First Direct Update

Earlier in the week I talked about my concerns with First Direct’s new password policy. I got an email from them about this, but it really wasn’t very reassuring.

But I kept digging. And on Thursday I got a bit more information from “^GD” on the @firstdirecthelp twitter account. It still doesn’t answer all of my questions, but I think we’re a lot closer to the truth. Here’s what I was told.

The obvious question that this raises is why, then, do they limit the length of the passwords. I asked and got this (three-tweet) reply.

To which, I replied

And got the response

I thought that “as a business we are satisfied” rather missed the point. And told them so.

I got no response to that. And @brunns got no response when he tried to push them for more details about how the passwords are stored.

So, to summarise what we know.

  • First Direct say they store the passwords “encrypted”, but it’s unclear exactly what that means
  • It was a business decision to limit the length of the passwords, but we don’t know why that was considered a good idea
  • It still appears that First Direct believe that security by obscurity is an important part of their security policy

I haven ‘t really been reassured by this interaction with First Direct. I felt that the first customer support agent I talked to tried to fob me off with glib truisms, but “^GD” tried to actually get answers to my questions – although his obvious lack of knowledge in this area meant that I didn’t really get the detailed answers that I wanted.

I’m not sure that there’s anything to be achieved by pushing this any further.

First Direct Passwords

I’ve been a happy customer of First Direct since a month or so after they opened, almost twenty-five years ago.

One of the things I really liked about them was that they hadn’t followed other banks down the route of insisting that you carried a new code-generating dongle around so that you can log into their online banking. But, of course, it was only a matter of time before that changed.

A couple of weeks ago I got a message from them telling me that Secure Key was on its way. And yesterday when I logged on to my account I was prompted to choose the flavour of secure key that I wanted to use. To be fair to them they have chosen a particularly non-intrusive implementation. Each customer gets three options:

  1. The traditional small dongle to carry around with you
  2. An extension to their smartphone app
  3. No secure key at all

If you choose the final option then you only get restricted (basically read-only) access to your account through their web site. And if you choose one of the first two options, you can always log on without  the secure key and get the same restricted access.

I chose the smartphone option. I already use their Android app and I pretty much always have my phone with me.

Usually when you log on to First Direct’s online banking you’re asked for three random characters from your password. Under the new system, that changes. I now need to log on to my smartphone app and that will give me a code to input into the web site. But to get into the smartphone app, I don’t use the old three character login. No, I needed to set up a new Digital Secure Password – which I can use for all of my interactions in this brave new world.

And that’s where I think First Direct have slipped up a bit.

When they asked my for my new password, they told me that it needed to be between 6 and 10 characters long.

Those of you with any knowledge of computer security will understand why that worries me. For those who don’t, here’s a brief explanation.

Somewhere in First Direct’s systems is a database that stores details of their customers. There will be a table containing users which has a row of data for each person who logs in to the service. That row will contain information like the users name, login name, email address and (crucially) password. So when someone tries to log in the system find the right row of data (based on the login name) and compares the password in that row with the password that has been entered on the login screen. If the two match then the person is let into the system.

Whenever you have a database table, you have to worry about what would happen if someone managed to get hold of the contents of that table. Clearly it would be a disaster if someone got hold of this table of user data – as they would then have access to the usernames and passwords of all of the bank’s users.

So, to prevent this being a problem, most rational database administrators will encrypt any passwords stored in database tables. And they will encrypt them in such a way that it is impossible (ok, that’s overstating the case a bit – but certainly really really difficult) to decrypt the data to get the passwords back. They will probably use something called a “one-way hash” to do this (if you’re wondering how you check a password when it’s encrypted like this then I explain that here).

And these one-way hashes have an interesting property. No matter how long the input string is, the hashed value you get out at the other end is the same length. For example, if you’re using a hashing algorithm called MD5, every hash you get out will be thirty-two characters long.

Therefore, if you’re using a hashing algorithm to protect your users’ passwords, it doesn’t matter how long the password is. Because the hashed version will always be the same length. You should therefore encourage your users to make their passwords as long as they want. You shouldn’t be imposing artificial length restrictions on them.

And that’s why people who know about computer security will have all shared my concerns when I said that First Direct imposed a length restriction on these new passwords. The most common reason for a maximum length on a password is that the company is storing passwords as plain text in the database. With all the attendant problems that will cause if someone gets hold of the data.

I’m not saying for sure that First Direct are doing that. I’m just saying that it’s a possibility and one that is very worrying. If that’s not the case I’d like to know what other reason they have for limiting the password’s length like this.

I’ve send them a message asking for clarification. I’ll update this post with any response that I get.

Update (17 July): I got a reply from First Direct. This is what they said.

Thank you for your message dated 16-Jul-2014 regarding the security of your password for your Digital Secure Key.

Ensuring the security of our systems is, and will continue to be, our number one priority.

All the details that are sent to and from the system are encrypted using high encryption levels. As long as you keep your password secret, we can assure you that the system is secure. As you will appreciate, we cannot provide further details about the security measures used by Internet Banking, as we must protect the integrity of the system.

Our customers also have a responsibility to ensure that they protect their computers by following our common-sense recommendations.  Further information can be found by selecting ‘security’ from the bottom menu on our website, www.firstdirect.com

Please let us know if you have any further questions, and we’ll be happy to discuss.

Which isn’t very helpful and doesn’t address my question. I’ve tried explaining it to them again.

Sky Broadband Update

It’s probably time for an update on my Sky Broadband situation.

I last wrote about Sky on 16th April. That was the date of their second failed attempt to connect me to their broadband. It was the date that I decided to cancel my order and go elsewhere.

First the good news. I was considering alternative providers. I called Virgin Media and they told me that I could have a 50 Mb fibre connection for an extra £2 a month over what I already paid them for my TV and phone package. And, as a bonus, they could do it within a week – still five days earlier than Sky had scheduled their third attempt at connecting me. I ordered it, they came round on the promised day and everything works fine. Very happy with them.

This then left me trying to cancel my Sky order. This was slightly complicated by the fact that Sky had successfully connected my phone line[1] and also the fact that this phone line is used for monitoring my ADT burglar alarm. I didn’t want to cancel the phone line until ADT had moved the alarm monitoring to the Virgin Media line. I explained all this to Sky and  they seemed to understand.

A chap called Andy in Sky’s customer service took it upon himself to take on the project. He took to phoning me weekly to ask me what was going on with ADT. To be honest, I got a bit lazy and it took me a while to get in touch with them.

Then my hand was forced. In the middle of May, some error lights on the burglar alarm started flashing. I called ADT to see what the problem was and they told me that it looked like the phone line was dead. I plugged a phone into the line and was able to confirm this. The phone line had been disconnected – despite my explicit instructions about not doing that until I asked for it.

I was a bit stuck. Calling Sky’s customer support from a non-Sky phone line is very expensive. And the only Sky line I had was dead. I tried their online chat facility, but the people you get on that are absolutely useless. Luckily Andy was due to call me for a progress update the following day, so I decided to wait for that.

When Andy called, I asked why they have disconnected the phone. He said that they hadn’t. He ran a few line checks and discovered a fault on the line. He offered to send an engineer to fix it. I told him not to bother and to go ahead with the cancellation. He told me that there was some problem with their systems that prevented him cancelling the contract right away but that he had reported the bug and would let me know when it was fixed.

Time passed.

Earlier this week, I wondered idly what was going on so I sent them an email asking for a progress report. A woman called and told me that my records said that someone (Andy, I assume) had been checking into my account daily and leaving notes explaining why he still couldn’t close the account.

The following day, I got a call from Andy (I’m sure it was pure coincidence that this was the day after I had chased them). He told me that the bug had been fixed and asked me to confirm that I still wanted to cancel the account. I told him that I did and he started the process. He warned me that I wold receive a few automated emails.

Within half an hour I got the first email, telling me that my services would be cancelled on Thursday 6th June. Hooray. But that wasn’t the end of the story.

The following day, I got another (presumably automatic email) offering me twelve months of free line rental if I changed my mind. Then I got the same message by text. And today I’ve got a missed call from a number which Google tells me is Sky’s customer retention department. They certainly seem keen to keep me. It’s a shame they didn’t put so much effort in back in April when they might have been able to salvage something from the disaster.

Oh, and I’ve received a bill. They want to charge me a month’s line rental for the phone line. A phone line that only ever really existed to serve a broadband connection that they weren’t able to provide. A phone line that I’ve used to make one call – the call to Sky customer services on 16th April when I first told them to cancel my order.

I’ve cancelled the old Be Broadband direct debit that they were planning to use to take the money. I’m amazed that they wouldn’t just waive those charges.

So, two months on I’m still (to some extent) a Sky customer. But the end is (hopefully) in sight.

Oh, and throughout all of this, the  @SkyHelpTeam Twitter account has been a source of much amusement. They reply to every mention, but haven’t got a clue what is going on. They use a social media customer tracker called Lithium. But they must have it configured wrong because each conversation starts with them knowing no history of this problem at all. And, having watched the product video, that’s exactly what Lithium is for.

Throughout this hold affair all of Sky customer service people (with about two exceptions) have shown themselves to be rubbish at their job.

[1] You’ll have noticed, no doubt, that we had to phone lines. The home phone (along with our TV) has been provided by Virgin Media for years. I also had another phone line for the broadband. I had this on a separate contract because it had been paid for through the limited company that I use for contracting.

National Rail Travel Alert

This is the text of a National Rail travel alert email that I received this morning.

Problems have been reported which may affect your journey between Balham (BAL) and Shepherd’s Bush (SPB)

More details of this disruption can be found here: http://nationalrail.co.uk/service_disruptions/76437.aspx

To see how this disruption affects your journey and to get alternative options planned for you, please use the Online Journey Planner

Alternatively, for up to date information for your station, use the Live Departure Boards.

Prefer to get in touch by phone? Call TrainTracker on 0871 200 49 50 (10p per min, mobiles higher) or text your journey details to 84950 to use TrainTracker Text

You can manage your alerts by visiting: http://ojp.nationalrail.co.uk/personal/member/myAccount

Don’t forget, you can also follow us on Twitter or Find us on Facebook for the latest rail travel news

Please do not reply to this email as it is sent from an unmonitored address. If you need to contact us, you can do so here: http://nationalrail.co.uk/feedback

Can you spot the obvious idiocy here?

It’s an HTML email. That’s obvious from the links that appear in it. Links to things like the Online Journey Planner and the Live Departure Boards. But there are a couple of links that are written as plain text URLs – ones that you can’t just click on. And one of them is the most important link in the email – the link to the full information about the problems.

In order to read whatever is on the other end of that link, you’d need to copy it and paste it into the location bar in your browser. That’s simple enough, of course, on a desktop computer. But surely one of the important use cases for these alerts is people standing on a platform trying to work out what’s going on with their train – in which case they’d almost certainly be using a smartphone. And copy and paste isn’t the easiest of things to do on a smartphone.

Someone in the National Rail Travel Alerts department is more than a little confused about how URLs in email work.

Free Web Advice: Marvel

It’s been a few years since I wrote a “free web advice” piece, but I got really annoyed by the Marvel web site this morning.

About a year ago I subscribed to Marvel Unlimited – a plan that gave me access to all of Marvel’s digital comics for about £40 a year. This morning, I got an email from them saying that my subscription was about to be renewed but that my credit card had expired so I should log on to my account and update my credit card details.

I went to log on and found that I had forgotten my password. So I used the “forgotten password” link expecting to get an email containing a link I could use to reset my password. Instead, I got an email that contained both my username and my password in plain text. If Marvel are able to send my password to me, then they must be storing everyone’s password in a readable format. It’s astonishing that a company the size of Marvel don’t understand just what an incredibly stupid idea that is. And sending both my username and password in the same email just compounds their error.

So that’s strike one – storing plain text passwords.

Having recovered my password, I was able to log on and found the page where I could give them my credit card details. But it looked like this:

Marvel Credit Card Maintenance Page

If you look closely, you’ll see that three fields – credit card type, expiration date and country – have captions, but no way to enter the required data. I’ve tried this page in both Firefox and Chrome and get the same results in both. I expect I’ll have to dig out a PC running Windows and try it on Internet Explorer as well.

I didn’t actually notice the missing fields at first. I just filled in the fields I could see and submitted the form. At that point I got an error pointing out what was missing. It’s interesting to note that the credit card type isn’t marked as required on the form (there’s no red asterisk next to it) but the error I got complained that it wasn’t filled it.

So that’s strikes two and three.
Strike two – always ensure that your web pages work on all the popular browsers.
Strike three – always mark your required data inputs accurately.

At that point I gave up trying to give money to Marvel. I poked around the site for a while to find a contact form. When I found it, it had the same problems as the credit card form – most of the input fields didn’t appear. Luckily, the contact page also gave an email address (that’s a really good idea that most web sites don’t follow). So I used that to report the problems. I’ll update this post if I get a response.

Interestingly, on my account page I was also given the option to upgrade my account. Apparently Marvel and I disagree on the meaning of the word “unlimited”. It’s not clear to me what extra benefits I could expect.

Update (four months later): Somehow, Marvel managed to renew my subscription, even though I never managed to update my credit card details. But bizarrely, this evening (over four months after writing to them) I got a reply from Marvel’s customer support. It said this:

Thank you for contacting Marvel’s Online Support services. We apologize for the delay in getting back to you. We see that you were able to renew your subscription, after contacting us. If you have any further questions, please do not hesitate to contact us. Thanks again for contacting Marvel.

Four months to reply to a simple customer support message must be some kind of record.

Sky Broadband

Back in October 2009, I wrote about how I had cancelled my Demon account and switched to Be Broadband. Be were the broadband provider of choice for the discerning geek. None of their customers had a bad thing to say against them. All was well with the world.

And then, just over a year ago, the sky fell in.

Or, rather, Sky brought out Telefonica’s broadband business – and Be was one of Telefonica’s broadband brands. It was terrible news. Geeks all over the UK were appalled that their favourite ISP could be owned by a company that so many of us have strong political objections too. The news got worse soon afterwards as it was announced that we would all be migrated over to Sky’s broadband network within a year.

A mass migration of geeks started. The internet was awash with discussions of the best alternatives. If Sky were watching, then I’m sure that they were rather taken aback by the reaction.

I was one of the people who was determined to leave. I spent many an hour perusing other broadband providers’ web sites – weighing pros and cons.

But a combination of lethargy and business took over and I never left.

In January I got a letter from Sky announcing that I would be migrating in the spring. They proudly announced that my new plan would be cheaper than my old Be plan – a fact that was only true because of a 12 month discount that they gave me. The letter came with a brochure explaining all the advantages of being with Sky. It also told me that my old Be router would work with my new connection.

Still, I didn’t change providers.

In March I got another letter telling that I’d be on a different plan (fibre, not ADSL) and that it would cost quite a bit more than my Be plan. There was no explanation of the change, but I didn’t object as I quite fancied a fibre connection.

Then I got more communication. An email telling me my  new IP address. And another telling me that my new Sky Hub was on its way. That’s the replacement router that they told me I didn’t need. Then another letter telling me that my broadband would be switched over on 10th April. And then the router itself arrived.

Then, last Thursday, the day of the changeover arrived. In the middle of the afternoon my Be connection was switched off. And replaced with nothing. The Sky connection wasn’t turned on. I was told that it could happen at any time up until midnight so I didn’t worry (much) until I got up the next day and still had no connection.

I needed to call them. But their support line costs 5p/minute unless you call from one of their phones. So I waited until I got to work. On the way I got a text from Sky telling me that I had missed an installation appointment. Which was weird because a) I didn’t have an appointment and b) my wife had been at home all day.

When I got to work, I called them. And sat there on hold for thirty minutes. Eventually I spoke to someone. He couldn’t explain why I hadn’t been connected or why I had been told I’d missed a phantom appointment. But he said that our only option was to book a new time with the BT Openreach engineers (the people who actually needed to do the work in the exchange). He said he would phone them and call me back with a date. He also set my expectations and said that it wouldn’t probably be before the middle of the next week.

He called back in about half an hour. He said that he had been offered a date of 28th April but that he had argued that down to the 16th. I realised that there was nothing else I could do, so I hunkered down to weather six days without an internet connection.

Today was the day that the connection was finally going to be made. I was slightly worried as my “track your order” was still showing the “we have a problem” message from last week. But I put that down to Sky’s incompetence and tried to think positive thoughts. My wife was at home and resetting the hub every couple of hours to see if it would spring into life – but to no avail.

When I got home this evening, I plugged our house phone into the Sky line and called their support number. I got through quickly and explained my problem. At first the adviser tried to convince me that it could still happen any time up to midnight, but I persuaded him to speak to the actual installation team. When he took me off hold he had some rather bad news. Somehow, the change of date from the 28th to the 16th had never been confirmed. And the installation team weren’t planning to do anything to my line for almost two weeks.

I explained again what I had been told. He spoke to the installation team again but they were adamant that my service was going to be turned on at the end of the month.

So I finally did what I should have done a year ago. I cancelled the contract. Well, I asked to. He put me through to a colleague in what I assume was customer retention. I explained the whole sorry tale again. He asked for half an hour to try and salvage the situation, which I agreed to. But when he called back, he said that he could do nothing to fix things. So the contract was cancelled.

All of which leaves me with no internet provider. And a long weekend coming up. I might need to leave the house. Or I might just buy a Y800.

But it’s all very disappointing. Some fundamental mistakes have been made. What Sky don’t seem to realise is that Be customers are used to a company that routinely exceeds customers’ expectations. Sky seem content to fall well short of them. There are three areas in particular where I think Sky fell down.

  • Their project planning is terrible. If you’re removing a service and replacing it with another one, then it’s basic common sense to ensure that you don’t remove the first until you’re sure that the second is ready to be put in place. I would happily wait until the end of April or beyond for my new Sky connection if they hadn’t turned off my Be connection.
  • It seems that part of the problem here is the BT Openreach team who do all of the work in the exchange. Sky are making commitments to their customers using resources that they have no control over. This is clearly ridiculous. Sky (and, I suppose all of the other ISPs who resell Openreach products) need to get contracts in place that hold Openreach to their promises. If an Openreach engineer misses an appointment, then the customer should get an emergency appointment the next day – not in two weeks time. And Openreach should compensate the ISPs for any missed appointments.
  • Sky’s communication with me throughout this has been terrible. A lot of the time I have felt like people are just telling me what I want to hear. Or I’ve been told contradictory things by two different people. I never got an explanation of why my service was upgraded from ADSL to fibre. Sky need to better train their support staff. They can learn a lot from the staff that they have inherited from Be.

So. What ISPs should I be looking at. I’m considering Virgin Media, because I already get my phone and TV through them. The broadband is a separate account (paid for by my company) but VM say I can get what sounds like a pretty good connection from them for only £2 a month more than I’m currently paying them.

But I’m open to alternative suggestions.

Macs and Me

“It never stops raining!” ranted the lorry driver. He thumped the table, spilt his tea, and actually, for a moment, appeared to be steaming.
You can’t just walk off without responding to a remark like that.
Of course it stops raining,” said Arthur. It was hardly an elegant refutation, but it had to be said.
“It rains … all … the time,” raved the man, thumping the table again, in time to the words.
Arthur shook his head.
“Stupid to say it rains all the time …” he said.
The man’s eyebrows shot up, affronted.
“Stupid? Why’s it stupid? Why’s it stupid to say it rains all the time if it rains the whole time?”
“Didn’t rain yesterday.”
“Did in Darlington.”
Arthur paused, warily.
“You going to ask me where I was yesterday?” asked the man. “Eh?”
“No,” said Arthur.
“But I expect you can guess.”
“Do you.”
“Begins with a D.”
“Does it.”
“And it was pissing down there, I can tell you.”

- So Long And Thanks For All The Fish (Douglas Adams)

When I try to explain my experience of Apple hardware to people, I’m always aware that I end up sounding like Douglas Adams’ Rain God. My Mac hardware always breaks down in some interesting and unpredictable way. People tell me that I’m exaggerating, it can’t be true that it always breaks down. But I’m not; it does.

To be precise here, every piece of Mac kit that I have ever owned has been replaced because it has stopped working in some way. This is in contrast to the large number of non-Apple laptops and desktop PCs that I have owned over the same period of time. They have all been replaced, while in good working order, because I’ve suddenly realised that I’ve owned them for a long time and there’s probably a newer, better model out there.

I’m not exaggerating here at all. It happens every time. Every. Single. Time.

I know that the plural of anecdote is not data, but here’s what I remember.

  • My first Mac was a second hand Powerbook. The battery stopped working. Because it was second hand and out of warranty, we just lived with using it plugged in. Which was fine (well, not really, but we coped) until the power lead broke because of a ridiculous design which put the most stress on the weakest point. Replacements were stupidly expensive, but we got through two of them before giving up on it.
  • Then there was the Macbook where the battery stopped working if you ever let it drain completely. We tried all of the workarounds that we found on the web, but nothing worked. Turned out this was a known fault. I took it to the Genius Bar two or  three times and each time they replaced the battery free of charge. Good service, I admit, but it shouldn’t be necessary.
  • In the end, it was a different fault that killed that Macbook. Eventually the power supply unit failed completely.
  • I can’t remember which of those first two Macs it was, but at one point we went through a fun period where every time I updated the system software the wifi connection would fail. This went on for about eighteen months. Got to the stage that I had a CD with a backup of the last known working wifi drivers that I could use to replace the buggy new ones.
  • Then there’s our current Macbook. After owning it just a year or two, the rubber covering started to come away from the base. This also turned out to be a known fault and Apple sent out a replacement base that I fitted. Good service again, but annoying that we needed to do it.
  • And finally, a few days ago, the trackpad stopped working. You can still move the mouse, but it doesn’t register clicks. It seems that this is another pretty common fault. Apparently as the battery ages, it expands, pressing against the bottom of the trackpad and preventing it from working properly. I can try loosening the screws to see if that helps but in the meantime, we’re using it with a USB mouse. I’ve got an appointment at the Genius Bar next week to see if they can help.

But I suspect that this Macbook is on its way out. Which means buying a replacement. And that’s always so depressing. Mac hardware is always so much more expensive than the equivalent non-Mac system. And it never works properly (at least in my experience).

I’ve started browsing the Apple web site. And I see that they’ve stopped making the Macbook. It’ll need to be a Macbook Air. Which means it’ll be even more expensive and, astonishingly, less functional – they don’t have a CD/DVD drive.

I know what you’re thinking? If I have such a hard time with Mac systems, then why do I still buy them. It’s not for me. My wife likes them more than Windows systems. But I think that this time we might need to have a Serious Talk about what we’re going to buy.

Year of Code on Newsnight

You’ve probably already seen the section on the government’s Year of Code initiative that was on Newsnight last Wednesday. But, in case you haven’t, here is it. We’ll wait while you catch up.

Most of the commentary I’ve seen on this concentrates on Lottie Dexter’s performance in the interview that takes up the second half of the clip. We’ll get to her later on, but the problems start long before she appears on screen. Within the first couple of minutes of the report, reporter Zoe Conway has referred to code as “baffling computer commands” and “gobbledigook”. One lesson that I’ve learned as a trainer is that a sure-fire way to ensure that students don’t understand what you’re about to teach them is to describe it as difficult or complex, so Conway’s descriptions of programming languages are hardly going to encourage people to take up programming. As Conway says “baffling computer commands”, here’s the code that appears on  the screen:

if (distance < radius) {

} else {

} // END if statement

Perhaps the fact that I’ve been programming for thirty years is clouding my judgment here, but I really don’t think that this code is “baffling”. Lily Cole does her best to counter this misinformation – saying that it’s “really cool to see how quickly we can pick it up”. I hope people listen to her and not the (obviously out of her depth) reporter. We then move on to the idea of children being taught to program at school. Various people tell us how important it is and we see a class who are trialing the programming syllabus that will be rolled out nationwide this autumn. Conway then gets to the heart of the issue. She visits East London’s “Tech City” and explains the severe shortage of programmers that the companies there are experiencing. There simply isn’t the supplier of programmers that the UK’s tech industry needs. Anything that addresses that problem should be welcomed. And then we’re back in the studio where Jeremy Paxman is talking to the Year of Code initiative’s director, Lottie Dexter. This is when it gets really weird. Let’s get a couple of things straight. I don’t think it’s a problem that Lottie Dexter isn’t a programmer. She didn’t try to hide that. She was clear about it right from the start. I also think that it’s great that she want to be a guinea pig for the Year of Code by saying that she wants to learn to code over the next year. But I do think that it’s a real shame that before coming to the interview she couldn’t find someone in her organisation[1] who could spend an hour briefing her so that she could sound like she knew what she was talking about. Instead, she just made the whole initiative look bad. Let’s look at some of the things she said.

  • “You can actually build a web site in an hour – completely from scratch.” This is true. I build web sites in an hour all the time. I install a copy of WordPress, choose a nice theme and install a few plugins. Of course, there won’t be any useful content on the site. And it will look like hundreds of other sites out there who also use the same theme. Of course, I can only do it that quickly because I’ve done dozens of previous web sites this way and I have a good idea about what works. Oh, and there’s no coding at all involved in this – so it probably falls way outside of what she was talking about. If I wanted to code up a web site from scratch, the minimum time for a web site that does something non-trivial is probably a couple of days.
  • “I think you can pick [teaching people to code] up in a day.” If you know how to code and you know how to teach, then I imagine that’s possible. But for a teacher who doesn’t already know anything about programming to pick it up in a day is a ridiculous suggestion. At college, I did a course on C which was taught by an experienced programmer and lecturer who didn’t know that particular language and who was reading the standard textbook a week ahead of us. The result was a disaster.
  • “If we start thinking about it now, I think in time for September when this goes onto the school curriculum teachers should feel confident” Colour me unconvinced
  • “I started a campaign last year. And if I had learned to code at school I could have done my own web site, I could have done my own app, I could have done my own graphics. I would have saved a hell of a lot of time, a hell of a lot of money and I think I could have done a lot better.” Sure, doing it yourself would have been cheaper. But I doubt it would have been quicker than having a professional do it. And I’m not at all sure that it would have been better. Or is she suggesting that when everyone knows how to code that we will no longer need professional programmers and web designers? I really hope not (or is that just my professional bias getting in the way?)

Paxman wasn’t much help either. I know he has a rather adversarial approach to interviewing, but was it really necessary to be quite so sneering about the whole idea? He did ask one good question though. He asked why it was necessary to code. And he’s right, of course, no-one absolutely needs to know how to code. But I think there are three reasons why teaching everyone to code is a good idea:

  1. We don’t know who is going to be good at programming. So teaching it to every child seems to be a good way of making sure as many people as possible get to try it.
  2. Even if many children don’t take up programming full-time, the fact they have been exposed to it demystifies it. They will be less likely to see it as a “black art” and will have more idea of what is possible.
  3. People who have some programming experience will be at an advantage over people who don’t. The future is going to be about data manipulation – extracting useful information from reams of data. See, for example, the Hacks and Hackers group.

So, yes, of course I agree with the idea of teaching children to code. The UK is already desperately short of programmers and that demand is only going to continue growing. But I worry slightly that the Year of Code project is just about being seen to do something rather than working out what the best thing to do it. The government have a awesome IT department doing wonderful things. I wonder what input they have had into this process. And please, can someone spend an hour or so explaining the basics of programming to Lottie Dexter before she makes her next TV appearance.

Update: Emma Mulqueeny has been working in this area for many years with her Young Rewired State project. Her reaction to the Year of Code is very interesting.

[1] Although, Tom Morris has severe doubts about the amount of technical know-how within the organisation.

UK Film Releases

I like watching films. I’ve been a member of the Clapham Picturehouse for about ten years and I like to get there a few times a month.

But I’m not very organised in my cinema-going. I never really seem to have much of an idea about what films are being released in the coming weeks. This means that sometimes I get taken by surprise when three or four films I want to see all open in the same week.

So I decided that if I had a better view of what is coming up, then I’d be better able to plan my visits. And that sent me looking for an iCal feed of upcoming UK film releases. But I was surprised to find that no such thing existed. Or, at least, if it did, it was very well hidden. I found a couple of RSS feeds on filmdates.co.uk, but they omitted the most important information – the date the film was going to be released.

After an unproductive couple of hours trying to track down an existing feed, I decided that I was just going to have to build one myself. So that’s what I did.

The iCal feed itself is at http://dave.org.uk/ukfilmrel.ics and I’ve also built a page that presents the information in a more easy to understand format. Currently, the data comes from a text file that I created by hand from just going through the latest copy of Empire. Hopefully I’ll find a better source for this information at some point in the future.

I thought it would be a two-hour job. But (as is usually the way) it took a bit longer than that and I ended up having to learn rather more about iCal than I thought I would. If you’re interested, you can find the code on Github.

If you find it useful, please let me know.

2013 in Gigs

According to Songkick, I saw 60 gigs in 2013. That’s quite an improvement on my previous record of 50 in 2011 and well past 2012’s rather disappointing 36. Songkick have stopped doing their excellent “My Year” feature, so I don’t have quite as many facts and figures at my fingertips. If they don’t do something similar next year, I might need to reimplement it myself.

This was the year that I started a separate blog about the gigs I go to. I started it early in June, but I’ve also added stub entries for a number of earlier shows.

As always, there were a few unimpressive shows. In particular, two old prog rock bands – Caravan and Camel – were both rather dull. And both MGMT and Manfred Mann’s Earth Band were massive disappointments.

So what did I like? Here, in chronological order, are ten gigs that I really enjoyed.

  1. My Bloody Valentine – I had never seen them before and had given up on ever seeing them. But, suddenly, they were back with a new album and a tour. I’m proud to say that I got through the whole show without resorting to ear-plugs.
  2. James – I bought a ticket for this largely because Echo and the Bunnymen were supporting and I had never seen them. They were great, but I’d forgotten what a fantasitc live band James are. It’s got to be twenty years since I saw them. I won’t be leaving it so long next time.
  3. Billy Bragg – I saw Billy Bragg twice this year. Both shows were great, but I think the atmosphere was better in the Union Chapel. This was also the show where he played all of Life’s A Riot as a second encore.
  4. Leonard Cohen – There are very few people who can tempt me to the O2 arena (probably London’s most soulless venue). But Leonard Cohen is one of them. Any year with a Leonard Cohen gig in it is a very good year.
  5. Amanda Palmer – Amanda Palmer is the only person who has been on all my annual top gigs lists. And if you’ve seen her live, you’ll know why. She always puts on a sensational show.
  6. David Byrne & St Vincent – As soon as I heard that David Byrne and St Vincent were making a record together, I knew that the tour was going to be unmissable. And I was right.
  7. Annie Eve – Annie Eve was  the only person I saw three times this year. And I hope to see her many more times in 2014. My favourite show was her EP launch show at Old St Pancras Church. But she’s always well worth seeing.
  8. Tunng – I saw Tunng twice this year. They were on top form both times, but I think I just preferred the second show when I saw them at Heaven.
  9. Heaven 17 – I thought this was just going to be a standard Heaven 17 show, but two things made it stand out. Firstly, the support was Scritti Politti. And secondly, Heaven 17 started by playing forty minutes of old Human League songs. It was a fantastic night.
  10. Haim – Something new to end with. I’ve been playing Haim’s first album pretty much non-stop since it was released. And they were even better live. I’ve already bought a ticket to see them again next year.

It was really hard to choose just ten gigs for this list. There were plenty of others that were just outside the list. So here’s an honourable mention for Sinéad O’Connor, Serafina Steer, Sigur Rós, Edwyn Collins and The Polyphonic Spree.

It was a great year for gigs. And next year is already shaping up to be just as good. I already have tickets to see Haim, Arcade Fire, Chvrches and a dozen other shows.

What great live music did I miss this year? What do you recommend for next year?