Category Archives: tech

Internet Security Rule One

Internet security rule one is “do not share your password with anyone”. There should be no exceptions to this rule. If anyone asks you to share your password with them, your answer should always be no.

Sometimes people say “oh well, it’s only a password for [some unimportant web site] – what harm could it do?” And, of course, perhaps giving someone your password for that particular unimportant web site won’t do any harm. But it’s a chink in your armour. By revealing your password for that site you’ve set a precedent. You just might be that little less protective the next time that someone asks you to share your password.

It’s called the Password Anti-Pattern and its shortcomings have been well-documented for several years. I wrote about it with specific reference to Twitter a few years  ago.

There are two levels of problem here. Firstly there’s the fact that you’ve given a third party complete access to interact with the web site for you. If it’s your Twitter password you’ve given away then the third-party service can do anything to your Twitter account that you can do yourself – right up to closing your account.

I assume that everyone can work that out for themselves. But the second problem is more subtle. Obviously any web site where I have an account is storing my password somewhere (probably in a database). And any third-party service that I want to share my password with also stores that password. So what’s the difference?

The difference is that the original web site is (hopefully) following basic password storage principles and storing my password using non-reversible encryption. The third-party site can’t do that. The third-party site needs access to the plain-text version of the password so it can be used to log on to the original web site. Oh, sure, they’ll hopefully store the password in their database in some encrypted format, but it will have to be a reversible encryption so that they can get a plain-text version of it back when they need to use it to log in to the original site.

So if someone somehow gets a copy of the original web site’s database, your password is held in some industrial-strength non-reversible encrypted format. But if they get a copy of the third-party service’s database, they’ll have your password in a far less secure format. If, at the same time, they manage to grab the third-party service’s source code then they’ll know exactly what process to follow to get the plain-text version of your password from the encrypted version.

Of course, you’d hope that their data centre is secure and no-one will ever steal their database or their source code. But it could happen. And the more passwords that you share, the more chance there is that someone, somewhere will get hold of data that you’d rather not have.

There is, of course, a way round this. It’s called OAuth. With OAuth, you don’t need to give anyone your password. You can authorise certain applications (or services) to take certain actions on your behalf on particular web sites. So, for example, I can let Twitterfeed post to my Twitter account without giving it my password. And that’s all it can do. It can’t follow new people, maintain my Twitter lists or close my account.

Twitter is a good example. In 2007 and 2008 a whole ecosystem grew up around Twitter. Many services offered cool and interesting services to add on to your basic Twitter account (Twitterfeed was one of them). But they all needed your Twitter username and password, so anyone who was at all security-conscious couldn’t use them. But in 2009 Twitter implemented OAuth. And, a few months later, they turned off the old authentication scheme so that you now only use OAuth to talk to Twitter.

The remaining problem is that OAuth only works when the original web site has implemented it. And that’s quite a lot of work. There are still many web sites out there which have lots of useful information out there locked behind a username and password with no other way to access it.

All of which brings me to what prompted this post. Earlier today a friend pointed me at a web site which provided a really useful service. But when I looked, it did it by asking for my login details for another web site. I’m not going to name either of the sites involved (my friend works for the third-party site and I don’t want to embarrass her), but it was a really useful service and it made me sad that I couldn’t use it.

Of course, as my friend explained, they had no alternative. The original site didn’t have OAuth support, so the only way they could get hold of the useful data was to log in as the user.

To my mind, that’s not a good reason for implementing the password anti-pattern. To my mind that’s where you say “oh well, that was a good idea – shame it’s not going to work” and start to lobby the original web site for some kind of OAuth support. But that’s not likely to happen as the point of this service is to compare different offerings and make suggestions of how the user could save money by switching to competitors. I can’t really see the original companies being keen to support that.

So we’re left with a situation where this third-party has implemented the password anti-pattern. And, as far as I can see, they’ve made quite a nice little business out of it. But makes me really uncomfortable to see what they’re doing. I’m pretty sure that I can trust them with my data, but I’m not prepared to compromise my principles in order to access this useful service. They are teaching people that it’s okay to share their passwords. And it’s not. It never is.

And it doesn’t stop with this company promoting their own service. On their site they have testimonials from a number of well-known web sites, newspapers and television programmes saying what a wonderful service it is. They have technology correspondents, who I would expect to know better, singing their praises and encouraging people to sign up for the service – telling people to break the first rule of internet security.

It all makes me rather depressed.

Look, I’ll tell you what. I’ve got a really good idea for an add-on for your online banking service. Just leave the login details in a comment below and I’ll set it up for you.

Tracking Packages

Last week I ordered a new laptop. Yesterday, Dell’s web site told me that it had shipped. And, an hour or so later, they gave me a link to track the delivery on the UPS web site.

Now that link is fun of course. But refreshing the page dozens of times a day gets a bit boring. So I started to look for alternatives. Firstly, UPS have a service that sounds like it emails you whenever the status changes. So I set that up. I got an initial email at that point, but nothing more – even as the status changed a couple of times. Reading the description more closely, it seems it only sends an email a) when there’s a delay, b) when the package is delivered and c) when explicitly requested on the web site. So that’s no good.

Of course, what I really wanted was a web feed. Something that I could subscribe to in Google Reader that would always show me the latest status. Being a geek I started to think about a writing a program that would grab the information from the web site periodically and turn it into a web feed. But I stopped myself before I started writing any code. “Surely,” I thought to myself, “I can’t be the first person to want this. Something like this must already exist.”

I was right, of course. A quick Google brought me to Boxoh. Give them a tracking number (and it’s not just UPS – they also understand FedEx, DHL and USPS) and they will not only give you the web feed that I wanted, but also a Google map showing the progress of your package. How cool is that?

There appears to be no way to embed the map on another web site, but that’s the only fault I can find with the site.

Here’s the progress that my laptop is making. It started in Shanghai, before travelling to Incheon in South Korea and Almaty in Kazakhstan from where it flew to Warsaw, which is where it currently is. On Monday it’s due to arrive in Balham.

I love the fact that I can track it so easily. And I’m more than a little jealous of its travels.

Did Twitter Censor #GodIsNotGreat?

[Executive summary: Betteridge's Law (probably) applies]

The Twitter furore over the #GodIsNotGreat hash tag has pretty much died down now, but there’s one branch of the debate that is still getting comments and retweets. Here’s an example from johnwilander.

#GodIsNotGreat pulled from trends because christians protest. But #ReasonsToBeatYourGirlfriend was allowed. Stay classy, @Twitter.

As I mentioned a couple of days ago, the hashtag vanished from the list of global trending topics on Friday morning. And this conspiracy theory leapt up almost immediately. As far as I can see, none of the people repeating this claim have any evidence to back it up – which is more than somewhat ironic given Hitchens’ evidence-driven view of the world.

The argument seems to go like this: At one point the hashtag was trending. Then Christians got upset and starting making death threats aimed at the people who started the trend. Soon after that, the hashtag was no longer trending. Therefore Twitter must have given in to Christian bullying and censored the hashtag.

Whilst it all sounds frighteningly possible, I hope I don’t have to spell out the flaws in the logic. If you can’t work it out for yourself then I recommend the Wikipedia article on Correlation does not imply Causation.

I could be wrong here. There might be some irrefutable piece of evidence proving conclusively that Twitter deliberately censored the hashtag. If there is, then I haven’t seen it and I’d be grateful to anyone who could bring it to my attention.

There is, however, some evidence that Twitter didn’t censor the hashtag. On Friday morning, as the debate still raging, a Facebook friend in Canada pointed out that it was still trending there. In the middle of the afternoon someone pointed out that it was still trending in San Francisco. So if Twitter were censoring it, they weren’t doing a very good job. There’s even someone who apparently works for Twitter saying that they didn’t do it.

Of course, none of this is conclusive evidence that Twitter didn’t censor the hashtag. But balancing some evidence for non-censorship against absolutely no evidence at all for the censorship I know which side I come out on.

All of which leaves us searching for an explanation for the sudden disappearance. And, to be honest, I don’t think we really need to look too hard. Things stop being trending topics all the time. Things have to drop out of the list so that new things can come in. Otherwise the list would constantly be full of nonsense about Justin Bieber and Twilight. The Twitter trending topics algorithm can’t possibly just measure the popularity of topics. That would be incredibly dull. Instead, what it does is to look for changes in popularity. A steady buzz of the same few million people talking about a particular topic doesn’t get noticed, but a sudden increase in the number of people discussing the same topic does. The Buffer blog has a good explanation of this and the official Twitter blog says much the same thing.

I’m sure that this won’t convince the conspiracy theorists. “Ah,” they’ll say, “That’s all very convenient. But that just gives Twitter an easy way to cover up their censorship..” Which is true, I suppose, but hardly a basis for a rational discussion.

And that’s the most disappointing thing to come out of this affair. The people making this accusations are fans of Christopher Hitchens. You would hope they’d be from the more rational end of the spectrum. You’d hope that they would be above making accusations like this without evidence. I guess no-one is immune from irrationality.

But I’m going to go out on a limb here. And lay my cards on the table. And other clichés that Hitchens would despise.

Twitter (probably) didn’t censor the #GodIsNotGreat hashtag.

Update: The author of the tweet I quoted above seems to agree with me.

LoveFilm and Silverlight

Yesterday, LoveFilm announced that they are changing the technology which powers their film streaming service. From early in January the existing Flash-based system will be replaced by one which uses Microsoft’s Silverlight technology. This is extremely disappointing for a couple of reasons.

Firstly, there’s the immediate technological fallout. Silverlight doesn’t run on as many platforms as Flash does. Anyone running an older (non-Intel) Mac will no longer be able to use this service. Neither will people running Linux on their PC. This also means that people trying to access the service on an Android device will be out of luck. I don’t know how many of LoveFilm’s customers this will affect, but it can’t be a trivial number.

But it’s the second reason that makes me even more depressed. And that’s the reasoning behind the decision. Paul Thompson, the project manager for the streaming service says this:

We’ve been asked to make this change by the Studios who provide us with the films in the first place, because they’re insisting – understandably – that we use robust security to protect their films from piracy, and they see the Silverlight software as more secure than Flash.

Simply put: without meeting their requirements, we’d suddenly have next-to-no films to stream online.

This is a change that the company have been forced into by the studios who make the films that LoveFilm want to stream. The studios believe that their content needs to be protected from piracy and that Silverlight provides a higher level of security than Flash does.

They’re probably right. But they’re fighting the wrong battle.

Remember when all the digital music that you could buy had DRM? Remember what a pain it was keeping track of how to play particular tracks or which devices your were allowed to play them on? Or perhaps you don’t remember that because you were sensible enough to steer clear of that madness. Perhaps you did what most people did and just ripped your CDs or *ahem* “acquired” music from elsewhere. Eventually the record companies realised that they were fighting a battle that they couldn’t win and now we all happily buy MP3s with no DRM. Well, I say “all”, but one of the fallouts from this battle is that a generation grew up with no experience of paying for music. There are still a large number of people who think nothing of downloading music of dubious provenance rather than buying it from Amazon or iTunes. If the record companies had seen sense earlier, they might have not lost an entire generation’s worth of income.

And that’s apparently where we see ourselves again now. The film studios think they are protecting their content, but actually they are training people to go elsewhere. I would love to be able to buy digital copies of films to download or to rent access to streaming versions, but they need to be DRM-free versions that I can use as I want to use them. Not crippled versions that I can only use on devices and in ways that are approved by the studios. And if the studios are going to stop suppliers from giving me what I want, then I’ll go elsewhere. It’s not as if it’s hard to track down versions of any film or TV show that has ever been released on DVD. Or shown on a digital TV channel. We all know where to get these things, right? And we all use them. Because we’re being trained to believe that it’s the easiest way to get hold of this content. And when the easiest way is also the cheapest way, the studios lose out.

It’s not just the film studios who are re-fighting the same battle. Book publishers are doing the same thing. Pretty much any Kindle book that you buy from Amazon will have DRM. The publishers are following exactly the same short-sighted logic and reaching the same flawed conclusions. They have a slight advantage over the record labels and film studios as their old-style product is a lot harder to rip into digital format. But the arguments against what they’re doing are just as valid. Kindle book DRM has been broken repeatedly. And once the DRM is removed from just one copy of a product,  the producer of that product has lost the game.

Those who do not learn from history are condemned to repeat it. The film studios and the publishers are repeating the mistakes that the record labels were making last decade. They run the risk of alienating and losing the support of a whole generation of potential customers.

Update: I should point out that there is a Linux port of Silverlight called Moonlight. But, as I understand it, it doesn’t support the DRM features that LoveFilm would be relying on.

You Try To Do A Nice Thing

Long-time readers will know that I’m involved with the nms project. This is a project which writes simple software that people can use on their web sites if they want guestbooks, forms that get emailed to them and all that very Web 1.0 stuff. It’s a nice thing that we’ve done. We’ve created something and donated it to the internet.

The programs are all open source. Anyone can download our software and use it pretty much wherever and however they want. We usually have no involvement at all if someone uses one of our programs. We’re most likely to get involved if something goes wrong. This can take two forms. Either the web site owner experiences problems setting up the program or, surprisingly often, the web site owner fails to notice that anything is wrong and it’s a visitor who discovers that the site is broken. The error page for many of the programs contains a link to our web site so a lot of the complaints come to us (who can do nothing about it) rather than the web site owners (who could probably fix it). That was a mistake. We should have made the programs so that the error page gave you the email address of someone who could help.

But it means that I get occasional email from very angry people who have been disappointed by a web site that uses one of our programs. I found this in my inbox this morning.

FUCK YOU, YOU BLOCKING BASTARDS

I don’t know who the hell you are, and I don’t care.
YOU are actively blocking my transmissions and receipts on the internet, and you can GO TO HELL.

YOU are the reason that millions of people are protesting all over the world, you ‘information funneling PRICKS’!.

Can’t you twits get a job in the REAL ‘private sector’, like cleaning toilets?

In closing, I would like to say, FUCK YOU TO HELL.
http://republicbroadcasting.org/cgi-bin/test.pl

Tell STADMILLER to get fucked, as well, if he is ‘going along’ with this shit.
HE is still pissed that GCN still exists, isn’t he?
MAYBE he is pissed that I warned him about his on-air reference a couple of years ago to hanging the Congress by lightposts in D.C.,…
GOD!
You are playing ‘the game’, and you will be held accountable.
How does that go, again?
‘WE ARE ANONYMOUS.
‘WE ARE LEGION.
‘WE DO NOT FORGET.
‘WE CANNOT FORGIVE.
‘EXPECT US.’

Something like that, isn’t it?

NO HARD FEELINGS, JUST THE FACTS.
I AM
[name redacted on the offchance that it's not a pseudonym]

I have absolutely no idea what he is talking about. The link goes to a web site that has a broken configuration of one of our programs. I can’t even be sure which one it is as the site owner has renamed it. I did what I always do in such situations. I replied politely and explained the situation. I told him that if he explained exactly what the problem was then I would do what I could to put him in touch with someone who runs the site in question. Often this approach leads to an apology for the original rudeness. Which is nice.

But it’s not much fun living in a world where you can do a nice thing like giving away software and that opens you up to abuse like this.

Hating Gnome 3

I’ve been using Linux as my desktop operating system for about fifteen years. For most of that time I’ve used GNOME as my desktop environment. That’s longer than I ever used Windows so it’s become ingrained into the way I work. I’d guess that I’m at least 50% more efficient using GNOME than I am using any other desktop environment.

Then, a couple of months ago I upgraded to Fedora 15 which included the new GNOME 3. And everything changed.

And I really mean everything. GNOME 2 would be recognisable to someone used to using Windows or Apples’ OSX. It had menus which opened windows and those windows could be minimised into icons. Your most frequently used icons could be dropped onto your desktop for easy access. It’s the way that graphical user interfaces have worked for decades.

But the GNOME developers decided that this de facto standard was no longer what they wanted. Menus, they decided, were old-fashioned. What people really needed was to search for the name of the program they wanted to run but activating a hot-spot in the top-left corner of the screen and then typing. And no-one really needs icons all over their desktop. That just looks untidy. Oh, and minimising programs, who uses that? They’ve removed the minimise button from all windows. And if you manage to work out how to minimise a window (by right-clicking in the title bar to get a menu) the window minimises into nowhere rather into the icon dock that we’re used to.

As I say, pretty much everything changed. My first impressions were that hated it.

But I decided to give it a fair chance and I’ve been using it on three computers for six or eight weeks to see if I’d get used to it.

And I still hate it.

I’ve found out that there are ways to bend it back to approaching usability. Various extensions can be installed to fiddle with the minimal default set of icons in the top panel. Things like adding a drive menu and removing the accessibility icon. There’s a ‘tweak advanced settings’ tool that you need to install. That allowed me to put icons back on my desktop and return the missing minimise and maximise buttons to all windows. Oh, and somehow I managed to get a permanent Mac-style program launcher on the right-hand side of the screen. It’s not menus, but it’s better than the standard approach for the most common programs I use.

But it’s still not right. I can’t find a way to get my menus back. And, probably most importantly to me, I can’t find a way to put iconised windows anywhere useful (or, indeed, anywhere visible).

I’m sure that the GNOME developers thought they had good reasons for all of the individual changes that they made. But together they make for a completely different experience for the user. I’d probably be more productive in Windows than I am in GNOME 3. Windows is certainly far more like GNOME 2 than GNOME 3 is.

I don’t know who I’m more angry with. The GNOME developers for deciding to release a product that is so completely different to the previous version. Or the Fedora team for including it as the standard desktop in their latest version.

Some of you are probably thinking – ah, but surely GNOME is Open Source; why not just fork GNOME 2 and use that on Fedora. I really hope that someone does that, but I’m sure that a project like that is well beyond my expertise.

If that doesn’t happen, I’m probably going to have to look for an alternative desktop environment. I think that KDE still looks like a standard GUI. Perhaps I’ll give that a go. Or people have been trying to convince me to use a Mac for several years. I never seriously considered it because I didn’t want to learn a new desktop environment.

But if I’m being forced to learn a new environment anyway, then I should probably consider a Mac too.

Free Web Advice: TalkTalk

Ten days ago I got a cold-call from TalkTalk. They called me on a number which is registered with the TPS and I have no existing business relationship with them so they should not have called that number.

In this situation most people, and this includes me, will probably just be mildly rude to the caller and hang up. But on this occasion I decided that I would take it further. I went to their web site to find a way to complain to them.

The don’t make it easy to find a way to get in touch via their web site, but eventually I found this form. The form starts by asking what your question is about. But the choice of subjects doesn’t include “Unwanted Cold Calls”. Eventually I decided to use “Joining TalkTalk” as it was the only option that seemed even vaguely appropriate. My problems didn’t end there as the form then changed to present me with a another list of options to choose from. Once more none of them matched so I chose “Before You Order” which was, at least, technically accurate.

Filling in the rest of the form was easy. I gave them my contact details, selected the option saying that I wasn’t a customer and wrote a description of my complain.

Lesson one: Making it hard to contact you will not stop people from contacting you. It will only ensure that that they are a little bit more angry with you when they eventually work out how to do it.

A couple of days later I got a reply by email. But it was useless. They said that they would remove my details from their marketing list (within 28 days!) but completely ignored my request for an explanation of why they thought it was reasonable to call me in the first place. So I replied to the email explaining in some detail why their response was unsatisfactory.

A few minutes later. I got an email telling me that my message could not be delivered as the email address was unknown. They had sent the email from an invalid email address. Presumably this is to stop people getting into a dialogue with them. Maybe it works for some people, but it didn’t work for me. I went straight back to the web form from hell and explained their shortcoming to them.

Lesson two: Never ever send customer complaint responses from an undeliverable email address. It gets your customers (and potential customers) really angry.

A couple of days later I got another reply. This one came from someone who at least seemed willing to try to deal with my problem. But they seemed somewhat confused. They said that they were unable to locate my file in their system and asked me to confirm whether or not I was a TalkTalk customer. Two problems with this. Firstly, they’re asking me to provide more details and not giving me an easy way to get the information back to them. And secondly, a few paragraphs back when I was talking about filling in the form for the first time I said that I “selected the option saying that I wasn’t a customer”. Yes, this information is included in the contact form. So why ask me for it.

Lesson three: If you ask someone for more information in order to progress a complaint, give them an easy way to get back to you. Otherwise they’ll just get even more angry.

Lesson four: If your contact form collects information, them make sure that information is available to the people dealing with the complaint. Asking people to repeat information that they have already given you is a great way to make them really angry.

I went back to the dreaded web form and filled it in again. Every reply I get has a case number assigned to it. Each new reply I submit generates a new case number. I’ve been copying the case numbers from the emails I’ve received and pasting them into the new request in the hope that someone will tie all of the replies together into a single thread.

Lesson five: Make it easy for your customer (or potential customer) to track the progress of their single ticket through your system. Forcing people to open multiple tickets for the same issue will just confuse your support staff and anger your customers.

Five simple lessons. All based around the idea that you really don’t want to make customers (or potential customers) angry. Let’s review the list.

Lesson one: Making it hard to contact you will not stop people from contacting you.
Lesson two: Never ever send customer complaint responses from an undeliverable email address.
Lesson three: If you ask someone for more information in order to progress a complaint, give them an easy way to get back to you.
Lesson four: If your contact form collects information, them make sure that information is available to the people dealing with the complaint.
Lesson five: Make it easy for your customer (or potential customer) to track the progress of their single ticket through your system.

Throughout this piece I’ve portrayed myself as a potential customer. I’m not, of course. The way the company have dealt with this complain has ensured that I’m never going to do business with TalkTalk.

But I’ll continue pushing this until they answer my questions. I’ll let you know how I get on.

Free Web Advice: VirginMedia

I’m not a web designer, but I’ve been working in this industry since before there were web sites so I like to think I know a bit about what does and doesn’t work as far as web site usability goes. It’s mainly the stuff which doesn’t work that stands out. And there’s so much of it.

Earlier this week I was using the VirginMedia web site. Specifically, I wanted to log on to my account and download a PDF copy of my latest bill. There were three things in the process that really annoyed me. I should point out that I’m a registered user of the site, so I already had an account set up.

Username or email
The login screen asks for your username and password. That’s pretty standard stuff, of course. But when a site asks me for a username then I assume that it is going to be “davorg” (the username I’ve used on web sites for as long as I can remember). In this case, that’s not what they wanted. Your username on the VirginMedia site is your email address. Other sites use email addresses as your username, but in most cases they then label the field as “email”. Labelling it as “username” adds an unnecessary complication. I gave them my username and, as it was incorrect, the error message pointed out that my username would, in fact, be my email address. So they recovered from the problem well, but there was a moment or two of unnecessary frustration.

Limited length passwords
Having established what my username was, my next problem was remembering my password. I tried a few likely candidates and, eventually, resorted to the “forgot my password” link. That sent me an email containing a link to a page where I could set a new password. And that’s when I remembered why I had forgotten the original password.

VirginMedia have strange limits on what can go in your password. They have the usual stuff about having both letters and digits in your password, but they also have a maximum length of ten characters. That’s why I couldn’t remember it – most of my standard passwords are longer than that. It seems strange to restrict users to such short passwords.

It’s worrying in another way too. If you’re following best practice for dealing with users’ passwords then you won’t be storing the password in plain text. You’ll have some encrypted version of the password. And many of the popular encryption algorithms (for example, MD5) have the property that no matter how long the text that you start with is the “hashed” version will always be the same length. So you create a database column of that length and you don ‘t need to restrict your users at all. Having this restriction isn’t conclusive proof that they’re storing plain text password, but it’s enough to worry me slightly.

Naming downloaded files
Having (finally) logged into my account it was easy enough to find the link to download my current bill. And within seconds I had the file on my computer. But the file was called “GeneratePDF”. And when I come to download next month’s bill that will also be called “GeneratePDF”. What has happened here is that GeneratePDF is the address in their web site that is used to.. well… generate PDFs. And in the absence of other information, browsers will name downloaded files using the address that they came from. It’s easy enough to change that default behaviour using the content-disposition header. Using this header it would be easy to tell my browser to save the downloaded file as, for example, vm-2011-05.pdf. Anything would have been more useful than the current set-up. Notice that the current name doesn’t even have a ‘.pdf’ extension so it’s likely that on some computers double-clicking the downloaded file won’t open in the the user’s PDF-reading software.

So there you have three things that annoyed me about the VirginMedia site. And the really annoying thing is that two of them (the first and third) are really trivial to fix. The second is probably harder to fix, but it’s possibly evidence of some rather broken design decisions taken early in the process of developing this web site.

I tweeted these three issues on Wednesday and I got a response from the virginmedia Twitter account saying “Ok, some fair points there. Will feed this back for you, thanks for taking the time to let us know!” I’ll be downloading my bill every month, so I’ll let you know if anything gets fixed.

Social Networking 101

If you have a blog and a Twitter account then it’s nice to feed your tweets onto the front page of your blog. It can be an effective way to let your friends see what you’re saying in both places.

If, however, you later delete your Twitter account then it’s probably a good idea to remove the widget from your blog.

There’s one very important reason for doing this. Eventually Twitter will allow your deleted account name to be recycled. And then someone else will be able to post tweets which automatically appear on your blog.

Say, for example, you’re an MP who has made a few enemies in her time. And say that you’ve flounced away from Twitter claiming that it is a “sewer”. In that situation you probably don’t want to leave a way open for people who don’t like you to post whatever they want on your web site.

I mean, if you’re currently campaigning about abstinence and sex education, you probably don’t want your web site to say:

I think sex before marriage should be discouraged. It’s better if at least one of you is married, doesn’t matter who to particularly.

Or:

I suppose with fisting there’s no risk of pregnancy.. ..maybe kids should be taught about that?

Sometimes I wonder if the money that Nadine Dorries spent on “PR” wouldn’t have been better spent on IT consultancy.

They’ll fix it eventually, so Tim has captured it for us.

Update: And it’s gone. That was slightly quicker than I expected. I’m now expecting a blog post from her accusing someone (probably Tim) of hacking her computer.

Opentech Approaches

This year’s Opentech conference is this coming Saturday at ULU. It’s earlier than usual this year, so it might have crept up on you a bit.

I’m speaking at the conference again this year and I’ve been promoted to the main room. I’m on in the 4-5pm session speaking for twenty minutes on “Watching the Press”. I’ll be talking about how the internet makes it easier to keep tabs on the nonsense that the tabloids like to spread. I’ll be pointing out some of the more ridiculous stories that we’ve seen over the last few years and encouraging the audience to get involved in watching the press and raising awareness of its lies.

Over the weekend I’ll publish another post that will contain the slides from the talk along with lots of references to the various things I’ll be covering.

If you’re at the conference (and I highly recommend it) them please come up and say hello.