Yet Another Blog

Situation: I have created a new Twitter account for a business I am managing. Twitter wants to verify the email address I’ve used, so I get an email asking me to click a link.

I am using my mobile phone. It’s a Nexus 4 – new and fast, with a full-featured browser on board.

I tap the link on my phone, and after a few redirects I end up at this page:

Note the URL – it’s simply mobile.twitter.com. The validation code provided in the email has been stripped. No matter what I click, I can’t succeed. Worse, this page bears absolutely no resemblance to what I was hoping or expecting to get. I don’t want the app and I’ve already signed up (it also doesn’t scroll – there’s nothing below the screen fold).

So, it seems I cannot validate my email address from a mobile phone. Or Twitter doesn’t want me to. Either way, I can’t perform a quite straightforward task.

You might be aware that in Chrome there is an option ‘Request Desktop Site’ which re-requests the page but pretends the phone is a desktop. Unsurprisingly, the full-featured Twitter homepage is reloaded. Unfortunately Chrome doesn’t retain this setting between tabs so simply going back and re-tapping the email doesn’t work. You need to copy/paste the URL into the current tab.

With that little dance, it works. My email is validated.

Of course, it always should have worked. This is a trivial exercise and the modern smartphone is more than capable of this activity. Instead, the website operator insists on using a brutal, unhelpful redirect. What an utterly poor experience for such a simple task.

 

 

Some of my more recent reads…

Angus man diagnosed with chronic lateness condition – man who has been late for everything has been told it is a condition that affects the same part of the brain as ADHD – via @albiondumsday

Those whose data is not easily harvestable risk being a ‘New Underclass of Big Data’ – the theory being that people who are paid in cash, don’t have Internet access and mobile phones will not be represented fairly when Big Data is used to profile populations.

A small team at Google has created a basic web server for the Raspberry Pi, designed to help people learn to code more quickly and easily.

Finally, ‘The best interface is no interface’ – this article from last year still resonates quite strongly with how I feel about technology at the moment. Well worth a read.

 

My collection of notes around the Internet. I’m using a Model B with a Raspberry Pi camera and an up-to-date Raspbian.

First, install motion:

$ sudo apt-get install -y motion

Install motion-mmal as follows:

$ sudo apt-get install -y libjpeg62 libjpeg62-dev libavformat53 libavformat-dev libavcodec53 libavcodec-dev libavutil51 libavutil-dev libc6-dev zlib1g-dev libmysqlclient18 libmysqlclient-dev libpq5 libpq-dev

$ wget https://www.dropbox.com/s/xdfcxm5hu71s97d/motion-mmal.tar.gz

$ tar -zxvf motion-mmal.tar.gz

$ ./motion -n -c motion-mmalcam.conf

Then I made the following changes to motion-mmalcam.conf:

event_gap from 60 to 20 to reduce the amount of captures stored post-event

threshold from 1500 to 2500 to reduce the sensitivity (number of changed pixels)

 minimum_motion_frames from 1 to 4 to reduce the sensitivity (number of frames with motion detected)

ffmpeg_output_movies from on to off because I don’t want movies

target_dir from /home/pi to /var/www/archive to suit my web installation

picture_filename from %v-%Y%m%d%H%M%S-%q to %Y-%m/%Y-%m-%d/%v-%Y%m%d%H%M%S-%q to save putting too many images in a single folder.

 

 

I have a new phone (actually, an end-of-line one) and one of its features is ‘Face Unlock’. You switch the phone on and, to identify yourself, you hold your face up to the screen, blink, and it lets you in. Great.

Except it doesn’t bloody work.

I’m sure in testing it’s great, but for me it fails miserably. I have maybe a 10% success rate. I’ve tried it in the street, in the car (parked, of course), in my bedroom, in the living room, under daylight, under artificial light. Most of the time it simply doesn’t recognise me. For the rest, it can’t seem to see that I’ve blinked as requested (part of the test to make sure you’re alive and not a photo).

Every time it fails, I have to resort back to PIN entry. In fact, it’s clear it was never intended to be entirely successful; when enabling the feature a PIN also has to be set up as a back-up option. Ninety percent of the time this ends up being the primary option, although not after the slight embarrassment of posing for a selfie every time I want to check my mail.

It’s a nice idea, but a failed one. Either make it work reliably or ditch the idea. A halfway option where it may-or-may-not work is a failure: the phone is clearly not working correctly.

We look at the alternatives for securing one’s phone: there’s no lock – easy access for thieves and friends who like to post “funny” updates on your Facebook profile; there’s slide – nearly as ineffective as the above; PIN entry and shape drawing are a reasonable effort but it only takes a couple of looks to know what your friend’s (or potential victim’s) unlock key is. Finally there is the password which is – let’s be honest – the most tedious option around.

Getting authentication right on phones, laptops and other ‘contact’ points is vitally important for the web of trust. As we place more personal information and rights on our devices, so the value of this content and the importance of security increases.

Almost as important is convenience: the ability to pick up a phone and use it without having to solve a challenge or fiddly negotiation of keys every time.

With news that Apple’s newest iPhone 5S includes fingerprint reading, one starts to see a glimmer of hope to this issue. Fingerprint scanners aren’t entirely secure but they’re a damn good start – and from what I read, Apple’s option is a lot more robust than many. Convenience-wise, our fingers are already pretty close to the device already (they’re “to hand” – if you’ll pardon the pun) and somebody would have to take pretty extraordinary measures to forge your fingerprint.

This is one particular feature I’m hoping finds its way onto all manner of phones in the near future. For the good of our mobile security, and for the balance of user convenience, we need to see some real improvements in this area.

I have a lot of things saved in my bookmarks that never see the light of day. Time for some housekeeping! This selection is on the Raspberry Pi – more categories will hopefully come soon

Pi Basics

GPIO basics – getting an LED to turn on Rasberry Pi | GPIO Examples 1 – A single LED | Gordons Projects

How I shutdown my Raspberry Pi | Claudio Dawson d’Angelis Homepage

http://raspberrycolocation.com/ – Hosting for the Raspberry Pi (€3,- monthly, hosted in Amsterdam)

http://www.raspberry-asterisk.org/ – Asterisk (phone system) hosted on a Raspberry Pi

Cameras

Jeremy’s Blog: Motion Google Drive Uploader and Emailer – whenever motion is detected from a Raspberry Pi webcam, this script will upload it to Google Drive. See also Jeremy’s Blog: Battery powered, Wireless, Motion detecting Raspberry Pi

Raspberry Pi • View topic – Mplayer using the GPU or OMXplayer looping seamlessly

Fotosyn » Simple timelapse camera using Raspberry Pi and a coffee tin

Some projects! Top 10 Things to Connect to Your Raspberry Pi | Raspberry Pi Spy

Looking at kiosk-style web interfaces for Raspberry Pi:

Creating a Web Kiosk – ArchWiki

Chromium – ArchWiki

Keeping Good Time

The Raspberry PI doesn’t have a hardware clock like regular PCs, so we either have to connect it to the Internet (to sync online), attach an external clock or signal receiver, or completely fake it.

This is the faking option: architecture++: fake-hwclock for Arch Linux Arm on Raspberry Pi (using systemd)

OpenNTPD – ArchWiki

Wifi for the Pi

Wireless Setup for Arch Linux

RPI-Wireless-Hotspot – eLinux.org

Hostapd : The Linux Way to create Virtual Wifi Access Point | Foo, Bar and Foobar

Jens Segers – Realtek RTL8188 based access point on Raspberry Pi

MIDI

Never got round to doing anything with this, but one day …

Ted’s Linux MIDI Guide

Midichlorians in the blood: The MIDI Connection

Seen at cafe recently:

A 2 pound service charge will be added to bills over 20 pounds.

Is this really a sign of things to come?

Mmmm, holidays. A couple of opportunities came up in the diary and we grabbed them without hesitation.

First few days in the Netherlands, basically familiar territory with very little stress. This was the beach holiday, as we spent some time in Scheveningen (lovely beach near The Hague) and Katwijk aan Zee (also very nice beach; less tourist-y).

We also drove towards Vlissingen, taking in the remarkable bridges and flood barriers that keep the North Sea from flooding the low lands. The combined ‘Delta Works‘ are an audacious attempt to hold back the water (a constant battle as sea levels rise) and are generally considered one of the seven modern wonders of the world.

We travelled by car and the ever-reliable Stena ferry between Harwich and Hoek van Holland, choosing to ugrade to Captain Suite as it *was* a holiday 😉 – the overnight ferry means you can board around 9pm and be driving in Holland about 8am the next morning.

Can’t say I’ll opt for Captain’s Suite again. It is very nice but ships are large with plenty to do; the cabin is simply somewhere to sleep. I suspect they’re more sensible during daytime crossings where they can be better appreciated – still, we wanted to try!

The timing of our visit was to coincide with the Scheveningen International Firework festival. I swear when we booked everything this was scheduled to be on the Thursday, Friday and Saturday night which would’ve been every night of our visit. It seems they changed the schedule at some point to span two weekends, so we ended up missing half the fireworks – a real shame – but what we did see was still very good.

The second part of the break led us to France camping with some friends. We didn’t venture too far from Dunkirk (for various reasons) which meant the campsite was thoroughly British. Still, we managed to get out a bit and see some actual bits of France (and some of Belgium).

Now back to work, feeling somewhat refreshed.

Xerox has received some likely unwelcome attention recently, with the discovery that their scanner-photocopiers are changing numbers under certain conditions.

The issue was highlighted by computer scientist David Kriesel, who discovered that figures in a scanned construction plan did not add up: in the original one room is listed as 21.11m³, in scans this number changed to 14.13m³. Other errors were also evident, with different tests yielding different errors.

Blame appears to be apportioned to the compression method used when saving the scan. Dot-for-dot reproductions of pages are quite large files, so various techniques are used to reduce the file size needed.

It is suggested that if a document contains several similar-looking patterns on a page (such as a series of numbers) the scanner would record that both patterns are effectively the same and the reproduction would simply say ‘this patch is the same as that patch, so just duplicate it again here’ rather than recording both patches independently. If the quality is low enough, this might be incorrectly applied to two patches of a page which might look similar, when in fact they are slightly different.

Again, this is hypothetical and does not appear to have been solidly confirmed, but would indeed be a potential side-effect of compression and is consistent with the results seen.

Such errors might cause mere inconvenience, or they might lead to more substantial effects. Invoices and other financial documents could be subtly changed; doses of medical prescriptions modified, or incorrect construction plans leading to structural failure. One hopes that in many cases, trained practitioners might spot an error or question a seemingly erroneous value. After all, human errors (typos) are also likely to occur from time to time.

Nonetheless, this demonstrates a flaw in a system users would hope to place some degree of trust in: changing digits is not the expected behaviour of any reproduction system!

Xerox has issued their own statement, and are planning to release a patch shortly.

 

I just got my mobile phone bill … a 25 minute call to a Netherlands landline has cost 25 quid – a pound a minute.

The EU roaming caps apply to non-domestic travel, but seemingly not for the ‘home’ network.

As far as I can tell, if I had a French pay-as-you-go SIM and used that to call the same number, it would have been around a third cheaper (I think, in June, 30p + VAT per minute)

In other words, if you’re going to use mobile, it’s considerably less expensive to use a foreign disposable SIM in the UK to call another country, than it is to use a UK contract phone to do the same.

That’s absurd, no?

As I become older (!), wiser (?) and generally less interested in fiddling about with the innards of software, I’ve become acutely aware of aspects of software development which are more often than not the cause of issue.

Software design is intrinsically an ass-covering occupation. With most budgets and with even the most skilled developers, bugs will be created. Our role is to minimise the frequency and impact of bugs; to work on a basis of zero bugs is (with current development environments) a largely futile exercise.

Computer programming is largely about a series of transitional actions. Functions take an input and produce an output. Cause and effect. This is why unit tests feature in so many programmers’ armouries – they offer a systematic, highly repeatable way of testing that a given function works as expected.

The complexity of functions can be guessed from the number of external inputs they take. The ease of testing is reduced every time the number of inputs increases. This becomes far more complicated when global scope or environment variables come into play – something often overlooked when testing.

So, when building up functions my first soon is to remove as many variable inputs as possible. I treat globals as positively evil, and avoid them unless necessary. Functions with many inputs are also treated with caution. What is a function doing with so many variable inputs? It usually suggests a chain of conditional statements – perhaps the function needs to be split.

Optimisation is another poisonous part of programming. Generally if a cache or other optimisation mechanism is implemented it adds an aspect of unpredictability to the application – another input (or factor) we need to consider when writing and testing. Most developers will implement some form of optimisation without giving it a second thought – a global database connection for instance persists state between functions, which gives an unexpected input for testing purposes.

I accept that optimisations in most cases are both necessary and quite tolerable, provided the developer is aware of them and takes necessary caution around them.

I start with a perfect system – the kind we might hear about in compute science theory. All functions perform one action only, in isolation. There are no globals. Everything is real-time (no offline mode or synchronisation). Then I begin to unravel the optimisations applied. Caching. Globals. Offline mode. Each of these is treated as an unwelcome guest; an unfortunate consequence of our imperfect environments. They are necessary – we live in the real world – but every single one is a potential source of headaches.

This might all sounds like a pursuit of the unachievable dream. I did after all start by saying that zero bug policies are futile, but I do believe we can make as much effort as is reasonably possible to head in that direction, and my personal goal is to avoid as many optimisations as absolutely possible.