How heartbleed works

April 11th, 2014

Everybody has probably now heard of the heartbleed bug which affects hundreds of thousands of computers across the net. There are some lists out there of the popular services which are affected – see this page, for example – and it’s worth noting that you should change any passwords on Facebook, Google, IFTTT, Tumblr and Yahoo at the very least.

But have you wondered how it works? What does a ‘memory-leak vulnerability’ actually mean? Well, of course, nobody explains it better and more briefly than XKCD:

heartbleed_explanation

Spinning the cloud

February 26th, 2014

You might think that, of all the household devices that could be connected to the ‘net, a washing machine would be amongst the least useful, except perhaps for the purposes of energy monitoring or service diagnostics.

So I was particularly impressed with Berg’s Cloudwash demonstrator, which emphasises the user interface aspects of connectivity. It’s always struck me that washing machines tend to have particularly awful user interfaces. Until very recently, for example, we had one where program ’4′ was the one we used all the time. We needed to remember that, and on the rare occasions when we needed a different program, we had to look it up on a card.

Often, by giving a device connectivity, you can also give it a better user interface, even if that’s only used to configure the buttons on the front.

Facebook as a blogging platform, considered.

January 24th, 2014

Euan Semple and I have been having similar thoughts. In a perceptive post he writes:

…As people have moved into places like Facebook and Twitter the energy has moved away from blogging to some extent. Less comments and less people using RSS to track conversations. I, like many bloggers, used to post links to my blog posts on Facebook or Google+. Then I realised that I was expecting people to move from where they were to where I wanted them to be – always a bad idea.

So I started posting the entire content of my blog posts on Facebook and Google+. The process is the same, I get the same benefit of noticing things that blogging gives me, the same trails left of what caught my eye, but the conversations have kicked off. I love the forty or fifty comment long threads that we are having. I love the energy of the conversations. It’s like the old days…

And I have to agree. Much as I dislike the tabloid-style, ad-infested nature of Facebook, it does seem to be where the conversations are happening. Yes, some of the smarter people are on Google Plus and App.net, but just not very many of them, and I’m letting my App.net subscription lapse this year. I am even starting to tire a little of Twitter’s 140-character limit and, more so, of the difficulty of having real multi-person conversational threads there. And even though it’s now easy to reply to posts here on Status-Q using your Facebook ID, where your thoughts will be preserved for viewing by other readers, many more people prefer to comment on Facebook or Twitter when I post notifications there.

Euan and I have both been blogging for about 13 years. In that time, a variety of other platforms have come and gone. I expect that quality blogs like his and John’s will outlive Facebook, too. At the very least, I expect that I’ll be able to find good past content on them (see my recent post), long after the social network of the day has changed its ownership, its URL structure, its login requirements or its search engine. So I’m not going to be abandoning Status-Q any time soon: it’s not worth putting much effort into anything that you post only on one of these other platforms.

But his idea of cross-posting the whole text of one’s articles is an interesting one. Facebook is clear, at least at present, that you still own it, though they have a non-exclusive right to make extensive use of it – something those of us who occasionally post photos and videos need to consider carefully.

But I also need to consider the fact that I actually saw his post on Google+, even if I then went to his blog to get a nicely-formatted version to which I could link reliably. Mmm.

The long tail of streaming?

December 25th, 2013

I recently tweeted that I had signed up for a (UK) NetFlix trial, but had found little that I wanted to watch, and had been put off by the necessity of installing Silverlight, so was going to return to my trusty ‘Lovefilm by Post’ subscription. This got a lot of responses from friends.

Some expressed surprise that a geek like me should embrace such a backwards technology. Some proposed AppleTV/iTunes or Blinkbox as better alternatives. Others persuaded me to persevere, and recommended the new House of Cards series and Breaking Bad as worthwhile (so I shall certainly give those a go).

Anyway, I went ahead, installed Silverlight on my Mac Mini media server, and we watched Encounter at Farpoint from NetFlix last night, and it generally streamed OK, though the quality was somewhere around VHS-level, I think; certainly not like DVD and a long way from the BluRays we now often get through the post. I’m guessing this is just a poor match of Microsoft software and Apple hardware, because we have 120Mbps broadband, and other streamed content plays very nicely.

So we could probably find an online service that worked – why do we stick to that primitive idea of physical media dropping through the letter box?

Well, streaming services, or at least online purchases, are clearly the future, but still cater largely to the mass-market, and we obviously land somewhere in the ‘long tail’. By way of a simple illustration, here are a dozen films we’ve watched and really enjoyed over the last couple of months. Some of them are slightly obscure, but others have big names and Academy Awards.

I thought I’d do a quick check and see where I could get them, either as a digital purchase or rental. I threw in House of Cards season 1 as well, though I haven’t yet seen it, but now intend to!

Film Lovefilm by post iTunes Blinkbox Lovefilm Instant NetFlix UK
Mud Y Y Y
Lincoln Y buy not rent buy not rent
The Impossible Y Y Y
It Happened One Night Y buy not rent
Hyde Park on Hudson Y buy not rent buy not rent
Untouchable Y buy not rent
The Kings of Summer Y buy not rent Y
Now you see me Y Y Y
A Late Quartet Y Y Y
The House of Eliott Y
Shackleton Y buy not rent Y
Moonrise Kingdom Y buy not rent buy not rent
House of Cards (2013) Y Y Y

Now, this isn’t quite fair, because I knew all of these were available from the postal service – that’s where we saw them. And I’m sure it’s possible to find a good list of things on the other services which are not available through the post.

But I guess my point is that, had we restricted ourselves to other services, most of these dozen excellent films would never have made it to our screen, especially if we didn’t want to cough up the money to purchase them outright.

I didn’t make any special effort to select these, by the way: they are not nearly as obscure as some films we watch: they just happen to be (roughly) the dozen most recent films of the… golly!… ahem!… 821 movies we have watched from LoveFilm over the years since we started subscribing. (We don’t have cable, and don’t really watch any broadcast TV.) We couldn’t, in fact, have rented the majority of those from iTunes, but if we had been able to, it would have cost us about £2900 (assuming we didn’t want HD).

Of course, the elephant in the room here is that with postal delivery you have to know, in advance, a list of things you want to watch, and not be too worried about when you see them. I’m blessed with a wife who enjoys finding good stuff and queuing it up, so we always have 30-40 items in the list. And we have a reasonable amount of control of what arrives when based on how we prioritise those.

Some other notes to explain why this works well for us…

  • We live about 20 yards from the postbox, so after we’ve watched something, I stick the disc in the pre-paid envelope and mail it off before we go to bed.

  • We enjoy watching the extra features and commentaries on DVDs – something you often don’t get with other forms of delivery.

  • If we can’t watch a DVD immediately, we can click a button and have a DRM-free copy of it in about 30 mins, complete with special features and commentaries. But that probably wouldn’t be legal, so of course we wouldn’t know how to do that.

  • We can often choose between BluRay and DVD (depending whether we want a modest gain in resolution in exchange for a big delay in startup time).

  • We don’t have to finish watching things within a given timeframe.

  • We currently have the subscription which give you up to two disks at home at any one time, so with that, and the disks we own, and the stuff that EyeTV has recorded for us, we are never short of choice.

  • On average, we probably watch two or three movies a week, meaning that each one costs us about 89p.

In fact, I think we may start moving to some combination of the pre-planned postal and the on-demand streamed systems, and Blinkbox looks like an attractive service, if the quality’s good – on some of the above, purchasing from Blinkbox costs about the same as renting from iTunes.

But we’ve also seen a lot of very good stuff for 89p that we couldn’t have seen anywhere else. And quite often, it’s in 1080p resolution. On other services, the resolution would be lower and 1080p would be the price…

IMAP, Sent mail, Apple Mail and Mavericks

November 16th, 2013

This is one of those posts that’s chiefly intended for those Googling for a particular problem. It might still make gripping reading, though, for those of you interested in the internals of email protocols…

Most email programs nowadays allow you to specify the folder in which you want to save your outgoing messages, and choose whether that should be stored locally or on your email server. (Assuming you’re using IMAP to fetch your mail, that is. If you’re still using POP, you should get another mail provider. And if you’re using Exchange… well, you have my sympathy…)

But different apps have traditionally had different names for this folder: some call it ‘Sent’, others ‘Sent Items’ or ‘Sent Messages’ and some will use a folder with one name and display it as something else to the user. (The same is sometimes true of ‘Drafts’, ‘Trash’, and ‘Junk Mail/Spam’). So, over the years, I’ve tended to standardise on ‘Sent’, and when I set up a new mail app or a new machine, I configure it to use that folder.

But recently, that setting didn’t always seem to be stick, and I found some of my mail would end up in different folders when sent from some devices. Still, I persevered, until I installed Mavericks on my Mac, and found that the setting wasn’t even available on Apple Mail, at least, not for my main account – it was greyed out! What could be going on?

Screen Shot 2013-11-16 at 08.37.45

So I started to investigate. I dug into the file that Mail uses to store information about its accounts (currently ~/Library/Mail/V2/MailData/Accounts.plist) and I came across a setting which gave me a clue: it was called HasServerDefinedSentMailbox, and for this account it was set to YES. Mmm…

In the past, IMAP basically just provided you with a smart filing system for your mail, and it’s proved a remarkably resilient one, when compared to other formats. As an aside, I felt very old recently when I told a colleague in the lab that I had used the same method for storing my mail for ages, and had emails from 1991/92 in there that were just as accessible now as they had been then. He laughed, and said, “That’s the year I was born!”. Sigh… Still, compare that to data stored n tapes and floppies.

Anyway, a few extra features have been added since then, and one of these came just a couple of years ago. RFC 6154 describes ‘new optional mailbox attributes that a server may include in IMAP LIST command responses, to identify special-use mailboxes to the client, easing configuration’. In other words, the server can tell your app which folders to use for these key functions. This makes a lot of sense, particularly when your email provider also has a webmail interface, for example. I use Fastmail, which has a really good one, and, of course, it needs to know what you want to use for sent mail, drafts, etc when you’re using it via the web. Fastmail reflect these folder choices in the IMAP protocol, to keep everything consistent. Which is fine by me: I now simply stick to using the ‘Sent Items’ folder that the server recommends, and all is well on all my devices.

Anyway, all of that is a long way of explaining why you may find the ‘Use this mailbox for’ menu items are greyed out, and why on iOS devices you may try changing the ‘Sent Mailbox’, only to find that your new setting doesn’t stick. If your server is specific about which folders should be used, Apple will take that setting seriously, which I think makes sense, but they aren’t yet very clear in the UI about why you can’t then change it yourself.

Hope that’s useful to somebody!

Security and Email

November 2nd, 2013

If you want to understand the basics of how encrypted communication works on computers, and why it should be easy to secure all your emails but often isn’t, it’s hard to find a better introduction than Bart Busschot’s on this episode of the Nosillacast. It starts at about 47 minutes.

Tweet archiving

September 29th, 2013

I’ve just noticed that Twitter allows you to export your tweets, under your account settings. They come in both human and machine-readable form. Not sure how long ago they added this, but it partially addresses one of my chief concerns about the service: that users stick many years of their lives into it without necessarily knowing that they’ll ever be able to extract the information in future.

This is not easy to automate, though, so I’m still going to keep using Archive My Tweets for my own archive.

Keeping in touch in a post-Google-Reader world

June 26th, 2013

As I hope everybody knows, Google Reader will close down on Monday.

This means that something like half of you lovely Status-Q readers have just a few days in which to make alternative arrangements, or you’ll find your supply of Status-Q posts, and indeed those from any other blog or similar feed, will suddenly go very quiet next week.

So, assuming you’d like to keep having sensational new content delivered to you regularly without having to keep visiting all those web sites by hand, what can you do?

RSS

Well, one option is to find another RSS reader. (RSS is a machine-readable format that websites can make available, saying which articles have been published recently and when.) There are lots of good RSS-reading programs out there, for every platform – things like Reeder, Flipboard, NetNewsWire… to name just three – and all you need to do is open your favourite one and tell it that you’d like to subscribe directly to:

 http://www.statusq.org/feed/

and you’re away. If it’s a clever app, you may just be able to say ‘statusq.org’ and it’ll work the rest out for itself.

This is great if you have just one or two places in which you read all of your news. But the reason Google Reader was popular was that you could access it on multiple devices and from various apps, and it would remember which feeds you had subscribed to and which articles you had read, and keep them all in sync so you didn’t need to duplicate things everywhere. If you want that functionality now, you need to pick one of the alternative services that are springing up to take Reader’s place.

There’s an episode of the Mac Power Users podcast which looks into some of the alternatives (and will be relevant for non-Mac-users too). A quick summary is that the ones they liked most were probably Feed Wrangler and Feedbin but there are alternatives like Feedly discussed too. Which one works best for you will depend largely on whether you have a favourite feed-reading app which needs to support it, or whether you prefer to use a web interface. Many of these services have a direct ‘Import my feeds from Google Reader’ button to make life easy for you.

Here’s the bad news – most of them cost money. But it’s generally a very small amount, and by having lots of good stuff to read, you’ll probably save that much on iPhone apps you might otherwise be tempted to buy and then forget. And remember, you won’t be giving all that data about your personal interests to Google any more…

Social networks

I don’t tend to post here very frequently, so I automatically send out a message on the social networks with each new post. If you don’t already, why not follow me on Twitter, on App.net or on Facebook? That’s a good way to track other authors as well, but you’ll only see posts as they whizz past in the stream – it’s harder to find quality material to enjoy in a more contemplative fashion over coffee on a Sunday morning… so you may want to do the RSS thing as well.

Or perhaps you prefer such material in your email inbox…?

IFTTT

If you don’t know If This Then That, it’s a service where you can set up rules (‘recipes’) to do all sorts of clever things like “If I’m tagged in an image on Facebook, save it to my Dropbox folder”.

You can also connect to RSS feeds like this one and have it take action when there’s something new posted. If you have an IFTTT account, it’s really easy: here’s a recipe that will email you any new Status-Q posts.

Anyway, that’s a few ideas to get you started. Feel free to post other ideas for post-Reader alternatives in the comments.

But the important thing is to take action now…

A quick retrospective

February 28th, 2013

It’s 12 years today since my first blog post — the first post, at least, on a publicly-readable system that we’d recognise as blog now. I had registered this ‘statusq.org’ domain a couple of days before, and started tapping out miscellaneous thoughts with no particular theme, and no expectation of an audience.

I was using Dave Winer’s innovative but decidedly quirky ‘Radio Userland’ software, a package which is long since deceased but was very influential in the early days of blogging and RSS feeds. Over the years I’ve moved the content through a couple of different systems but I think — I hope — that all the URLs valid in 2001 still work today! Most of my early posts do not have a title. The convention of giving titles to what we thought of as diary entries wasn’t yet well-established.

Things that caught my attention in the first couple of months included:

  • An appreciation that Windows 2000 was really rather a good operating system. Certainly the best Microsoft had produced so far. (It was also — though I didn’t know it at the time — the last version I was to use on a regular basis.) Microsoft were pushing an idea called the ‘Tablet PC’, which was marketing-speak for what had previously been called WebPads, and something called .NET, which was marketing-speak for nobody-knew-what!
  • The importance of this new thing called XML, which was giving the world a standard way to store and transmit structured data. I was at a conference where Steve Ballmer described the major revolutions in computing as The PC, The Gui, The Web, and XML. Well, the brackets have become a bit more curly since then, but it was indeed a major change.
  • Astonishment that, with the upcoming launch of Mac OS X, the world’s largest Unix vendor was about to become, of all people, Apple! I’d been playing with the early beta versions. It’s been my operating system of choice ever since.
  • The bizarre level of press coverage when we announced the impending shutdown of the Trojan Room Coffee pot.
  • A survey saying that less than half of US college students were taking hi-fi systems to college, because they were now listening to music from their PCs instead! It was still nearly a year before an amazing thing called the iPod was to appear, and surprise us all.

Here’s a snapshot of Status-Q captured by the Internet Archive in early May 2001

Using multiple IP addresses at once

February 17th, 2013

Ever needed to configure a network-based device using a web interface, but found that its default IP address doesn’t match the setup of your network? e.g. Your new device uses 192.168.1.* and you use 192.168.0.* ?

Here’s an easy way to fix it: set up your machine to talk to both subnets at once. Here’s a little screencast to show how it’s done on the Mac.

Lots More Pots

November 23rd, 2012

Following on from the article mentioned yesterday, the World Service broadcast about the Trojan Room Coffee pot went out today.

Links to the programme, and a downloadable version here, if wanted.

Take control of your destiny with a new social network!

September 29th, 2012

It’s almost impossible now to start a new social network and have it taken seriously.

This is partly because of Metcalfe’s Law. In the early 80s, Bob Metcalfe proposed that the value of a communications network was proportional not to the number of devices attached to it, but to the number of possible connections that could be made between those devices – which is (approximately) the square of the number of connected devices. So, he proposed, the value of your fax machine increases every time someone else buys a fax machine. And when a network becomes ten times as big, it becomes 100 times as useful.

Now, you could have all sorts of interesting discussions about the degree to which this is really applicable to social networks, but it’s clear that there’s an enormous challenge for anyone proposing an alternative to Skype’s 30M users, Twitter’s 140M, or Facebook’s billion or so. I think it’s arguable that these three can happily coexist only because they are so different.

Facebook may be horrible, but even the mighty Google has had difficulties making a significant impact with Google Plus because, I suspect, it’s not different enough. It needs a niche of its own.

So what hope is there for App.net? This new kid on the block is still in the very early stages of growth, but there’s some reason to believe it may have found such a niche, and this has been carved out a little more clearly by the recent changes at Twitter.

Twitter, in case you missed it, have realised that the things that helped them grow big – lots of cool iPhone applications, open APIs, ease of getting your tweets in and out – are not the things that are going to help them make money, and they now need to focus on making money more than on getting big. But some of the changes come at the expense of many of their existing users.

Here’s a simple example. The network service IFTTT allows you to set up all sorts of rules – to send a tweet automatically when you post up a new blog entry, for example, or to receive a copy of your tweets by email, or archive them to Dropbox. Very handy. At least, that’s what it used to do. But with the changes to Twitter’s terms, IFTTT have had to drop the facilities that depend on taking stuff out of Twitter. You can still use it to post tweets, but you can no longer use it to archive them.

App.net, on the other hand, is gambling on the idea that there are a significant number of users who would like an open and predictable long-term relationship with their social network. Their offering is based on a few basic principles:

  • They won’t include advertising
  • They won’t sell your data to others.
  • You own your data, not them
  • They support their APIs so developers can build stuff that will continue to work

Of course, they point out that they do still need to make money, so joining up costs $50 a year – about the price of a Starbucks latte per month.

I signed up early, just out of curiosity, but I’ve recently started using it more seriously, and it’s because of the issue that IFTTT have so nicely clarified for me on Thursday. If you spend significant amounts of time putting stuff into anything, whether it be a blogging platform, a word processor document format, or a social network, how sure are you that you can get it out again in future?

For many of us, these data streams are not just the equivalent of phone calls that disappear on the wind as soon as you hang up. They are more like diaries, to which we may one day wish to refer again. The search box on this blog becomes a more valuable resource to me with every passing year – perhaps that’s something to do with memory loss in middle age! – but I’m struck sometimes about how many of the links I’ve posted in the past to other services no longer work, because the URLs have changed, or the services have gone away.

With App.net, assuming it is successful, I can be reasonably confident that I will be able to access and manipulate my content in the future, and extract it if I want to move it somewhere else or stop paying the $50. I can use IFTTT, for example, to cross-post anything I put there to Twitter and Facebook automatically, so my friends still know about it. Many of you may be reading this post as a result of that facility. (Apologies to those who see it more than once as a result!)

Now, a network that charges $50 is never going to be as big as one that is free. At the moment, posts on App.net are readable by everyone, so the number of readers, at least, may be affected less by this. Here are my posts so far. But only time will tell whether the combination of being in control of your own stuff, and the ‘Don’t be evil’ policy of the founders, is enough to offset Metcalfe’s law.