Online Privacy – what you need to know

26 September 2011 Leave a comment

After facebook updated their UI recently, there was a spate of “Do me a favour, hover over my name and uncheck such-and-such a box. I prefer to be private” messages.

Well, let me tell you, you have no hope of retaining your privacy online. Everything you do online is extremely *un*private, and there is very little you can do about it, no matter who checks what.

There are several reasons for this.

  1. Systems change. You might think that you are safe, with the current web site you use. But, then, they change it without your permission, changing features, and, I imagine, prompting the above.
  2. Someone will leak whatever is available to them. Whether it’s deliberately and maliciously, or if their computer is infected with malware, each person/account who can see your posts, photos, whatever, can copy them, save them, and use them later
  3. The website itself can have a security problem. There are countless examples of this, where there is a mistake in a web site, and people can access other people’s accounts, just by a bit of technical jiggery-pokery, or even at random!
  4. The website may have a rogue employee, who harvests some data. I’ve had this happen to me several times, I use a unique email address for most web sites, and a couple of times they’ve been used to send spam to me.
  5. The website can change their terms and conditions at will, and, often, they already own everything you produce on their site – have you checked the T&C for the sites you use? In detail?

This problem has been boiling for years. Eleven years ago I bought and read a book called “Database Nation” about privacy, the electronic trail you leave, and how it would inevitably become impossible NOT to be tracked by databases. Store loyalty cards, automated registration recognition, all store details on a database.

As an example of this, we drove to Portsmouth for an early morning crossing to France, on holiday, a year or two ago. About a month afterwards, I received a letter from a DC, who said that an act of vandalism had occurred the morning we traveled along the M3, and my  car had been one of the last to pass the spot before the incident occurred – did I see anything suspicious?

Let’s think about this – the time of passing, and registration numbers of all cars going along the M3 were logged in a database that was available some time after the event. (The letter was not sent for over a month – why sit on the letter, they would have sent it out ASAP, yes?) Given the number of very public security lapses with computer systems, including civilians employed by police forces being dismissed for making irregular and unneeded queries on databases, how safe is this data? And what if this was not a police force, but an online concern that is maximising profit by using unvetted, offshore workers? What if you were suspicious of your other half, and a private eye had a friend who could access data on where cars had been seen? A bit like phone hacking, if you know what to do. Forgetting the police example, how safe is your other info, E.g. email address, credit card, CVC, or, possibly, the password that you use for another 20 sites?

So, almost nothing you do is private. Credit cards, store cards, there are databases everywhere, and data is increasingly being correlated between them. When you start buying organic food, and your store suggests offers on other organic (or other “healthy”) food, this is a single-database action. When you visit lots of guitar-related web sites, and all your social network site adverts start advertising guitar lessons, this is matching across more than one database (well, it’s not, as I’ll explain below, but it serves as an example that people can hopefully understand for now).

Once, my friend went to his local store, and paid (this is back in the days of signature strips on credit cards) with a card the store did not accept, but the teller (poor boy) let him go through the process of swiping and signing. They contacted him (I now wonder how?), explaining they didn’t accept the card, and would he provide details of another one, and he told them to take a hike. Later, he found that they’d later attempted to charge the transaction a different card that he did own, and had used at the store previously. This was for a fairly trivial amount, yet someone was prepared to manually go through credit card receipts, match card names (and, presumably, signatures), then make a false transaction. These days, with everything online, that search would be *so* much easier to do, the match could be done instantly, and on a much higher volume. And it is, not just on store purchases and credit cards. Match your pharmacy payments to your health, so that life insurers get a better idea of how long you’ll live? It’s not far-fetched at all.

So, why is my example of my the guitar adverts above a bad one? It’s all about cookies. Cookies are a way for a web site to “remember” you. The benign view is that it helps you to “remember” the web site, but the balance of power is all on the web site’s. So, youtube, facebook, etc. all remember your login, maybe even auto-log you in, this is all through cookies. There’s a convenience for you, but that’s only part of the story. (Remind me to tell you why free WiFi is bad because your cookies are visible to everyone in the coffee shop when you hit your favourite sites, and people can impersonate you.)

Web sites can be divided up into parts. To the users, they all seem to be part of the same, coherent site, but it can be made up of content from many different sites (often visible on a slow connection, when the page changes shape as different parts arrive). Often the adverts are served from different sites. This is because then the advert-serving sites can count accurately how many views they get, they do not trust the host website to say “Yeah, we served up your adverts 20,000 times today, that’ll be $500 please.” But, although there is no convenience for you, each of those portions of a page can set their own cookies.

Now cookies are a two-way communication. The web site can ask “give me my cookie for the username” and the browser will respond. And the web site can say “give me my secret tracking cookie” and the browser will respond. The value returned, knowing which page you are retrieving, allows the advert site to track you arround. First, you were on the social media site, now you’re home shopping, now a bit of music. The advert site will mke a correlation with your surfing habits, and will serve adverts that are more likely to get notices. So, in this case, it’s not a cross-database correlation, all the correlation is done by the advert-serving site.

And, whenever you visit a site, and there’s a “like” button on it, that link is being made, not just by advert tracking site(s), but by your social networking site.

(As an aside: and, with a new social networking site on the horizon, owned by the biggest advert-serving corporation in the world, what hope do you have if you use that one? )

The bottom line is that you can expect no privacy at all online. It used to be the case that cookies could be deleted in browsers, but there are now “super-cookies” which are much harder to delete. Wherever you go, it’s logged. Your internet address is logged, and this can be used to tie you to a geographical area. Coupled with your browser (web sites can detect plugins, screen resolutions, and all sorts of bizarre stuff), this can be enough to uniquely identify you, especially if you use an unusual browser like me (Opera) with a huge screen (1920×1200 :-)). I’ve given feedback to websites and have them contact me, not with a response, but to ask how I find their website with my particular browser!

And, all your kids are leaving an online presence too. You’re probably doing it for you until they’re twelve or so, but it’s happening. Even in 1998, I used to do an internet search when reviewing job candidate CVs, and in one case found some very (ahem!) material on one candidate. When your kids apply to uni or for a job, their online shadows are going to be searched. They need to be extra-careful what they post. And the internet *never* forgets – web pages are cached by Google, archived by non-profits such as the Wayback Machine, and who knows what criminal organisations can do with the information.

A final thought, it’s getting difficult to recruit police, as every 17-year old has an online presence with images that can be used to identify them. There can be no plain-clothes work for anyone in the days of reverse image search – put an image into a search engine, and it will try to match it with ones it’s seen already.

I can provide references for every assertion I’ve made, but I’m very tired and semi-offline, so digging them out is not easy. If there’s enough response, I will add references, and if you need a particular one, then just post a comment (they are moderated, it won’t appear immediately.)

Categories: online, Uncategorized

Maths, Comp. Sci, and Music

29 August 2011 1 comment

Ah, how I hate when reading and television screw up my perception! I remember reading (or seeing) something about maths and music being linked together. The current peak of this is Douglas Hofstadter’s book “Godel, Escher and Bach,” which (deep down) relates cognition and creativity emerge from the mind. He puts it better than I can, but there a number of common (i.e. I read about them elsewhere but forgot the details) thoughts.

Although I am paid to be a software developer, I am also a musician, and, I’m pretty sure that if I’d chosen that career path and been given the perfect breaks I could have suceeded as a guitarist. Further research suggests that lots of computer scientists are also keen fans of music. Many key figures are musicians – <A HREF=”http://en.wikipedia.org/wiki/Richard_Stallman”>Richard Stallman<a> notably travels with a recorder.

I think an unusual proportion of computer programmers/scientists/experts have an unusual interest in music. But I can’t find a survey to confirm it. Any emirical results out there?

Categories: Real Life, Software

Plain sailing

1 August 2011 Leave a comment

Well, after making the trip many times, it’s time to review the state of the crossings between France and the UK.

I’ve travelled on the Dover to Calais route, with both sea France, and with P&O. I’ve also travelled on the Dover to Dunkirk route with DFDS
Seaways. I have not used the tunnel at all, apart from a coach trip about eight years ago.

So, who is the best to travel with? I’m not going to answer that straight away, but I have some observations.

In the past, we, as a family, used to holiday in France, roughly every other year, and generally we travelled from Portsmouth to Cherbourg on the “fast craft” catamaran. These are small vessels, and so the shop is small, there isn’t a choice of restaurants, and so on. There’s only really enough seats to go round, and these are either very regimented (all facing the same way) or in the bar area. If you want to go outside, there’s a tiny windblown area at the back that you can share with the smokers. The big advantage is the speed, both of the crossing, and unloading at the far end. (How long can it take to unload a small boat? Not long).

But what about Dover to the continent, as I’ve been doing on over a dozen trips in the last three months?

Firstly, Sea France. I’ve only made one one-way crossing, and I hated it. The ferry was old, almost decrepit, and the staff were rude and surly. The food was not to my taste – I didn’t eat anything there, it just didn;t take my fancy. I was glad when the trip was over, certainly. The only reason that I chose them was because they were much cheaper than the others for a one-way trip. I would endure it again if it saved me a tenner, in fact, as I wouldn’t eat, it would save me a more than that! I have another one-way trip coming up, and will see if I have to try them again.

Secondly, P&O. They have both old and new vessels, and the old ones are pretty typical – choice of self-service and bistro restaurants, plus coffee and bar areas. There are different “vibes” in the different seating areas and generally you can find a quiet place if you want some peace and quiet. They are large vessels, and there’s plenty of space, generally. Big Big gaming areas, an old feel “pub” bar area, typical of state of the art a decade or two ago.

The new P&O boats are beautiful inside, and feature a restaurant with a huge, double-height panoramic view forwards. The boats have a similar mixture of facilities to the old ones, although it’s not as easy to find a quiet area. Outside is great too, there is a snack bar, the deck area is a large two-tier affair, and, of course, separate smoking area. On both old and new P&O boats, the food is typically british – fish and chips, sausage or pie and mash, curry – and just under a tenner for a main meal, which I think is a little more than a motorway services, although the food is better and portions might be larger. They are well geared-up to serve the initial rush, and there’s always space to sit down.

In the summer, this is the preferred route for school trips, and for several weeks I heard the tannoy requesting that teachers from such-and-such a school should report to the information desk (to collect misdemeaning pupils, I assume). On these trips, the staff are on their toes all the time, children are constantly being reprimanded by staff for running or shouting, and the kids generally add a huge amount of noise and energy to the crossing. On these occasions, there really is no place where peace can be found. The freight lounge must be a haven of calm in these situations. I enjoy their energy and antics, but others seem to spend half their time getting upset and asking the girls (as it nearly always is) to keep it down a little. The girls give a huge shriek/giggle as they move off by ten feet or so, then resume fever pitch.

And now, the Dover to Dunkirk route. (Why do the British insist on re-spelling the names of foreign towns and cities? We should write Dunkerque and Bruxelles, not Dunkirk and Brussels, for example). The first time I saw the DFDS boat sail into the port at Dunkerque, I was amazed – it looked totally modern, almost sci-fi like, a huge wall of glass at the front. Inside, it’s, as you expect, modern and shiny, and has that panoramic view out front that’s on the new P&O boats.

Every time I’ve eaten in one of these in peak season, the tills have been unable to cope with the volume of traffic – mainly, they say, as it takes much longer to process a card transaction. So, we stand in a queue facing an idle crew over a serving space full of hot food, but we don’t get served until the queues die down. I guess it’s good that they want us to enjoy the food at it’s best, and their fish and chips is far superior to the rather greasy P&O offering. So, the scenario goes like this. More customers enter, see the queue for hot food, and grab a salad or just a drink instead, and join the queue for the till, increasing the queue length and delaying the serving of hot food even further! Food selection and prices are on par with P&O, and I’ve noticed that if you wait until the second half of the journey, you get bigger portions of curry. (Not that I ever take the curry, I’m just a nosey (or is that observant) bugger.). The pies and fish are obviously unable to be upsized as easily!

DFDS provide (free) booklets on tours and sights to see in Europe, including war areas and wine-producing regions. These are really nice, large, glossy, well-produced, and give you the idea that this is a quality company that cares about its customers. The DFDS boats seem a little smaller than the P&O ones, and once I was on a trip that was fully booked, and the boat could barely cope. There were families with small children sitting on the carpet, and they opened the freight driver’s lounge to the public – much to the annoyance of the regulars (“Pay a thousand quid to get in here and they get let in for free” neatly avoids the idea that the 38-tonne lorry is free. )

DFDS make a big thing about Dunkerque being nearer to many destinations. That’s true, but there is a bit hitch. Firstly, the ferry terminal is nowhere near the town. There’s a sign on the motorway that says “Dunkerque 20km” but at that point, you still have 40km to go. And the last part of that trip is on slow roads through a semi-indistrial area. The first time I made my way there, I was glad there were signs at each junction, because I thought that there could be nothing for the public in the wasteland I was driving through. To measure the real difference in time, I toggled my satnav between Calais and Dunkerque, and the time difference is 13 minutes. The Dunkerque ferry crossing takes 30 minutes longer, so there is a net loss in journey time. (The ferry doesn’t take a straight line from Dover to Dunkerque, it takes a short line across the busiest international seaway in the world then hugs the coast of France – it almost straight past Dover, and, as you know, a car would be much quicker than a boat. )

Finally, a word about customer service. One time I inadvertently booked Dover->Calais->Dover with P&O, instead of Calais->Dover-Calais. I arrived at the check in at about three in the morning, and was told of my error. The kind fellow tried to alter my booking (for free) but the sailing had
been locked and he couldn’t do so. So he sent me to the ticket office. As it was early, I incorrectly walked into the Sea France ticket office
instead. I told them of my mistake and asked if I there would be a fee to amend my booking. No, I was told, I would need to make a completely new
booking! Yikes! Then, after attempting to get my details from my original booking, and the reference not working, I realised that I’d gone to the
wrong office. At P&O, they amended my booking for free! Another time I was running late after a series of incidents along the M25, and worried I’d not make my DFDS sailing. I phoned customer services (hands free, honest, guv) and they told me my ticket was valid for the sailing before or after the one I’d booked, subject to space being available. P&O allow two crossings either side, but they have a more frequent service.

So, overall, I choose P&O whenever I can but avoid the fish and chips (I’ve tried it several times). When their prices are too high, I choose DFDS and a little more time to eat.

Categories: Uncategorized

And the (l)user is . . .

29 June 2011 Leave a comment

The recent web site attacks by popular hacker group <a href="http://twitter.com/#!/lulzsec"lulzsec have shown two main things:

Firstly, it’s a jungle out there. The CIA, banks, governments, are all targets for an organised bunch of techies. Basically, whoever you bank with, if you are just covered by a password or two (PIN + password) then you are dangerously vulnerable. Vulnerable to brute-force hacking, vulnerable to phishing, or vulnerable to malware, which might track every key you type.

Secondly, security on the WWW sucks, in general. If banks, government agencies, and so on, can’t get it right, can you trust a friendly site like facebook to store your details properly? If you use the same password for your gmail account and for your your facebook account, if a leak in facebook allows hackers to learn your password, then your gmail account is vulnerable. And, if you use that password for online banking (or paypal, or anything that *knows* your payment card details) then you are looking at a security hole.

Lulzsec have shown that it is so easy to penetrate any web site that they choose, that it’s almost pointlesss to attempt to prepare against malicious attack. I disagree, and think that there are many things that we can do to mitigate any vulnerability.

Once, I had a credit card for less than 24 hours before it was withdrawn by the issuer – a shame, as it had five or six zeroes in a row, which I think is cool. Turns out, a major CD retailer in the UK had been compreomised and in that window I’d used my new card, which was not only useful to scrape the ice off my windscreen.

So, how to mitigate? Firstly, lie. Unless it’s a bank, if it asks your birthday, give your fathers, brothers, favourite pop-star, whatever – but change the year to suit your demographic. If it wants your mother’s maiden name, give it your first pet’s name, as another example.

Be consistent, so you can do this with many web sites – but do not do this with *important* accounts, like online banking. They should all have unique passwords. #separate accounts into groups – change-your-life important ones, major inconvenience ones, and low convenience ones. Use a different password policy for each one . . .

As the online world evolves, it’s important that us early adopters are aware of the current problems. We all need to wear a black-hat at times, because we cannot trust the banks and merchants to do this for us. We should all insist on personal key-generation devices (my Luxembourg bank gave me one by default), for example. These, when powered on, give a passcode to be used to authenticae you to the web site.

We should all use an up-to-date browser and plugins, we should regularly test the systems that we trust our personal details with, and we should have the skill to work out where the intrusion in the train is, when things go wrong. These days, I reckon that less than 1% of visitors to this blog, and less than 0.01% of online personas would know how to do these things.

Categories: Analogies, Real Life, Software

It’s a big, big world

29 June 2011 Leave a comment

I am amazed at the difference in my browsing experience when in Luxembourg.

I am used to the same sidebar adverts on web sites when I am in the UK, even when I worked for an apparently paranoid USA company that funnelled everything through a US gateway – handily named ukgateway.company.com.

But here, Google results have different adverts, and web sites have different adverts too. This reminds me of this XKCD cartoon. I don’t often see adverts for chicks, but “cartoonifying” myself or touching up my photo (why should I touch up my photo when I have myself to hand???) are very common. What does that tell me about the Luxembourgish or Germans (I work for a German company).

The adverts on TV are also a little different. I watch motorsport, and only German programmes are available in my apartment. I can say with some certainty that no ad-break goes past without an advert for men’s shampoo. Seriously. I don’t get it, it’s not like the average German male head looks any different to the average UK male head. (Whereas, the average Greek male head is balder than the other two.) I just don’t understand this – how did this market develop? Do German men look down on my hair (if they are tall enough) because it lacks the body and stiffness that their products provide?

(And, personally, I think that “shiny, happy people” refers to us men with excess testosterone causing male pattern blindness.)

Categories: Real Life

It’s just more stable!

There, I’ve said it. Desktop PCs are better than laptops, because they are more stable.

I can guess why – poorly written software. Every bit of hardware in your PC – the video card, the USB port, anything *plugged*in* to the USB port, the hard drive, the DVD drive, they all rely on software usually called “drivers”. These are specialised pieces of software that know how the device works, how to put data in, how to get data out, howe to make the blue LED light up, how to put it in powersave mode, how to switch it out of powersave mode, how to check which power mode it’s in, etc.

In any computer, drivers are loaded and unloaded depending on whether the machine is docked or undocked, depending on whether it’s on battery power or not (in a latop), and so on. My Dell laptops switch their internal (wired) network cards on or off depending on whether there is mains power – nothing to do with *the*network*, just a knee-jerk reaction to a lack of guaranteed power. In principle, it’s a good thing, preserving battery life. But, add all the devices you might have – a USB memory stick, your phone – which you put on charge via USB, your iPod (so 2009), various internal bits like the internal microphone, video display card, ambient light sensor, and myriad other devices, and, come insertion or removal of the power cord, there’s a good few devices to consider. And, so, there’s a good few drivers to consider, too.

Going back to the point about the lack of good developers for drivers, the thing that most software developers lack is imagination. They get a specification, and, if they are good, they implement it. (If they are bad, then all bets are off, and your computer is hosed. And there are more idiots than you think. ) (This is one of the reasons why I don’t recommend Internet Explorer – IE is more or less part of the operating system, and the idiots on some social media web site are far too close to your operating system, and so to your computer stability). Assuming they are good developers, the specification might tell them what to do when the power cord is removed. It might tell them what to do when the laptop is removed from the docking station. However, they (the developers) rarely imagine all the possible interactions – what if the USB driver decides to do the same thing at the same time, for example? Each time, Windows might choose a different order to detatch the devices. So, there are countless permutations of what might happen, and, rather than think about them, your typical (good) software developer will pass decisions on what-to-do-when-X-happens up the chain to the person writing the specification he’s implementing. In other words, they don’t question the specification, they take a stand that it’s the whole story. It’s easy to do, a bit like saying “but he told me to do it!” while pointing at your big brother, and, after all, you have been told to impeiment *the*specification*, not make something that works in every concievable situation. However, by doing so, they remove the imagination from the process. They do not ask “what it the user holds the trackpad button down on our app as we enter suspend state?” Because that would be more work, wouldn’t it? And if you have a laptop, dock and undock regularly, then then these assumptions become important and affect the stability of your system.

Sp, I reckon that most of the problems with a Windows machine comes from the on-off switching as a machine is (a) given power (or power removed) (b) docked (c) put in sleep mode or (d) put in hibernate mode. And the problems experienced are due to the poor quality of the software called drivers – the stuff that talks to the various devices. And a desktop has far fewer events like these than a laptop.

Plug in a USB stick to your desktop – OK. This has been done several bilion times in dozens of countries throughout the world, and Microsoft have sorted out the problems. Do the same on a laptop – ditto! Shutdown five internal devices because the power cable has been unpluged – Hmm, well as Windows changes the order each time, and your laptop is pretty unique – especially that webcam – I’d have to give that a ~20% confidence level. Good luck with that, sir.

So, I have a desktop machine again, in my new job. I’ve not lost a status symbol by ditching the laptop, but I have gained some reliability. Until I unplug my mp3 player and my phone within the same five-second period, of course. Repeatedly, I mean. And I need to apply Windows updates or things might go wrong.

Categories: Real Life

Remote Access

9 May 2011 4 comments

In a previous post, I wrote that I was considering ditching my old Gentoo Linux server, as it appeared to be unsalvageable.

Well, a couple of things happened. One was an unexpected reboot due to a power outage. Another was that the system failed to come back up fully after the power surge. In fixing this, I found that the problems I’d been experiencing had gone away. This was slightly unsettling, as, although most Windows users know that turning it off and on again might be the first attempt to solve a problem, this is normally not the case with *nix machines. However, in *nix machines, if a file (E.g. a shared library) is in use, it can often be removed from the filesystem but running apps that use it can continue to run – until the reboot. As I’d been building many, many packages from source, altering the compiler used, starting and stopping daemons, altering the USE flags (Gentoo specific) used, and even the profile (again, Gentoo specific), I reckon that my machine was so confused about what was on disk, what was in use, and so on, that it wouldn’t co-operate. And the reboot cured that.

So, after the reboot, I had to fix Apache, otherwise my webmail would not work. And, as I’d manged to get the server software for my Logitech Squeezebox running under a chroot environment, I tried (and succeeded) in getting that going too.

So, I have a working system, but the kernel is ancient – six years old. And, I’m sat in a hotel room in Europe, and I can’t access iPlayer, because the bbc have detected that I am not in the UK, based on my IP address. And I’m bored. Nothing happens in Luxembourg on a Sunday. Even mindless violence is boring. (So, I went to Germany instead.)

My first thought is VPN – if I ran a VPN, then all my traffic would pop out the other end, and I’d appear to be somewhere near Reading. But, a bit of reading tells me that I need a kernel with TUN (IP tunnelling) enabled. I check my .config, and it is, yet I have failed to set some other critical variables. I balk at the idea of installing a new kernel on a machine that hasn’t had a kernel update in six years remotely. If I was there, I’d do it, and I might still *prepare* for the upgrade from here, but there’s no way I’m putting a new kernel in place on a headless, keyboardless machine. I’m relying on this for (a) email for the family (b) webmail for me and (c) an anonymous proxy just in case someone is watching me.

Hacking pay Wifi

Then, I thought about internet access. In my current hotel, I have to pay €6 a day for access. So, I did a quick google for “hack hotel internet”. For a guy with a Linux server available, there are two really good options. Both rely on laziness in the people who wrote the hot-spot software.

You’ve been at an airport, in a station, a cafe, wherever, and you get an unencrypted wi-fi signal. Brilliant! But when you access a page, the wi-fi router intercepts your request and puts an “enter your details” page – you need a username and/or password to get access. However, they’ve often been lazy, and will either allow DNS or ICMP traffic through.

DNS is where your computer converts a name (like wordpress.com) into the number used to actually send requests to another computer. ICMP is a low-level way of talking between computers, and as 99.9% of stuff that’s useful uses TCP/IP (much cleverer) then it appears harmless to let it through – it’s useless.

However, clever people have leveraged these. By adding information to the standard messages used, with a server at the other end that understands them, you can emulate or bypass the local network *if* it allows either DNS or ICMP through. This has the side-effect of all *real* requests coming from the server – which, in my case, is in good old Blighty! iPlayer, here I come!

However, to use these, I need a kernel that supports TUN. I refer you to the above paragraph on needing a kernel that supports TUN.

The other thing, I’m not happy running a huge server 24/7. I bought a nice NAS device that could be hacked, but, by the time I got one, the manufacturer had blocked the holes. I now have a slightly expensive 1TB hard drive. So, as I have an old laptop (actually scarily old, it’s overdue to fail), and a nice hard drive, I can simply install Linux (and a kernel that supports TUN!), mount the drive in an external closure, and I have a working system. Actually, I think I might buy a new low-energy PC (or laptop) instead, ‘cos that laptop is doomed to failure if I push it. And, I’m probably NOT going to use Gentoo, I’ve been using it for over ten years, and as I now know how the thing works, I want to forget about the details and just have something that works. So, a major distro, probably ubuntu.

Categories: Uncategorized

Luxembourg

6 May 2011 1 comment

On the Road…

No, not a review of Jack Kerouac’s classic semi-autobiographical book.

I’ve recently started working in Luxembourg. Most people are aghast and think it’s a huge way away, but to drive here from London is easier than driving to Glasgow. There are planes, trains, and, I guess, dirigibles if you don’t want to drive

The first thing that struck me was that despite the fact that I thought I’d encountered every kind of door lock, light switch, tap (faucet) or shower mechanism, there’s always another to discover. This shows mankind’s ingenuity in all things, a creativity that sets us apart from the rest of God’s creatures.

The second thing is that despite Luxembourg being tiny (have a look on the map, they have devoted quite a lot of it to roads. They have some massive junctions, with acres of tarmac, and a variety of different lights for drivers, pedestrians, and special lights for bus drivers. To cross the (on average; they come nd go a bit) 9-lane road from my office to the mall across the street, I have to negotiate four different sets of pedestrian lights. To be honest, it is one of the main roads into Luxemboug city, and the traffic does flow quite well, and pedestrians are definitely fairly treated.

The third thing is that it’s not cheap. It’s almost impossible to find free parking in a town (however, if you live there, you get a resident’s permit). Lunch will set you back a tenner. Even a sandwich is around four Euros. Hotels are expensive. The only cheap things are fuel (a good 15 cents/litre cheaper than neighbouring countries), booze, and fags.

However, it’s a very calm place. One of my colleagues, from East London, said that most people stay a year or two and then get bored. I can understand that. It’s not exciting, and no-one appears very excited. People aren’t keyed up – they don’t nip across roads where there are gaps in the traffic, for example. However, it’s not like Germany where even if nothing is coming they wait for the green light. But everyone seems to go to great extremes not to upset anyone else.

Categories: Real Life

Length of working day

30 April 2011 Leave a comment

Someone I know recently posted on facebook that they only worked 10.5 hours in one day, and wanted to know if he should feel guilty. I’d say definitely, yes. But not for putting in only 10.5 hours, but for doing more than his contracted hours (in the US, I guess this is 8 hours, after subtracting breaks). He should feel guilty that he’s not spending those extra hours with his family. He should feel guilty that he’s creating an expectation in the workplace that everyone should work extra, unpaid hours.

I guess that there are two reasons to work extra hours. One is that there’s a corporate culture of this. I see this in the USA, and in India as well. I see it a little in the UK, too. When I worked for a bank in the city, I was at my desk for ten hours a day, and my manager mentioned that he just wanted to see me be there a little longer. I pointed out the 3.5 hours commute I had in addition to working, and the fact that I had a 15-minute window to see my kids at night, *if* the trains were on time, but he really didn’t understand: he was young, single, and striving for promotion.

I recently read Managing Humans: Biting and Humorous Tales of a Software Engineering Manager and one thing I noticed was the number of times that working the weekend was expected. Sure, the companies appeared to be mainly startups, and maybe everyone had equity share, but it seemed that these people were expected to work extra *days* as a matter of course. This seems so wrong to me – weekends should be sacred and for the family, not working.

In some cases, it’s just being in the office, not how much work you get done. This is called “presenteeism.” For many, many years, I’ve noticed that I am edgy when involved in seemingly non-work related discussions, either at desks or at the water cooler. I’ve felt guilty that I’m not working. Now I’m doing more reading into management, and trying to develop my people skills (mildly aspergic), I don’t feel so bad about these conversations, at least I didn’t last month! But I suspect that in some places, the amount of time spent working is well below the amount of time *in*the*office*.

The second reason for working extra hours is that there is a crisis. A support issue that needs fixed to prevent the company going under. A last-minute show-stopper bug preventing a release going out. In my opinion, these are ligitimate reasons to work late. But it’s not, in my opinion, productive to work long hours for a long period. A week of extra half-days, even if fuelled with free pizza, is going to dull almost everyone, and productivity will drop so much so that everyone would be better off just working a normal day.

I’m working in Europe from next week, and one of the reasons I am going there is because there are strict labour laws where, in some cases, your manager can be fined if he lets you work more than 40 hours a week. This sounds like bliss!

That’s *my* association

23 April 2011 Leave a comment

I get really cheesed off with some software, always hijacking my file extension associations.

For the uninitiated, these link a file (normally the bit after the dot in a filename, ext in ThisIsAFile.ext) to an application. To do this, Windows (and other GUIs) keep a list: If the file is a .doc, open it with Word. If the file is a .xls, open it with Excel, if it’s a .frood, offer these choices . . . .

It’s easy for those files in my example, but there is a real, and constant battle for the audio and video world. Each time I upgrade an otherwise nice and wholesome piece of software, a video player called VLC media player, it insists on attempting to take over all my audio file extensions – like .mp3, aac, and even the playlist files .m3u, which it hides under a different menu to “audio files”. 1: it’s a video player – it’s in the bloody name and 2: every time it asks, and defaults to taking over the associations. Why can it not remember my choices from the last install? This is particularly important as the fantastic browser check from Qualys always points out when it’s out-of-date.

I need to point out that if every piece of software did this, and you didn’t respond appropriately, you’d probably not see the same application open a file twice. Yor browser would run around like an eager puppy, saying “I can deal wih that jpg; I can deal with that .bmp; I can deal with that .pr0n as well!” Thankfully, not all software is as self-centered as VLC, so the average user gets some consistency.

The popular browser, Firefox, was just as bad, I use the Heroes browser, Opera, but I also have IE and Firefox installed. I don’t use Chrome because Google are powerful enough already – actually I’d say they are too powerful, but I’ve got my 18th job interview with them lined up so I’m hoping to get in while ‘evil’ is still relatively cheap – I want a small throne, at least. But some sites do not work with Opera (despite it being the first browser to pass the ACID-3 test (stop yawning at the back!), so I need an alternative. I’d rather eat my own kidneys devilled with Tabasco sauce and onions than use IE, so I use Firefox. And Firefox was very naughty indeed, and when I upgraded it, it did not even *ask* if it could be my default browser, it just did it. As presumptuous as an Australian internet activist during a night of passion (allegedly).

So, I can understand that many, many people can get confused when they used to click on a file, and it would open in a particular app. Then, the install some more software (maybe more than one, people are fools like that) and next time they try the same action, they get an unfamiliar app thrown in their face, beause the new software has hijacked the file association.

As PC manufacturers are loading stacks of crappy software on new PCs for $$$, there is now another confusion – on my Dell Vista PC, every user (me, the wife, the kids) was hounded to buy some expensive software whenever we clicked on a particular file type – in this case, any image file at all. To put this in context, new user, new PC, plug in the new digital camera, click on the files, and the PC asks for money to install a full version of the software – that’s just wrong!

In my opinion, this is moving PCs away from being easy to use. I had this rosy idea that one day, PCs would be easy to use. They’d coaxs inexperienced users through configuration, and degrade gracefully when things went wrong. However, I think that in the immediate future (next ten years) PCs are going to be clogged down by more and more software that says it has the user’s best wishes at heart, but in reality it will recommend paid for options – and won’t even mention the free options that may be as good, or even better than, the commercial options.