A title this would be, had I the originality.

CANADA! Day 1.

2009-07-03T19:55:18Z

I woke for the last time in my flat, my phone waking me after just two hours of sleep. I went one more time through my checklist: rubbish and recycling was out, a note was stuck to the letterbox to ask people not to stick newspapers through the letterbox, and so on.

I carted the stuff down to the car I'd rented the day before, stuck my phone to a window, set it to guide me with the TomTom, and started out.

First minor mishap was a couple of hundred yards from the house: the phone fell off and under my seat. Not a worry, I could reach it by opening the driver's door and kneeling on the road to get it. I stuck it more firmly, drove on, and a few hours later was at the airport, cursing my stand-in spectacles from three prescriptions ago, which I was using instead of the broken specs that were little more than a couple of lenses in my pocket.

Arriving at the airport, the fuel light glimmering at me balefully, I realised that I had no clue where to drop the car off. I drove into a carpark and looked at my phone. Nevermind, I knew they weren't due to open for a few minutes anyway. I quickly discovered that the numbers on the sim card for directory enquiries no longer worked. Neither did 192. I rang the emergency handset-lost number instead, apologised profusely and asked if they could give me the directory enquiries number. They did, I rang it, and soon I had an address, but no postcode. I waited 'til they'd be open, called, and got a postcode. Keyed it in, and it took me to a junction with no buildings in sight. I rang for directions, followed them, and finally got there after a few minutes, the car running on air and wishes.

Half an hour late for check-in, but half an hour early for last call, I arrived at check-in, answered the questions, and they weighed the bags. One I knew was overweight, but what I hadn't planned for was that the carry-ons had to be a total weight of 10kg - I'd read it as 10kg each. The lady was lovely though, suggested I move 2kg from one bag to another, and checked me in as having only one overweight, even though it was clearly not the case. Yay!

The check-in security was sufficiently painful that I asked them where I should go to register a compliment, which caused much mirth. I went to the customer service desk with them shouting out their gate number and names after me, and happily registered the compliment: I'd been scared of this like nothing else :)

The flight was uneventful, and I arrived in Toronto airport, and disembarked. I made my way through the cursory checks: purpose of visit? Tourism. OK, go on through.

I did, and walked to the coffee shop where I ordered their largest mocha, forgetting for a moment what continent I was in. Armed with a bucket of mocha and cream and chocolate stuff, I sat down and reached for my phone to text Auora and tell her I was here. The phone... was missing.

I wandered to information desk to ask for lost property, and was directed to the office which would only open at 1pm, about five hours later. Hrm. A bit more questioning and I found a desk of people from the airline who radio'd through to the cabin crew who said they couldn't find it. I sat down and went through my stuff: bingo, it had slipped into the hidden inside pocket of my bag, somehow.

Embarrassed, I thanked them, and wandered off, wondering how I could text them given my poor hardworking phone/TomTom was flat. Fortunately, I saw Heidi and her Mom, just arrived, with Nemo and Heaven's Cat. Hugs, and tales of delays and confusions, were passed around, and then we went for another mocha: I opted to forego mine this time.

We drove to the hotel and planned what to do. There was still a fair bit of day left, so we decided to see if we could get the license today and book a wedding for tomorrow. We couldn't get in touch with Ghost Tiger, since I had his number on my phone, and my 240 volt charger didn't work on the 110v US mains. But we felt he probably wouldn't be interested in seeing us filling out a preliminary form anyhow.

We checked online, found the address, and drove to a tube station (called a "subway", though they don't give out breadish deli goodness), passing "Random Street" (the inhabitants of which, I'm sure, very rarely received their mail). We found the town hall, and made our way to the door... only to be blocked by a picketline.

In Toronto, the workers were striking over... something. Some cuts or other. They were letting people through slowly, a couple at a time. We let them know we were from out of state (point being, we didn't vote for their mayor, and couldn't), and were let through in a minute or two.

But the cash machine inside didn't accept my card. Oh noes. fortunately, we had just enough to pay for the license. A few minutes and a monetary confusion later, we had the license in our paws, and made our way upstairs (accompanied by a guard: the building was under lockdown because of the protesters) to the registry office to make an appointment.

The receptionist greeted us cheerily: it was getting on for the end of the day, so she had that "yay, I'm about to get home!" look about her.

She said the officiant had already left for the day, so weddings for today couldn't be booked. With the strikes, they were booked up for daaays. We gave her hopeful looks, explaining that an earlier marriage would let us get home sooner, and we had thousands of miles to go, and the hotel was expensive, and... and she took pity on us: she could schedule a later wedding the next day. She thought about that a moment, then said that, since she was qualified as an emergency officiant, she could do the wedding herself... if we had the money.

We didn't. I just had my card. So she rang her boss, explained our situation to him, said she knew she was meant to take cash only but could she make an exception... and he said to go ahead and take it by card rather than cash.

I was a little worried: we'd not been able to get in touch with Ghost Tiger. Even if we had, it'd take him about half an hour or more to get here, and they would close soon. We thought about it, and decided, given the risk of not being able to get in at all tomorrow with the picketing, we'd do it while we could.

Five minutes later, I left the building a husband, and the picketers cheered us, and cheered again when we asked for a good pizza place for a post-wedding meal, arguing amongst themselves about where the best place was. They called over to the security guys, and eventually a consensus was reached about where we should go for pizza.

Pizza was nommy, and we returned to the hotel room, surfing the free wifi for a bit. Leilani, my new sister in law, was asking if we were having wild monkeysex. I replied that perhaps we might, in the morning, once her mom got out of our bed. This made all three of them laugh, which was good.

The hotel had a pool and hot-tub, so we went there to wind down, and I tried out my prescription goggles. They worked great with a little tweaking, except they steamed up quickly (anyone know how to stop this?)

There was a bunch of kids in the pool, who were in Toronto to learn English. "Eh!" they cried as they leapt into the waters. We swam, and soaked in the hot tub, and sat outside in the darkness of a small patio in our wet bathing costumes and eachother's arms, looking up at the stars. The night air was warm but not humid: we dried quickly.

I was a little unimpressed by the fabled snow of Canada, having met not one polar bear, seal, or Inuit, nor having bought any petrol ("gas", I remind myself) from any igloos. But while unimpressed, I could not find itself to be disappointed.

We returned to our room, curled up, and slept the sleep of the jetlagged and hardworking and married.

I AM MARRIED!

2009-06-25T05:05:32Z

No, WE are married :)
More later.
Please don't phone/txt about it though, it costs crazy money in Canada.

Photos here:
http://www.facebook.com/home.php?ref=home#/album.php?aid=100404&id=574621894

More later.
So tired.

And they're off!

2009-06-23T11:06:42Z

It's getting close!

http://dewimorgan.livejournal.com/41687.html has our plans for the trip.
I'll try to take pics and stuff of the wedding, and stick 'em up here and My FaceBook.

We'll be meeting GT there too! Whee!

Plurals

2009-06-04T03:31:44Z

In English, there's no good way to autopluralise just by looking at the last letter.

For example, given Dwarf, Calf, Half, Roof, Loaf, you'd maybe think it safe to say "-f" -> "-ves".
Even (because of Knife, Life) "-fe" -> "-ves".

But Woof, Oaf, Proof, Roof..

Canny programmers know that the right way is to store a conversion list: Oaf -> Oafs, Loaf -> Loaves.

But Staff -> ???
Clearly as a stick, Staff -> Stave, or sometimes Staffs.
And as a body of employees, Staff -> Staff.

As always, there is no easy out, and the only way to make it all work is a syntactic understanding of the language.

Which is what makes the spellchecker in Google wave so amazing... if it lives up to the demo.

Solipsistic musings.

2009-05-30T21:12:13Z

Solipsism is the philosophical theory that the only thing you can be confident in knowing is that you exist, in some form, by some definition of "exist". "I think, therefore I am."

Of course, soon as you start thinking about that, you get the Matrix problem: how do you know anything else exists? Specifically, anything about the external world (including your own body)? This includes other minds you encounter - they might not exist either. How can you tell if everything else is just an illusion or simulation?

Even the past - what you were doing or thinking before you came to this article - may just be an imposed set of pseudomemories. It is possible that you are currently in a simulation called "Someone_reads_article_on_sylopsism.exe". You didn't exist before the article, and will not exist afterwards.

And that is the question: how DO you tell? It's the old "can't disprove a negative" thing.

At some point, we expect to be able to create sentient entities embedded in an artificial reality. Whether this is people's minds, scanned in some way, or wholly new sentiences, does not matter. The only thing that matters (for this argument) is that they are capable of understanding solipsism, and establishing that in the absence of external input, they have no way of distinguishing their simulation from reality. This understanding, I shall call "sentience" for the sake of this conversation, though any "true" sentience, any ability to pass a Turing test, is entirely optional. Understanding of solipsism is all that's needed.

Once we have such a virtual, solipsism-aware sentience, and we have copied that sentience once so that there are two copies running, then we'll then have very good confidence that our own existence (whether shared by a large number of minds, or restricted only to you, dear reader) is virtual and emulated.

WHY?

Well, the number of real-life (non-virtual, non-emulated) versions of you that can be running at any one time is either one (you are alive somewhere), or zero (you are dead, or were never given physical existence in the first place).

The number of virtual copies of you that could be running could also be zero, and, because we've proved that sentiences can be virtualised and copied, it could also be one, or any finite number.

Once we have a copyable sentience, the Singularity will be around the corner. If you're alive for the first, odds are you'll be alive long enough to be scanned into the Singularity. Every sentient mind that gets included into the Singularity will have its last non-Singularity moments emulated and replayed infinitely: analysed, reanalysed, replayed with variations. The various themes in your life (your love of cats, your dyslexia, your queasiness at the colour beige) may or may not be those various externally imposed tweaks and variations. New sentiences will run "what if" scenarios to see what they'd have been like if they were alive then.

In short, there will be at most one and only one instance of you that is real, and countless billions that are fake: copies who don't know they're copies. The odds of you being "The One", the real person who just happened to be born right in the generations that will see the start of the Singularity, are negligible.

The conclusion is clear.

You are a copy.

At this point, religious people may be thinking: "I have a soul: a virtual me cannot have a soul: thus, I am The One."

You may have had spiritual, religious or supernatural experiences that could not, you feel, believably be emulated by a simulation that was feeding directly into your brain, even though the prosaic reality could be. To me, emulation seems a more likely explanation for these experiences! People with religious experiences report feelings of 'goodness' or 'evil' but we have no sensors for these: this would not be a problem for a simulation which would be feeding these feelings direct into your virtualised mind.

However, it may be that you are convinced by some experience or other that you are in the Real World. I can't argue with that. But I found it interesting how closely my navel-gazing conclusions below matched those of religious people.

Solipsism is useless. Sure, you can prove beyond reasonable doubt that you are a copy, but that tells you nothing about the simulation itself. If your virtual world is an atom-perfect simulation, or just a close-enough approximation, or even a deviation from reality, there is no way to tell.

The most "lightweight" way to engineer such a simulation is to skip everything below the part of the brain that converts sensations into icons, and just feed in the icons. You move to a microscope, push a slide into it, look in, and focus. Your brain is fed a series of icons indicating the success or otherwise of these steps, and some others that are drawn to your attention just because random noise is good: the eyepiece is warm, the lab assistant was using the scope before you. Anything you investigate will be focused on, and provided for you. Where the simulation doesn't know the results to provide, it can search it: the simulation can run as slow as needs be.

Dreams work this way. They "fill in the gaps" so that you just don't notice any inconsistencies. When you walk down a street in a dream, turn round, and walk back... are the paving slabs the same? Would you notice if they were different? You notice a cracked one *and the memory forms in your head* of having seen it when you were walking the other way. You might have, but it's entirely possible it's just dream déjà vu.

So, for solipsism to be useful, it needs to tell us something about our virtual environment. We can, at least, establish whether the simulators give a damn: whether they are proactively benign, or passive.

A proactively benign entity would feel that a simulated person ("sim") who had discovered it was a sim beyond reasonable doubt, should not remain trapped in the simulation. If you feel that the idea of being trapped in a simulation would horrify you (if it DOES horrify you that you ARE trapped in one) then odds are, if you've read this far, then you know that you are not in a simulation made by a proactively benign entity, which means you are not the one running the sim. You can doublecheck this by trying to say any keyphrase, or do any key action, that you would put into a simulation of yourself to allow yourself to end the simulation.

To make it easier: Decide, now and forever, what your "backdoor" will be, if you ever place yourself in simulation. Needs to be something that would be applicable your entire life, or as much of it as possible. Reciting certain words. Whatever. I know what mine will be: telnetting to a specific IP address that doesn't currently exist, and logging in with a specific username and password that would never work on that IP.

Then try them, now.

OK. You're still reading. In that case you are either in a simulation run by someone who doesn't give two hoots whether you work it out or not; or you are not in a simulation. Odds are, one of your (real-world-your, or a simulation thereof) competitors is running this sim to establish something about you. If that's the case, then it's in your interest to do something un-you: preferably, do sufficient random things that in order to copy you and run an instance of every possible random thing, they would need to get more processing power than exists in the universe. Rolling a ten-sided dice every week for two years to decide what to do on Friday night would work, choosing between ten NEW options each week (there are ~10^79 atoms in the observable universe).

If you still remain after that, then you are probably not in a simulation intended to map you in that way. Either that, or they're running you on some kinda quantum computer that could solve for all of those in parallel. Think of a better test against that?

But in that case, you are in an uncaring simulation, which may contain a huge number of us, even all of humanity, lumped in here uncaring like cells in a petri dish. That seems to be the case.

What to do, then? We have proven that the simulator doesn't care about our individual actions. They will terminate the simulation and wash out the petri dish once they get the results they want, or it becomes clear they won't get them, or they get bored.

We've all become Deists. What should we do?

Personally, I intend to live life as if it were not a simulation. There's no point changing my life just because it happens to be virtual, at least until a way of communicating with the person running the simulator is found. I can't know if the other people in the simulation with me are sentient or just icons being fed to me, but it makes sense to assume they are being as thoroughly simulated as I am, and so it behooves me to treat them as real people and to strive to make their lives nicer.

It's the logical thing to do in the absence of other evidence.

The worst trope of all.

2009-05-29T07:41:29Z

The Hero sets out, in the footsteps of his Mentor, tracking him, and ultimately finding him. they have time for a brief chat, then the master dies. Whether in a noble act of self-sacrifice, or a terrible act of betrayal, it doesn't matter, so long as he's dead.

Don't ever, EVER write this story.

This is the most overdone, tedious, dismal, banal trope in the history of histories. It's been done. It's been overdone. It's gone past tradition, past archetype, past tedium, to become nothing more than a raw, anguished shriek from the throat of every reader, every time a Hero finds their mentor.

And the shriek is "HOW LONG WILL YOU LET HIM LIVE, YOU USELESS EXCUSE FOR AN AUTHOR?"

Heros: stop and think for a moment! Why is the mentor hiding from you? Because he knows your writer is a two-bit useless lazy good-for-nothing who'll take the easy way out, and he doesn't want to be killed by such a worthless author!

In only one book has the Hero ever been reunited with a mentor, after a quest to find him, and the mentor has NOT died. In the Lord of the Rings, this happened twice, when Frodo met Bilbo, and again when they re-met Gandalf. LotR did FAKE this trope in Gendalf's fight with the Balrog, though. And yet, of all the many, many things that people copy from LotR, they do not copy this one thing: the knowledge that mentors do not need to be killed between one and two thirds of the way through the book.

But no: repeatedly, writers who are otherwise respectable, repeatedly mete out the same, sad, dreary, fated doom to their mentors. Because they can't see any way of getting the person with wisdom and knowledge out of the picture other than to kill them. "Oh, but the death motivates the hero in a far more personal way than merely saving the world and the love interest and his best friend and..." Crap. Utter crap. Please, stop writing this drivel.

And the sad thing is, it's not just the BAD writers that do this. Even the very best are sucked in by the allure of killing the wise man. It's weird: they put great effort into making their characters more three dimensional than this. Stop making them get themselves killed just because they managed to meet up finally. You're not inspiring emotion, or sympathy for your hero: you're inspiring disappointment, even disgust that you'd ruin an otherwise good story with such tripe.

Like "1984", the "Hero's Journey" was not intended as an instruction manual.

You know what I'd really, REALLY like to see? A book where the Hero catches up with his mentor, and they continue the rest of their journey together, facing dangers and trials together: first with the mentor leading, then side by side, shoulder to shoulder. Finally, if you really, really must have your "crowning glory" moment, and you feel your readers are boarish enough to be unsatisfied with a successfully completed quest and a newfound maturity and equality, then fine, your stupid mentor may show himself less able in some small way, and pass on the mantle. Not because he's DEAD, but because he's PROUD, and the adventure is over.

[What inspired this rant? Fallout 3 (game), Neal Stephenson' Anathem (novel).]

Gissa job!

2009-05-18T17:15:18Z

It's that time of life again! I had an enjoyable yearlong busman's holiday from my jobhunting, working for ABI. But I've pretty much worked myself out of a job now: the last of the projects I was hired to help them finish should be polished off by the end of the week, and it's time to dig out the old job harpoon and set sail again.

Timing couldn't have been better, really. I've got about a month before I go to the US and get married, which gives me a bit of time to get some feelers out, hopefully go to an interview or two, and generally get back into the hunt.

It also means I'm completely open to offers from anywhere in the world - if people in the US are willing to hire me and help with the visa, I'm happy to go there!

Of course, it's also terrifying in an OMG-how-will-I-support-my-new-wife kind of a way, but that just adds to the excitement :)

Social stickiness and the elder game.

2009-05-12T19:27:19Z

Read an interesting post over at the aptly named Elder Game, about a brave attempt by City of Heroes to add user created content to a grind-based MMO.

People commented that the outcome (exploit quests galore) was natural: people don't like the grind, the grind is stupid. Making exploit quests to get around the grind is just common sense!

And the commenters are right: MMORPGs don't have to be about achievement. Which is why the original post said "No achievement-oriented MMORPG has ever had user-created quests before."

Social text mucks, and social graphical MMOs, have relied heavily on user-created content for decades. Furcadia wouldn't still be going strong and growing after a dozen years if it weren't for the fact that user created content is core to the game. SecondLife wouldn't be nearly as popular either.

But... I'm wrong to say that they don't have to be about achievement. When you remove the grind, two other things take over: socialising and creativity. In both of those, the game is only fun if there's achievement.

Socialising achievement is where you wanna become a god, an admin, a higher-up, a beekin, a wizard. You want to become one of the "known names" of the game. If you play for socialising, then when you become as well-known as you can become, you have mastered the game at that point: you "won". I never thought of myself as playing games that way, but then I noticed that there's a huge cooling in my interest in a community once I start getting public acclaim. For example, in the DarkBasic forums, one of the last posts I remember readong was "Hooray for DewiMorgan!"

Creativity achievement is similar: you want to achieve mastery at the creative avenues the system offers. This is the truly "sticky" one, because stuff that takes genuine skill can take a long time to master: art, programming. But again, I notice my interest levels plummet once people start looking to me as an authority in the creativity the game offers. If I'm the "go-to guy", then I've prettymuch scraped the game of all the interest it can give, so it's time to move on.

Social games beat the churn by offering social events (contests, festivals, etc) and by introducing better and better content creation tools. But these can never be offered in high enough quantities to make them truly sticky.

So what's left is friends. The longer you've had your friends in a social game, the stickier it is for you... until those friends leave, which they eventually will. So a successful social game should encourage people to do two contradictory things at the same time: find new friends by mingling with new people; and form deeply entrenched cliques with their old friends.

Furcadia does both rather well: and better, it slides from one end of the scale to the other as time goes on. Initially, when you are a new user, you wander the public maps and meet lots of new people. Then you find a group of people you like and tend to settle in that area. Then the group encysts itself: it starts hanging out in a private dream (or in rare cases a specific part of a public map), and it becomes a fullblown insular clique.

If someone leaves a clique, or a clique dissolves, then it becomes very hard to reattach to another clique: much harder than a new person would find it. Why? Fighting the cliquey exclusion of others? The feeling of having to go back to the beginning of a game? I'm not sure, but it's a definite issue.

For example, if I were fired from the Buggehunters (a rather wonderful group of testers in Furc), I'd have essentially no reason to revisit the game. I'd probably drift away. Or would I go back to what I used to love about the game, the things I miss? I don't know.

Our governments snoop on us. How can we fix that?

2009-05-03T23:14:02Z

Every nation surveils their citizens on the net. So do ISPs. So do criminal organisations. But I repeat myself.

They do this because they can. Because we let them.

And by "let", I don't mean we give them permission: I mean we make it possible for them to do so. The US has proven that merely legislating against snooping will just mean they do it secretly.

The answer is to use no plaintext in your internet communications.This is currently very hard for the average user, and it needs to be tackled a few ways:

By the users: use TOR for any browsing that requires security. This makes browsing slower, but is considerably more secure. This will never be the default, though, and almost all people will remain insecure if this is the only fix.

By the hosts: use HTTPS for every single page. You can redirect any user coming to the HTTP version of your site to the HTTPS version. HTTPS is free, unsnoopable, end-to-end encryption. You don't need a separate IP for each one: just use Server Name Indication.

Also, opt out of phorm. It's easy: email website-exclusion@webwise.com with your domains and ask that they be removed. Remember to specify "*.example.com" instead of "www.example.com" so that all your subdomains are signed out.

By the standards people: browsers need the ability to ask a site "do you support an HTTPS layer with the same URL structure? If so, I'll autoconvert any http links to your site to https".

By the the browsers: In addition to the above, HTTP-only pages with forms on need to be a red-addressbar thing. Yes, this means most of the web becomes red, because most pages have a search box. GOOD. If you don't want your website to show up red, then get off your lazy asses people, and install SSL! It's a five minute job! It's STUPID that browsers will mark a site with an expired cert as red, but not one that has no cert at all. That "open padlock" icon for insecure pages? That's no use at all. Nobody even notices that.

The above doesn't address email, which is considerably MORE broken, and only clientside fixes seem reasonable there: but people veer away from end-to-end email encryption because they don't know if their recipient can support it. Would be nice if mail clients could autoquery MTAs with "Do you support end-to-end encryption?" before sending the email.

Email's a harder problem. With web browsing, it's just a single connection between a client and a trusted-with-the-plaintext server. With email, it's a connection between two clients (which may be mobile or not always on), via a chain of any number of untrusted servers. If you could trust your local server, that'd make it easier: that could then serve the email on demand to the recipient. But nobody can trust ISPs anymore, which means that the key negotiation has to be between two clients which aren't connected at the same time, so can't have any round-trip comms to see who supports what.

Repo Hell

2009-04-25T16:15:24Z

Anyone know of a good, up-to-date YUM repository for Centos, with Mysql 5.1 and matching versions of PHP 5.2 and Apache 2.2?

One of the big problems with Linux is the repositories.

You have a choice.

1) You can stick with the known-stable repositories provided with your centos or redhat distro, which use versions of the software released while Noah was still trying to get planning permission for an ark. They are, typically, YEARS out of date. This is the default, so most people use this, which is why most servers are a pushover, securitywise, and is why it has taken so long to kill off PHP 4.

2) You can use the "plus" versions. These use software released shortly after the dove/olivebranch episode. A little better, but only by about 40 days or so.

3) You can use unofficial repositories with no real guarantee other than trust that they aren't rootkitted up to the eyeballs, or that they will ever be updated.

4) You can compile it yourself. This will break all dependencies in yum, which means you will have to do this forever in the future, every time you want to update something, and you will no longer have the security of automatic updates.

The problem gets worse when you have three tied but disparate products (mysql, php, apache) that must be compiled AGAINST eachother, so you can't just download an upgrade for one, you have to upgrade (or recompile) all of them at once.

That means if a critical security vulnerability is found in one of them, you have to wait until all three products are updated on your repository before you can upgrade. Which could take years in official repositories, so the unofficial ones are the only way to go. Time was, there was a good one called "utterramblings" - but that's dead now, he admin's not posted any updates or blogposts in more than a year (since he got married, apparently), so I'm on a hunt for a new one.

NatWest card readers - what's the deal?

2009-04-21T01:12:04Z

How hackable are they?

NatWest has been sending out free card readers, which it requires you to have in order to do certain online banking things. Online shopping is unaffected (for the moment, though the device has currently-unused buttons...), but some stuff when you're logged into the back needs it.

This device first asks for your card's PIN. If you key it in correctly, it continues with the rest of the authentication process. If you get it wrong three times, it locks your card.

Point 1: The device is not tied to any one card. In fact, it's not even tied to NatWest cards, apparently, and will check the PIN of any chip-and-pin card. The FAQ says: "Can I use someone else's Card-Reader, even one from another bank or building society? Yes, but of course you can only use your own bank card and PIN. We recommend you only use a Card-Reader from a source you trust."

Point 2: The device is not plugged into anything, so is not connected to anywhere that it could be reading the pin from, other than the card currently plugged into it.

Conclusion: a hash of the PIN is stored on the card. Odds are this is not given to the reader, but rather a a boolean "pass-fail function" is provided by the card, where the card checks a given PIN against its hash and returns a boolean. That's how I'd do it. If you gave out the hash, people would crack that externally, after all.

Point 3: The device pulls almost no current, and is powered from a watch battery that will last for years. From the FAQ: "Why is the Card-Reader battery operated rather than solar powered? Unfortunately, a solar panel wouldn’t give the Card-Reader enough power." and "How long will the batteries last? The batteries should normally last five to seven years [...] you can either replace the batteries (2 X CR2032) or order a new Card-Reader from us." So two watch batteries can store enough "power", and the total power of a solar panel over 5 to 7 years would be insufficient? Something doesn't add up.

Conclusion: What batteries can do that the power cells can't, is provide a high-power surge on demand. Why would an LCD/chip-reading device need a high power surge? To write to an EEPROM: the chip, both to block it, and to write the number of failed tries to it. You couldn't store the number of failed devices in the device, since you could just take the batteries out and it'd forget; or plug the card into another device and get two more free tries. Write operations would be rare: only when you got your PIN wrong. So the batteries would last a long time.

Point 4: The FAQ says: "To unlock your card, simply visit any of our cash machines. Select 'PIN Services' then the 'PIN Unlock' option."

Conclusion: NatWest cash machines contain a writer that can unlock the chips (possibly by writing a new pin into it). No idea how this works, but I presume they prompt you for your PIN and compare it to a bank-stored version, rather than the inaccessible one on the locked card, and if it matches, then write that PIN into the card. I might be wrong - maybe the card continues to validate pin attempts once locked, but in that case: 1) Any bank's cash machine would work, just like any of these readers work to read the pin in the first place, and 2) it'd be really insecure.

Further conclusion: I see two potential vulnerabilities.
1: prevent the surge from hitting the chip, and you prevent it getting locked (or possibly prevent the counter from getting incremented: for security, that really has to be stored on the card). So you get infinite tries... or at least, up to 9999 of them, which is all you need.

2: odds are you can write the same "unlock" stuff to the card that the ATMs write. You'd think there'd be some kind of hash encoded by a bank's private key, that you'd also need to know... but I can't think of a way that wouldn't also work if you just generated your own keys. Of course, writing your own PIN to a card is only useful if there are devices out there that will accept a changed PIN. But both Chip&Pin and cash machines call your bank to verify - if the PIN has been changed, maybe they'd catch that at this point? That is, the process may (should) be:

connect to remote server;

authenticate remotely;

give cash.

That's how *I* would do it, anyway! Never, EVER trust the clientside!

3: The downside of that is (and this has already been found and exploited) that the machine needs to send your authentication information to the bank, and to the card. And at least one of those two channels are not encrypted. The one to the card, if I remember right. [Edit: yup. But read on for why I don't see this as a vulnerability, TBH.] Even if it were, a hacker with access to the reader hardware can just clip a magstripe reader inside, and record the keypresses from the keypad. Write the magstripe to another card with a killed chip, and Bob's your fairly close relative. Once all shops require chip and pin, though, and broken chips require authentication over the phone to the bank, then this stops being a realistic threat.

Misc notes: I have two readers, and on both the menu has options for: "Contrast", "English/Polski", "Counter" (currently reads "-----" - number of times used maybe?), and "Software ver 0875.11". There are two as-yet-unused buttons, "Identify" and "Sign".

Identify provides a "SecureCode" when you key in your PIN. Looks like it's a challenge key. Doing it twice gives two different "securecode"s: "2375 0947", "2548 8055".
Respond provides a challenge-response response. You enter your PIN, then a number from the NatWest site, then it gives you a "securecode" response (6 to 8 digits).
Sign lets you provide a numeric reference code, an amount (up to nnnnnnnnn.nn) and again it gives you the 6-8 digit "securecode".

Marriage Itinerary

2009-02-27T01:37:30Z

OK, we've set a date!
Ish, sorta.

Here's the itinerary for the wedding and activities this coming June/July, as best we have it for now. I'll update this post if/when anything changes.

Outward flight:

~~Depart London Heathrow Terminal 3, 24th June, 08:30~~

~~Arrive Toronto, Pearson Int'l (YYZ) Terminal 1, 24th June, 11:35~~

Return flight (or might fly direct back from US, depends) (updated):

Depart Toronto, Pearson Int'l (YYZ) Terminal 1, 14th July ~~18:30~~18:15, last check-in cut-off 17:15

Arrive London Heathrow (LHR) Terminal 3, 15th July, 06:25

We'll meet up in the airport, at the coffee shop on the far left of the terminal by the canadian arrivals, opposite door A on the pdf map.

Marriage will happen at some point within the 3 days after getting to Canada. We'll be staying at the Carlingview Airport Inn.

It'll be a registry office deal: we go in, we lay down some Canadian dollars, they tie the knot. Nothing fancy, but odds are we'll go out for a good meal afterwards.

Confirmed attendees:

~~Nemo: witness.~~

~~Heaven's Cat: witness.~~

~~Heidi's mom: getaway driver.~~

~~Ghost Tiger: fluffy tiger.~~

~~Possible others:~~

~~Al: best man?~~

~~Sue: immoral support?~~

And anyone who wants to get there, really :) Anyone's welcome, but it's no big thing.

Note to family: Money permitting, we'll try to throw a more "proper" do once we get to the UK. But if you want to be there at the "real" wedding in Canada, let me know and I'll sort out plane fares and rooms and stuff for ya!

All done in the first day apart form meeting GT! Gonna do that one tomorrow, then we'll maybe check out Niagara falls because we're SO WAY AHEAD of schedule.

Then to the border, where I shall try to cross.
At roughly this time, we shall probably also go to Niagara falls.

Then maybe to Chicago to drop off some paperwork at the British Consulate so we can start getting Heidi her indefinite leave to remain in the UK.

Then to Wyoming, Minnesota to drop off Heidi's mom.

Then maybe to Mall of America.

Then maybe on to La Crosse, Wisconsin to pick up stuff from Heidi's.

Then all the way back to Pittsburgh, Pennsylvania for Anthrocon, from the 2nd to 5th of July.

Then down to Austin, Texas to see DEP, of Furcadia fame, and all my friends from Furc who can make it, and if I can get in touch, Jon, an old colleague of mine. Maybe see the people from Domain of Heroes, too: they're based in the same area.

Then back to La Crosse, WI, visiting the Mall of America if we haven't already, and picking up the paperwork from Chicago if we dropped it off (because they can't mail it, apparently, and it takes days for them to do it).

Then most likely flying back direct from the US because I'm too lazy to go back to Canada, but we'll see whether I can get into the states first.

Happy to give people lifts to/from Anthrocon: odds are we'll be renting a car, so will have a spare couple seats. Since I can't guarantee that I'll get into the country, having someone else who can drive and able to share the job with Heidi would be cool. Not sure how/if the insurance would cover that, though, if she picked you up on the way.

At Anthrocon, we've arranged to roomshare with DEP (of Furcadia fame), so can't roomshare, I'm afraid.

[Note to self: we're badge numbers 930 and 931]

If you want to see us longer than just a quick "hi" and a meal, Anthrocon is definitely a much better place to meet up with us than Canada. And hey, it'll be my birthday on the 3rd, so you can buy me a drink!

Or if you're one of our friends in the UK, it's probably going to be a lot more fun (and cheaper!) for you to wait 'til we get back here, than spend the plane fare just to see us walk into a registry office, plonk down some money, and sign stuff.

An OpenID is an account!

2009-02-01T21:48:29Z

OpenID is a great system which means you can log into lots of sites, but only reveal any personally identifying information to one central, trusted (by the user) server.

A chap named Simon Willson wrote a blog post saying "An OpenId is not an account!" and many people are pointing to this to support some rather poor arguments.

Mostly, his confusion seems to be based around a misunderstanding of what an "account" is. He believes it has something to do with trust, and reputation. An account is nothing to do with trust, but is required for reputation.

What is an account? It's an identity token (username, OpenID identity), usually protected by an authentication system (password, fingerprint scanner, OpenID token).

So an OpenID account, like any other identity token, is a valid account. Any further data is something specific to your application. You can also require a display name, email address, mailing address, copy of the birth certificate, and so on... but none of that is necessary to create an account, or to validate the user. And none of that significantly affects your trust about who is at the keyboard. Biometrics might, but that's about it.

Any reputation or trust associated with the identity token (account) typically comes from the behaviour of that that account, rather from the data that is stored with it, or who is using it.

Willson makes a point, reasonable on the face of it, that not all OpenID servers can be trusted to validate that their users are unique. Except that as he himself points out, BugMeNot does the same thing for usernames/passwords, and users can share passwords, and hackers can guess them, so you simply don't have that guarantee with any account! If you believe you do, and work to that premise, then you are fooling yourself, and risking your site.

After [signing in with OpenID] you might still want them to pick a username (especially if you are integrating OpenID in to an existing account system) and you’ll almost certainly want them to jump through the e-mail and/or CAPTCHA steps.

"Almost certainly"? Why? Why destroy the whole point of OpenID? That ID token is the only identity information you need. It doesn't matter if one person or a billion are using it: you are dealing with the identity token, not with the person or people. You do not need personally identifying information from any of the people, in order to perform transactions with that token.

But the idea that it's "easy" to bolt in an OpenID server is his biggest problem there, I think. It requires the accepting software to have several core changes, in order to do it right. See, in Drupal 6, there's a plugin that lets you log in using OpenID. Except, it doesn't work.

When I login as someone like, say, dewimorgan.livejournal.com, it correctly sends me off to livejournal to confirm that I want LJ to confirm I'm me (and offering to do so silently in future if I wish). But when it comes back to the Drupal site, it crashes into that belief that an OpenID is not an account.

* The username contains an illegal character.
* You must enter an e-mail address.
* OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can log in now and add your OpenID under "My Account"

Drupal is asking for two pieces of personal information that the OpenID provider did not provide: a display name with no "funny characters", and an email address. This is because it believes that an OpenID is not an account... but an OpenID plus email address and display name ARE an account?

WHY?

Perhaps some sites might have a legitimate need to restrict the characters used in usernames to a subset of 7-bit ascii. But I can't think what the purpose of such a site might be, other than discrimination against people with unusual names like Gérard, Luís, Tom/Mary...

Perhaps some sites might have a legitimate need to know the email address of anyone who comments on a blog post. But I can't think what the purpose of such a site might be, other than spamming.

How, then, SHOULD Drupal have handled this?

1) Email addresses are personal information, and you, dear webmaster, do not have a right to them. You will of course require them for certain services that involve sending an email, but creating an account is not one of those. So requiring an email address to log in if the user has connected with OpenID is stupid, and violates the privacy protections that OpenID offers.

1a) If spammers using fake OpenID servers are a problem, either blacklist those servers, or whitelist trusted OpenID servers where users are not required to validate themselves either by CAPTCHA or email.

2) Even where the OpenID server does not provide a display name, it is trivial to convert an openid into a mostly-reasonable display name.

dewimorgan.livejournal.com -> dewimorgan (leftmost element of the URL other than "www", if any.)

www.dewimorgan.com -> dewimorgan2 (as above, but append a number because dewimorgan is already taken).

www.thudgame.com/?user=piötr -> thudgame (yeah, I never said it was perfect).

3) Allow people to edit their display names, at least at first login using an OpenID, because the above system is imperfect.

ORG wins moar.

2009-01-03T12:07:28Z

The ORG (which you really should join, damnitt! They need another 500 subscribers by last December!) continues to raise awareness of how crap our country is about personal data.

http://www.openrightsgroup.org/dataloss/ is their new survey, which shows how likely you are to have had your data lost in the 28 most recent reported data leaks. I'm low-risk, it appears... or rather, I'm low risk, of the ones that have been reported.

In other news, I've been too happy to post for some time - sorry peeps :) Blame my Heidi!

Are metal detectors evil?

2008-11-08T18:28:34Z

People seem to hate people with metal detectors. Archaeologists loathe them with a particularly deep hatred. Why?

But people don't seem to hate archaeologists. Why not?

Seems to me the only difference is that one probably has a degree in archaeology, and the other might have a degree in something.

Digging up stuff and carting it off to museums is what archaeologists are famous for. It was only through international agreement by governments and other non-archaeologists in 2005 that we've finally started, after centuries of archaeological desecration, to repatriate some remains... but only if they're not still "of scientific interest" to archaeologists.

So, archaeologists: you are people in glass houses, throwing Elgin marbles and bones.

Archaeology is a living subject. Graffiti, removals, changes, improper cleaning efforts, and secondary reuse of stonework made today, all instantly become part of the site's history. This history does not belong just to archaeologists, it belongs to the people, as a whole.

Who has more right to a site? Who will do more damage?

You, with the degree in archaeology from the respected university, interested in the papers you might publish, the collections you might give it to, the labels you might put on it, the respect you will gain from your peers, and the grants you might get? But only interested in the pieces you're interested in, from the times you're interested in, and to the exclusion of anyone else who might be interested in other aspects, like pollen counts in the earth you mix up and discard, clay structures in the potsherds you mark as "useless", and so on. But at least you'd put the interesting bits in a museum, and the boring bits in a box in storage somewhere, right?

Or the tribesman, who's predecessors you would dig up, but he would rather leave buried, who reuses stones from his predecessor's temple to shore up his shack, who forges the metal artefact into a knife, and who sells the spearhead he finds to feed his family, along with all the potsherds?

Or the person who wants to build a mall or nuclear reactor or car park there, and has a bit of paper saying they own the site?

Or someone with a metal detector who spends years researching a location and then only affects the top metre? Don't they have just as much right to be interested in the past and their predecessors, and indeed in any possible profits they can get therefrom, as you or the tribesman? Is there actual data showing the relative "damage" they do, compared to the benefits oftheir finds? Is there data comparing this alleged damage to the damage done by builders and engineers? Or is the archaeological muck-slinging purely based on bias rather than facts?

Or someone in a hundred years time, with nanotechnology so that he can study sites in situ, truly "in context", without affecting the layers of earth above them. As a nano-archaeologist, their task is to interpret the site with an eye to its entire history, from the footprint they left themselves in the rubble of the mall, to the oldest element, including the laying of the sediments and what they reveal about weather and pollen in the intervening years. Except... they can't, because you got there first with your earthmoving equipment and winches, and all that's under the mall is scrambled earth, spilt diesel, and an archaeologist's trowel.

From all I've seen, archaeologists, both today and in the past, are just metal detector fans with a feeling of entitlement, a scorn of potsherds, bigger grants, better instruments, and earthmoving equipment.

[Disclaimer: I've never owned or used a metal detector, not know anyone who has. These are my moral beliefs, but I may be talking out of my rear, and would not be upset to have it handed to me on a plate in this issue. I'd *love* to know that archaeologists had the moral high ground, but that's just not been my experience in reality.]

Well done, America!

2008-11-05T21:03:22Z

If McCain had got in, I was dreading having to tell my fiancée "Sorry, I'm not going there. Maybe in four years."

But I would have. I would have given up on the country. Any country which voted the Bush family in for a third term prettymuch already deserved to be given up on as it was, but a third term of them

Last night I read a lovely comment, well before the results were in:

In reading the comments,on other threads I noted several that mentioned a "christmas morning excitement". Well I must admit that even an old (71) fart like me sort of has that feeling, but then why shouldn't we? We are getting an enormous present today, we are getting our country, our self respect, the respect of the rest of the world back. we are getting the future of our children, our grandchildren,in my case great grandchildren returned to us, so it is a time for rejoicing.</quote>

Reading that was what solidified my heart. A country that had voted against that would have been no country at all.

But you didn't. You Did The Right Thing.

And I love you, every one of you who voted for him, or encouraged others to vote. Thank you.

Now if only the UK could buck up and get a better leader. Not that I have a huge problem with our current one. He keeps himself to himself and gets on with the job of running the country. Or running it into the ground, I don't know. That's the point: he's not deliberately going out of his way to trample on everyone in sight.

Speaking of which, Bush is still president until Jan 20th. You poor bastards, he's going to have no mercy now.

[Edit: did I call it, or did I call it?
http://www.nytimes.com/2008/11/04/opinion/04tue1.html?_r=1&hp&oref=slogin ]

Another zombie dream. I am teh luckiez!

2008-10-13T19:38:05Z

I was lucky enough to have a great zombie dream a couple nights ago, so I thought I'd write it up.

Well, the world had been infected by a zombie outbreak, but life went on much the same. My girlfriend (not Heidi... not sure whether to be sad or happy about that) was a zombie, and she wanted to eat me, and I was a little hesitant. I knew I'd cave in eventually, but I was putting it off as long as I could.

We were sitting upstairs in a house by one of our friends (not an IRL person, just a dream-character) as he worked at the computer. We were waiting while he wrote his NaNo passage about myself and my girlfriend: she might have been a zombie, but she wasn't mean enough to kill me before I got to read what it said about us.

But eventually she got impatient, and I was about to cave in and let her eat me then and there.

Just then, there was a noise outside. I looked: there was a brown giant, like a sort of huge, rather portly wookie! That could be dangerous for everyone (and yeah, made a good distraction to stop her eating me) so I said we needed to check it out.

So we went out: there was a family of them, made of poo, living in a giant mound of poo covered in grass. It was like old horseshit, fibrous and not too pungent, so it was bearable.

Bravely we went up and talked with them, and made them agree not to attach the people nearby. Then we went home along the raised, Akira-style highway (even though the giant poopmound had been pretty much next door on the way out).

And my mum stepped out and said "Are you really sure you want to do this with her? I mean, death is a big committment" blah blah. And I was all "fine, I'll do it now then" and handed her my hand to eat, which she did. It didn't hurt: it felt nice, and she ate my arm all the way to the shoulder. It spurted a bit, but felt fine.

Then something or other happened and we saved the world and credits rolled, with a happy ending, and my alarm clock went off with perfect timing for once, rather than cutting the dream short. I replayed the dream in my head, carefully noting each plot point, so I would remember it all, intending to write it down immediately. But I got distracted, and the awesome ending is now lost :(

Very submissive dream, really, for all that I was fighting to put it off as hard as I could. Wonder if zombieism is a mental metaphor for marriage.

I have adopted a little old lady. Or did she adopt me?

2008-10-03T16:01:09Z

My neighbour below me, who's 80, has decided I'm a nice person. So she rings me day and night to help her with things, lies in wait in the hallway for me, things like that.

Today was "could you take a look at my electric heater, it's on a timer and it's not come on". So I turned it on, set the timer, and I'll check it in half an hour or so to check that it's obeying the timer properly.

Then there was "could you check my hot water"? (which for a while had me thinking her system and mine were tied together, since I'd just had mine fixed); and "Could you help me throw out this chair?" (which became "I'd love to give you this chair!" so now I have a new armchair, and a sidetable to go with it, too); and "Here are some placemats and a duster for the side table"; and "here's a pie for your supper!"; and "my daughter in law reckons my room is all skew: what do you think?" (which turned into "sure, you can move my furniture around... now move it back!")

All in all, she'd a lovely lady, and it's nice having neighbours. I'm not used to this kind of neighbour though. She never barges in on me because she can't get up the stairs. It's a arm's-length neighbour thing. Nice.

I dunno why people decide they like me: I see myself as rather antisocial and unlikeable. But people seem to see some good side that's hidden from me. Maybe I have a cute butt.

Anyway, I got a cool chair out of it!

---

In other news, all my Friday to-do stuff are done:
Book room in inn for end of Hogswatch (Thudders will ~~be happy~~ lynch me if I don't get chat working by then!)
Sort out voicemail on my phone (Lee will be happy!)
Get money out to send sister's parachuting thing,
Get Birthday card for sister,
Get Jiffy Bag for sister's card and cash,
Pick up books from Post Office,
Sort out new card for online Banking,
Call Landlord about Central heating,
Ask Post office if there's a more sensible way to get parcels delivered (no, there isn't).

Yay!

Though that parcel thing is annoying. There HAS to be a more sensible way to deliver stuff than to try to deliver it during office hours and fail, and then leave a card to arrange one of: redelivery during office hours; travel to a depot to pick it up (I don't have a car); delivery to work; delivery to the local post office 100 yards away where I can pick it up for 50p.

Surely to goodness I can just take the last option every time for large packages? Apparently ParcelForce will do this anyway, automatically. Royal mail cannot do this though, and will always make you book a redelivery there, which wastes two days.

And all the others don't even do that: it's only the first three options you get.

How is it that after so many centuries of delivering stuff, people can still waste so much time delivering stuff to places where people *aren't*?

Royal Mail has a great Safeplace system: the recipient can nominate someone like a close neighbour or a nearby shed, and the item will get dropped off there if they're not in. Downside is, this system works only if the *sender* has subscribed to it. Fat lot of good.

Some posties (not all) will follow instructions on the address label like "Please leave with Mrs Evans at #7". Which would be worth trying, 'cept I don't know any neigh... oooh!

To-Do lists: why they don't work, and how they can.

2008-10-02T19:05:52Z

To-Do lists are great causes and cures of procrastination.

Writing a to-do list is a good way to procrastinate from working. But it's also a great way to get organised. But my procrastinating, I've discovered, isn't disorganisation any more than it's laziness. Are to-do lists pointless, then?

I realised today that I have never, to the best of my memory, gone through a to-do list in order, point by point. I have always cherry-picked the items on the basis of what was easiest, and done those first.

That's how I was dealing with my list of 70 programming tasks, two days ago. Yesterday, I tackled the hardest tasks instead. Today, I did them in sequence. Both were more productive than tackling the easiest tasks, and doing them in sequence wasted the least time and effort on deciding which to do next.

But to do them in sequence, I had to first mark all those items I could not do, and remove them from the list (well, hide them so they didn't show). There are a bunch I can't do until I have the right hardware, for instance, so they went. Stuff like that: 15 or 20 items removed. Felt good, despite being a transparent ruse. With that, and items done, I've got the 70 items down to 20, and most of those are new. Nice!

I've done something similar with my paper to-do list on my desk. It's in different columns:

do at work (stuff I have to remember to do in the office);
Friday things (things I cannot do outside office hours, so will do on my half-day on friday);
Constants and recurring (stuff that will never get crossed off no matter how often I do it);
Other tasks I can't do now
1-off tasks I can do anytime

It's only the last category that matters. All the rest is stuff that would normally have found its way onto my to-do lists, made them look daunting, but been impossible to complete.

And so I'd read through the list, looking for stuff I was able to do, and naturally gravitate to those things that I was most able to do. Or most wanted to do. And so unpopular stuff would not get done, would become a molehill-mountain, would hang over me, would get carried over to the NEXT to-do list...

So now I have a list of things to do:

~~Blog apology to ORG~~
~~Blog procrastination thoughts~~
~~Talk to Rei-Jin about furc~~
~~Talk to Artex about bugges~~
~~Do my invoice~~
~~Check into setting up phone voicemail (checked on web, O2 website is useless, moved to "friday" column)~~
~~Blog to-do list thoughts~~
~~Remind Al about Richard Gariott going to space in 9 days.~~
~~write down story ideas for nano~~
~~watch that video I downloaded (to-do items don't have to suck!)~~
~~Prep for friday items~~
~~dig out webcam drivers, stick them in my bag for tomorrow~~
~~Blog about to-do lists (this post!)~~
Draw logo
write tutorial for sourceforge
furc gallery pages
furc festival pages
thudd
certificates
domain transfers

I'm storming through these. Yay. Placebo effect or not, it makes me happy.

Procrastination: the low-hanging fruit.

2008-10-01T21:59:03Z

It's taken me more than 30 years, but I just yesterday had an insight into procrastination, which has helped me today to overcome it somewhat.

I have long said that if there was one part of me that I'd change, excise, burn out, it would be my procrastinatory habits.

I often asked myself "how can this force that stops me from working possibly be adaptive?" What can possibly cause people to avoid as if on fear of torture, the things that are most important to them?

Yesterday, I was at a loose end. I'd completed all my normal procrastinatory tasks for the evening (blogs, webcomics, email, forums, IMs...), faster than I normally do. I was at a loose end. I couldn't think of any tasks that I needed to do. I knew there were lots, but I was avoiding thinking of them.

So I thought about them. I didn't want to do any of them. They were all hard things. Time consuming. I hunted around for easier things to do. I worked hard to find easier things to do, instead of the things that needed doing.

Then it clicked. I wasn't being lazy! Since university, or before, I have been trying to tackle what I saw as my laziness and refusal to work. But I'm not lazy, and it's not because I "have to" do things that they become a molehill. I don't avoid work at all! I'm just selective.

Now I understand why it's adaptive. I felt like I do when I look in my fridge, and pull out the easiest thing too eat or cook (I no longer do this, since I started rolling dice). I was selecting the easiest task to do.

In evolutionary terms, this makes perfect sense. Do you expend effort to climb the tree and get the highest, tastiest fruit? Only if there's a deadline (the crows will get it if you don't: or it'll go off). Otherwise, you eat the fruit you can reach first. The higher ones can wait. Less risk, with a larger, faster payout.

I was cherry-picking tasks that were easier and had a faster payout of enjoyment (for example, webcomics rather than paperwork). Or those paperwork tasks that were shorter, or where I had the papers to hand, or... cherry-picking.

Decision making is hard for us. We have "executive processes" that make the high level decisions. Selecting from an unfamiliar menu, for example. These things take a LOT out of us. If we make just one executive decision, our decision making ability is significantly reduced: the next decision comes slower, and is made with lower judgemental quality.

Clearly, we can't use these executive processes all the time (I suspect it also becomes harder or more expensive to use them as we age, maybe). So we have shortcuts. Rules of thumb. "Toss a coin", "Roll a dice", "I'll have my usual", "Pick the easiest, closest, biggest, yellowest...".

As we age, we get more and more rules of thumb, and rely on them more and more heavily. "Anything below 50p", "5-second rule", "2-second rule".

It seems I have been relying heavily on the "do the easiest thing" rule, and a related one, "put off a task if there is a significantly easier task that can be done instead". Today, while programming, I have been consciously trying not to use those rules, and fall back to others instead.

Yesterday, I was working mostly on the easier programming tasks of my current project, following the rules without noticing them. Today, I tackled the tasks I felt most needed doing.

I got *more work done*. Not just a little bit more, but a lot. And it was more fun, and it felt like I achieved more.

Is all this just me thinking I found a quick fix, and am placeboing myself into productivity? Time will tell. In the meantime, more productivity is good, either way.

I have also got various other tasks complete, too. Just by consciously opting not to cherry pick.

The ORG: The UK's awesome rights group.

2008-10-01T21:13:18Z

So, yeah, the EFF have totally fixed the problems I had with them, they were nice about it, replied to my email within a day, and so on. So, true to my word, I am now paying two memberships.

Untrue to my word, I have procrastinated about posting about that. Sorry. Now go join ORG, they are awesome. And they need your fiver.

There is more news on the rights fron in the UK, though...

http://www.protectthehuman.com/petition_actions/say-no-to-42-days- is a petition that you should all sign, to campaign against the police having the ability to lock anyone they want up for 42 days without charge.

They don't have to be *right* about anything. They just have to suspect. That's enough. If you were locked up for 42 days, or your carers or providers, would this screw you over? They won't compensate you for lost earnings. You're just off work, possibly without an explanation, for 42 days.

Would you have a job at the end of it? Could you beg for your job back, if your excuse was "well, I was locked up..."?

If you don't want your life, or those of others, screwed up like this, then go sign that petition. I did!

Why I won't be buying an iPhone.

2008-09-24T20:30:25Z

I've an old and crusty Nokia 9500 Communicator from 2004, getting on for five years old, which is why I won't get an iPhone: the iPhone's just not as good. The newer E90 Communicator which has been around since May '07, is just even better, hands down better on every count other than touch screen and weight.

What the iPhone doesn't have (and I may be wrong on these and am happy to be proven so):

1) Multitasking. I kid you not, the iPhone is a singletasking machine. You want to switch between your IM client, browser and SSH session? Then you're gonna have to disconnect the ones that are not currently active.

2) Free, open source software. Every app you install must be obtained through the App Store.

3) IAC (inter application communication). Although secure, since everything's in its own sandbox, even the user can't override this: so it means no handy plugins for the browser to, say, memorise form data, etc.

4) Emulators. They're forbidden by the ToS of the iPhone SDK, since it would mean you could run apps that weren't from the App Store, which means you will never get the Spectrum, Sega, and Scumm emulators I have on my 9500. No DosBox. None of that stuff.

5) Programming. Same again: you can't use the SDK to make another programming languags, since that might be used to make apps that aren't iStore apps. So the Basic, OPL, AutoType and shell languages on my 9500 wouldn't be allowed.

6) QWERTY. 'Nuff said. A virtual keyboard that takes up half the screen just doesn't cut it.

7) Spare batteries. The iPhone's battery, when it fails, will cost you $85 bucks to get swapped out. And you have to SEND IT OFF. With your non-removable memory still in it, including all the photos of your girlfriend... and then be without your phone for days until it gets back.

8) Memory. The E90's has about 3x the latest iphone's RAM, and the microSDHC card is, unlike the iPhone's, replaceable. Fill all 16G up with video? No problem, swap the next one in! Want to lend a copy of the video to a friend? Just pass it to him... unless he has an iPhone!

9) Video. Which is why you might not be so worried about running out of memory on the iPhone. It has a 2MP still-only camera, no autofocus or flash, compared to the E90's 3.2MP, with autofocus and flash, or 640x480 video.

10) Resolution. E90 screens are 800x352, 4" internal, 240x320, 2" external. iPhone's just 480x320, 3.5". And of course, if you're showing the keyboard to type, you get less than half that.

11) A DIV operator. As a bonus, that's right, you can't divide on the ARM chip it uses, and if you want to, you have to use workarounds in software, which will take several thousand clock cycles.

12) No "mouseover" support in hardware. You tap, or not-tap. That's it. Now, OK, the communicator only has a joystick, not a touchscreen, but it does at least have a proper cursor.

And the funny thing is, here in the UK at least, the E90 is *cheaper*... so I'll be upgrading to that, instead the iPhone.

I just don't understand the hype.

Well, those are my niggles, but what are other peoples'?

Apparently, very few of my niggles are shared by others. Instead, here in no particular order are the ones other people had.

Some I din't know about:
- No voice dialing (WTF? Nobody with a car can use this in the UK, then...)
- No handwriting recognition (WTF? It's a touchscreen! That's its one big thing!)
- No MMS (That means, you can't send/receive photo messages. Not even in the new one! I thought they fixed that, but apparently not)
- No browsing the filesystem (it makes sense in retrospect, I guess, if everything's sandboxed, but I hadn't even imagined this would be the case...)

Some I already mentioned:
- No hardware keyboard
- Crap camera
- No webcam
- Too expensive.
- No Flash (not sure if this means the camera, or the browser: apparently it has neither, the E90 has both)
- Can't replace battery
- No flash card slot

And some more:
- Poor Battery Life
- Gimped BlueTooth
- Gimped Outlook support
- No Cut and Paste
- Crap data plan in Australia
- Crap GPS ("Can’t use the GPS like a GPS." whatever that means: I have TomTom installed on my 9500)
- No tethering (ie, use as modem)
- No cut and paste (WTF? Insane...)
- No TV (some people want everything!)
- No TV out
- Touchscreen-only interface (but at least it HAS a touchscreen: the E90 doesn't)
- Two-handed operation (admittedly, if you want to use them for more than phone/addressbook/txt/camera/call log, so're the Communicator series)
- Restricted carriers
- No third party applications
- EDGE (2.5G) data support only
- Cisco suit and other legal issues (I've no idea what that means)
- No A2DP (Stereo Bluetooth)
- Check calculation application sucks
- Calendar sucks
- Adding contacts is annoying
- Gimped syncing
- YouTube app sucks
- Clock software sucks
- Notes software sucks
- Stocks software sucks
- The hype is awful
- No IM (What? Surely there has to be, on the App Store?)
- Very vague battery gauge
- Faint, tinny speakerphone
- long shutter lag on the camera
- Scanning to the right part of a song is much harder than the iphone
- Poor sound quality in calls.
- Touchscreen imprecise; can't adjust for parallax (finger/screen offset)
- Web apps cannot download, upload or store data
- Web pages cannot be saved for offline viewing
- Can't disable Javascript
- No Java
- Proximity sensor fails to answer calls (whatever that means)
- Extremely strong radio frequency interference
- No VoIP support for Wi-Fi
- No voice-record capability; ("iPod add-on did not function")
- Safari can't reformat web page for convenient viewing
- Device does not operate in landscape mode in all applications
- Battery drains rapidly with Wi-Fi use; no transmit power setting
- Substantial delay for new voicemail notification
- Will not accept existing SIM card
- No external mute button
- Slow rendering of zoomed HTML content
- Slow JavaScript interpreter
- no mouse events hamper Web 2.0 apps
- No streaming audio/video support
- No full-screen view in browser; large button strip always present
- No edit-in-place in Settings; each line of text is a separate entry page
- Onscreen keyboard is large, opaque; obscures underlying interface
- No rich text editor
- Vertical/horizontal scroll regions too narrow; trip underlying controls
- Feeling for home button can delete email (trash button is bottom centre of display)
- No file upload limits use of online document viewers
- Not addressable as USB storage (what the hell? ties in with the "can't browse the filesystem" I guess.)
- No over-the-air sync options
- Spelling errors are not flagged in text
- Cursor positioning inside editable text is difficult
- Cannot download content for offline playback except through iTunes
- No Bonjour support for iTunes, web sharing
- Headset jack not phone standard
- iPhone pairs with MacBook Pro Bluetooth, but offers no supported services
- No master inbox covering multiple mail accounts
- Chat substitute uses expensive SMS (web alternatives available but don't signal on incoming chat invite)
- Fewer slideshow transition effects than video iPod (oh, tragedy! :P)
- No musical ring tones (Best feature of the phone, if you ask me!)
- No exposure control in camera, very slow shutter creates blurry images

Via high5.net:

Given the issues, why do people like this phone?

There is one reason I MIGHT get the iPhone, though: the Furcadia port. But even the screenshots of that have disappeared from the net, so I can't even link to it.

The ORG: The UK's hamfisted [actually pretty good, it turns out] EFF.

2008-08-04T18:38:05Z

[Edit: This is an open letter to the Open Rights Group (ORG), the UKs last best hope against the constant encroachments of the "Intellectual Property" crowd.

I cannot state too strongly how strenuously I support their goals. I think they are the best thing to happen in the UK since... well, maybe the internet. Which is why their signup form (see after cut) was such a slap in the face.

So I am putting my money where my mouth is, I am signing up *despite* these grumbles, and if they address them, I'll buy another. Hey, it's only £5/month, why don't you join me? :D]

I was excited to hear about the ORG. I'd already opened my blog page and begun a post before I'd opened your signup form... and discovered it *requires* the following information:

Gender (via title).
Full name (first and last).
Full postal address.
Email address.

Sure, I could have filled it with nonsense, but the presence of these required fields said very clearly to me that you intended to store information on me, and have no clue about the principle of "need to know"; no clue about data protection, privacy, or anonymity; and ultimately, no clue about digital rights, which is what your organisation is meant to stand for.

For now, at least, my money will go to the EFF: they "get" it. Unlike yourselves, if I want to donate to them by PayPal, all I need do is click a link.

- Dewi Morgan.

Am I being a lousy type-A for that? Maybe.

But really, if a rights group isn't set up to take anonymous donations, what other incompetencies do they have?

Why do they want my gender? What earthly use is my postal address to them? Why do they need my name?

The simple answer is, they do NOT need these things. Not one of them. The only reason they ask for it is so they can track me and contact me in ways for which I have not given my consent.

The UK government is famous for losing DVDs of personal details, and yet our rights group is asking us to hand them over to them. Because we can trust THEM, right? Because they're ORG, they're trustworthy! They won't screw up!

But... they already have, with their signup form. It's crushingly embarrassing to see that on the web page of my country's rights organisation.

So, money gone to the EFF instead, at least until we have an ORG which "gets it".

[Edit: Incidentally, if you do sign up with them, please credit http://randomreality.blogware.com/ - since that's where I got it from. And if he gets ten of us signing up, he'll blog every day for a month! Whereas, I'm not offering any bribes atall...]

Plurk timeline

2008-07-27T13:16:26Z

Plurk timeline after the cut. If anyone knows how to get this displaying in a div that's always on my main LJ page, that would be cool...

Plurk.com

Come to that, if anyone knows a way to get it to work, that would also be cool - I, at least, can't view it.

Eek! I'm almost an early adopter!

2008-06-28T14:57:21Z

I tend ot be very conservative about which "social networking" sites I join. If they haven't been around for yonks, I feel I don't need them.

plurk.com, which is a sort of improved more-fun twitter, sucked me in, though. It's nice. Join us. The water's lovely.

I'm interested to know how you spend your day. That, and they give me more smileys if some of my friends join up :P