Category Archives: Web/Tech

Just what is the TSA looking for?

NBC News on the decision of the TSA to not allow electronic devices on to planes unless they are charged up:

A U.S. source familiar with the matter said laptop computers are among the devices security screeners may require passengers to turn on. U.S. officials are concerned that a cellphone, tablet, laptop or other electronic device could be used as a bomb.

Some people have questioned why this measure is necessary, given that a potential terrorist could simply pack a device with explosives while retaining the ability to turn it on, but I think they’re missing the point. My guess – and it is a guess – is that someone has worked out how to create an explosive mixture which, when passed through a scanner, looks the same on the screen as a battery. This means you could replace the battery with explosive, but putting it elsewhere would still stand out as abnormal on screen.

Hence the threat: it’s not that someone can pack a device with explosives (something they’ve always been able to do), it’s that they can now do it undetected.

My gadget bag

Gadgets gather around me like iron filings gather around a magnet, which means I have to be pretty tough with myself about what I makes it into my bag. I try and keep things minimal – but, as you will see from what I carry, that’s often a forlorn hope.

Ally Capellino 11in laptop bag. I originally got this to tote around an 11in MacBook Air which sadly got stolen, but it’s proved to be a great bag for the iPad too. It’s not big enough for a weekend away, but overnight it suffices.

iPad Air 32Gb WiFi and Cellular. When I travel with my bag, this comes with me. It’s removed the need to carry a laptop on almost every occasion I travel. Combined with a Zagg Keyboard Folio case (recommended to me by Harry McCracken) it makes a great laptop replacement.

The big advantage it has over a laptop, apart from portability, is built-in mobile data. Yes, I could tether to my phone, but tethering is inelegant. It never feels robust enough to me.

The only regret I have about the Air is that I scrimped on memory. As you use the iPad more as a day-to-day computer, you end up needing more storage. My 32Gb feels cramped, and the next iPad I have will definitely have 128Gb instead.

On the rare occasions I need to carry a laptop (maybe once every three months), my MacBook Pro 13in with retina display comes along. Having a Chromebook Pixel (which acts as my “backup” computer) persuaded me I wouldn’t get a non-retina machine again. Once you get used to this kind of screen, you don’t want to go back. The MacBook Pro wins over the Pixel primarily for its battery life, which tops seven hours in regular use for me.

iPhone 5S. I’ve tried other phones – most recently a Nexus 5 – but the iPhone remains my phone of choice. That’s partly down to the apps (I spend a lot of time in my to do list, and OmniFocus is the best GTD-based list there is) but also the details. iPhones always feel like they’ve been put together with every detail thought through. Although other phones have some good points – I like the N5’s screen size, for example – nothing feels as good as an iPhone in my hand.

Mophie Helium iPhone battery. The iPhone usually lasts a full day for me, but there are odd occasions on long journeys where I get battery anxiety. Hence the Mophie Helium, which gives me enough battery life to make a full 24 hours. I don’t generally keep the Mophie on the iPhone unless I need it, but it’s nice to know it’s there and I can snap it on for a charge.

Moleskine Evernote notebook. Evernote is where I put all my notes, clippings and scans. I’ve used Moleskine notebooks for a while, and the Evernote ones come with three months free Evernote subscription. Evernote’s ability to recognise my scrawl and make it searchable is pretty amazing.

Doxie Go. The Doxie Go is a recent addition, and although I don’t always take it with me it’s incredibly useful and is becoming a more frequent traveller. I still get given a lot of paper, and having the ability to scan it quickly and send it to the cloud (via a Eye-Fi WiFi SD card) is great. When I first got it, I spent half a day clearing a vast amount of old paper which gave me back three shelves.

Apple VGA adaptors (Thunderbolt and Lightning). These are classic examples of “just in case”. I rarely go anywhere to present which doesn’t have a Mac or iOS adaptor, but when I do need one, you can guarantee there won’t be anywhere close by I could get one from if I didn’t have them with me.

Can we please stop saying open source is more secure?

I’ve argued for a long time the "open source means more eyeballs means more secure" argument was complete bunk. I’m not particularly happy that the GnuTLS bug – which appears to have been there for up to nine years – has shown I was right. As John Moltz puts it:

This SSL bug may have been in the code for nine years. Please, tell me again that trope about how Mac users blindly think their computers are invulnerable to attack. And it’s not like it’s the only one the platform’s had.

The point is not how many eyeballs look through code (and as Watts Martin points out, no one looks through a lot of that old code). It’s the quality of the eyeballs which matters. If a hundred mediocre coders look through a bunch of code, they’ll never see the same issues that a single really good one will see. People aren’t functionally equivalent units of production.

As Steve Jobs put it:

"In most businesses, the difference between average and good is at best 2 to 1, right? Like, if you go to New York and you get the best cab driver in the city, you might get there 30% faster than with an average taxicab driver. A 2 to 1 gain would be pretty big.

"The difference between the best worker on computer hard-ware and the average may be 2 to 1, if you’re lucky. With automobiles, maybe 2 to 1. But in software, it’s at least 25 to 1. The difference between the average programmer and a great one is at least that.

"The secret of my success is that we have gone to exceptional lengths to hire the best people in the world. And when you’re in a field where the dynamic range is 25 to 1, boy, does it pay off."

“This blog is 12 years old. The reason it’s still here will surprise you.”

I have a section in my feeds called “Friends”. This folder includes RSS feeds for virtually all my friend’s personal blogs, and for about a year there’s something interesting about it: there’s virtually nothing new in it.

Oh sure, there are updates. But they’re the virtual equivalent of an alarm set on a phone you no longer use. They’re things like “My tweets for Thursday”, “Links I liked”, and other automatic posts created by other services. They’re the kind of thing which, a few years ago, would have been the filler between interesting comments, essays, and more. Now, they’re all my friends are producing.

Except that they’re not. Some of my friends have moved away from creating things online and sharing them, mostly due to the ever-evolving pressures on their time: increasing families, work that becomes more time consuming. Houses. Even more kids.

But mostly, they’re sharing smaller and smaller snippets, on social networks. Or they’ve abandoned writing on their own blogs in favour of other platforms like Medium.

This makes me a little sad. There’s a lot of friends out there who I initially discovered through their blogging. Back in the late 90’s and early noughties, having a blog was an essential way of expressing yourself and your thoughts. It was also, truth be told, a place to show off a bit.

But there was also a genuinely political element to it, in the sense that for the first time in history, publishing was something anyone could do. You would write, post your pictures, do what the heck you wanted without having to rely on a third party. If you put in the effort, you could own everything bar the connection your server had to the wider Internet. It brought to life the slogan The Well used: “You own your own words”.

All things pass, and it feels like the time of the blog has in some sense passed too. Who has time to write, when you can pump out status updates which let your friends and family know exactly what you’re thinking and doing at any moment? And why bother to think through what you’re going to say and express in in a few hundred words, when really all anyone cares about is the pithy headline, the punchy hook. “This blog is 12 years old. The reason it’s still here will surprise you.”

Keeping writing a blog is hard work, and takes commitment, and it’s very easy to drift out of that commitment. One of the reasons that I decided to start trying to write 500 words a day is because I believed that making this kind of commitment was good for me. But it was also an attempt to avoid pouring too much of a my energy into things like Twitter, Facebook, and other social networks which – while fun, and generally positive – don’t feel like they have the permanence of my own space. This blog is older than Facebook, and I like that.


Why Dishfire doesn’t make SMS two-factor authentication useless

Kevin Marks, on the “Dishfire” system which apparently hoovers up millions of SMS messages:

I don’t think this is correct. As I understand it, and in all instances I’ve used, the codes delivered by SMS for two-factor authentication are time and use limited: that means after a few minutes, they’re useless, or if you use them once, they can’t be used again.

This means that, in order to be useful to someone, they would need to be monitored in real time and used before you used them – which would, of course, alert you to the fact they’ve been used, as they would fail when you tried it yourself.

Panic over, people.

The proliferation of new desktops

Billy MacInnes, writing for MicroScope on the announcement of a couple of new Android-based computers:

PC vendors are starting to ask whether there might be something to be gained from finding a place for Android in their desktop product roadmaps. Some have even announced products. This is aside from Chromebooks based on Google’s Chrome OS, which are already available from the likes of Samsung, Acer and HP, products which have started to gain some traction in commercial organisations in the US, especially schools.

The proliferation of “new” desktop types is one of the most interesting current trends. Ten years ago, the choice was Windows, Mac or – if you wore your beard around your neck with pride – Linux. Now you can get yourself a laptop running Windows, Mac, Linux, ChromeOS, Android, and more.

The reason for the proliferation is simple: the cloud. Cloud-based data means you can access the same data on multiple platforms with ease. The pain of switching between Android and Mac, for example, isn’t great because the stuff of value – the data – all lives in the cloud.

Beware of the Bitcoin

Alex Payne on Bitcoin, Magical Thinking, and Political Ideology:

“In Bitcoin, the Valley sees another PayPal and the associated fat exit, but ideally without the annoying costs of policing fraud and handling chargebacks this time around. Bankers in New York and London see opportunities for cryptocurrency market-making. International investors see the potential for arbitrage and are taking advantage of cheap electricity, bringing the environmental destruction of real-world mining to the brave new world of digital money.

In other words: Bitcoin represents more of the same short-sighted hypercapitalism that got us into this mess, minus the accountability. No wonder that many of the same culprits are diving eagerly into the mining pool.”

The poverty-perpetuating, self-aggrandising techno-libertarians strike again…

No, the “UK national firewall” doesn’t block Boing Boing, EFF and slashdot

Government-mandated web filtering is a really bad idea, for reasons which should be obvious to anyone who’s used the Internet for long. I’m against them: I think it should be up to adults to decide what they see, and for parents to decide what their children see.

However, in opposing them, it’s really important that we don’t go off the deep end and cry wolf about what ISPs are doing. That’s why I find Cory’s post at Boing Boing about how “UK’s new national firewall: O2′s “parental control” list blocks Slashdot, EFF, and Boing Boing” concerning. 

Cory’s post takes it’s lead from another post by Peter Hansteen, which points at o2′s URL checker, which lets you see whether an individual site is blocked by o2′s web filters. The third setting – “Parental Control” – appears to block pretty-much the whole internet.

However, I think this is misleading, and conflating two very different sets of filters. The site checker Peter linked to is, I believe, related to o2′s mobile service, not its broadband service (which is now part of Sky). In common with most mobile companies, o2 has a default blacklist, which can you opt out of easily. It also has a set of much stricter “Parental control” setting which allows parents to tightly lock-down what a child with a mobile can see. It’s this second “Parental control” setting that’s basically blocks everything on the internet, apart from a handful of “child-friendly” sites.

I don’t think this is anything to do with the government mandated porn block. It’s just the same mobile filtering that’s always been there, and that’s common across pretty-much every mobile company. I can’t imagine why anyone would change any child’s mobile to basically block the whole of the internet, but it’s opt-in, and it should be up to the parents.

Sky, which now owns o2′s former broadband service (not the mobile network), does have a system of DNS-based filtering called “Broadband Shield” which is compliant with the government-”requested” filtering system. Although I haven’t run through it, it seems to work like this: when you sign up to Sky as a new customer, you’re presented with filtering options. The default setting is on, but you can change it at this point. (More details in Sky’s response to ORG’s questions about it). The “PG” and “18″ level filtering is, of course, as much riddled with inconsistency as any other filtering system, but it’s not the “OMG BLOCK EVERYTHING” that o2′s mobile parental controls are.

UPDATE: And now this piece on the New Statesman is making the same error, conflating pre-existing filters on a mobile network with Cameron’s “porn blocking” plans. This is crying wolf. The two things are not the same. For the love of god, people, let’s have a grown up debate that actually deals with the facts, rather than sensationalising things.

The end point of surveillance

A starting point:

The federal government is making progress on developing a surveillance system that would pair computers with video cameras to scan crowds and automatically identify people by their faces, according to newly disclosed documents and interviews with researchers working on the project.

(via Facial Scanning Is Making Gains in Surveillance –

There are very few technical limits connected to surveillance. If a government wanted to, it could monitor every electronic communication you have. It could recognise your face, your car, your clothes and follow you around the physical world. It could recognise every person you meet, track every transaction you make. None of this is rocket science, and within ten years it will be available to every government on the planet. [1]

Turning away from technical capabilities isn’t going to work. Some government, somewhere, is going to do it and gain a huge advantage over others. They won’t limit themselves to surveilling their own people: any way they can hack into the systems used by others will be used, because knowing what the citizens of other countries are up to is a massive advantage too.

Knowledge is power.

  1. And ten years after that, it will be available to every individual on the planet.  ↩

IFTTT launches on the iPhone

IFTTT launches on the iPhone:

“IFTTT, if you’re unfamiliar, is a utility that you can use to hook multiple web services together to perform automated actions for you. Want a text message every time you get an email from a friend? Care to have your photos automatically shipped off to SkyDrive or Dropbox or Flickr as they’re shot? There’s a ton more stuff that you can do with the hundreds of channels that support popular apps, services and actions.“

IFTTT is one of my favourite web services of the past year, capable of creating dozens of useful tools, and a great illustration of why open APIs are important and powerful.