'Remove from Friends' - The Ultimate Modern Insult?

In the modern, online world, it is common to find oneself slighted in many ways. The relative ease and anonymity with which comments may be posted can often lead to insults being levied that would make eyes water if expressed in face-to-face exchanges.

In my time as lead developer of vBulletin, and previously at AP3D, I grew used to throw-away comments from people I didn't really know, summarily hurling abuse at me or the products of myself and my team. When dealing with a large customer or follower base, this sort of thing is to be expected. One can not expect to please everyone all of the time.

However, while it's possible to learn to live with hurtful comments from relative strangers, there is another, far more subtle form of insult that has reared its head with the emergence of social networks, and Facebook in particular.

The inter-user networking basis of Facebook is one of mutual friendship. John searches for or comes across Jane and requests that they be identified as friends. If Jane accepts, the connection is made and is visible to the rest of John and Jane's friends. Things that John does appear on Jane's news feed and vice versa.

It may be that at some point in time Jane finds that John is spending a lot of time interacting with annoying applications that 'spam' her news feed, and she grows tired of hearing about John's trivial exploits. Facebook offers a tool to deal with this situation, allowing Jane to 'hide' John from her news feed. The friendship is still in place, but Jane will no longer hear about John unless she goes looking for information.

However, there is another option. Jane could break her friendship with John. John will not be notified that this has happened, and will only find out when he either notices that Jane's information no longer shows up in his news feed, or when he visits Jane's profile page and finds the dreaded 'Add as Friend' button sitting there. Why did Jane break the friendship? When did it happen, and what precipitated Jane's decision? Should John re-request friendship, in case Jane made a mistake?

How can Jane's actions be interpreted by John? In the worst interpretation, John can read the following into Jane's termination of the bond:

John,

Once, I considered you a friend. I read about you and I allowed you to read about me. However, you subsequently changed into a person with whom I no longer want a friendship. Your repugnance is so great that simply omitting your activity from my news feed was not enough, and I felt compelled to remove you from my friends list. I do not intend to inform you of my action or to explain my reasons for taking it. I will not even grace you with a goodbye.

And that, my friends, is a cutting insult.

Use 'Remove from Friends' judiciously.

Ashes to Ashes

I just finished watching the final episode of the BBC's Ashes to Ashes. How on earth did the writers manage to take the original Life on Mars concept and turn it into such self-absorbed tripe as was seen tonight?

Throughout this third and final season of Ashes, there seems to have been a desperate, ill-conceived attempt to shoehorn a back-story onto the secondary characters (Chris, Ray, Shaz) while at the same time trying to get the audience to believe that Gene Hunt - who has consistently been a hero figure of sorts in the previous four series - might in fact be a villain.

First, the 'character development' of the secondary cast. This was a ridiculous idea. It goes against the very reason for the success of the series' format. These characters were conceived as two-dimensional caricatures - eighties stereotypes that everyone who remembers the eighties would recognise instantly. The characters were (surely?) never intended to bring their own history and emotional background, at least not in any way that the audience was supposed to care about.

Secondly, who thought it would be a good idea to try to turn the audience against Gene Hunt, or to sew seeds of doubt in their minds? This was patently bonkers. There was no way that the viewers would accept that Hunt was anything other than the character that had been portrayed over the past four years, and all the clumsy dialogue delivered by the ghastly Jim Keats character fell a long way short of changing anyone's mind. At no point was I - or I suspect anyone else - even remotely convinced that Hunt would be revealed as anything other than some form of guardian for Drake and possibly the secondary characters too. And sure enough...

It seems to me that the attempt to botch together a bit of depth for Chris, Ray and Shaz, and Keats' interminably tedious 'report' storyline have come together to provide a final series whose concept was almost as far off the mark in terms of reading what the viewing public want, as Labour's ridiculous election posters, which failed chronically to grasp the fact that the public love Gene Hunt.

Election Day

I headed down to the polling station this morning with my wife and we both put our crosses on our ballot papers

Let's hope it makes a difference.

Unfortunately, I don't think any political party would be able to provide a way to avoid, or even deliver a comfortable or happy period through the financial armageddon that is beginning to take hold in southern Europe, and will inevitably ensue here in the UK when the monetary stimulus must necessarily end and the job of paying back our unprecedented debt begins.

Newsnight's Paul Mason wrote an extremely sobering blog yesterday about the difficulties that lie in wait for us.

What the country needs for the coming years is a Parliament of consensus and right-mindedness, where party political ties come second to building legislation that helps to prevent the disintegration of society when extreme austerity measures are in place.

My vote is cast, now I can only wait for the results and see what tomorrow brings.

Seasoned Authentication

Lots of systems that employ user authentication obscure users' passwords using a hashing routine such as MD5 or SHA1, which produce hash strings of 32 or 40 characters respectively.

These hashing algorithms are one-way only, so although the MD5 of 'My Password' is '14ddb8585ddfc6c4670b9c18aed1fe8b', there is no way to return 'My Password' by running code against '14ddb8585ddfc6c4670b9c18aed1fe8b'.

However, most users do not use particularly secure passwords, so if a cookie containing a hashed password is stolen, the thief may be able to bombard the hash with the MD5 hashes of dictionary words in order to find one that matches. MD5 runs extremely quickly, and a modern computer can perform millions of these comparisons every second.

Rainbow Tables

Even if users use secure passwords, it is possible to work out what the original password may have been by using a rainbow table. This is look-up table that store the hashed values of vast numbers of plain-text strings. If the user's password is among the plain-text strings in the table, its hash will match the hash stored, and the security is broken.

Salting Passwords

One way to combat the threat posed by rainbow tables is to 'salt' the password hashes

with a random string of text that is stored un-hashed in a secure location. The password hash is then generated using md5(salt . md5(password)), or a similar method that hashes the salt with the password.

The use of salting can make rainbow tables redundant, as a separate table needs to be generated for every possible salt value. However, modern computers are very fast and hashes can be generated very quickly, so a short salt length may make the task of breaking the hash with a rainbow table feasible. In order to combat this, a longer salt length may be employed.

Caveat

It is important to note that salting is only effective if the person attempting to break the password hash does not know the salt value. If the salt value is known by the attacker, the attacker can simply start running the (known) hashing routine against the potential password plus the (known) salt until a match is made.

Therefore, if a hacker exploits a vector to gain access to a password database and the salt values are stored together with the password hashes, it will not matter if the salt value is three characters or three-thousand - exactly the same amount of work is required to and break the hash.

Initial iPad Thoughts

Having had a few hours to digest the Apple iPad announcement, I thought I'd share a few of my thoughts.

These points are based solely on the material released by Apple so far, so specifications may change before the hardware is released to the public.

Initial Feeling

Watching the video on Apple.com, the most compelling things for me were the web browsing and email experience. I already know how good it is to browse the web on the iPhone and iPod Touch, and the ~10" screen of the iPad can only make this better, so I'm inclined to agree with Apple that iPad may well be 'the best' way to surf the net, especially from the couch in front of the TV, so my initial feeling was along the lines of 'if the price point is good, I'll have one of those...'.

Apple's shiny hardware, slick presentation and well-integrated software suite certainly did the job of making the iPad a desirable item for me.

Rationality Kicks In

The vast majority of my computing time is spent at my desktop, sitting behind four large displays connected to my Mac Pro. I don't anticipate a time where I would use a portable device for writing code, processing photos or the various other productivity tasks I do on a day-by-day basis.

My laptop (MacBook Air) is used primarily for web browsing, email collection and composition, instant messaging and as a place to offload memory cards from my camera when I'm out and about. It does get other uses, but those are far less frequently employed. As such, the iPad seemed like a pretty decent alternative to the laptop for everyday use. However, as I looked closer, various shortcomings made themselves apparent that could break the deal.

No Flash

Like its iPhone and iPod Touch counterparts, it would appear that Apple still refuse to implement Flash in their browser. This means lots of websites with partially broken functionality and no video apart from YouTube itself, or video in specific Quicktime formats.

Why would Apple cripple their 'ultimate' web browsing experience in this way? It seems pretty simple to me - Apple want to ensure that all executable code that runs on its platform is vetted through their AppStore, and Flash would be a way around that restriction. As such, its doubtful that Apple's application console devices will ever support this ubiquitous web technology.

No USB

Even the connectivity-starved MacBook Air has a USB port, but not so the iPad. A single Apple iPod dock connector is all that is provided. The limitations this imposes are fairly crippling.

1. I can't connect a card reader to quickly offload pictures from my camera
2. I can't connect a webcam in order to make video calls

Of course, Apple will counter this with their iPad Camera Connection Kit, but who wants to have to carry around two big adapters (that will be an added cost, of course) in order to do a job that the hardware should be able to do out-of-the-box? Would an SD card slot and a USB port or two really have been such a massive blemish on the iPad's body, or are customers simply being scraped for every last penny?

4:3 Aspect Display

For a device placing such a big emphasis on movie playback, it seems completely counter intuitive to outfit it with a 1024 x 768 pixel 4:3 aspect screen rather than a 16:9 or 16:10 display. This will mean that when watching the majority of movies, which tend to be in the order of 2.35:1, huge portions of the display will be taken up by letterbox black bars. While these are still present on a wider aspect display, on a 4:3 screen, nearly 50% of the display is wasted.

To illustrate this, I put together this example image, showing a movie frame at it's original 2.35:1 aspect, then displayed with letterboxing for a 16:9 display, and finally a 4:3 display. It's very clear how much screen space is wasted on the 4:3 version.

Original 2.35:1


Letterboxing for 16:9


Letterboxing for 4:3


It is possible to zoom the image up so that it fits the screen, but just look at how much of the original frame is lost when 4:3 'pan and scan' is applied to a 2.35:1 image:



No Video Conferencing

I've touched on this before, but there is no built-in camera on the iPad, so any thoughts I may have had of being able to video-call people on Skype are scuppered until further notice. The lack of USB ports precludes the use of an external webcam, unless the previously-mentioned iPad Camera Connection Kit can be used for this purpose, but I'm not holding out much hope for that.

Reevaluation

On balance then, it would appear that the iPad in its current incarnation does not provide me with a logical replacement for my laptop, which is a great shame, as it initially looked to be so promising.

Despite all the points against it though, I still find it a very attractive bit of kit and I'm already finding myself drawn to it, despite the fact that a voice in the back of my head is constantly asking what I'd actually use it for, if I needed to have the laptop with me anyway.

Perhaps this irrational desire to own it is the very thing that will guarantee the iPad's success?

All Self-Service Checkouts Are Not Equal

Having just read this article about The problem with self-service checkouts on the BBC News Magazine site, I started to pen a response but it soon grew beyond a simple comment, so I thought I'd publish it here instead.

Let's look at two stores differing approach to self-service.

Sainsbury's variant seems specifically designed to be as inconvenient as possible, with a tiny area allocated for you to tortuously scan all your shopping and then put-each-item-one-at-a-time-into-the-bagging-area. The system is a nightmare if you are trying to pay for a large grocery trip.

To date, I have never had an experience with Sainsbury's self-service where the system didn't have a problem of some description requiring a staff member to meander over and enter a code to allow me to continue. It always falls over if I try to use my own bags rather than taking fistfuls of the orange plastic ones provided. I was in there last weekend and the ghastly thing allowed me to finish scanning and bagging all my shopping before unceremoniously dumping me back to a booting screen, before the Windows XP boot progress screen appeared. At times, I have seen a staff member allocated to each self-service till, which somewhat defeats the point of the things, doesn't it?

It is also stupendously slow. Heaven forbid that you scan three of the same item in quick succession - the system will have a complete spaz on you. No, you must scan each item very deliberately, then place it on the weigh bridge in the bagging area so that the system can be sure that you haven't scanned a banana instead of the tumble dryer you are attempting to pilfer.

Conversely, Waitrose' QuickCheck system is a joy to use and a genuine time saver. It is equally at home on those occasions when you run in to grab a handful of items, or when you have a major shop to do.

Using a hand-held scanner you carry with you, you can bag your shopping as you take it from the shelves, so there is no ridiculous unpacking to do at the checkout. The scanner will even alert you to special offers related to items you have scanned and give you a running total of your bill, with any discounts precalculated. When you are done, you simply scan an 'end of shopping' barcode at the self service till and feed it your credit card. Waitrose' shoplifting protection consists of random 're-check' spot checks, where the contents of your bags are checked against the contents of your hand-held scanner. I've had three re-checks ever, and I've been using QuickCheck for years, so I do not begrudge them at all.

The fundamental difference between the two systems is that the Waitrose system is built on a basis of the store trusting its customers to scan their items correctly and pay the appropriate amount for their shopping, while Sainsbury's system treats its users as incompetent at best, and criminal at worst. The difference is striking, and leaves me clearly in favour of one approach over the other.

Gotta Love Joined-Up Government

As many will know, five weeks ago today, back on October 12th I had an episode of impactful tarmac interaction - as in I came off my bike.

Of course, to say 'came off my bike' does not illuminate the context of the event, and lends itself to speculation of incompetent riding resulting in a self-inflicted tumble, or perhaps the other extreme of having been mowed down by an errant eighteen-wheeler.

In the interest of illustration, I shall provide that required context in the form of... telling you what happened.

View Larger Map

I was pootling along Long Lane in Tilehurst, Reading (UK), which is near where I live. As I was approaching the junction with Orchard Close, I saw three boys (I'd say between 8-10 years old I think) on bicycles waiting on the pavement to cross the road. The first of them kicked off and was safely to the other side long before I was anywhere close. The second made a motion to go, but looked and saw me, and stopped. I made eye-contact to make sure he'd seen me, and he met my eyes. Confident he was staying put, I continued.

And then, just at the moment when a crash would have been unavoidable, he pulled away and into the road. His front wheel went into the forward part of mine, spinning it so that it was perpendicular to the rest of the bike - which naturally continued its forward momentum, up and over the handlebars, taking me with it.

I landed on the road on the heels of my hands and took a good knock to my left elbow before the bike landed on me and mangled me a bit more. The other guy was fine, in case you're wondering. I sat by the side of the road for a few minutes while I tried to recover my breath, then I tottered off in the direction of home.

Long story short, after a few hours of the pain not getting any better and a bit of a fainting episode, I was taken to the local hospital's Accident & Emergency department where I had a few X-rays and was dismissed a few hours later.

The next day I received a call from the consultant radiologist, who said that actually there might be some damage (a microfracture in the elbow) that would not have shown up in the early X-rays, and that I should make an appointment to come back after a few weeks if things had not improved. Four weeks later, (on my birthday no less) I was back at A&E to see why my wrists were still so painful. I could not turn keys, unscrew bottles, pick up Elliot etc. without massive pain, so I hoped to get something sorted out.

I was kitted out with splints for both wrists, in case of a possible scaphoid fracture and told to come back in two weeks for a follow up.

This is where we return to the title of this post.

I live on the other side of town from the hospital, and getting to it entails a journey through some of the busiest roads in Reading. Knowing how badly congested these routes can be, I requested a late-morning apppointment so that the traffic would be light.

I was then informed that this would not be possible. Not because there were no appointments to be had, but because some jobsworth at the Royal Berkshire NHS Foundation Trust has decreed that patients must be booked into the first available appointment on the required day, so that a contiguous block of appointments is constructed. I was therefore landed with a 9:05am slot, meaning that I would have no choice other than to drive through the very peak of the rush-hour traffic. No amount of explaining that this was ludicrous would persuade the old boot behind the desk to change the time.

And so, this morning, I set out from home at 8:15am in order to have a hope of reaching the hospital in time for the appointment. Sure enough, in short order I was sitting in gridlocked traffic going nowhere fast and a journey that should have taken fifteen minutes took over an hour. I jostled for space with rushing commuters, feeling completely out of place, as I make a point to never venture out onto the roads at that time of the morning, specifically to avoid the crush.

I finally signed in to A&E at 9:25am, twenty minutes late for my appointment. Of course, that made no difference to the time I was seen, as I have never been seen at the RBH fewer than forty-five minutes after my designated appointment time.

So let's look at the facts and figures:

Had I left at 10am for a 10:15am appointment, I would have spent only fifteen minutes in the car and would have occupied largely empty roads, arriving on time to my appointment.

On the other hand, having to cross town for a 9:05am appointment, I had to spend over an hour in the car, most of which time was spent at a stand still. My presence there contributed at least 4x the emmisions it would have done had I left at 10am, and that's before we factor in the additional emmissions from the other drivers around me who were slightly delayed by the fact that they had to share the road with my car too. I arrived late at A&E, potentially delaying the treatment of other patients and breaking their scheduling.

So that was a long blog post to simply get across the fact that I do not appreciate being forced to venture out into peak-time traffic because some government-paid fool doesn't know how to work a scheduler, while at the same time being directed from other wings of the government to avoid driving in rush-hour traffic unless absolutely unavoidable.

Who would have thought it would be a wing of the government that would make it unavoidable themselves. Pathetic.

Update:

I forgot to mention the reason that I had to go back to A&E at all.

On my first trip back to the hospital, I asked if I could be assessed by my local GP for the next appointment. I was told that this would not be possible. Upon inquiring as to why, I was told that my GP would not have access to the X-rays that had been taken. To me, this makes absolutely no sense whatsoever, as the doctor to whom I was talking at the time was looking at my X-rays in digital form on her computer. Has the NHS not got a network so that this kind of data can be shared? I hear there's this great invention that might just be of use to them... it's called the interweb, or something like that...