs, because
they’ll be installed in the standard codec store. This kind of thing “just works”. Okay, okay: you know as well as I do that computers don’t always “just work”, but the principle is
there such that it can “just work”, even if it doesn’t always.
On these contemporary smartphones, like the iPhone, Android devices, and (I assume) modern BlackBerrys, the model is different: individual applications are sandboxed and packaged up
into neat little bundles with no dependencies outside of that provided by the platform. If you have two applications installed that both use sshfs, then they both have to
include (or implement) the relevant bundle! And having them installed doesn’t automatically give sshfs-like functionality to your other filesystem-accessing tools.
It’s not all bad, of course: this “new model” is great for helping non-technical users keep their devices secure, for example, and it means that there’s almost no risk of dependency hell. It’s very… easy. But I’m still not
sure it quite works: I’ll bet that 90% of users would install an application that demands dubious levels of permissions (and could, for example, be stealing their address book data for
sale to scammers) without even thinking about the risks, so the security benefits are somewhat nullified.
In summary:
Pros
Cons
Traditional-computing device (e.g. N900)
User actually “owns” device
Applications to be combined (e.g. pipes, automation, new middleware)
More secure (in theory) as platform exposes little
Centralised “app store”/”marketplace”
Potentially limiting for technical users
Only as secure as the user is savvy.
Centralised “app store” store can act as a “lock in”
Needless to say, the new model devices are winning, and already tablet computers powered by the very same platforms as the mobile phones are beginning to be seen as a simpler, easier
alternative to conventional laptops. It’s to be expected: most of today’s users don’t want a learning curve before they can use their smartphone: they just want to make some calls, play
Angry Birds a bit, keep up with their Facebook friends, and so on.
But I hope that there’ll always be room for a few folks like me: folks who want to tinker, want to play, want to hack code for no really benefit but their own pleasure… and without
having to shell out for a developer license in order to do so!
I’ve recently gotten a new phone – a HTC Sensation running
Android 2.3, and I thought I’d offer up a few thoughts on
it. But first…
Hang on: what was wrong with your old phone?
Well-remembered! You’re right, of course, that last year I got a Nokia N900, and that it was the
best mobile communications device I’d ever owned. I don’t care so much about a slim profile or an “app store”, but I do care about raw power and geeky hardware features, and the N900
delivers both of those in spades. I’ve had several phones that have, at the time, been the “best phone I’ve ever owned” – my 7110 and my N96 both also earned that distinction, whereas my 7610 and my C550 – the latter of which had only one redeeming feature – fell far short.
Nokia N900 with keyboard extended
Awesome though it is, with it’s beautiful hardware keyboard, mighty processor, FM receiver and transmitter, Bluetooth and IR, etc., and completely unlocked,
tamper-friendly architecture, the N900 suffers from one terrible, terrible flaw: for some reason, the engineers who built it decided to mount the Micro-B USB port (used for charging,
tethering, mounting etc. the phone) not to the hard plastic case, but to the fragile inner circuit board. Allow me to illustrate:
A cross-section of a Nokia N900, showing how the USB port is mounted directly to the circuit board, and doesn't touch the hard plastic case.
Why is this a problem? Well, as Katie explained to me at the New Earth housewarming party,
most of her other friends who’d had N900s had encountered a problem by now, whereby the USB cable used to charge the device eventually puts a strain on the connection between the port
and the board, tearing them apart. “Nope,” I told her, “I’ve never had any such problem with mine.”
A cross-section of a Nokia N900, showing the USB port snapped off by the USB cable.
Looks like I spoke too soon, because that very week, I managed to break my N900 in exactly this way. My theory: that girl is cursed. I shall be attempting to
exorcise the anti-technology demons in her the very next time I see her, possibly in some kind of ceremony involving high-voltage direct current. In any case, I found myself with a
phone that I couldn’t charge.
So you replaced it?
No, of course not. My N900 remains a fantastic palmtop and a great device. It’s just got a minor problem in that it’s no longer possible to charge or “hard”-tether it to anything any
more. The latter problem was an easy one to fix: a separate battery charger (I already carry a spare battery for it, so this was no hardship), bought for about £4 on eBay, made it easy
to keep the device rolling. The second problem’s not so much of an issue, because I tend to do all of my synchronisation by Bluetooth and WiFi anyway. But even if
these were an issue, it looks like a pretty
simple job to re-solder the USB port (and epoxy it to the case, as it should have been to begin with!). I might give it a go, some day, but my current soldering iron is a little big
and chunky for such fine and delicate work, and I’m a little out of practice, so I’ll save that project for another day.
The repairing of a Nokia N900 USB port
However, I’m a big believer in the idea that when the Universe wants you to have a new phone, it finds a fault with your current phone. Perhaps this is the geek equivalent of thinking
that “When God
closes a door, He opens a window”.
So: I’ve got myself a HTC Sensation, which narrowly beat the Sony Ericsson Xperia Arc after carefully weighing up the reviews. I’d always planned that I’d try an
Android device next, but I’d originally not expected to do so until Ice Cream Sandwich, later this year. But… when the Universe closes your USB Port, it
opens a Gingerbread shop… right?
The New Sensation
After a few difficulties relating to my name – it turns out that my mobile
phone network has recorded my name correctly in their database, and I can’t change it, but whenever I use their web-based checkout it asks me to enter a longer surname even though I
don’t have a surname field to change – I finally received my new phone.
HTC Sensation seen from the back, front, and side.
The first thing one notices about this phone is that it’s fast. Blindingly fast. I’ve used a variety of Android-powered HTC devices before, as well as other modern
touchscreen smartphones like the iPhone, and I’m yet to use anything that consistently ramps up high-end graphics and remains slick and responsive like this does. Its mighty dual-core
1.2GHz processor’s the cause of this, little doubt. I originally worried that battery life might be limited as a result – I don’t mind charging my phone every night, but I don’t want to
have to charge it during the day too! – but it’s actually been really good. Using WiFi, GPRS, GPS, playing videos, surfing the web, and other “everyday” tasks don’t put a dent in the
battery: I’ve only once seen it dip to under 10% battery remaining, and that was after 40 hours of typical use during a recent camping weekend (with no access to electricity).
It’s also been really well-designed from a usability perspective, too. Those familiar with Android would probably just start using it, but I’ve not had so much exposure to the platform
and was able to come to it with completely fresh eyes. Between Android 2.3 and HTC Sense 3, there’s a nice suite of “obvious” apps, and I didn’t have any difficulty synchronising my contacts, hooking
up my various email accounts, and so on. There are some really nice “smart” touches, like that the phone rings loudly if it thinks it’s in a bag or pocket, more quietly after you pick
it up, and silences the ringer completely if you pick it up from a table and flip it from face-up to face-down. These simple gestural touches are a really nice bit of user interface
design, and I appreciate the thought that’s gone into them.
Browsing movies for HD streaming on the HTC Sensation.
The Android Marketplace is reasonable, although I feel as though I’ve been spoiled. On the N900, if there was an application I needed, I usually already knew what it was and where I’d
find it: then I’d either apt-get it, or download the source and
compile it, right there on the device. For somebody who’s already perfectly confident at a *nix command-line, the N900 is fab, and it feels a little restrictive to have to
find equivalent apps in a closed-source environment. It’s not that the pricing is unreasonable – most of the applications I’ve wanted have been under a quid,
and all have been under £4 – it’s just that I know that there are FOSS alternatives that would have been easy to compile on my old device: I guess it’s just a transition.
On the other hand, the sheer volume of applications so-easily available as the Android Market is staggering. I’ve been filled with app ideas, but every idea I’ve had but one or
two already exist and are just waiting to be installed. It’s a little like being a kid in a candy store.
It’s also taking me quite some time to get used to the way that process management works on an Android device. On Android devices, like the iPhone/iPad, returning to the home screen
doesn’t (necessarily) close the application, but it might – that’s up to the developer. If it doesn’t, the application will probably be “paused” (unless it’s
a media player or it’s downloading or something, then it’ll likely keep going in the background). And when you re-launch the same application, it could be
simply unpausing, or perhaps it’s relaunching (in which case it may or may not restore its previous state, depending on the whim of the developer)… You see
all of the keywords there: might, probably, likely, could, perhaps. Great for most users, who don’t want to have to
think about what their phone is doing in the background, but it feels like a step backwards to me: I’m used to being able to ALT-TAB between
my currently-running applications, to know what’s running, when (and I can always use top and find out exactly what resources a process is eating). Putting all of this process management into the hands of
developers feels to me like giving up control of my device, and it’s a challenging change to undergo. Yes: despite the openness of the platform, Android feels just
a little out of my control compared to what I’m used to.
Hacker's Keyboard, my preferred keyboard layout for SSH, etc.
Switching from a physical to a virtual keyboard for the first time is a significant change, too, and it’s slowed me down quite a lot, although applications like SwiftKey X – with its incredibly intelligent personalised predictions – and Hacker’s Keyboard – which gives me back some of the keys I was “missing” – have helped to ease the
transition a lot.
In summary: the HTC Sensation seems to be a fantastic device, and I’m really enjoying using it. I’ve got a few niggles to contend with, but these are all things that were destined to
catch me out upon switching away from a platform as open as the N900, and they’re not severe enough to make me give up and get an N950 instead: I’m reasonably confident that I’ll come
to love the Sensation and we’ll go on to be very happy together.
But will it become my latest “best phone ever”? Time will tell, I guess.
On this day in 2003, I first launched this weblog! That means it’s eight years old
today! I’d bought the scatmania.org domain name some time earlier with the intention of setting up a vanity site separately from my sub-site on the avangel.com domain, during a rush on
cheap domain names perpetrated by some of the friends I’d lived with in Penbryn, but never found a significant use for it until this day. It was at about the same time that I first set up (the
long-defunct) penbryn-hall.co.uk, a parody of Penbryn’s website launched as an April Fools joke against the hall, which eventually got me into some trouble with the management committee
of the halls. Some friends and I had made it a tradition of ours to play pranks around the residence: our most famous one was probably 2003’s joke, in which we made a legitimate room inspection out to be an April Fools joke,
with significant success.
scatmania.org in August 2003. The theme is simplistic, and the blog itself is powered by a custom-built PHP engine back-ending onto a stack of flat files. It worked, just about, but
it wasn’t great.
In my initial blog post, I took care to point out that this wasn’t by any stretch of the imagination my first foray into blogging. In actual fact, I’d run a weblog, The Åvatar
Diary, for a few years back in college: a few fragments of this still exist and are
archived here, too. I suppose that this means that, ignoring the occasional gap, I’ve been blogging for almost thirteen years. The Åvatar Diary died after an incident with a rather
creepy stalker: remember that this was in 1999, back in the day when Creepy Internet Stalkers were still new and exciting, and I panicked slightly and shut the Diary down
after my stalker turned up in person somewhere that I’d hinted that I might be in a post.
I didn’t mention the new site
launch, to begin with, hoping that folks might just “pick up on it” having re-appeared (I’d been promising to launch something at that domain for ages). Later, I launched Abnib, in an attempt to unite the LiveJournal users with whom I associated with those of
us who hosted our own blogs. Abnib still runs, after a fashion, although I’m likely to let it die a natural
death as soon as it wants to.
scatmania.org in November 2005. The site looked a lot more professional by now, and was beginning to sport the thick blue header that was it’s hallmark all the way up to 2010.
Looking Forward
So here I am, eight years later, still blogging on the same domain. The frequency with which I write has waxed and waned over the years, but I still find that it’s just about the best
way for me to keep in touch with my friends and to keep them posted about what’s going on in my life: it’s unintrusive and can be dipped in and out of, it’s accessible to everybody, and
– because I host it on my own domain – it’s under my control. That’s a million points in its favour over, say, Facebook, and it’s nice to know that it’ll exist for exactly as long as I
want it to.
A recent screenshot of scatmania.org. Whoah: this has all gone a bit recursive.
It also provides a great “starting point” by which people find me. Google for me by name or by many of the aliases I go by and you’ll find this site, which I think is just great: if
people are trying to find me online I’m happiest knowing that the first pages they’ll get to are pages that I control, and on which I write what I want to: I’ll bet U.S. Senator
Rick Santorum wishes that he had that.
I enjoy blogging about geeky stuff that interests me, things that are going on in my life, and my occasional and random thoughts about life, the universe, and everything (with a
particular focus on technology and relationships). It’s put me in contact with some strange people – from pizza delivery guys who used to bring me food on Troma Nights back in Aber to
crazy Internet stalkers and confused Indian programmers – and it’s helped me keep in touch with the people closest to me. And because I’m a nostalgic beast, as this and similar posts
show, it’s a great excuse to back-link my way down memory lane from time to time, too.
This blog post is part of the On This Day series, in which Dan periodically looks back on years gone
by.
This week, I was reading the new EU legislation [PDF]
which relates to, among other things, the way that websites are allowed to use HTTP cookies (and similar technologies) to track their users. The Information Commissioner’s Office has released a statement to ask website owners to review
their processes in advance of the legislation coming into effect later this month, but for those of you who like the big-print edition with pictures, here’s the short of it:
From 26th May, a website must not give you a cookie unless it’s either (a) an essential (and implied) part of the functionality of the site, or (b) you have opted-in to it.
This is a stark change from the previous “so long as you allow opt-outs, it’s okay” thinking of earlier legislation, and large organisations (you know, like the one I now work for) in particular are having to sit up and pay attention: after all, they’re the
ones that people are going to try to sue.
The legislation is surprisingly woolly on some quite important questions. Like… who has liability for ensuring that a user has opted-in to third-party cookies (e.g. Google Analytics)?
Is this up to the web site owner or to the third party? What about when a site represents companies both in and outside the EU? And so on.
Hey! I didn't opt-in to any of these cookies, Mr. Information Commissioner!
…not what I was looking for: just more circular and woolly thinking. But I did find that the ICO themselves does not comply with the guidance that they themselves give. Upon
arriving at their site – and having never been asked for my consent – I quickly found myself issued with five different cookies (with lifespans of up to two years!). I checked their
privacy policy, and found a mention of the Google Analytics cookie they use, but no indication about the others (presumably they’re not only “opt-out”, but also “secret”). What gives,
guys?
Honestly: I’m tempted to assume that only this guy has the right approach. I’m all in favour of better
cookie law, but can’t we wait until after the technological side (in web browsers) is implemented before we have to fix all of our websites? Personally, I
thought that P3P policies (remember when those were all the rage?) had a
lot of potential, properly-implemented, because they genuinely put the power into the hands of the users. The specification wasn’t perfect, but if it had have been, we
wouldn’t be in the mess we are now. Perhaps it’s time to dig it up, fix it, and then somehow explain it to the politicians.
After hearing about the recent purchase of
social bookmarking service del.icio.us by Chad Hurley and Steve
Chen, I remembered that once, long ago, I had a del.icio.us account. I decided to check if my account was still alive, so I trekked over to del.icio.us and took a look.
Delicious as it appears today.
The site’s changed quite a bit since I last used it. It took a while for me to remember what my password was (it was an old, old one, since before I started using passwords the right way). It also appeared that the site still knew
me by my former name (it really had been a while since I last logged in!), so I updated it with my new
name.
The next step was to change the password. I generated a random password:
#AOOZ*Qs9xsj6^bT@MtN4rq1!0FK&2
But when I went to change my password, it was rejected. Apparently it didn’t meet their security rules. What? That 30-character, randomly-generated password, containing uppercase
letters, lowercase letters, numbers, punctuation, and special characters… isn’t secure enough?
A little investigation (and some experimentation) later,
it turns out there’s a reason: my password must be insecure, because it contains my surname!
I have a single-character surname. That means that a 30-character password will (assuming a dictionary of 26 letters, 10 digits, and let’s say 20 special characters) have about a 40%
chance of being rejected on the grounds that it contains my surname. The longer my password is, the more likely it is to be rejected as insecure. My experiments
show that “abcdefghijklmnop” is considered by delicious to be more secure for my account password than, say, “@Ubj#JeqPACrgmSQKn9qRYMBM9nPOj”, on account of the fact that the latter
contains my surname.
Having found by coincidence a (minor, perhaps exploitable as part of a more-complex attack) security problem with the website of a major high street bank, one would think it would be
easier than it evidently is to get it reported and fixed. Several phone calls over a couple of days, and the threat of making a complaint about a representative if they didn’t escalate
me to somebody who’d actually understand what I was explaining, I’ve finally managed to get the message through to somebody. How hard was that? Too hard.
If this still doesn’t work, what’s the next step? I’m thinking (1) change banks; (2) explain why to the bank; (3) explain why to the world. Seriously, I expect better from the
people looking after my money.
And on that note: time for bed.
Edit: Meanwhile, we see that the PlayStation
Network hack may have resulted in the theft of personal information from users’ accounts. While most of the media seems to be up in arms about the fact that this might have included
credit card information, I’m most pissed-off about the fact that it might have included unencrypted passwords. Passwords should be stored using irreversible encryption: there’s
no legitimate excuse not to do this, these days (the short version for the uninterested: there is a technique which can be used to store passwords encrypted in a pretty-much
irreversible format, even if the hacker steals your entire computer: it’s very easy to do, protects against all kinds of collateral damage risks, and Sony evidently don’t do it). If any
of Sony’s users use the same password for their email account, social network accounts, online banks, etc. (and many of them will, despite strong recommendations to the contrary), the hackers
are probably already getting started with social hacking attempts against their friends, identity theft attacks, etc. Sony: you are a fail.
It’s World Backup Day, folks. That means it’s time for you to look at your data and check that you’re backing it
all up to a satisfactory level.
Have a look at the computer you’re sat at. If it’s hard drive(s) broke, irrecoverably, or if it were stolen: what would you lose?
Me? I like my backups to go “offsite”, so I use online redundant storage to shunt my important stuff to (I use a personal Amazon S3 bucket and some software I’ve written for that purpose, but you don’t have to be that geeky to use online backups – just check the
World Backup Day website for suggestions). If you’re not quite so paranoid as me, you might make your backups to CDs or DVDs, or onto a pendrive. It doesn’t take long, and it’s
worth it.
Backups are like insurance.
Now go celebrate World Backup Day by making some backups, or by checking that your existing backups restore correctly. You’re welcome.
Microsoft recently tweeted: “It’s not
often that we encourage you to stop using one of our products, but for IE6, we’ll make an exception”. This coincides with the launch of The Internet Explorer 6 Countdown, a website that tries to encourage people to drop this hideously old and awful browser in favour of better, modern,
standards-compliant ones, thereby saving web developers heaps of work.
Internet Explorer 6 usage stats, from IE6 Countdown. I'm honestly shocked that the number is still as high as 12%. Where are they getting that from?
That’s not strictly true; they’re encouraging people to upgrade to Internet Explorer 8 and 9, presumably, which are still a little lacking in support for some modern web standards. But
they’re a huge step forward, and everybody who’d like to stick with Internet Explorer should be encouraged to upgrade. There’s no excuse for still using IE6.
They’re even providing a tool to let you put a “Upgrade now, damnit!” banner on your website,
visible only to IE6 users. It’s similar to the IE6Update tool, really, but has the benefit of actually
being supported by the browser manufacturer. That has to count for something.
Will it make a difference? I don’t know. I’m frankly appalled that there are modern, high-tech countries that still have significant numbers of IE6 users: Japan counts over
10%, for example! We’re talking here about a ten year old web browser: a web browser that’s older than MySpace, older than Facebook, older than GMail, older than YouTube.
Internet Explorer 6 was released into a world where Lord of the Rings that would take you a long time to read, rather than taking you a long time to watch. A world where in-car
CD players still weren’t universal, and MP3 players were a rarity. Do you remember MiniDisc players? Internet Explorer 6 does. The World Trade Center? Those towers were still standing
when Internet Explorer was released to the world. And if that’s making you think that 10 years is a long time, remember that in the fast-changing world of technology, it’s always even
longer.
Just remember what Microsoft (now, at long last) says: Friends don’t let friends use Internet Explorer 6.
This week, I discovered Breakup Notifier, a whole new way to be creepy on Facebook. I mention it
because I just know that there are some of you out there who were waiting for this tool to be invented (and we’ll know who you are because you’ll be the ones to try to keep a
low profile by not commenting to say “ugh; that’s creepy”).
Breakup Notifier: "You like someone. They're in a relationship. Be the first to know when they're out of it."
The idea is, as it says on the site, that you can tell Breakup Notifier which of your friends you’d be interested in, if only it weren’t for the fact that they’re in a (presumably
closed) relationship. If their relationship status changes, you get an email to let you know, so you can be the first to take advantage of the new situation. Like Ted
in The
Window, an episode of How I Met Your Mother: which if you’ve not seen yet, you should try.
I think that the developers of this site are missing an opportunity, though, to make a little cash on the side. All you have to do is to be able to buy “priority access” on the people
you’re interested in. If you’ve paid, then you get notice of a breakup in advance of other people who are interested in the same person but who haven’t paid. The amount of
advance notice is based on the difference in your bids: so if I’m stalking watching Alice, and so are Bob and Charlie, but I paid £10
and Bob paid £2, then maybe I’ll get a notification 8 hours before Bob, who get a notification 2 hours before Charlie. It’s all relative, so if I’m also interested in Eddie, who’s also
being followed by Frankie and Graeme, but we’re all on the free package, then we all get notified together.
As far as marketing’s concerned, that’s easy: just tell users how many others are watching the people they’re interested in! I suspect that more money would be made if
you don’t tell them how much the others have paid, but the whole thing’s as sociologically-complicated as it is skin-crawling. What happened to the good old days, when
you’d just keep pressing refresh on your crush’s MySpace page until they hinted that things might be rocky with their significant other?
Web developers have tried to compensate for [the IPv4 address shortage] by creating IPv6 — a system that recognizes six-digit IP addresses rather than four-digit ones.
I can’t even begin to get my head in line with the level of investigative failure that’s behind this sloppy reporting. I’m not even looking at the fact that apparently it’s “web
developers” who are responsible for fixing the Internet’s backbone; just the 4/6-digits thing is problematic enough.
Given that Wikipedia can get this right, you’d hope that a news agency could manage. Even the Daily Mail did slightly better (although they did
call IPv4 addresses 16-bit and then call them 32-bit in the very next sentence).
Oh; wait: Fox News. Right.
For the benefit of those who genuinely want to know, one of the most significant changes between IPv4 and IPv6 is the change from 32-bit addresses to 128-bit
addresses: that’s the difference between about 4 billion addresses and 340 undecillion addresses (that’s 34 followed by thirty-eight zeros). Conversely, adding “two digits” to a
four-digit number (assuming we’re talking about decimal numbers), as Fox News suggest, is the difference between a thousand addresses and a hundred thousand. And it’s not web developers
who are responsible for it: this change has nothing to do with the web but with the more fundamental architecture of the underlying Internet itself.
This morning, I got an instant message from a programmer who’s getting deeply into their Ajax recently. The conversation went something like this (I paraphrase and dramatise at least a little):
Morning! I need to manipulate a JSON feed so that [this JSON parser] will recognise it.
