Category Archives: Digital

Quote of the day: A beautiful, flexible, powerful mess

The web thrives on diversity. It’s the diversity of the web that sustains it and it’s the thing that will mean it’s still around long after all the monocultures, whether they be browsers or Facebooks or Googles, have long since vanished from the online ecosystem.

Scott Gilbertson on the value of diversity and why Firefox still matters

Flattr this!

Freedom to tinker

Talking about the way in which his embrace of Free Software has changed his attitude to computers, Bruce Byfield reaches a conclusion that rings very true for me.

All unknowing, I had wandered into the world of do-it-yourself. Originating in small groups of hobbyists who had few resources except themselves, free software naturally required more independence of its users. Far from discouraging users from tinkering, free software actually encouraged it with text configuration files and scripting so simple that it could be learned without taking classes. Because there were so many choices, it encouraged me to explore so I could make informed decisions. Just as importantly, because free software was a minority preference, the necessary compatibility with proprietary operating system sometimes required considerable ingenuity.

As a result of these expectations, I gradually lost my learned helplessness. I can’t say exactly when I shed the last of my conditioning, but after a couple of years, I realized that a major shift in my thinking had occurred. I still didn’t — and still don’t know everything about free software, but I no longer panic when a problem strikes.

Although I was using a number of open source applications before, I didn’t really start to delve into GNU/Linux until early 2007 when I installed Ubuntu on my PC alongside Windows XP. And, over the past ten years I have gone from being excessively cautious to (probably) a bit too casual.

There was never a sudden shift but, the more I have poked around the more I have found — all documented and backed by a helpful community. I have moved from really not wanting to do anything that might cause any sort of problem at all to being willing to break my install, safe in the knowledge that if the worst comes to the worst, I can just reinstall the operating system without even risking my data.

I am far from being able to claim any expertise but the openness and availability of information surrounding Free Software means that for any problem I am generally able to understand what the issue is and find or figure out how to fix it.

And that’s freedom.

Flattr this!

Password Rules Are Bullshit

Jeff Atwood makes the obvious point that the worst, of many bad things, about passwords is password rules:

Password rules are bullshit

  • They don’t work.
  • They heavily penalize your ideal audience, people that use real random password generators. Hey guess what, that password randomly didn’t have a number or symbol in it. I just double checked my math textbook, and yep, it’s possible. I’m pretty sure.
  • They frustrate average users, who then become uncooperative and use “creative” workarounds that make their passwords less secure.
  • They are often wrong, in the sense that the rules chosen are grossly incomplete and/or insane, per the many shaming links I’ve shared above.
  • Seriously, for the love of God, stop with this arbitrary password rule nonsense already. If you won’t take my word for it, read this 2016 NIST password rules recommendation. It’s right there, “no composition rules”. However, I do see one error, it should have said “no bullshit composition rules”.

I would add that possibly the worst password rule is the one that demands you change your password on a regular basis. Either people will start writing down their passwords, or come up with a pattern that ensures their passwords are always easy to guess.

Password rules aren’t just bullshit, they are actively counter-productive.

Flattr this!

Share the love

I love Free Software! Today is I love Free Software day, a day to acknowledge the effort of all the people that contribute to the software that we all rely on.

There is much that can be said about Free Software but it all comes down to one thing. When you use Free Software, you are in control of the applications that you use. This is something that I have increasingly come to value.

The more that we rely on software, the more important it is to know what our applications are doing and to be able to take control of those applications. Free Software empowers us to do this which makes it an increasingly important part of a free society.

Flattr this!

The Real Name Fallacy

The Coral Project (via) effectively debunks the myth that requiring people to use their real names on the Internet makes them behave better.

The bit that really leapt out at me was this:

Designers need to acknowledge that design cannot solve harassment and other social problems on its own. Preventing problems and protecting victims is much harder without the help of platforms, designers, and their data science teams. Yes, some design features do expose people to greater risks, and some kinds of nudges can work when social norms line up. But social change at any scale takes people, and we need to apply the similar depth of thought and resources to social norms as we do to design.

The point about social problems, such as harassment, is that they are social problems and, as such, need to be addressed by society as a whole. Looking for a technical fix for social problems is, at best, doomed to failure and may well end up doing more harm than good.

Flattr this!

Great UI design from LinkedIn

Although I have a LinkedIn account, I don’t often look at it. But today was one of those rare moments that I not only looked at the site but I even tried to leave a comment. And here’s what LinkedIn said:

There was a problem sharing your update. Please try again.

After a bit of experimenting, it appears that LinkedIn has an undocumented character limit. My original 774 characters was problematic, but once I’d cut it doen to 670 characters the problem went away. So I’m guessing there’s a 700 character limit on LinkedIn comments.

But seriously, if this is the problem, why can’t the site damn well say so. “There was a problem sharing your update,” means nothing and telling people to just try again is a guaranteed method of causing frustration and losing attention. Is it really so difficult to say “Please shorten your comment to 700 characters”.

Or, better still, provide a little decrementing counter of the sort you see on the Quitter UI for GNU social.

Flattr this!

Facebook: Spying with impunity again

Back in November, a Belgian court ruled that Facebook should stop tracking Belgians who are not signed up to the site or pay a daily penalty of €250,000. This ruling, unfortunately, was overruled on appeal at the start of this month. Not, it should be noted, because Facebook is justified in tracking people who are not logged in or have never sighed up to their site, but because:

Belgian courts don’t have international jurisdiction over Facebook Ireland, where the data concerning Europe is processed.

The issue here is one of jurisdiction, not principle. The data protection and privacy laws invoked in this case exist at the EU level, they have not been challenged and the only question is who gets to enforce them. Since Facebook’s European operations are based in Dublin, that would be the Irish.

A little poking around online led me to europe-v-facebook.org:

Are EU Data Protection Laws enforceable in Practice? This may be the main question that europe-v-facebook.org is now about. The right to data protection is a fundamental right in the European Union, but at the same time very little companies respect it. Facebook is just one of many that have a bad reputation when it comes to the handling of users’ data.

So the question arises if users are just too lazy to do something about it, or if the laws are in practice unenforceable?

We unintentionally landed in the middle of a big experiment after filing 22 complaints against Facebook in Ireland, because of breaches of the most basic privacy rules. We happened to look at Facebook for a number of reasons, but the results are very likely exemplary for a whole industry.

You can follow our journey and the under “Legal Procedure“.

While it is clear by now, that no normal citizen is able to follow through with such a proceeding, we are still working to get our final decision today. We want to know if our fundamental rights are respected and enforced against tech giants like Facebook, or if our rights are only existing on the paper.

You can support them at crowd4privacy.org.

Flattr this!

Bad Facebook. No Cookie.

Facebook’s ongoing attempt to get around EU privacy legislation in Belgium has taken a turn for the semantic:

Facebook has appealed a ruling from the Court of First Instance that supported the Belgian data authority’s demand that the social media network stop tracking users.

The court’s ruling contained some English words — like cookie, homepage and browser — which could violate a Belgian law that says all rulings must be in the official languages of the country: French, Dutch and German. Facebook has said this means the whole ruling must be annulled.

Facebook’s lawyers need to get out more. They’re not fooling anyone with this.

Privacy lawyers not associated with the case told POLITICO this is a “desperate, petty and last-ditch” attempt to avoid Belgian justice.

And that’s putting it mildly.

Flattr this!

That facepalm moment

I’m not going to name any companies here but I recently cashed in an freebie. It was one of those introductory offers in which you get something for nothing and are then asked to sign up so you can use the (paid) service in future. As it happens, this piece of marketing worked and, having poked around the site for a bit, I decided I would create an account in order to order personalised presents in future.

So I opened KeePassX, generated a (very long, very random) password and pasted it into the sign-up form. This is where things started to go awry.

My sign-up password was rejected because it was too long. This is always a bit concerning. If a sign-up form tells you your password is too long, it’s a bit of a giveaway that they are not hashing passwords properly and are probably a bit ramshackle when it comes to security.

Still, they already have my address for the freebie so I shortened my password and pasted it in.

And then they emailed my (clearly unhashed) password back to me.

The company in question does not have my credit card details. This company will never have my credit card details.

Flattr this!