Archive | Personal

“We Have Got to Sort This Thing Out”

“There is a real issue here. We have got to sort this thing out” comes a rallying cry from the Cabinet Office as the Leader of the House of Commons, Harriet Harman, has her Twitter account hacked and a tweet posted widely on her behalf. Amongst the bemused, and undoubtedly by now amused, was shadow counterpart Alan Duncan. This comes only two weeks after a similar allegation made by another MP, David Wright, although I believe we’re still awaiting results from the content analysis in this case!

These stories serve to illustrate a number of purposes. First, one suspects that computers used by Cabinet members have pretty tight security – there are probably all manner of authentication tunnels and dongles between the keyboard and GCHQ. Yet, despite this, it still seems that a cabinet minister sees it as being perfectly acceptable to inform the country of their triumphs through a social networking site. Yes, it’s ‘right on’, ‘cool’ and proves you’re in touch – it’s also very democratic. Too democratic – everyone can send tweets, and everyone can send tweets posing as someone else. It also begs the question that if it’s so easy to be that democratic, why do we still elect representatives to our parliament, why can’t we all have our voice?!

But the main point I would like to highlight from these incidents is not political, but the fact that the majority of security breaches in any environment, political, commercial and social, are caused by our own selves.  ‘Hacking’ is much rarer than you would be led to believe by the media; the majority of security breaches are caused when we offer our security details to unknown people on request!  Don’t believe me?  Take a read of Kevin Mitnick and William L. Simon’s eminently readable book The Art of Deception.

I have received phone calls from my bank in the past where they have asked me for my security details – mother’s maiden name, date of birth etc.  Now on the odd occasion that this has happened, I’ve stopped and before blurting it all out, I apologise and say that I have no idea that they are really calling from my bank.  If I banked with Lloyds and heard Bach’s cantata Sleepers Awake playing gently in the background and it was 2002 then I would probably have believed them straight off, but I don’t, it wasn’t and it isn’t – so I have halted the conversation and said that I will call back.  The last time this happened the chap at the other end took quite an afront, he clearly had an important message, but he wasn’t prepared to tell me until he had authenticated me, and I wasn’t prepared to tell him what he wanted to know until I had authenticated him!  Impasse!  I called the bank back on a number published on my bank statements, went through security, and eventually someone else was able to pick up the issue – they suspected fraudulent use of my credit card; fortunately for both parties, they were mistaken.  I am, however, grateful for the occasional false positive because it shows that my bank has systems in place to spot a problem potentially days before I do!

Back to the point… I would be prepared to bet money that in Harriet Harman’s and other similar cases, their social networking accounts weren’t ‘hacked’, but that they fell victim to a simple phishing scam.  Someone asked Harriet harman for her personal login details, and she willingly tyoed them in, forgetting to check that it was indeed Twitter who was asking.  The truth is a bit embarrassing; somehow it seems acceptable that some really smart MIT dropout with an IQ of a gazillion but the social skills of a turnip hacked into a government computer and stole the login details of a cabinet minister.  Slightly less easy to swallow is that a cabinet minister probably logged into the wrong web site (albeit from a secured government computer).

Something has to be done about this!  I see two options.  First the government could upgrade its systems so that its estate of, I don’t know, quarter of a million internet capable devices, is channelled better to prevent this sort of thing happening.  The second option is to train our 500,000 civil servants to be more cautious and to be able to spot these sorts of attacks.  There’s no subterfuge, just looking at the URL of the web page you’re logging into, and a basic understanding of domain name schemas will tell you all you need to know.

Both of these options cost money and will take time – and at a time when we’re not quite sure whether we should be spending as much as possible, or reigning back spending, clearly there’s not going to be a decision taken quickly!

Maybe while the jury is out, there’s one more thing that could be done.  Why doesn’t the government put out a notice to every civil servant to migrate from whatever web browser they use to Firefox?  Once that in itself would have taken an age to communicate, luckily now every civil servant subscribes to the 10 Downing Street Twitter feed, so it’ll only take a moment of the Prime Ministers time to issue a 140 character edict and effect a massive change.  Also lucky for Gordon Brown, Twitter and Firefox are free, so no direct costs there!

Why do I offer this as a stop gap?  Well, take a look at these two web sites and join me, in 850 pixels, after the break…

Twitter ye not!

Twitter ye not!

Hmmm, the first is familiar – we all know Twitter don’t we?!  But the second, ooh, scary!  That’s the sort of screen I’d expect to see if my computer had just been hacked!

But wait, look again, really closely, look at the URL!

Both pictures show the same website!  What a great optical illusion – identical, but different!  One screenshot comes from Internet Explorer (although it looks just as Twee in all other browsers I’ve checked on), the other shot comes from Firefox.  Firefox has spotted a phishing attempt – the website in question is not from Twitter at all, but a fake site that looks suspiciously identical!  It’s a shame that when Internet Explorer 8 launched with this grandiose claim:

Internet Explorer 8 offers the best security protections among leading browsers: a study released today by NSS Labs indicates that Internet Explorer 8 blocks two to four times as many malicious sites as other browsers on the market today.

…that Microsoft forgot to instigate a mechanism to block phishing scams!

If you’ve never understood what a web phishing scam is, then you should by now.  Someone creates a page identical to one that you are familiar with, and you simply type in your username and password unsuspectingly.  They now have your account login details!  If they’re smart and the site you’re logging into poorly written, they’ll even be able to set up a session for you and pass you straight in to the real site – you will appear to have logged in to your real web account even though you entered through a completely different site…you won’t even be suspicious!

How did I come across this particular Twitter scam site?  It was linked from a direct Tweet I received this morning, obfuscated by a tr.im’ed URL…only it wasn’t from Harriet Harman’s office!

Posted in Personal0 Comments

Note to Jonathan Ive…

We’re quite excited about the launch of the iPad. Yes it’s the subject of much controversy (isn’t it just a tablet PC nearly 10 years on from Microsoft’s first announcement? Is it a computer or an oversized phone? Won’t it be useless without a keyboard? …and many are uncomfortable with its closed software model), but for me it’s exciting because it looks set to take this form to a wider market than ever before. What’s the point of the iPad? I can’t tell you right now, but by creating a broad market, the market will define its purpose, and in turn will spur innovation across portable computing. The iPad may not be obvious today, but I am willing to bet it will have a significant impact on the PC market over the next decade.

Jonathan Ive is the darling of the product design world – he is credited with a host of innovative designs that have characterised the Mac world from the late 1990′s, including the iMac, iPod, iPhone and now iPad. For a designer to have created one of these ranges of technology would be an achievement, but to be able to wow the world time after time requires genius! Product design is all about solving problems that the end user never even knew existed; Ive does that so magnificently that he wraps his solutions in forms that are also highly desired.

I like the iPhone, it’s a great device, but there’s a design flaw that bothers me, and from the pictures released of the iPad to date, it looks as if it is about to be repeated! I’m going to call it the ‘orthogonal interface transform paradox’ partly because that sounds grand, but also because the flaw is difficult to summarise briefly! Maybe the problem has been identified before and described elsewhere – I’d be interested to hear comments from product designers who might know? It’s not peculiar to the iPhone, but this is how it manifests itself on this device…

Volume on the iPhone is controlled with a ‘volume rocker’ situated on the top left of the device as you hold it upright. Press the top to increase volume, and the bottom to decrease volume. So far, so good: up is louder, down is quieter – and that’s what common sense dictates. One of the neat things about the iPhone is it’s ability to detect which direction the interface is oriented – rotate the phone sideways and in some applications, the display rotates with you.

The natural orientation for video playback on the iPhone is in a landscape mode. In iTunes you can rotate either clockwise or anti-clockwise and the video player rights itself accordingly. On other applications that play video, the natural orientation requires an anti-clockwise twist to view correctly. Unfortunately, an anti-clockwise transformation now sees the volume rocker working paradoxically – now you have to press left to go louder and right to reduce volume. The onscreen volume control works as you would expect – drag right for loud and left for quiet. Suddenly there are two volume controls available to the user, but ‘loud’ and ‘quiet’ operate in opposite directions on each.

As I mentioned, this isn’t the first technical device to suffer the ‘orthogonal interface transform paradox’. The paradox arises because a fixed physical interface doesn’t adjust to a dynamic display of information. I first noticed this with television remote controls. TV remotes have a channel rocker – press the top to go up a channel, and the bottom to go down. If they don’t have a single ‘rocker’ button, they will have two separate ones to navigate up and down through channels. If you are watching BBC1 and wish to navigate to Channel 5, you simply press ‘Channel Up’ four times. To flick back to ITV1, click ‘Channel Down’ twice. That seems pretty logical – BBC1 – UP – BBC2 – UP – ITV1 – UP – Channel 4 and so on… However, bring up the onscreen channel guide, and channels are listed with BBC1 at the top. Place the TV pointer on BBC1 and in order to get to Channel 4 you now have to press ‘Channel DOWN’: BBC1 – DOWN – BBC2 – DOWN – ITV1 – DOWN – Channel 4. The interface is completely reversed.

This isn’t a hugely serious issue, it’s unlikely that it’s led to loss of life, but it is a problem that product designers should look to solving in order to give a consistent interface experience. Furthermore, should such flaws ever be resolved, then we will all forget that they ever existed. As you can see, there’s little ‘thanks’ returned to the good product designer – all the problems were resolved before we were ever aware of them and the genius of the likes of Jonathan Ive goes largely unnoticed. Perhaps a future version of iPhone or iPad will switch the behaviour of the volume rocker in software as the device is rotated, then it’ll just be another neat feature designed into the device that is lost on most of the punters!

Posted in iPhone Development, Personal0 Comments

How does a large plastic map win a UK innovation award?

Today I was a delegate at the Geovation 2010 awards in London.  According to their own website, “Geovation is a place where innovative thinkers and geographic data can get together for the benefit of developers, entrepreneurs, website owners, end users and the wider community.”

The stress is mine, but you would kind of imagine that the very name “Geovation” would suggest innovative use of Geography … well that’s certainly what I was expecting.

The plan for the day was to listen to some pitches, vote on the candidates and then see who the esteemed judges had chosen to win a share of the prize fund.

So … with much anticipation I turned up to see the presentations about Innovative uses of Geography.  I have to admit to being a little disappointed.  There were some good ideas, and for me, one stood out head and shoulders above the rest … but I am struggling to work out how 2 (yes, TWO)  rather similar large plastic maps made it into the final. Even the Q&A session after the second presentation was asking what the difference was to the other entry (albeit couched in diplomatic language).

So to be clear. The FINAL of a UK Government sponsored (ultimately, since it was funded by the Ordnance Survey) initiative concerning INNOVATION in geography yielded 2, er, large plastic maps. Even better, they were both aimed at use in schools! Nothing wrong with that per se … but basically both “innovations” were conceptually identical and targeting the same group.

OK I thought, it’s a shame we have 2 plastic maps in the final, but the other 7 finalists will surely bring something interesting to the table. Well … yes and no.  There were other ideas, a few of which definitely had some merit, and whilst I quite agree that simply sticking something on the iPhone doesn’t render it innovative, there were some genuinely good ideas about the use of geography and technology that would have filled the brief by being called “innovative”. One of the ideas was exceptional, so much so that on my voting form I only ticked one box (rather than the two I was being asked for) and wrote in the margin, “give all the money to these guys as it was by far the best idea”

But back to the maps.

The first shocker was that the “community award” – ie the one voted for by people in the audience, overwhelmingly went to one of the large plastic maps. I found that hard to believe, and was wondering how many innovators there were in the audience … and then, to my absolute amazement, the judges awarded first place to, wait for it … the very same large plastic map!

Now don’t get me wrong, the people involved were clearly dedicated, passionate, well connected and motivated … but come on guys, we are talking about an INNOVATION award here. Large plastic maps were innovative round about the time we invented PVC in 1872 – although to be fair no practical use for PVC came about until the late 1920′s. But hey, that’s not quite 100 years ago yet so there is still plenty of room for innovation eh ;-)

So I came away not knowing quite what to think. I did have some interesting chats in the pub afterwards (and thank’s for the beer guys) and many of the entrants were both innovative, practical and interesting … but come on Geovation … to award the top prize for geographical innovation in the UK to a LARGE PLASTIC MAP does none of us any favours in UK PLC.

Posted in News, Personal3 Comments

How Amazon’s cloud saved the Golden Hour

How Amazon’s cloud saved the Golden Hour

Roger created and runs an educational site about the science of the so-called “golden hour” – the time around sunrise and sunset that has the most fantastic light for taking photographs. Although there were lots of websites giving tables of sunrise and sunset times, I wanted to create something more visual that showed the golden-hour visually and allowed you to explore how it changes with latitude and time of year.

It was an interesting project as it ties together various libraries such as the poly9 3D flash globe and openlayers mapping alongside astronomical algorithms and geolocation work. I was quite pleased with the site, put it online and then went back to work …

The Golden Hour Website

The Golden Hour Website

For a few months, there wasn’t really much interest in the site until all of a sudden in July, my traffic spiked quite significantly.

July Traffic Spike

July Traffic Spike

Nothing too dramatic, a peak of 2,000 page views per day, so in the real world not really a “peak” at all, however I was intrigued to discover that the traffic came from a mention in a Canon newsletter. With enough traffic now to make it worthwhile, I spent some time adding in some advertising to the site, some Amazon widgets to sell Canon camera gear, and again, just left it and went back to work, this time pleased that other people were enjoying the site.

My headache however arrived a month later when all of a sudden I received a terms of service violation notice from my hosting company with a note that I had exceeded their CPU allowance and had disabled the site.  Nice!

It became clear that something had triggered a much larger traffic spike and to get back online I needed to act fast.

Amazon EC2 to the rescue!

It just so happens that my work at Mindsizzlers has been exploring and evaluating cloud computing and I had been building applications in Amazon’s compute cloud for several months. This meant I had an account ready to go and was able to spin up a suitable server instance, upload the appropriate cgi scripts other resources that the golden hour required and have an alternative server up and running, literally within the space of 15 minutes or so.

My other good fortune was that I’m in the habit of using short DNS time-to-live values on many sites through DNS made easy (daft name, great service). This meant I could change the A-records for the golden hour and get the traffic flowing across pretty quickly. In the meantime I was able to put a redirect in at the old host to bounce the traffic into the cloud until things calmed down.

Incidentally, this was the traffic spike. It’s the first one in the graphic.

First spike took the site down, the second I was prepared for.

First spike took the site down, the second I was prepared for.

The spike was due to a mention on www.lifehacker.com and generated an intense burst of visitors that I had absolutely no warning about.

Without Amazon’s computing cloud, I’d have been sunk. My hosting company were fast to turn the site off, but then unacceptably slow at responding to any follow up. It took over 4 hours to restore even limited access and in fact it turned out that I had a widget that wasn’t delivering cached output which was the real cause of the problem in the first place.

With Amazon and EC2, I was able to get a new server on-line in minutes and the best part is I only needed to pay by the hour I was using it. Actually it’s even better than that. One USP about the Amazon cloud is that I’m not tied into having a particular operating system ( think Azure ) or writing my application in a particular language ( think Google Appengine ). This really is a killer feature of Amazon’s cloud, I can pick from hundreds (if not thousands) of machine images or build my own from a basic starting point, but at all times I am in control, I can pick the operating system, how much memory I need, what sort of CPU power I want – it really is the perfect instant on-line server shop and what makes it even more amazing is that it comes from a company that started life as a book seller.

Anyway, as things calmed down, what I did was have round robin DNS so that half the visitors are served by my original hosting company, and half are served by a cloud instance that I use for other projects too.  This was very handy a few weeks later because the more observant of you will have noticed a second traffic spike on the chart – this time it came from being voted “cool site of the day” by America’s Digital Goddess  (no, really, I’m not making this up). Two great things about that. Firstly they were kind enough to warn me a day or so in advance – thanks guys, and secondly with the round robin DNS in place, and the cloud humming away nicely, the servers barely broke into a sweat.

Posted in Cloud Computing, Featured, Personal0 Comments

Short URLs and Measuring your Audience

Short URLs and Measuring your Audience

Having worked with the world of advertising for several years, I learned how important metrics are in measuring audience, reach and response. This is one of the contributing reasons why digital advertising spend in the UK eclipsed that of TV for the first time in 2009. On the internet, everything can be measured and increasingly you can trace your audience back to a locale, a company, even back to an individual. It’s not surprising therefore that many online services have powerful analytical engines behind them and that almost every web page contains tracking code from the likes of Google Analytics, Omniture or Open Source player Piwik.

Following this trend, one of the main differentiators between URL shortening services is the reporting that they offer back to you. URL shortening services have been around for several years but were made hugely popular with the arrival of Twitter. With a 140 character limit on posts, you don’t want URL’s taking up over half of your allocation! It’s also not surprising that in backing http://bit.ly that Twitter have pushed that service to prominence ahead of all the others. There are plenty of alternatives out there including one of the earliest players, http://tinyurl.com, and http://tr.im. As well as appearing in Tweets, they are commonly used in print publications, partly to give readers a shorter URL to type in, but also so that editors can track reader response.

If you want to choose between URL shortening services, there are several things to consider:-

  • The overall length of the URL: the difference between ‘tinyurl.com’ and ‘j.mp’ might make all the difference to you!
  • The reliability of the service: the service has to be running for anyone to follow your links
  • The reporting metrics behind the service: what statistical breakdown do you get and how reliable are the stats?
  • The viability of the service: in August 2009 http://tr.im announced that they were closing; they reversed their decision days later but neither their, or any other operator’s, long term assurance can be guaranteed

Here’s another issue to consider…who can view your metrics? Stats made available by http://bit.ly and sister service http://j.mp are available to everyone! To view stats on any of their URL’s, just add a ‘+’ onto the URL and see just how many followers there have been. This may not bother you, but there are plenty of instances where you may not want your information available to the world! It does make interesting data though. Legendary Tweeter Stephen Fry currently has well over 1 million followers, and links in his posts and direct messages attract somewhere between 12,000 and 30,000 clicks…many advertisers would be pleased with a response rate of 2%!

Posted in Personal0 Comments


Advert

For more information about our services…

Contact Us

Wordle of the Day

Image from software at http://wordle.net
Data by Web Trends Now

Categories