Blog Archive — Page 8

This is part of my blog, which I have long since stopped maintaining. The page has been preserved in case its content is of any interest. Please go back to the homepage to see the current contents of this site.

  • Lost in Translation

    This morning, a friend of mine linked to a great article on why “If you’re going to live in this country, learn to speak the language” is pretty insensitive.

    It struck a particular resonance in me, because aside from her emigration, my experience of languages over the last few years has been much like the author’s.

    I too had the dumb luck to fall in love with and marry a Spaniard, with no useful Spanish education to rely on when communicating with my newly acquired in-laws — none at all, in fact. While at school I eagerly studied the languages I thought would be useful in life: French, German and Japanese. Since leaving school, none of them have been anywhere as useful as would have been Mandarin, Arabic, Polish or Spanish.

    Ah yes, Spanish. Like the author of the article I loaded up with about ten minutes’ worth of choice phrases before I went to meet my then-girlfriend’s family. In nervousness I forgot every single word of it. And then ran headlong into the problem of Spain’s several regional languages.

    The Languages of Spain

    To communicate, I first have to ask my wife’s family to speak Castillian Spanish. And then I have to compound my embarassment by admitting that I don’t even speak much of that. Worst of all, the author of that article isn’t being that hyperbolic when she refers to herself as “speaking like a one year old” — my worst realisation of just how poorly I speak Spanish was helping my son talk to a five-year-old girl he was playing with on the beach. Not only did I not understand what she was saying, but I couldn’t even find the words to tell her that I didn’t understand.

    I could only imagine the number of times I would be reduced to frustrated tears if I lived there.

    A Language College in Bournemouth

    I live in a town where thousands come to study English every year, hundreds or thousands of miles from friends and family. Daily I talk to Chinese baristas, Brazilian bus drivers, Italian chefs — always in English, without a second thought.

    And every time they speak a word of English, they’re doing better at integrating into British society than I ever could into theirs.

  • The Last Straw for LinkedIn

    LinkedIn Intro in action (picture from LinkedIn blog)

    If you’ve been paying attention to technology-related news recently, you may have noticed that social network LinkedIn has released a new app for iOS devices called “Intro”. It’s a handy tool for people who do a lot of work-related email on their iDevice, as it embeds information from LinkedIn into your emails so you can get a summary of who you’re talking to.

    Unfortunately it does this not by making Intro a mail client with the extra feature of retrieving this information, but by rewriting your mail settings to send and receive mail exclusively through LinkedIn’s servers.

    In these times where online privacy and security are the subject of worldwide headlines, it shouldn’t come as a suprise that the app has been widely condemned for the complete loss of privacy it entails for its users.

    But this is just the latest in a long line of dubious methods used by LinkedIn to find connections between its users. It has been accused of sending email on users’ behalf without permission — indeed, handing over the password to your GMail and Hotmail accounts (ostensibly to harvest your address book) is one of the steps it recommends when you sign up. LinkedIn also uses names and photos in advertising by default, and comments on Reddit even say that LinkedIn is recommending people connect with former residents of their apartment based on their common IP address.

    LinkedIn requesting to connect to GMail

    Added to that list of privacy failings, the 2012 breach of LinkedIn’s database revealed a major security failing, in that user accounts were stored as unsalted SHA-1 hashes, many of which were easily compromised.

    Although the Intro app does not affect me in any way — I don’t use it, and don’t have an Apple device to use it on anyway — it makes it abundantly clear that LinkedIn still do not care about their users’ privacy or security. No privacy-conscious Internet users, myself included, should support a company like that.

    Make no mistake, by having accounts on LinkedIn we are supporting them. We are not paying; we are the product.

    Given that the only thing I have received through being a LinkedIn member has been regular nuisance calls from recruitment agencies, I think it is high time I deleted my account. I would encourage all of you to weigh up what you gain from the service against what you lose by handing over your personal information to a company that is highly likely to abuse it.

  • Another Summer Gone

    A young man of twenty-eight summers, I cling to that word “young” as long as I can, though already it is slipping away. As another summer departs, and with it another year, autumn permeates body and soul.

    A few short weeks ago, the sun shone and our town sweltered in the summer heat. I felt young and full of energy. I knew there was little better than to live and work by the sea — hell, I’d give up what we had, live in a beach hut, catch fish for a living, and life would still be great because no feeling can beat being young and in love in the summertime.

    But then the wind blew cold, and the rain swept ashore in sheets.

    A Rainy Day in Poole

    Now I shelter in the warm with my family, newly aware that I am not so young and carefree. I have a family and a place amongst them — as a father, husband and son.

    I no longer want a beach hut, or even our flat by the sea. I want a big old house with spare rooms for all the guests we’d have, I want a garden and a potting shed full of vegetables I’ve grown, and a kitchen table where we can sit and chat while I bake and bake and bake.

    I suppose that means I want to be a middle-aged, middle-class housewife. And that’s pretty weird for a man still in his twenties; but oh, what a difference a season can make.

  • Sharing Isn't Caring

    Like many angsty young adults, I spent the last few months of my time at University wondering what would become of the friendships I’d made there — which friends I’d keep in touch with; how often I’d see them. Having lived and worked with many of them, and shared each other’s lives in such minute detail, how could I deal with not having that constant interaction any more?

    Then, something magical happened.

    Facebook app running on an iPod Touch

    Suddenly, it was like the old times were back again. We could stay in touch forever, and share the minutiae of our lives just like always.

    But since then, it’s kind of taken over. I’ve caught myself checking Twitter and Facebook on my phone while crossing the street, as if that iota of interaction couldn’t wait thirty seconds for me to ensure my own safety. My son has started talking to me while I was using my phone, and in my mind it was the phone that had priority and Joseph that was the inconvenience.

    I saw this comic the other day, and although its charicature of the social networking-obsessed user is a long way from the way I act most of the time, the intention behind it still rings true.

    Art (c) Gavin Aung Than of ZenPencils.com

    How did we get to a point where I would rather share some witticism I think of with the internet at large than with my own wife, who matters far more to me than the rest of the web ever could? Why do I regularly spend my evenings idly refreshing Facebook, then complain that the flat is a mess because I never have time to do chores?

    This culture we created of over-sharing our own experiences and being glued to a screen awaiting what our friends share seems to be cheapening our interactions with the real world. It’s escapism from something I no longer want to escape.

    If I am allowed to make “mid-year’s resolutions”, I resolve to share less of my life online, and to spend less time refreshing a page waiting for others to share their lives. It’s no bad thing to wait a few days to see what friends are up to, if it means spending more time caring about my family, my home; the things that I’m sad to say are more important than friends and certainly more important than the retweets and “likes” of strangers.

  • Your System is Compromised

    I’ve spent much of the last few months resolutely not commenting on the NSA spying scandal, Edward Snowden, PRISM and all the other revelations that have been published by the Guardian and the New York Times recently.

    NSA Seal

    While 99% of the population continue without knowing or caring what the implications of the spy programmes are, the revelations have caused a surge in the number of people telling the world — largely online, for irony’s sake — how stunned they are that their trust has been violated by the spy apparatus of their state.

    Here’s the “tl;dr” version for all the busy novice cypherpunks out there, and you’re not going to like it: You should not have expected privacy in the first place.

    Before I go further, I’ll address the obvious riposte to that — that in the US, the Fourth Amendment prevents the state from spying on its own citizens, and the NSA is clearly in violation of this. But other states have no restrictions whatsoever on spying on Americans. Is it any better to be spied on by GCHQ? What about China? The NSA does not have a monopoly on massive electronic dragnets.

    So here’s the long version. If you feel like there should be a secure way of communicating online without state security apparatus knowing and recording it, this is the magnitude of the task you have ahead of you.

    Companies involved in PRISM (pic: Gawker Media)

    • Do you use professional cryptography products, or the hardware crypto capabilities of modern processors? Compromised.
    • Do you or your ISP use popular network hardware? Compromised..
    • Does your traffic flow through the UK or US? Compromised.
    • Use Free / Open Source Software? Congratulations, your system is probably more secure. “Probably”.
    • A big shout out to all the Ubuntu users who feel good about themselves now. It’s a good job you don’t run any proprietary graphics drivers, right?
    • Get the warm fuzzies when you see that little padlock icon in your browser? I hope you’ve reviewed your browser’s Certificate Authority list and made sure none are hacked or in bed with the Chinese government.

    Certificate Authority list in Firefox 23.0

    • Have you gone the extra mile, using only Tor darknet sites to ensure your privacy? Compromised.
    • More broadly, have you communicated by unencrypted phone, fax or e-mail at any time since the 1960s? Compromised.

    • But do you communicate only by Triple-DES & Blowfish encrypted semaphore to your fellow cypherpunks in Faraday cages beneath Sealand? Congratulations, your communication is probably secure. “Probably”.

    The fact of the matter is, if you trusted that your communications were safe from the national security apparatus of a state, particularly your own, you were almost certainly wrong. For privacy fans like myself, the sad news is that countries always have and always will invest vast amounts of time and money on building and maintaining their surveillance capabilities. Large companies will always be given incentives or demands to assist the state in which they operate. And there is very little that the individual privacy-conscious citizen can do about it.

    US Inflation-adjusted Defence Spending, from Wikimedia Commons, CC-by 3.0

    If you want a guarantee of absolute privacy, you must trust every algorithm you use, every piece of hardware and software that handles your data, and everyone you communicate with. But you don’t.

    Somewhere, somehow, your communication system is compromised.

    Maintaining your privacy online is simply a matter of risk management — for each of the possible vectors by which your privacy could be compromised, which do you care about, and which can you do something about? If you’re an international diplomat with a Huawei 3G dongle, are you being spied upon by China? If you’re a Fourth Amendment nut, does the government read your Facebook? If you’re a business traveller, is your host’s network searching your email for company confidential information?

    Assess the privacy risks and manage them. Don’t insist on absolute privacy, or you will find yourself unable to communicate with anyone. And don’t pretend absolute privacy was something you ever had.

  • The End of Westminster Hubble

    Three years ago, after a two-month secret development period working with my old school friend Chris, we announced Westminster Hubble.

    The name was a pun on the “Westminster Bubble” in which MPs are sometimes unkindly said to live — implying a lack of awareness of the rest of the country — and “Hubble” alluding to the Hubble Space Telescope, which has allowed us to see distant objects in more detail than ever before.

    Westminster Hubble was a website that aimed to bring MPs and their constituents closer online by providing a single location to find contact details for an MP, in real life and on social networks. It also provided customised feeds of MPs’ activity from a variety of sources, from YouTube videos to speeches made in the House of Commons. At its core was a RSS-parsing engine powered by SimplePie that pulled in content from all the sources it knew about as quickly as it could, stashing the results in one giant database table. The contents of this would then be served to users as HTML, or as an RSS “meta” feed to users who preferred to get the data that way.

    Westminster Hubble MP Feed

    Westminster Hubble’s main “feed” page for an MP, in this case tech-savvy MP Tom Watson.

    Amongst my favourite features were the Google Maps / They Work For You mashup that allowed users to find their local MP in an intuitive way, and the “badges” awarded to MPs for particular dedication (or just a lot of tweeting).

    Find Your MP map

    Westminster Hubble’s “find your MP” map

    We launched just after similar service Tweetminster really took off, and although we never achieved their relevance or their Wired UK features I still feel that we were offering separate complimentary services — Tweetminster curated tweets around particular subjects for use by those in and around Westminster, while we pulled together tweets and other items from particular people inside Westminster and provided them to those on the outside.

    In many ways, Tweetminster provided a destination, somewhere people would go to get information, whilst Westminster Hubble was designed to fade into the background and become part of the plumbing of the internet — RSS feeds went in, RSS feeds came out in a more structured form as chosen by the users. In many ways, then, it shouldn’t be surprising that this week I am closing Westminster Hubble due to a lack of use. Without the user appeal of being a “destination”, the users didn’t come — didn’t spread the word.

    Westminster Hubble "badges"

    Westminster Hubble “badges”

    In recent months, the web itself seems to have turned a corner from the heady days of the early 2000s; the Web we lost. Twitter’s discontinued API v1 takes with it the availability of RSS feeds for a user — parsing Twitter feeds now requires a “proper” Twitter client that must authenticate and use the JSON API. Facebook pages no longer advertise their RSS feeds; third-party tools must often be relied upon instead.

    It seems the days of mashups, of open services that exposed their data in freely-usable machine-readable formats, are fading. Facebook, and to a lesser extent Twitter, are realising that to maximise their profits, they need to keep users on their sites rather than accessing their data from elsewhere. They are becoming walled gardens in the tradition of AOL, a transition that is fundamentally bad for the free and open web that most of us enjoy today.

    If I were more of an activist, I would keep Westminster Hubble alive and fix its links to Twitter and Facebook precisely for the reason that this trend needs to be fought — that the British public should have the right to see what MPs post on “walled garden” websites without the members of the public themselves needing to enter that garden. But the fact of the matter is that Westminster Hubble has failed to become a popular service. In the past month there have been exactly six unique visitors, and that includes consumers of the RSS feeds.

    It is tempting to leave the service running somewhere in some capacity — its database currently contains nearly a million items posted by MPs over the course of 16 years. (Westminster Hubble has only been running for three years; it retrieves old posts from feeds when it can.) However, there seems little point in maintaining the domain name, the Twitter account and the Facebook page for a service that now sees so few users.

    For anyone wanting one last play with the site, on the understanding that many social network integration features no longer work, can do so on the Westminster Hubble temporary server. On request I am also happy to host the complete (~420MB) database dump, in case anyone wants a large data set of MP activity on which to run some analysis.

    To everyone else who has used Westminster Hubble over the years, thank you. I hope it proved useful, and I like to hope that maybe even one of you was inspired by it to support an open government, to campaign for it, or to follow in the footsteps of Chris and I and build your own tools to make it happen.

    After many MPs have held Hubble’s “badges” over the years, I’d like to award one special, final badge of honour. The Westminster Hubble award for Social Network Mastery could go to nobody else: ladies and gentlemen, Ed Balls.

    So long, and thanks for all the fish.

  • ChromeCopter 2000

    I’ve been asked several times whether I would be attending various Nodecopter events, even more so now that the fledgling hackerspace I am part of is getting to know about my love of robots.

    My reason for saying “no” every time is that it would tip me over the edge into buying things I can’t afford — and the AR.drone that Nodecopter events use wouldn’t even be the most expensive part of the build.

    With the knowledge that I will probably not build this project any time soon, if at all, I figured I might as well put the design out there in case anyone else is up to the challenge (and the expense). So without further ado…

    Introducing the ChromeCopter 2000

    Despite the most recent inspiration for the design being William Gibson’s 2010 novel “Zero History”, the concept — and hence the name — belongs more to an 80s cyberpunk vision of the future; where the Internet overlaps with the world in the form of virtual reality cyberspace rather than app stores and push notifications.

    This, I feel, is the closest we may get to “jacking in” in the next few decades.

    Phase 1 — A Few Simple Parts

    The initial “proof of concept” phase is technically simple, although unfortunately very expensive.

    The AR.drone comes with a great Android and iOS app that allows you to fly the drone intuitively using the phone’s accelerometer and on-screen controls. The simple addition of a modern VR headset such as the Oculus Rift attached to the phone via an mini HDMI to DVI converter will give 90% of that “jacking in” sensation for 1% of the effort that Phase 2 will involve.

    Aside from the price and the Oculus Rift’s lack of a release date, the big problem here is that the pilot will have to operate the phone’s on-screen controls — such as altitude — by feel alone because she won’t be able to see her own fingers.

    Chromecopter Phase 1 diagram

    Replacing that on-screen control with motion sensors is the other 99% of the effort.

    Phase 2 — The Inevitable Raspberry Pi

    The one limitation that stopped me rushing out to buy an AR.drone on release day was that it cuts a few corners to make it (relatively) cheap. Its props aren’t powerful enough to allow it to support a decent payload (read: onboard autonomy controller), and the core control software is closed and unhackable.

    What this means is that any interesting capabilities have to be implemented off the drone itself. While this isn’t ideal, there is a decent SDK, and now there is a very popular Node.js ar-drone library on which Nodecopter code is based.

    This is PC-based, so the logical place to start would be a PC that fits in your pocket — the Raspberry Pi.

    (The AR.drone SDK also supports Android, so this bit would be possible with something like an Android phone and an IOIO board. This would rule out the use of Node.js, though.)

    With the Raspberry Pi running Nodecopter software, it becomes pretty easy to integrate a number of sensors and feed the control through to the drone over WiFi. Plus, a portable “phone charger” type battery pack would make the processing module more-or-less pocketable.

    For the control of the drone, the feeling of “jacking in” is enhanced by applying control through body motion. The Oculus Rift includes sensors which could allow the pilot to rotate the quadcopter by rotating her head. Cheap solid-state magnetometers like those used in the Raspberry Tank can be embedded in gloves to control the three-dimensional motion of the drone. For example, tilting the right hand forwards and backwards could decrease and increase altitude.

    Chromecopter control scheme

    Finally, a safe “hover” mode is required that will allow the pilot to move her hands without controlling and potentially crashing the drone. This could be achieved by metal contacts on the thumb and forefinger, which must be touching in order to actively command the drone.

    These sensors can easily be fed into the Raspberry Pi via its GPIO port, with a C program exposing a TCP socket via which the Node.js code can retrieve the data.

    When flying a drone, speed is of the essence, and a lot of work will be required to decrease the time between the pilot moving and the drone responding. Delays here can cause difficulty in piloting the drone, not to mention the possibility of motion sickness since the pilot’s field of view consists only of the (possibly delayed) video from the drone.

    Chromecopter Phase 2 diagram

    In Summary

    That’s my crazy cyberpunk invention of the week. As a design, its BOM cost of over £600 puts it out of my price range for now — but if anyone else builds something similar before I get the chance, I’d love to hear about it!

  • Never Say Goodbye

    As my previous post on closing my Last.fm account might indicate, I’m currently on something of an account-closing spree.

    Closing online accounts seems to be a rarity these days, and more than once I’ve been asked why I bother. My reasons are pretty simple, so I suppose I care about them more than most people.

    • The service knows my email address, which they can use to spam me about a product I no longer care about.
    • The service knows my password in some form — if I’m lucky it’s suitably salted and hashed, but in many cases it won’t be. And like everyone else on the internet, I re-use passwords on several sites because I need my brain to remember more important things.
    • In some cases, the service knows my credit card details, which I really don’t want falling into the wrong hands.

    Closing a Last.fm account was pretty painless. Re-enter your password for security, click a couple of confirmation buttons, and you’re done — with the slightly odd proviso that it doesn’t delete forum posts in your name. Presumably this is so that the forum archives are still readable rather than being peppered with one-sided conversations, but it does suggest that after deleting your account, there is no longer any way of removing your forum posts at all.

    Not the worst offender, though, by far.

    Today I tried to close an account with an old web hosting provider, 34SP. There’s no obvious way to delete your account through their admin panel, so I contacted support and was told:

    Unfortunately we cannot ‘delete’ your account. We keep accounts active for our records should any future changes need to be made.

    What future changes? I am leaving your service.

    This is far from the first time I’ve encountered this — the internet is littered with accounts of mine that still exist only because the service provider does not provide any means to close an account, often as an actual policy rather than just a programming oversight. It’s not exactly the hardest thing to program anyway, so there should be no excuses on that front. Here’s SuccessWhale’s account deletion dialog — enter your password, click a button, and everything you ever did is permanently erased.

    SuccessWhale account deletion dialog

    I’m not sure when this practice came about, but it’s particularly frustrating to know that your email address and weakly-encrypted password are held by a company and there is nothing at all you can do to stop that being the case. Although the EU’s “Right to be Forgotten” by internet companies is largely unworkable and unlikely to make it anywhere near a book of law, it would be wonderful to see it demand that account deletion is actually possible.

    In the mean time, I intend to stop by Terms of Service, Didn’t Read before signing up to any new online services, so I can make sure I only create accounts that I can one day choose to delete.

    No right to delete account

    On TOS;DR, “No right to delete account” is a worryingly common sight.

  • The Last of Last.fm: Seven Years in Pretty Graphs

    I started using Last.fm back in 2006, in the final months of my time at University, and have carried on using it up until a few months ago, despite coming to the conclusion that I should stop back in 2011. Although the social media narcissism of “everyone must know what I’m listening to!” is no longer appealing in these days of over-sharing, I kept my Last.fm account around for its free “recommendations” streaming services until deciding earlier this year that a Spotify subscription was a worthwhile investment.

    I was reluctant to delete my account, though, as seven years of listening to over 30,000 songs is a lot of data — so much that it feels wrong to click a single button and pretend it never happened.

    Luckily, I’m far from the first person to want to turn their years of recorded listening habits into some kind of accessible permanent record. The most famous such service, LastGraph shut down earlier this month — annoyingly on the very day that I intended to use it — but there are many other ways to get interesting data from a Last.fm history.

    Last.fm Playground

    Last.fm offers their own visualisation tools in their “Playground” site. Many are for subscribers only, but even free users get access to some interesting graphs.

    For example, the Gender Plot uses your history to guess your gender and age. As you can see below, Last.fm pegs me as 24 (I’ll take that as a compliment) and it’s pretty indecisive on my gender — a largely manly playlist conflicts with my fondness for Tokio Hotel, apparently only listened to by 18-year-old girls.

    Last.fm Gender Plot

    Last.fm Graph

    Last.fm Graph is a third-party Java app that takes your favourite artists and displays them as a network graph, showing the interlinking between them. The result is interactive and designed to be played with, which unfortunately makes for a pretty poor screenshot.

    According to my output, my main genres of metal and EBM don’t intersect anywhere — perhaps they would have if more industrial acts had made the “top 50 artists” cut-off that I used for the data set. My 2006-2007 J-Pop phase is sitting on its own separate from everything else (and deservedly so).

    Last.fm Graph

    Last.fm Extra Stats

    Last.fm Extra Stats (Windows only, .NET 2.0) generates much the same graphs that LastGraph did, more configurably but perhaps a little less pretty. Everyone’s favourite is the “Wave chart” view, showing trends in listening to your most popular bands over time.

    Here, the amount of music I listened to — or at least, the number of tracks I scrobbled to Last.fm — dominates the chart causing a very bumpy output, but it’s all there. The sheer volume of Kotoko and Scooter tracks I’ve listened to are now laid bare for the world to see and silently judge me on.

    Last.fm Graph

    LastHistory

    My favourite of the bunch has to be LastHistory (OSX only). It’s not the prettiest visualisation, but what it does do is not just plot your listening over time on a day-by-day basis, but minute-by-minute. The resulting visualisation displays information about your life, while others simply display your music.

    In this history I can see my varying sleep patterns as I changed from student to office worker to father. I can see the all-nighters I pulled and what music I chose to accompany me. The days when I listened to music only on my commute, and the rarer interludes where I managed a whole day of listening.

    Last.fm Graph

    Reminiscence rears its head in strange places, few stranger than a 30,000 point data set began one day with a 20-year-old thinking people on the internet would be interested in his music.

    Today I delete my Last.fm account, thankful for the opportunity to look back over seven years of my life summarised in scrobbles. I hope this page proves useful for anyone else in a similar situation, looking to extract pretty graphs — or even memories — from their Last.fm history.

  • Announcing: "Can I Call It...?"

    There are a whole host of decisions involved with starting a new software project. What’s my target audience? What language shall I write it in? Which libraries shall I use? And of course, “What shall I call it?”

    For anyone looking to give their new project a unique name, there’s an annoying process to go through of searching for each idea to see if something already exists by that name. Linux packages need to have unique names, as do SourceForge projects, Ruby Gems and projects on many other distribution systems.

    As of 4pm yesterday, there was no simple way of querying all these repositories and package management systems together, to see if your chosen name was already taken by someone else.

    So at 8pm I sat down to code. And by 11pm, there was a way to do exactly that.

    Meet CICI, or “Can I Call it…?”

    CICI is a simple website. You give it a name you would like to use for your project, it checks against a bunch of services, and tells you if your name is unique – i.e., you can call it that – or not.

    CICI Results Page

    Currently, CICI looks up information on packages and projects using Github, SourceForge, Ruby Gems, PyPI, Maven, Debian and Fedora, but it’s easy to add more. CICI itself is a simple Ruby script (full of ugly hacks, as is befitting for a program that I knocked together in a few hours), which you can download and contribute to on GitHub. It’s all BSD-licenced.

    Of course, you can play with CICI on the web right here:

    Can I Call It…?

    As we have also discovered, typing random words into the search box to see what it finds is surprisingly addictive… See what odd (or even useful) things you can find on CICI, and good luck with your new projects – whatever name you end up giving them!