Archive

Archive for the ‘Real Life’ Category

Trust

12 March 2012 Leave a comment

It’s been a long time since I posted here. With blogging, you need to keep the momentum going, and I didn’t.

I’ve been involved in a new project. After leaving Luxembourg, I’ve come back home and started working for a company in Hong Kong. I was approached via a recruiter who’d found my profile on LinedIn, we talked, I spoke to two of the people in the startup, and we agreeded terms.

When I was explaining this to one of my colleagues in Luxembourg, he was perplexed. Why have you done this? How do you know they will  pay you? If they don’t, what can you do to reclaim the money?

I just laughed.  Maybe I’m a trusting fool, but everyone I’d spoken to were totally well-behaved, and I immediately developed a rapport with them. They thought I was good, I thought they were good, we’d do cool things together.

Am I old-fashioned, stupidly naive, normal? Different people would give different answers. I just didn’t worry about it until it became a problem, which it didn’t.

Categories: Real Life, Software

Google+ spotted in the wild

16 November 2011 Leave a comment

When Google plus hit in typical Google beta-fashion, some people put up an “I’ve moved” profile picture on Facebook, and left, or so their status update said.

Everyone that I saw do this is still active on Facebook. The trouble is that they have 300 contacts on Facebook, 200 on LinkedIn, and ten on Google+. (Actual values may vary, contact your friends for details.)

Forgetting the personal/social point of view, from a fan/corporate point of view, there are lots of “follow us on Twitter” or “like our Facebook page” links on websites, but none that say “Join our circle on Google+.” Until, that is, today, when my favourite motor racing team, Force India (I’m not sure I should put the sponsor’s name in front of that) *tweeted*

Join our circle on Google+ to share even more plus.google.com/i/1x6CO0EiYkI:…

This is the first time I’ve seen this in the wild. And the irony that they used another social media to inform us of their circle is not lost on me. I’m pretty sure that there will be no extra content for me, only extra work for the admins that run the team’s social media, as they now need to tweet, post on Facebook, possibly update blogs or websites, and now update Google+ as well. I’m not sure that Google+ is worth that effort at the moment.

The thing is, that I get overloaded with info. To me, there is no point in liking your Facebook page, if I get all your updates via RSS. And if I get your data from Facebook, I don’t need to see it in Google+.

One thing that really annoys me about messages from Google+ are that they don’t give a useful subject. Instead of saying “Alistair McDonald shared a post entitled ‘The red mist descends'” they just say “Alistair McDonald shared a post with you.” I’m NOT going to click that link, ‘cos I’m pretty sure if it was important, I’ll find out eventually. But, if the subject piqued my interest, then I might click. But clicking into a black hole – no way.

Another way I’m really going off Google is that now so many services require a unified email address/ID. I’ve stopped putting any information into YouTube (Favourites, subscribing to channels, etc.) because they want a Google ID. I already have one – well actually three – but I don’t want to join my email to my videos to my news page, maps page, or news alerts. (I know that Google can, and probably do, track my usage of these sites via cookies or embedded scripts, the point here is not privacy, but convenience for me. For example, I set my home location on maps.google.co.uk to be a zoomed in shot of my home. But since I needed to “unify” my Google accounts, now when I visit maps.google.fr or maps.google.lu, my home page is *still* in the UK. If you are viewing a UK map, then your searches default to the UK – so you get Birmingham, West Midlands, not Birmingham, Alabama. That’s a good feature. BUT, if I’m visiting the French map site, why on earth would I want to start from the UK, where all my searches are crazily misinterpreted. So, to work around this, I end up first searching for Paris, or Luxembourg, so that Google maps displays the correct country so that my searches will work. [Google pay for bandwidth and processing power, I don’t, so I lose time and they lose money. ] )

Getting back to the subject of Google+, as I said before, they need to get some client apps out there – there are dozens of Twitter clients – and that means that they need to stop trying to be so controlling over data and APIs. Part of the problem is that they are playing catch-up, and many competing services (this is business, it makes money, and so there is a real competitiveness to it) are much more free with, and, remember, Google see the usage data it collects as the most important thing that they have.

Why not take part in a little experiment: inspect the cookies that the browser(s) you use have collected. Maybe even try to delete them and see (a) how many similar ones reappear without you visiting the sites mentioned, and (b) see just how many services you can use after a single login.

The red mist descends

15 November 2011 Leave a comment

So, the winter approaches, and suddenly drivers get a chance to use that button on their dashboard. It is *so* frustrating having a feature in their cars, and not being able to activate it whenever they like. And now, they have an excuse to use it, so they *do*.

I’m talking, of course, about the rear fog lamps. These uber-bright lamps are designed to pierce through fog, spray, and so those following you at an inappropriate speed can avoid striking you.

They are so bright that they can obscure brake lights, and I find that they draw the eye in a hypnotic way. This makes them actually rather dangerous. But many people who use them are unaware of this, and switch them on. leave them on, and forget them. The result is that their brake lights may be missed, or other vehicles near their own may be missed by other drivers, which is, of course, rater dangerous.

So, what’s the deal with these? When should you use them? When can you *not* use them?

I visited the UK government web site, which has this page on driving in adverse weather conditions taken from the latest Highway code, which every driver road user should read every few years, certainly when a new edition is published.

It says (and I love this because it says what you must not do:

236 You MUST NOT use front or rear fog lights unless visibility is seriously reduced (see Rule 226) as they dazzle other road users and can obscure your brake lights. You MUST switch them off when visibility improves.

And, for completeness,

226 You MUST use headlights when visibility is seriously reduced, generally when you cannot see for more than 100 metres (328 feet). You may also use front or rear fog lights but you MUST switch them off when visibility improves (see Rule 236).

Hopefully the geeks can avoid the cyclic dependencies. But there you have it. If you can see 100 metres, then you should switch off your fog lights. A good rule for rear for lights is: If you can see the headlamps of the car behind you, then he can see your normal lights, and so you should switch off your fog lights. Of course, this suggests that you use your mirror quite a lot, and I’m perfectly sure not everyone does. . .

I have a lot to say on middle-lane hogging, which is at least as bad in Europe as it is in the UK. (In fact, on the M25/M20 to and from Dover, the European drivers are *worse* than the UK ones.) But I’ll save that for another day.

Categories: Real Life, Uncategorized Tags:

Hacked email

26 October 2011 Leave a comment

I get emails from people who have had their online email accounts hacked, and spam email is issued. Normally, I just send them an email and hear nothing of it. But today I got a message (via another mechanism) that they were going to trash their email account.

The rest of this post is my message back to them. On reflection, I should have considered that their password was leaked internally from their email provider (one of the “big few” – i.e. google, hotmail or yahoo). And that this could happen from a rogue employee ($0.10 per email, here’s a text file) or from hackers getting illegitimate access.

But here goes:

I don’t think you need to discard the email account, but there are a couple of things to consider

How did you get hacked? Was it malware on your PC (you can pick up malware infections just from things like Adobe Flash-based adverts if there’s a security problem in the flash plugin, for example) or was it someone picking up a session cookie if you were using unencrypted WiFi (coffee shop/hotel) (read this post on cookie hijacking to see how it works). Or did you use someone else’s computer (colleague, internet cafe?) These are the three main categories (I’m discounting you turning into a spammer.)

No matter how it happened, visit https://browsercheck.qualys.com/ on a weekly basis – or more frequently – to check your browser(s) and plugins are up to date – you need to do this for each browser that you use, on each computer that you use.

So, how do you tell which one happened to you? I’d get some anti-virus and scan your PCs and see if they detect anything. If you’re technical enough, then the SysInternals “autoruns” tool tells you *everything* that starts when you start your PC and log in. You can google the various process names shown in Task Manager and ensure they are benign too.

So, if you have malware, the only totally secure thing to do is to wipe and reinstall your OS and applications – although you might want to trust antivirus to detect and repair, it’s not guaranteed. And if you can, try more than one anti-virus product (free versions available for several) but you might have to install one, scan your PC, uninstall it and then install another – they might not co-exist nicely.

If you’re PC is clean, but you use public Wifi, chances are that you have been victim of a cookie hijack. The solution is to either always use HTTPS (which is encrypted so no-one can “sniff” your cookie.) (Most sites now offer it, and I expect your email provider is one of them; google is now offering HTTPS for searches, let alone email/calendar/etc.), OR, if you have one available, *always* use a VPN (Virtual private network), which encrypts everything (including normal unencrypted http traffic, although your VPN provider can “sniff” stuff). Maybe your employer has a VPN, otherwise you can buy the service, I believe. And, best of all, if it was a cookie hijack, you can just log on and change your password, the hijacked cookie will be invalid afterwards. Maybe ask where you were accessing the net in the days immediately before the spam started – can you correlate a location with the date/time.

And if you think you’re the victim of a keylogger, it should appear as malware. Let me tell you that one thing I do when I’m using someone else’s computer is to *not* enter my password in one go. I use the *mouse* to move the cursor between keypresses, and build up my password. So if my password was 12345678, I might start by entering “56” then click (don’t use the keyboard, keystrokes might be logged, including the cursor keys) at the beginning and add “23”, then at click the end and add 8, then between the 3rd and 4th character and add the 4. It takes a bit of mental juggling, and I rarely use a PC I don’t trust.

So, depending on how you were hacked, is anything else at stake? If it’s malware, chances are that a keylogger has been installed, and so every keypress might have been recorded and then might have been transmitted. If you use the same password for many things, e.g. online email, work email, online banking, then you are at greater risk than if you use a different one for each service – even if the usernames are different, your identity might be linked to an account via publically available search info.I use a three-tier system – one password for sites I really don’t care if someone impersonates me on, a second for a few other things (access to my server, and email, and so on), and a third tier, where I use a different password for each system – things like online banking, the UK Government Gateway, etc.

So, the bottom line is that
1: Stopping using the account might not be enough
2: Stopping using the account might not be neccesary

And that’s what I sent. Did I miss anything apart from the password-leak-from-provider?

Update: I added
3: change all your important passwords anyway. Consider a 2/3-tier system.

Categories: online, privacy, Real Life, Software

Desert Island Discs – the discs

21 October 2011 1 comment

Best albums:

1: Deep Purple – Made in Japan. I would normally choose the more difficult to find “In Concert” recorded by the BBC around the same time as this, I love Deep Purple because they are all awesome musicians, and live they exhibit this in excess. My representative track would be “Lazy”, showcasing Blackmore and Lord’s skills on guitar and organ respectively. Unlike many bands(E.g. AC/DC) the guitar parts are NOT simple riffs repeated each verse; there is true creativity in the guitar and organ parts. Kudos to my ami Bish who inadvertently hummed the intro to this song the other day.

2: Pink Flyod – The – Wall. This was such an important album for me as I was growing up. The guitar parts are relatively easy to learn and I spent a lot of time on top of the bing near my home playing these songs on my twelve-string acoustic guitar. My representative track has to be “Comfortably Numb” due ti the awesome solo.

3: Def Leppard – Hysteria. The most interesting thing about his album is that I hated it, initially. I seemed to have my own value system for music, and this was way down the “authentic” scale. Of course, I’ve grown out of that phase and fallen in love with this album. It was the first album after drummer Rick Allen lost an arm in a car accident. Representative track : Love Bites (and it did 🙂 )

3: Joe Satriani – The Extremist. This is an instrumental album, the guy plays guitar mainly. I like this because each song is very different, and (this is important) they all sound like their titles. So “War” is full-on and messy. “Motorcycle Driver” ups the pulse by invoking high-speed emotions, etc. Representative track: “Rubina’s Blue Sky Happiness” is a beautiful song that will make me feel good when I hear it.

4: Runrig – Once in a Lifetime. This band is Scotland embodified. Their lyrics touch on the life of crofters on western Isles, but they are more deeply rooted in the Scottish psyche. Embarassingly, I don’t currently own this album, as it’s difficult to get hold of, but it is a fantastic listen. There’s a related video, which was broadcast on STV, but, if the tape still exists at my dad’s house, it’s on Betamax, not VHS. Representative track – Loch Lomond (Why not jazz up an oldie?)

5: Jools Holland – Solo Piano. It’s just what it says, Jools Holland playing piano alone. And the dude can play. His instrumentalship (I’m pretty sure that’s a new word) is awesome, the guy can play piano like no other. . I see this CD is collectible and is going for £60 a shot – If you break in and raid the loft, and leave it in a better state than it is, then I might be prepared to part with it. Representative track: Bumble Boogie
#
6: Rush: Power Windows. Rush were the defining music as I grew up. They are a mega-band, but have their stuff together as they don’t tour all the time. I love their albums 2112 and A Farewell to Kings, but they are a little old-fashioned no. I chose this one as it was one of the first CDs I bought, in HK at the time. The lyrics are beautiful in nearly every song, drummer Neil Peart is a true poet. If I can break the rules, my favourite track is “Losing It” from the “Signals” album, an album that I don’t really like, but that song is really poingant.

7: David Crowder Band – Illuminate. These guys kind of personify modern worship music. They are all awesome, multi-skilled musos, and the songs they play are trully worshipful. They have released several albums since this one, and even announced their retirement, but this album is more “easy listening” than the subsequent ones. The later albums have totally awesome songs, better than any on this album, but as a whole, this album is a nice place to revert to when you need to know what’s coming,. Representative track : Here is Our King, or, on other albums I like the “metal” tracks like “You are my Joy” from “A collision” or “God Almighty None Compares” from “Church Music.” Google them – they rock!!!.

8: Well, let’s be open-minded abut this. Let’s revisit in a year or two, eh?

Categories: Real Life

Desert Island Discs

21 October 2011 1 comment

the BBC has been broadcasting Desert Island Discs for decades. It’s an interview programme, where the the interviewee nominates his or her favoutite songs as one of the eight they would have available if they were marooned on a lonely isle.

I have just listened to the Olympic gold-medal winner Michael Johnson on this weeks programme. And, for a change, I could resonate with many of his choices – many people on the show are older than I am, and their taste in music (which I am suspicious of; I think many are being facetious) is out of my regular repotoire. But Mr Johnson was much more up-to-date than the actors, dancers, etc. that are normally interviewed.

So, what are my top eight tracks? The problem is that the show dates from 1942, when a disc was really a platter of vinyl, and so the playing time was limited. Although we are moving through the long-playing “LP” to a much more “track” oriented time, where people will buy individual songs, I think that the album (LP, CD) is a much better unit of recommendation than the “song” of the programme.

So, what are my top eight albums?

My next post will describe them….

Categories: Real Life

Maths, Comp. Sci, and Music

29 August 2011 1 comment

Ah, how I hate when reading and television screw up my perception! I remember reading (or seeing) something about maths and music being linked together. The current peak of this is Douglas Hofstadter’s book “Godel, Escher and Bach,” which (deep down) relates cognition and creativity emerge from the mind. He puts it better than I can, but there a number of common (i.e. I read about them elsewhere but forgot the details) thoughts.

Although I am paid to be a software developer, I am also a musician, and, I’m pretty sure that if I’d chosen that career path and been given the perfect breaks I could have suceeded as a guitarist. Further research suggests that lots of computer scientists are also keen fans of music. Many key figures are musicians – <A HREF=”http://en.wikipedia.org/wiki/Richard_Stallman”>Richard Stallman<a> notably travels with a recorder.

I think an unusual proportion of computer programmers/scientists/experts have an unusual interest in music. But I can’t find a survey to confirm it. Any emirical results out there?

Categories: Real Life, Software

And the (l)user is . . .

29 June 2011 Leave a comment

The recent web site attacks by popular hacker group <a href="http://twitter.com/#!/lulzsec"lulzsec have shown two main things:

Firstly, it’s a jungle out there. The CIA, banks, governments, are all targets for an organised bunch of techies. Basically, whoever you bank with, if you are just covered by a password or two (PIN + password) then you are dangerously vulnerable. Vulnerable to brute-force hacking, vulnerable to phishing, or vulnerable to malware, which might track every key you type.

Secondly, security on the WWW sucks, in general. If banks, government agencies, and so on, can’t get it right, can you trust a friendly site like facebook to store your details properly? If you use the same password for your gmail account and for your your facebook account, if a leak in facebook allows hackers to learn your password, then your gmail account is vulnerable. And, if you use that password for online banking (or paypal, or anything that *knows* your payment card details) then you are looking at a security hole.

Lulzsec have shown that it is so easy to penetrate any web site that they choose, that it’s almost pointlesss to attempt to prepare against malicious attack. I disagree, and think that there are many things that we can do to mitigate any vulnerability.

Once, I had a credit card for less than 24 hours before it was withdrawn by the issuer – a shame, as it had five or six zeroes in a row, which I think is cool. Turns out, a major CD retailer in the UK had been compreomised and in that window I’d used my new card, which was not only useful to scrape the ice off my windscreen.

So, how to mitigate? Firstly, lie. Unless it’s a bank, if it asks your birthday, give your fathers, brothers, favourite pop-star, whatever – but change the year to suit your demographic. If it wants your mother’s maiden name, give it your first pet’s name, as another example.

Be consistent, so you can do this with many web sites – but do not do this with *important* accounts, like online banking. They should all have unique passwords. #separate accounts into groups – change-your-life important ones, major inconvenience ones, and low convenience ones. Use a different password policy for each one . . .

As the online world evolves, it’s important that us early adopters are aware of the current problems. We all need to wear a black-hat at times, because we cannot trust the banks and merchants to do this for us. We should all insist on personal key-generation devices (my Luxembourg bank gave me one by default), for example. These, when powered on, give a passcode to be used to authenticae you to the web site.

We should all use an up-to-date browser and plugins, we should regularly test the systems that we trust our personal details with, and we should have the skill to work out where the intrusion in the train is, when things go wrong. These days, I reckon that less than 1% of visitors to this blog, and less than 0.01% of online personas would know how to do these things.

Categories: Analogies, Real Life, Software

It’s a big, big world

29 June 2011 Leave a comment

I am amazed at the difference in my browsing experience when in Luxembourg.

I am used to the same sidebar adverts on web sites when I am in the UK, even when I worked for an apparently paranoid USA company that funnelled everything through a US gateway – handily named ukgateway.company.com.

But here, Google results have different adverts, and web sites have different adverts too. This reminds me of this XKCD cartoon. I don’t often see adverts for chicks, but “cartoonifying” myself or touching up my photo (why should I touch up my photo when I have myself to hand???) are very common. What does that tell me about the Luxembourgish or Germans (I work for a German company).

The adverts on TV are also a little different. I watch motorsport, and only German programmes are available in my apartment. I can say with some certainty that no ad-break goes past without an advert for men’s shampoo. Seriously. I don’t get it, it’s not like the average German male head looks any different to the average UK male head. (Whereas, the average Greek male head is balder than the other two.) I just don’t understand this – how did this market develop? Do German men look down on my hair (if they are tall enough) because it lacks the body and stiffness that their products provide?

(And, personally, I think that “shiny, happy people” refers to us men with excess testosterone causing male pattern blindness.)

Categories: Real Life

It’s just more stable!

There, I’ve said it. Desktop PCs are better than laptops, because they are more stable.

I can guess why – poorly written software. Every bit of hardware in your PC – the video card, the USB port, anything *plugged*in* to the USB port, the hard drive, the DVD drive, they all rely on software usually called “drivers”. These are specialised pieces of software that know how the device works, how to put data in, how to get data out, howe to make the blue LED light up, how to put it in powersave mode, how to switch it out of powersave mode, how to check which power mode it’s in, etc.

In any computer, drivers are loaded and unloaded depending on whether the machine is docked or undocked, depending on whether it’s on battery power or not (in a latop), and so on. My Dell laptops switch their internal (wired) network cards on or off depending on whether there is mains power – nothing to do with *the*network*, just a knee-jerk reaction to a lack of guaranteed power. In principle, it’s a good thing, preserving battery life. But, add all the devices you might have – a USB memory stick, your phone – which you put on charge via USB, your iPod (so 2009), various internal bits like the internal microphone, video display card, ambient light sensor, and myriad other devices, and, come insertion or removal of the power cord, there’s a good few devices to consider. And, so, there’s a good few drivers to consider, too.

Going back to the point about the lack of good developers for drivers, the thing that most software developers lack is imagination. They get a specification, and, if they are good, they implement it. (If they are bad, then all bets are off, and your computer is hosed. And there are more idiots than you think. ) (This is one of the reasons why I don’t recommend Internet Explorer – IE is more or less part of the operating system, and the idiots on some social media web site are far too close to your operating system, and so to your computer stability). Assuming they are good developers, the specification might tell them what to do when the power cord is removed. It might tell them what to do when the laptop is removed from the docking station. However, they (the developers) rarely imagine all the possible interactions – what if the USB driver decides to do the same thing at the same time, for example? Each time, Windows might choose a different order to detatch the devices. So, there are countless permutations of what might happen, and, rather than think about them, your typical (good) software developer will pass decisions on what-to-do-when-X-happens up the chain to the person writing the specification he’s implementing. In other words, they don’t question the specification, they take a stand that it’s the whole story. It’s easy to do, a bit like saying “but he told me to do it!” while pointing at your big brother, and, after all, you have been told to impeiment *the*specification*, not make something that works in every concievable situation. However, by doing so, they remove the imagination from the process. They do not ask “what it the user holds the trackpad button down on our app as we enter suspend state?” Because that would be more work, wouldn’t it? And if you have a laptop, dock and undock regularly, then then these assumptions become important and affect the stability of your system.

Sp, I reckon that most of the problems with a Windows machine comes from the on-off switching as a machine is (a) given power (or power removed) (b) docked (c) put in sleep mode or (d) put in hibernate mode. And the problems experienced are due to the poor quality of the software called drivers – the stuff that talks to the various devices. And a desktop has far fewer events like these than a laptop.

Plug in a USB stick to your desktop – OK. This has been done several bilion times in dozens of countries throughout the world, and Microsoft have sorted out the problems. Do the same on a laptop – ditto! Shutdown five internal devices because the power cable has been unpluged – Hmm, well as Windows changes the order each time, and your laptop is pretty unique – especially that webcam – I’d have to give that a ~20% confidence level. Good luck with that, sir.

So, I have a desktop machine again, in my new job. I’ve not lost a status symbol by ditching the laptop, but I have gained some reliability. Until I unplug my mp3 player and my phone within the same five-second period, of course. Repeatedly, I mean. And I need to apply Windows updates or things might go wrong.

Categories: Real Life