Category Archives: tech

First Direct Update

Earlier in the week I talked about my concerns with First Direct’s new password policy. I got an email from them about this, but it really wasn’t very reassuring.

But I kept digging. And on Thursday I got a bit more information from “^GD” on the @firstdirecthelp twitter account. It still doesn’t answer all of my questions, but I think we’re a lot closer to the truth. Here’s what I was told.

The obvious question that this raises is why, then, do they limit the length of the passwords. I asked and got this (three-tweet) reply.

To which, I replied

And got the response

I thought that “as a business we are satisfied” rather missed the point. And told them so.

I got no response to that. And @brunns got no response when he tried to push them for more details about how the passwords are stored.

So, to summarise what we know.

  • First Direct say they store the passwords “encrypted”, but it’s unclear exactly what that means
  • It was a business decision to limit the length of the passwords, but we don’t know why that was considered a good idea
  • It still appears that First Direct believe that security by obscurity is an important part of their security policy

I haven ‘t really been reassured by this interaction with First Direct. I felt that the first customer support agent I talked to tried to fob me off with glib truisms, but “^GD” tried to actually get answers to my questions – although his obvious lack of knowledge in this area meant that I didn’t really get the detailed answers that I wanted.

I’m not sure that there’s anything to be achieved by pushing this any further.

First Direct Passwords

I’ve been a happy customer of First Direct since a month or so after they opened, almost twenty-five years ago.

One of the things I really liked about them was that they hadn’t followed other banks down the route of insisting that you carried a new code-generating dongle around so that you can log into their online banking. But, of course, it was only a matter of time before that changed.

A couple of weeks ago I got a message from them telling me that Secure Key was on its way. And yesterday when I logged on to my account I was prompted to choose the flavour of secure key that I wanted to use. To be fair to them they have chosen a particularly non-intrusive implementation. Each customer gets three options:

  1. The traditional small dongle to carry around with you
  2. An extension to their smartphone app
  3. No secure key at all

If you choose the final option then you only get restricted (basically read-only) access to your account through their web site. And if you choose one of the first two options, you can always log on without  the secure key and get the same restricted access.

I chose the smartphone option. I already use their Android app and I pretty much always have my phone with me.

Usually when you log on to First Direct’s online banking you’re asked for three random characters from your password. Under the new system, that changes. I now need to log on to my smartphone app and that will give me a code to input into the web site. But to get into the smartphone app, I don’t use the old three character login. No, I needed to set up a new Digital Secure Password – which I can use for all of my interactions in this brave new world.

And that’s where I think First Direct have slipped up a bit.

When they asked my for my new password, they told me that it needed to be between 6 and 10 characters long.

Those of you with any knowledge of computer security will understand why that worries me. For those who don’t, here’s a brief explanation.

Somewhere in First Direct’s systems is a database that stores details of their customers. There will be a table containing users which has a row of data for each person who logs in to the service. That row will contain information like the users name, login name, email address and (crucially) password. So when someone tries to log in the system find the right row of data (based on the login name) and compares the password in that row with the password that has been entered on the login screen. If the two match then the person is let into the system.

Whenever you have a database table, you have to worry about what would happen if someone managed to get hold of the contents of that table. Clearly it would be a disaster if someone got hold of this table of user data – as they would then have access to the usernames and passwords of all of the bank’s users.

So, to prevent this being a problem, most rational database administrators will encrypt any passwords stored in database tables. And they will encrypt them in such a way that it is impossible (ok, that’s overstating the case a bit – but certainly really really difficult) to decrypt the data to get the passwords back. They will probably use something called a “one-way hash” to do this (if you’re wondering how you check a password when it’s encrypted like this then I explain that here).

And these one-way hashes have an interesting property. No matter how long the input string is, the hashed value you get out at the other end is the same length. For example, if you’re using a hashing algorithm called MD5, every hash you get out will be thirty-two characters long.

Therefore, if you’re using a hashing algorithm to protect your users’ passwords, it doesn’t matter how long the password is. Because the hashed version will always be the same length. You should therefore encourage your users to make their passwords as long as they want. You shouldn’t be imposing artificial length restrictions on them.

And that’s why people who know about computer security will have all shared my concerns when I said that First Direct imposed a length restriction on these new passwords. The most common reason for a maximum length on a password is that the company is storing passwords as plain text in the database. With all the attendant problems that will cause if someone gets hold of the data.

I’m not saying for sure that First Direct are doing that. I’m just saying that it’s a possibility and one that is very worrying. If that’s not the case I’d like to know what other reason they have for limiting the password’s length like this.

I’ve send them a message asking for clarification. I’ll update this post with any response that I get.

Update (17 July): I got a reply from First Direct. This is what they said.

Thank you for your message dated 16-Jul-2014 regarding the security of your password for your Digital Secure Key.

Ensuring the security of our systems is, and will continue to be, our number one priority.

All the details that are sent to and from the system are encrypted using high encryption levels. As long as you keep your password secret, we can assure you that the system is secure. As you will appreciate, we cannot provide further details about the security measures used by Internet Banking, as we must protect the integrity of the system.

Our customers also have a responsibility to ensure that they protect their computers by following our common-sense recommendations.  Further information can be found by selecting ‘security’ from the bottom menu on our website, www.firstdirect.com

Please let us know if you have any further questions, and we’ll be happy to discuss.

Which isn’t very helpful and doesn’t address my question. I’ve tried explaining it to them again.

National Rail Travel Alert

This is the text of a National Rail travel alert email that I received this morning.

Problems have been reported which may affect your journey between Balham (BAL) and Shepherd’s Bush (SPB)

More details of this disruption can be found here: http://nationalrail.co.uk/service_disruptions/76437.aspx

To see how this disruption affects your journey and to get alternative options planned for you, please use the Online Journey Planner

Alternatively, for up to date information for your station, use the Live Departure Boards.

Prefer to get in touch by phone? Call TrainTracker on 0871 200 49 50 (10p per min, mobiles higher) or text your journey details to 84950 to use TrainTracker Text

You can manage your alerts by visiting: http://ojp.nationalrail.co.uk/personal/member/myAccount

Don’t forget, you can also follow us on Twitter or Find us on Facebook for the latest rail travel news

Please do not reply to this email as it is sent from an unmonitored address. If you need to contact us, you can do so here: http://nationalrail.co.uk/feedback

Can you spot the obvious idiocy here?

It’s an HTML email. That’s obvious from the links that appear in it. Links to things like the Online Journey Planner and the Live Departure Boards. But there are a couple of links that are written as plain text URLs – ones that you can’t just click on. And one of them is the most important link in the email – the link to the full information about the problems.

In order to read whatever is on the other end of that link, you’d need to copy it and paste it into the location bar in your browser. That’s simple enough, of course, on a desktop computer. But surely one of the important use cases for these alerts is people standing on a platform trying to work out what’s going on with their train – in which case they’d almost certainly be using a smartphone. And copy and paste isn’t the easiest of things to do on a smartphone.

Someone in the National Rail Travel Alerts department is more than a little confused about how URLs in email work.

Free Web Advice: Marvel

It’s been a few years since I wrote a “free web advice” piece, but I got really annoyed by the Marvel web site this morning.

About a year ago I subscribed to Marvel Unlimited – a plan that gave me access to all of Marvel’s digital comics for about £40 a year. This morning, I got an email from them saying that my subscription was about to be renewed but that my credit card had expired so I should log on to my account and update my credit card details.

I went to log on and found that I had forgotten my password. So I used the “forgotten password” link expecting to get an email containing a link I could use to reset my password. Instead, I got an email that contained both my username and my password in plain text. If Marvel are able to send my password to me, then they must be storing everyone’s password in a readable format. It’s astonishing that a company the size of Marvel don’t understand just what an incredibly stupid idea that is. And sending both my username and password in the same email just compounds their error.

So that’s strike one – storing plain text passwords.

Having recovered my password, I was able to log on and found the page where I could give them my credit card details. But it looked like this:

Marvel Credit Card Maintenance Page

If you look closely, you’ll see that three fields – credit card type, expiration date and country – have captions, but no way to enter the required data. I’ve tried this page in both Firefox and Chrome and get the same results in both. I expect I’ll have to dig out a PC running Windows and try it on Internet Explorer as well.

I didn’t actually notice the missing fields at first. I just filled in the fields I could see and submitted the form. At that point I got an error pointing out what was missing. It’s interesting to note that the credit card type isn’t marked as required on the form (there’s no red asterisk next to it) but the error I got complained that it wasn’t filled it.

So that’s strikes two and three.
Strike two – always ensure that your web pages work on all the popular browsers.
Strike three – always mark your required data inputs accurately.

At that point I gave up trying to give money to Marvel. I poked around the site for a while to find a contact form. When I found it, it had the same problems as the credit card form – most of the input fields didn’t appear. Luckily, the contact page also gave an email address (that’s a really good idea that most web sites don’t follow). So I used that to report the problems. I’ll update this post if I get a response.

Interestingly, on my account page I was also given the option to upgrade my account. Apparently Marvel and I disagree on the meaning of the word “unlimited”. It’s not clear to me what extra benefits I could expect.

Update (four months later): Somehow, Marvel managed to renew my subscription, even though I never managed to update my credit card details. But bizarrely, this evening (over four months after writing to them) I got a reply from Marvel’s customer support. It said this:

Thank you for contacting Marvel’s Online Support services. We apologize for the delay in getting back to you. We see that you were able to renew your subscription, after contacting us. If you have any further questions, please do not hesitate to contact us. Thanks again for contacting Marvel.

Four months to reply to a simple customer support message must be some kind of record.

Sky Broadband

Back in October 2009, I wrote about how I had cancelled my Demon account and switched to Be Broadband. Be were the broadband provider of choice for the discerning geek. None of their customers had a bad thing to say against them. All was well with the world.

And then, just over a year ago, the sky fell in.

Or, rather, Sky brought out Telefonica’s broadband business – and Be was one of Telefonica’s broadband brands. It was terrible news. Geeks all over the UK were appalled that their favourite ISP could be owned by a company that so many of us have strong political objections too. The news got worse soon afterwards as it was announced that we would all be migrated over to Sky’s broadband network within a year.

A mass migration of geeks started. The internet was awash with discussions of the best alternatives. If Sky were watching, then I’m sure that they were rather taken aback by the reaction.

I was one of the people who was determined to leave. I spent many an hour perusing other broadband providers’ web sites – weighing pros and cons.

But a combination of lethargy and business took over and I never left.

In January I got a letter from Sky announcing that I would be migrating in the spring. They proudly announced that my new plan would be cheaper than my old Be plan – a fact that was only true because of a 12 month discount that they gave me. The letter came with a brochure explaining all the advantages of being with Sky. It also told me that my old Be router would work with my new connection.

Still, I didn’t change providers.

In March I got another letter telling that I’d be on a different plan (fibre, not ADSL) and that it would cost quite a bit more than my Be plan. There was no explanation of the change, but I didn’t object as I quite fancied a fibre connection.

Then I got more communication. An email telling me my  new IP address. And another telling me that my new Sky Hub was on its way. That’s the replacement router that they told me I didn’t need. Then another letter telling me that my broadband would be switched over on 10th April. And then the router itself arrived.

Then, last Thursday, the day of the changeover arrived. In the middle of the afternoon my Be connection was switched off. And replaced with nothing. The Sky connection wasn’t turned on. I was told that it could happen at any time up until midnight so I didn’t worry (much) until I got up the next day and still had no connection.

I needed to call them. But their support line costs 5p/minute unless you call from one of their phones. So I waited until I got to work. On the way I got a text from Sky telling me that I had missed an installation appointment. Which was weird because a) I didn’t have an appointment and b) my wife had been at home all day.

When I got to work, I called them. And sat there on hold for thirty minutes. Eventually I spoke to someone. He couldn’t explain why I hadn’t been connected or why I had been told I’d missed a phantom appointment. But he said that our only option was to book a new time with the BT Openreach engineers (the people who actually needed to do the work in the exchange). He said he would phone them and call me back with a date. He also set my expectations and said that it wouldn’t probably be before the middle of the next week.

He called back in about half an hour. He said that he had been offered a date of 28th April but that he had argued that down to the 16th. I realised that there was nothing else I could do, so I hunkered down to weather six days without an internet connection.

Today was the day that the connection was finally going to be made. I was slightly worried as my “track your order” was still showing the “we have a problem” message from last week. But I put that down to Sky’s incompetence and tried to think positive thoughts. My wife was at home and resetting the hub every couple of hours to see if it would spring into life – but to no avail.

When I got home this evening, I plugged our house phone into the Sky line and called their support number. I got through quickly and explained my problem. At first the adviser tried to convince me that it could still happen any time up to midnight, but I persuaded him to speak to the actual installation team. When he took me off hold he had some rather bad news. Somehow, the change of date from the 28th to the 16th had never been confirmed. And the installation team weren’t planning to do anything to my line for almost two weeks.

I explained again what I had been told. He spoke to the installation team again but they were adamant that my service was going to be turned on at the end of the month.

So I finally did what I should have done a year ago. I cancelled the contract. Well, I asked to. He put me through to a colleague in what I assume was customer retention. I explained the whole sorry tale again. He asked for half an hour to try and salvage the situation, which I agreed to. But when he called back, he said that he could do nothing to fix things. So the contract was cancelled.

All of which leaves me with no internet provider. And a long weekend coming up. I might need to leave the house. Or I might just buy a Y800.

But it’s all very disappointing. Some fundamental mistakes have been made. What Sky don’t seem to realise is that Be customers are used to a company that routinely exceeds customers’ expectations. Sky seem content to fall well short of them. There are three areas in particular where I think Sky fell down.

  • Their project planning is terrible. If you’re removing a service and replacing it with another one, then it’s basic common sense to ensure that you don’t remove the first until you’re sure that the second is ready to be put in place. I would happily wait until the end of April or beyond for my new Sky connection if they hadn’t turned off my Be connection.
  • It seems that part of the problem here is the BT Openreach team who do all of the work in the exchange. Sky are making commitments to their customers using resources that they have no control over. This is clearly ridiculous. Sky (and, I suppose all of the other ISPs who resell Openreach products) need to get contracts in place that hold Openreach to their promises. If an Openreach engineer misses an appointment, then the customer should get an emergency appointment the next day – not in two weeks time. And Openreach should compensate the ISPs for any missed appointments.
  • Sky’s communication with me throughout this has been terrible. A lot of the time I have felt like people are just telling me what I want to hear. Or I’ve been told contradictory things by two different people. I never got an explanation of why my service was upgraded from ADSL to fibre. Sky need to better train their support staff. They can learn a lot from the staff that they have inherited from Be.

So. What ISPs should I be looking at. I’m considering Virgin Media, because I already get my phone and TV through them. The broadband is a separate account (paid for by my company) but VM say I can get what sounds like a pretty good connection from them for only £2 a month more than I’m currently paying them.

But I’m open to alternative suggestions.

Macs and Me

“It never stops raining!” ranted the lorry driver. He thumped the table, spilt his tea, and actually, for a moment, appeared to be steaming.
You can’t just walk off without responding to a remark like that.
Of course it stops raining,” said Arthur. It was hardly an elegant refutation, but it had to be said.
“It rains … all … the time,” raved the man, thumping the table again, in time to the words.
Arthur shook his head.
“Stupid to say it rains all the time …” he said.
The man’s eyebrows shot up, affronted.
“Stupid? Why’s it stupid? Why’s it stupid to say it rains all the time if it rains the whole time?”
“Didn’t rain yesterday.”
“Did in Darlington.”
Arthur paused, warily.
“You going to ask me where I was yesterday?” asked the man. “Eh?”
“No,” said Arthur.
“But I expect you can guess.”
“Do you.”
“Begins with a D.”
“Does it.”
“And it was pissing down there, I can tell you.”

- So Long And Thanks For All The Fish (Douglas Adams)

When I try to explain my experience of Apple hardware to people, I’m always aware that I end up sounding like Douglas Adams’ Rain God. My Mac hardware always breaks down in some interesting and unpredictable way. People tell me that I’m exaggerating, it can’t be true that it always breaks down. But I’m not; it does.

To be precise here, every piece of Mac kit that I have ever owned has been replaced because it has stopped working in some way. This is in contrast to the large number of non-Apple laptops and desktop PCs that I have owned over the same period of time. They have all been replaced, while in good working order, because I’ve suddenly realised that I’ve owned them for a long time and there’s probably a newer, better model out there.

I’m not exaggerating here at all. It happens every time. Every. Single. Time.

I know that the plural of anecdote is not data, but here’s what I remember.

  • My first Mac was a second hand Powerbook. The battery stopped working. Because it was second hand and out of warranty, we just lived with using it plugged in. Which was fine (well, not really, but we coped) until the power lead broke because of a ridiculous design which put the most stress on the weakest point. Replacements were stupidly expensive, but we got through two of them before giving up on it.
  • Then there was the Macbook where the battery stopped working if you ever let it drain completely. We tried all of the workarounds that we found on the web, but nothing worked. Turned out this was a known fault. I took it to the Genius Bar two or  three times and each time they replaced the battery free of charge. Good service, I admit, but it shouldn’t be necessary.
  • In the end, it was a different fault that killed that Macbook. Eventually the power supply unit failed completely.
  • I can’t remember which of those first two Macs it was, but at one point we went through a fun period where every time I updated the system software the wifi connection would fail. This went on for about eighteen months. Got to the stage that I had a CD with a backup of the last known working wifi drivers that I could use to replace the buggy new ones.
  • Then there’s our current Macbook. After owning it just a year or two, the rubber covering started to come away from the base. This also turned out to be a known fault and Apple sent out a replacement base that I fitted. Good service again, but annoying that we needed to do it.
  • And finally, a few days ago, the trackpad stopped working. You can still move the mouse, but it doesn’t register clicks. It seems that this is another pretty common fault. Apparently as the battery ages, it expands, pressing against the bottom of the trackpad and preventing it from working properly. I can try loosening the screws to see if that helps but in the meantime, we’re using it with a USB mouse. I’ve got an appointment at the Genius Bar next week to see if they can help.

But I suspect that this Macbook is on its way out. Which means buying a replacement. And that’s always so depressing. Mac hardware is always so much more expensive than the equivalent non-Mac system. And it never works properly (at least in my experience).

I’ve started browsing the Apple web site. And I see that they’ve stopped making the Macbook. It’ll need to be a Macbook Air. Which means it’ll be even more expensive and, astonishingly, less functional – they don’t have a CD/DVD drive.

I know what you’re thinking? If I have such a hard time with Mac systems, then why do I still buy them. It’s not for me. My wife likes them more than Windows systems. But I think that this time we might need to have a Serious Talk about what we’re going to buy.

Year of Code on Newsnight

You’ve probably already seen the section on the government’s Year of Code initiative that was on Newsnight last Wednesday. But, in case you haven’t, here is it. We’ll wait while you catch up.

Most of the commentary I’ve seen on this concentrates on Lottie Dexter’s performance in the interview that takes up the second half of the clip. We’ll get to her later on, but the problems start long before she appears on screen. Within the first couple of minutes of the report, reporter Zoe Conway has referred to code as “baffling computer commands” and “gobbledigook”. One lesson that I’ve learned as a trainer is that a sure-fire way to ensure that students don’t understand what you’re about to teach them is to describe it as difficult or complex, so Conway’s descriptions of programming languages are hardly going to encourage people to take up programming. As Conway says “baffling computer commands”, here’s the code that appears on  the screen:

if (distance < radius) {

} else {

} // END if statement

Perhaps the fact that I’ve been programming for thirty years is clouding my judgment here, but I really don’t think that this code is “baffling”. Lily Cole does her best to counter this misinformation – saying that it’s “really cool to see how quickly we can pick it up”. I hope people listen to her and not the (obviously out of her depth) reporter. We then move on to the idea of children being taught to program at school. Various people tell us how important it is and we see a class who are trialing the programming syllabus that will be rolled out nationwide this autumn. Conway then gets to the heart of the issue. She visits East London’s “Tech City” and explains the severe shortage of programmers that the companies there are experiencing. There simply isn’t the supplier of programmers that the UK’s tech industry needs. Anything that addresses that problem should be welcomed. And then we’re back in the studio where Jeremy Paxman is talking to the Year of Code initiative’s director, Lottie Dexter. This is when it gets really weird. Let’s get a couple of things straight. I don’t think it’s a problem that Lottie Dexter isn’t a programmer. She didn’t try to hide that. She was clear about it right from the start. I also think that it’s great that she want to be a guinea pig for the Year of Code by saying that she wants to learn to code over the next year. But I do think that it’s a real shame that before coming to the interview she couldn’t find someone in her organisation[1] who could spend an hour briefing her so that she could sound like she knew what she was talking about. Instead, she just made the whole initiative look bad. Let’s look at some of the things she said.

  • “You can actually build a web site in an hour – completely from scratch.” This is true. I build web sites in an hour all the time. I install a copy of WordPress, choose a nice theme and install a few plugins. Of course, there won’t be any useful content on the site. And it will look like hundreds of other sites out there who also use the same theme. Of course, I can only do it that quickly because I’ve done dozens of previous web sites this way and I have a good idea about what works. Oh, and there’s no coding at all involved in this – so it probably falls way outside of what she was talking about. If I wanted to code up a web site from scratch, the minimum time for a web site that does something non-trivial is probably a couple of days.
  • “I think you can pick [teaching people to code] up in a day.” If you know how to code and you know how to teach, then I imagine that’s possible. But for a teacher who doesn’t already know anything about programming to pick it up in a day is a ridiculous suggestion. At college, I did a course on C which was taught by an experienced programmer and lecturer who didn’t know that particular language and who was reading the standard textbook a week ahead of us. The result was a disaster.
  • “If we start thinking about it now, I think in time for September when this goes onto the school curriculum teachers should feel confident” Colour me unconvinced
  • “I started a campaign last year. And if I had learned to code at school I could have done my own web site, I could have done my own app, I could have done my own graphics. I would have saved a hell of a lot of time, a hell of a lot of money and I think I could have done a lot better.” Sure, doing it yourself would have been cheaper. But I doubt it would have been quicker than having a professional do it. And I’m not at all sure that it would have been better. Or is she suggesting that when everyone knows how to code that we will no longer need professional programmers and web designers? I really hope not (or is that just my professional bias getting in the way?)

Paxman wasn’t much help either. I know he has a rather adversarial approach to interviewing, but was it really necessary to be quite so sneering about the whole idea? He did ask one good question though. He asked why it was necessary to code. And he’s right, of course, no-one absolutely needs to know how to code. But I think there are three reasons why teaching everyone to code is a good idea:

  1. We don’t know who is going to be good at programming. So teaching it to every child seems to be a good way of making sure as many people as possible get to try it.
  2. Even if many children don’t take up programming full-time, the fact they have been exposed to it demystifies it. They will be less likely to see it as a “black art” and will have more idea of what is possible.
  3. People who have some programming experience will be at an advantage over people who don’t. The future is going to be about data manipulation – extracting useful information from reams of data. See, for example, the Hacks and Hackers group.

So, yes, of course I agree with the idea of teaching children to code. The UK is already desperately short of programmers and that demand is only going to continue growing. But I worry slightly that the Year of Code project is just about being seen to do something rather than working out what the best thing to do it. The government have a awesome IT department doing wonderful things. I wonder what input they have had into this process. And please, can someone spend an hour or so explaining the basics of programming to Lottie Dexter before she makes her next TV appearance.

Update: Emma Mulqueeny has been working in this area for many years with her Young Rewired State project. Her reaction to the Year of Code is very interesting.

[1] Although, Tom Morris has severe doubts about the amount of technical know-how within the organisation.

Jessica London

Recently, I started getting unsolicited email from a company called Jessica London. They sell women’s clothes and they seem to think that I’d be interested in all of their latest offers. I have no idea where they got my email address from. I know I have never dealt with them so it’s not a case of me forgetting to uncheck the “please spam me” box when registering with them or anything like that. In fact they have been using an email address that I never use for those kinds of purposes.

But I think they’re a real company. So today I decided I’d use the unsubscribe link in their email to see if that would actually remove me from their mailing list. I know this is a risky strategy, but I like to live on the edge sometimes.

The link took me to a page where I could tell them why I was unsubscribing. There was a series of radio button – which means I could only select one of them. It’s interesting to note the reasons that they think it’s worth tracking.

  • Receive too many emails from Jessica London
    Well that’s true, but I don’t think it really gets to the heart of the matter
  • Email content wasn’t relevant to me
    Also true, but misses the point
  • I no longer plan to shop at Jessica London
    I never had any plans to shop at Jessica London
  • I am cutting back my spending on clothing
    That’s not the case. I’ve never spent that much on clothing
  • I prefer to stay connected via Social Media (Facebook, Twitter, etc.)
    I like to connect to people via social media – but not to brands that I have no interest in
  • Other

In the end, I chose “other”, hoping that they would then give me a text box where I could write “because you’re a bunch of obnoxious spammers”. But no such box appeared. So they just know that I had “other” reasons for unsubscribing.

I was left with no alternative other than to write this blog post in the hope that Google will help them discover my actual reason for unsubscribing.

 

Public Wifi

We’re finally reaching the stage where public wifi is becoming ubiquitous in London – at least when you’re indoors. It’s now quite strange to be somewhere that doesn’t have wifi available. But as it’s all supplied by commercial operators, it can all get a bit confusing. I know a few people who leave wifi turned off on their smartphones because they’d rather rely on the 3G connection (which always works) than a wifi connection that doesn’t work because they haven’t logged on to the providers service.

It would be nice if these providers all just used the standard WEP or WPA security protocols. These both prompt you for a password when you connect to the network. Your device can then store the password and always connect you whenever you’re within range. That’s probably how you have your home wifi set up.

But that’s not how the commercial providers do it. They want your to actually log in to the network. That might be so that they can trace each users’ individual network traffic. Or, sadly more often, it’s probably because they want to show you a web page covered with lots of lovely adverts (or collect your email address so they can spam you). This is a rather broken approach as it assumes that the first network request that you make will be to a web page – so that they can interrupt the request and show you their login page instead. Often your first network request might be an app (perhaps Twitter or Foursquare) which won’t know what to do when it gets a login page back rather than the app-specific data that it was expecting.

Recent Android versions try to deal with this (perhaps other platforms do too). As soon as you connect to a network, they make a request and try to work out whether you need to log in. If you do, they will tell you so. It’s all rather non-standard, but it’s the device makers trying to make the best of a bad situation.

If that was the worst of it, then public wifi wouldn’t be too bad. Most people would be happy to use it. But there are two other things that some wifi operators do which serve no purpose other than annoying people.

Remember I mentioned how the network will interrupt your first request and redirect it to the login page? Once you’ve logged in, a polite service will complete your original request and redirect you to the page you were originally trying to visit. A rude service (and there are plenty of them about) will complete the request by redirecting you to another page on their web site – assuming, no doubt, that you can never show people too many adverts.

That’s really annoying. But there’s one more thing that wifi operators do which makes that pale into insignificance.

They make you log in again after a certain period of time. This makes me really angry. Picture the scene. You go to a pub and the second thing you do (after buying a round, of course) is to check in on Foursquare. For that you need to connect to the network, so you jump through all the connection hoops. Then you put the phone back in your pocket and start to enjoy a conversation with your friends. Half an hour later it becomes vital that you know the exact date that “Another Brick in the Wall (Part 2)” reached number one. So you reach for your phone to look it up on Wikipedia. Only to find that you need to go through all the log in rigmarole again.

This kind of experience is commonplace. And it leads to one of two outcomes. Either people turn their wifi off because it’s all too much of a faff (and then venues start to decide that it’s not worth having wifi as no-one uses it) or, alternatively, people keep jumping through the hoops and come to believe that this broken and frustrating experience is just how public wifi has to be. And that’s just not true.

Do you run public wifi? How is it set up? Please consider making it as easy as possible for people to use your wifi. What’s the point of annoying your customers?

OpenTech 2013

Yesterday was the (almost) annual OpenTech conference. For various reasons, the conference didn’t happen last year, so it was good to see it back this year.

OpenTech is the conference where I most wish I could clone myself. There are three streams of talks and in pretty much every slot there are talks I’d like like to see in more than one stream. These are the talks that I saw.

Electromagnetic Field: Tales From the UK’s First Large-Scale Hacker Camp (Russ Garrett)
Last August, Russ was involved in getting 500 hackers together in a field near Milton Keynes for a weekend of hacking. The field apparently had better connectivity than some data centres. Russ talked about some of the challenges of organising an event like this and asked for help organising the next one which will hopefully take place in 2014.

Prescribing Analytics (Bruce Durling)
Bruce is the CTO of Mastodon C, a company that helps people extract value from large amounts of data. He talked about a project that crunched NHS prescription data and identified areas where GPs seem to have a tendency to prescribe proprietary drugs rather than cheaper generic alternatives.

GOV.UK (Tom Loosemore)
Tom is Deputy Director at the Government Digital Service. In less than a year, the GDS has made a huge difference to the way that the government uses the internet. It’s inspirational to see an OpenTech stalwart like Tom having such an effect at the heart of government.

How We Didn’t Break the Web (Jordan Hatch)
Jordan works in Tom Loosemore’s team. He talked in a little more detail about one aspect of the GDS’s work. When they turned off the old DirectGov and Business Link web sites in October 2012, they worked hard to ensure that tens of thousands of old URLs didn’t break. Jordan explained some of the tools they used to do that.

The ‘State of the Intersection’ address (Bill Thompson)
Bill’s talk was couched as a warning. For years, talks at OpenTech have been about the importance of Open Data and it’s obvious that this is starting to have an effect. Bill is worried that this data can be used in ways that are antithetical to the OpenTech movement and warned us that we need to be vigilant against this.

Beyond Open Data (Gavin Starks)
Gavin has been speaking at OpenTech since the first one in 2004 (even before it was called OpenTech) and, as with Tom Loosemore, it’s great to see his ideas bearing fruit. He is now the CEO of the Open Data Institute, an organisation founded by Tim Berners-Lee to the production and use of Open Data. Gavin talked about how the new organisation has been doing in its first six months of existence.

Silence and Thunderclaps (Emma Mulqueeny)
Emma has two contradictory-sounding ideas. The Silent Club is about taking time out in our busy lives to sit and be still and silent for an hour or so; and then sending her a postcard about what you thought or did during that time. The Thunderclap is a way to get a good effect out of that stack of business cards that we all seem to acquire.

Thinking Pictures Paul Clarke)
Paul takes very good photographs and used some of them to illustrate his talk which covered some of the ethical, moral and legal questions that go through his mind when deciding which pictures to take, share and sell.

1080s – the 300seconds project (300seconds)
The 300 seconds project wants to get more women talking at conferences. And they think that one good way to achieve that is for new speakers to only have to talk for five minutes instead of the full 20- or 40-minutes (or more) that many conferences expect. The Perl community has been using Lightning Talks to do this with great success for over ten years, so I can’t see why they shouldn’t succeed.

Politics, Programming, Data and the Drogulus (Nicholas Tollervey)
Nicholas is building a global federated, decentralized and openly writable data storage mechanism. It’s a huge task and it’s just him working on the project on his commutes. Sounds like he needs a community. Which is handy as the very next talk was…

Scaling the ZeroMQ Community (Pieter Hintjens)
Peter talked about how the ZeroMQ community runs itself. Speaking as someone who has run a couple of open source project communities, some of his rules seemed a little harsh to me (“you can only expect to be listened to if you bring a patch or money”) but his underlying principles are sound. All projects should aim to reach a stage where the project founders are completely replaceable.

The Cleanweb Movement (James Smith)
I admit that I knew nothing about the Cleanweb Movement. Turns out it’s a group of people who are building web tools which make it easier for people to use less energy. Which sounds like a fine idea to me.

Repair, don’t despair! Towards a better relationship with electronics (Janet Gunter and David Mery)
Janet and David started the Restart Project, which is all about encouraging people to fix electrical and electronic devices rather than throwing them out and buying replacements. They are looking for more volunteers to help people to fix stuff (and to teach people how to teach stuff).

CheapSynth (Dave Green)
Dave Green has been missing from OpenTech for a few years, but this was a triumphant return. He told us how you can build a cheap synth from a repurposed Rock Band game controller. He ended his talk (and the day) by leading the room in a rendition of Blue Money.

As always, OpenTech was a great way to spend a Saturday. Thank you to all of the organisers and the speakers for creating such and interesting day. As I tweeted during the day:

 

But I spent yesterday hacking on something. More on that later.