Friday 28 May 2010

'Remove from Friends' - The Ultimate Modern Insult?


In the modern, online world, it is common to find oneself slighted in many ways. The relative ease and anonymity with which comments may be posted can often lead to insults being levied that would make eyes water if expressed in face-to-face exchanges.

In my time as lead developer of vBulletin, and previously at AP3D, I grew used to throw-away comments from people I didn't really know, summarily hurling abuse at me or the products of myself and my team. When dealing with a large customer or follower base, this sort of thing is to be expected. One can not expect to please everyone all of the time.

However, while it's possible to learn to live with hurtful comments from relative strangers, there is another, far more subtle form of insult that has reared its head with the emergence of social networks, and Facebook in particular.

The inter-user networking basis of Facebook is one of mutual friendship. John searches for or comes across Jane and requests that they be identified as friends. If Jane accepts, the connection is made and is visible to the rest of John and Jane's friends. Things that John does appear on Jane's news feed and vice versa.

It may be that at some point in time Jane finds that John is spending a lot of time interacting with annoying applications that 'spam' her news feed, and she grows tired of hearing about John's trivial exploits. Facebook offers a tool to deal with this situation, allowing Jane to 'hide' John from her news feed. The friendship is still in place, but Jane will no longer hear about John unless she goes looking for information.

However, there is another option. Jane could break her friendship with John. John will not be notified that this has happened, and will only find out when he either notices that Jane's information no longer shows up in his news feed, or when he visits Jane's profile page and finds the dreaded 'Add as Friend' button sitting there. Why did Jane break the friendship? When did it happen, and what precipitated Jane's decision? Should John re-request friendship, in case Jane made a mistake?

How can Jane's actions be interpreted by John? In the worst interpretation, John can read the following into Jane's termination of the bond:

John,
Once, I considered you a friend. I read about you and I allowed you to read about me. However, you subsequently changed into a person with whom I no longer want a friendship. Your repugnance is so great that simply omitting your activity from my news feed was not enough, and I felt compelled to remove you from my friends list. I do not intend to inform you of my action or to explain my reasons for taking it. I will not even grace you with a goodbye.

And that, my friends, is a cutting insult.

Use 'Remove from Friends' judiciously.

Friday 21 May 2010

Ashes to Ashes

I just finished watching the final episode of the BBC's Ashes to Ashes. How on earth did the writers manage to take the original Life on Mars concept and turn it into such self-absorbed tripe as was seen tonight?

Throughout this third and final season of Ashes, there seems to have been a desperate, ill-conceived attempt to shoehorn a back-story onto the secondary characters (Chris, Ray, Shaz) while at the same time trying to get the audience to believe that Gene Hunt - who has consistently been a hero figure of sorts in the previous four series - might in fact be a villain.

First, the 'character development' of the secondary cast. This was a ridiculous idea. It goes against the very reason for the success of the series' format. These characters were conceived as two-dimensional caricatures - eighties stereotypes that everyone who remembers the eighties would recognise instantly. The characters were (surely?) never intended to bring their own history and emotional background, at least not in any way that the audience was supposed to care about.

Secondly, who thought it would be a good idea to try to turn the audience against Gene Hunt, or to sew seeds of doubt in their minds? This was patently bonkers. There was no way that the viewers would accept that Hunt was anything other than the character that had been portrayed over the past four years, and all the clumsy dialogue delivered by the ghastly Jim Keats character fell a long way short of changing anyone's mind. At no point was I - or I suspect anyone else - even remotely convinced that Hunt would be revealed as anything other than some form of guardian for Drake and possibly the secondary characters too. And sure enough...

It seems to me that the attempt to botch together a bit of depth for Chris, Ray and Shaz, and Keats' interminably tedious 'report' storyline have come together to provide a final series whose concept was almost as far off the mark in terms of reading what the viewing public want, as Labour's ridiculous election posters, which failed chronically to grasp the fact that the public love Gene Hunt.

Thursday 6 May 2010

Election Day

I headed down to the polling station this morning with my wife and we both put our crosses on our ballot papers

Let's hope it makes a difference.

Unfortunately, I don't think any political party would be able to provide a way to avoid, or even deliver a comfortable or happy period through the financial armageddon that is beginning to take hold in southern Europe, and will inevitably ensue here in the UK when the monetary stimulus must necessarily end and the job of paying back our unprecedented debt begins.

Newsnight's Paul Mason wrote an extremely sobering blog yesterday about the difficulties that lie in wait for us.

What the country needs for the coming years is a Parliament of consensus and right-mindedness, where party political ties come second to building legislation that helps to prevent the disintegration of society when extreme austerity measures are in place.

My vote is cast, now I can only wait for the results and see what tomorrow brings.

Wednesday 31 March 2010

Seasoned Authentication

Lots of systems that employ user authentication obscure users' passwords using a hashing routine such as MD5 or SHA1, which produce hash strings of 32 or 40 characters respectively.

These hashing algorithms are one-way only, so although the MD5 of 'My Password' is '14ddb8585ddfc6c4670b9c18aed1fe8b', there is no way to return 'My Password' by running code against '14ddb8585ddfc6c4670b9c18aed1fe8b'.

However, most users do not use particularly secure passwords, so if a cookie containing a hashed password is stolen, the thief may be able to bombard the hash with the MD5 hashes of dictionary words in order to find one that matches. MD5 runs extremely quickly, and a modern computer can perform millions of these comparisons every second.

Rainbow Tables

Even if users use secure passwords, it is possible to work out what the original password may have been by using a rainbow table. This is look-up table that store the hashed values of vast numbers of plain-text strings. If the user's password is among the plain-text strings in the table, its hash will match the hash stored, and the security is broken.

Salting Passwords

One way to combat the threat posed by rainbow tables is to 'salt' the password hashes
with a random string of text that is stored un-hashed in a secure location. The password hash is then generated using md5(salt . md5(password)), or a similar method that hashes the salt with the password.

The use of salting can make rainbow tables redundant, as a separate table needs to be generated for every possible salt value. However, modern computers are very fast and hashes can be generated very quickly, so a short salt length may make the task of breaking the hash with a rainbow table feasible. In order to combat this, a longer salt length may be employed.

Caveat

It is important to note that salting is only effective if the person attempting to break the password hash does not know the salt value. If the salt value is known by the attacker, the attacker can simply start running the (known) hashing routine against the potential password plus the (known) salt until a match is made.

Therefore, if a hacker exploits a vector to gain access to a password database and the salt values are stored together with the password hashes, it will not matter if the salt value is three characters or three-thousand - exactly the same amount of work is required to and break the hash.

Thursday 28 January 2010

Initial iPad Thoughts

Having had a few hours to digest the Apple iPad announcement, I thought I'd share a few of my thoughts.

These points are based solely on the material released by Apple so far, so specifications may change before the hardware is released to the public.

Initial Feeling

Watching the video on Apple.com, the most compelling things for me were the web browsing and email experience. I already know how good it is to browse the web on the iPhone and iPod Touch, and the ~10" screen of the iPad can only make this better, so I'm inclined to agree with Apple that iPad may well be 'the best' way to surf the net, especially from the couch in front of the TV, so my initial feeling was along the lines of 'if the price point is good, I'll have one of those...'.

Apple's shiny hardware, slick presentation and well-integrated software suite certainly did the job of making the iPad a desirable item for me.

Rationality Kicks In

The vast majority of my computing time is spent at my desktop, sitting behind four large displays connected to my Mac Pro. I don't anticipate a time where I would use a portable device for writing code, processing photos or the various other productivity tasks I do on a day-by-day basis.

My laptop (MacBook Air) is used primarily for web browsing, email collection and composition, instant messaging and as a place to offload memory cards from my camera when I'm out and about. It does get other uses, but those are far less frequently employed. As such, the iPad seemed like a pretty decent alternative to the laptop for everyday use. However, as I looked closer, various shortcomings made themselves apparent that could break the deal.

No Flash

Like its iPhone and iPod Touch counterparts, it would appear that Apple still refuse to implement Flash in their browser. This means lots of websites with partially broken functionality and no video apart from YouTube itself, or video in specific Quicktime formats.

Why would Apple cripple their 'ultimate' web browsing experience in this way? It seems pretty simple to me - Apple want to ensure that all executable code that runs on its platform is vetted through their AppStore, and Flash would be a way around that restriction. As such, its doubtful that Apple's application console devices will ever support this ubiquitous web technology.

No USB

Even the connectivity-starved MacBook Air has a USB port, but not so the iPad. A single Apple iPod dock connector is all that is provided. The limitations this imposes are fairly crippling.
  1. I can't connect a card reader to quickly offload pictures from my camera
  2. I can't connect a webcam in order to make video calls
Of course, Apple will counter this with their iPad Camera Connection Kit, but who wants to have to carry around two big adapters (that will be an added cost, of course) in order to do a job that the hardware should be able to do out-of-the-box? Would an SD card slot and a USB port or two really have been such a massive blemish on the iPad's body, or are customers simply being scraped for every last penny?

4:3 Aspect Display

For a device placing such a big emphasis on movie playback, it seems completely counter intuitive to outfit it with a 1024 x 768 pixel 4:3 aspect screen rather than a 16:9 or 16:10 display. This will mean that when watching the majority of movies, which tend to be in the order of 2.35:1, huge portions of the display will be taken up by letterbox black bars. While these are still present on a wider aspect display, on a 4:3 screen, nearly 50% of the display is wasted.

To illustrate this, I put together this example image, showing a movie frame at it's original 2.35:1 aspect, then displayed with letterboxing for a 16:9 display, and finally a 4:3 display. It's very clear how much screen space is wasted on the 4:3 version.

Original 2.35:1


Letterboxing for 16:9


Letterboxing for 4:3


It is possible to zoom the image up so that it fits the screen, but just look at how much of the original frame is lost when 4:3 'pan and scan' is applied to a 2.35:1 image:



No Video Conferencing

I've touched on this before, but there is no built-in camera on the iPad, so any thoughts I may have had of being able to video-call people on Skype are scuppered until further notice. The lack of USB ports precludes the use of an external webcam, unless the previously-mentioned iPad Camera Connection Kit can be used for this purpose, but I'm not holding out much hope for that.

Reevaluation

On balance then, it would appear that the iPad in its current incarnation does not provide me with a logical replacement for my laptop, which is a great shame, as it initially looked to be so promising.

Despite all the points against it though, I still find it a very attractive bit of kit and I'm already finding myself drawn to it, despite the fact that a voice in the back of my head is constantly asking what I'd actually use it for, if I needed to have the laptop with me anyway.

Perhaps this irrational desire to own it is the very thing that will guarantee the iPad's success?