Ben Laurie blathering

31 Jul 2007


Filed under: Lazyweb,Motorbikes,Toys — Ben @ 9:26

I could swear I’d written before about the TomTom Rider, which I use on my bikes, and love dearly. Well, mostly. Good points:

  • Uses bluetooth to connect to my phone to get updates on traffic conditions, and routes around blockages.
  • Not intolerable user interface.
  • Cute trick (that I haven’t used yet) of tracking your buddies.
  • Talks to me in my helmet.
  • Warns me about “safety” cameras. Mostly.

Bad points

  • No tracking, very disappointing if you want to figure out where someone else took you, or you went randomly.
  • Weird slight randomness in routing (for example, Aylesbury to West London might choose to use the A355 down to Beaconsfield, or to continue down the A413, which is definitely faster).
  • Latest version of the s/w kills my Rider, but TomTom won’t fix it unless I send the Rider back in – and they won’t provide a replacement to use in the meantime.
  • Occasionally crashes.
  • Itinerary (their name for routes) handling is pathetic.
  • “Glove friendly” UI is actually pretty much impossible to use in gloves.

Anyway, all that said, I’ve been musing about using the TomTom in the car. The snag is that the only way the Rider has of talking to me is via a bluetooth headset – which is OK in a helmet, but I really don’t like their non-helmet version. For a start, it doesn’t stay in my ear. So, I’ve been considering alternatives, and I figured I’d ask the Lazyweb for suggestions. Perhaps even something I can use on both car and bike.

13 Jul 2007

Hypocrisy in the Exploit Market

Filed under: Rants,Security — Ben @ 15:36

I am amused to read about an auction site for zero-days. Why am I amused? Not because I think that selling zero-days is cool, but because of the massive hypocrisy by other zero-day vendors.

“How do you know bidders aren’t people with nefarious purposes”

wails Terri Forslof of zero-day vendor, TippingPoint. I don’t know, Terri, but I’ve been wondering how you figure that out for some time.

Companies like TippingPoint and VeriSign’s iDefense both pass along details of vulnerabilities they buy to the affected software vendors, and both withhold public disclosure of the flaws until the vendor has shipped a “patch” to plug the security holes.

Aren’t they nice? They only tell paying customers about the flaws before they’re patched. That’s clearly different from WabiSabiLabi, who only tell paying customers about the flaws before they’re patched. Oh, wait…

This really does amuse me, though

WabiSabiLabi’s founder said the company currently has no plans to notify affected vendors, saying that could ultimately decrease the price buyers are willing to pay for any one vulnerability.

Now, the dodgy geezers at WabiSabiLabi are trying to convince us that they would only sell to well-intentioned people. How can they possibly square that with the idea that buyers will pay more for unfixed vulnerabilities? What possible good motive could such a buyer have?

Of course, I’m having a hard time figuring out why anyone would be buying these vulnerabilities in the first place: perhaps the story is that they will get competitive advantage by being able to claim that they have fewer vulnerabilities? I’m looking forward to the adverts: “XYZ – now with fewer security holes than competitive products! Get it before they outbid us!”.

10 Jul 2007

Technical Safeguards: 1 Parenting: 0

Filed under: Digital Rights,Rants — Ben @ 11:23

As we all know, removing access to all undesirable content on the Internet without also removing access to some perfectly innocent (or even crucially helpful) content is impossible. And that’s even before you start worrying about what is meant by “undesirable” and who should decide.

None of this deters our fearless representatives in government, as this exchange shows:

Brian Iddon (Bolton South East, Labour) | Hansard source

May I draw my right hon. Friend’s attention to a substantial piece of work that Zentek Forensics in my constituency carried out? It showed that it is ever so easy to google one’s way around the firewalls that prevent children from accessing some very undesirable material. That is happening in schools, libraries and children’s bedrooms in the evenings at home. Will my right hon. Friend look at the providers of commercial filters and try to get them to strengthen their firewalls?

Photo of Jacqui Smith Jacqui Smith (Home Secretary) | Hansard source

I am happy to look at anything we can do to protect children from some of the dangers of the internet. I recognise, of course, that the internet plays an important role in the lives of children and young peopleā€”at their schools, in their social lives and in their ability to research. However, it is clearly unacceptable if we cannot put the technical safeguards in place. We have been considering how we can, for example, kitemark some of the products that are involved in filtering and monitoring software. Perhaps, as part of that activity, the company to which my hon. Friend referred could make some progress. However, we take the issue extremely seriously.

Ah, yes, it is “clearly unacceptable” to give children unfettered access to the ‘net. Heaven forfend that parents should actually have to educate them, provide them with any kind of moral compass or, indeed, indulge in parenting. A kitemark will solve all our problems.

4 Jul 2007

Java Drives Me Nuts!

Filed under: Lazyweb,Programming,Rants — Ben @ 19:34

Though I will admit that a lot of the nut-drivingness has been taken out of it by Eclipse (even if it is black magyck). So, I’ve been playing with Higgins (btw, teehee!). Or, rather, trying to. It seems Higgins is a pile of different inter-related projects. Which is good, but each one has its own dependencies which it wants to find in a subdirectory called lib. The first issue here is when I discover that something depends on stax-api-1.0.1.jar, what am I supposed to make of that? I can do a bit of googling and discover that there is such a thing out there on the interweb, download it and plug it in. But surely there’s a better way? How do I know I got the right thing? Suck it and see?

And what when the required library is called serialiser.jar? That’s just a teensy bit vague. Now what?

Then there’s the issue that each one of these projects wants its own copies of each library. Which I can do, of course, but it’s tedious! Again, I ask, surely there’s a better way?

Someone please tell me this is a solved problem and I’m a moron for whining about it.

(And I haven’t even started writing Java yet, that’s when the real nuts-drivingness sets in)

FreeBMD Wins Society of Genealogists’ Award

Filed under: General — Ben @ 12:25

Many years ago Graham Hart, Camilla von Massenbach (my wife) and I started FreeBMD, little realising that over the years it would become one of the world’s most popular genealogical websites fuelled by one of the world’s largest volunteer transcribing efforts. Recently, the Society of Genealogists recognised the importance of the effort with their Prince Michael of Kent award. Although the plaque reads

Society of Genealogists
Prince Michael of Kent Award 2007
Awarded to the trustees of FreeBMD
In acknowledgement of the outstanding contribution to Genealogists across the globe by offering free access to the Births, Marriages and Deaths Indexes online.

it is really the thousands of volunteers who have worked tirelessly on this project that deserve all the credit.

2 Jul 2007

Its Official: Security Doesn’t Matter

Filed under: Rants,Security — Ben @ 13:45

I’m slightly amazed to see that O’Reilly, who claim to have invented the term “Web 2.0”, have managed to produce a CFP that doesn’t even mention security. Not hugely surprising, I guess, when you read the rest of the CFP, which has clearly been written by some MBA…

These are just some of the trends and shifts we’ve noticed.

  • Web operations, theory and practice: What are the major players up to with their platforms and how do open source and independents play into “web as platform” and “web ops”?
  • Global scalability: The Internet is global, your apps need to be global, and they need to scale.
  • Going 2.0: How to turn your 1.0 business into a 2.0 masterpiece in less than six months.
  • Viral marketing and community evangelism: Start a fire! Learn how to create a meme and let your users tell your story, without spending a fortune.
  • SEO & SEM: The science of measurable marketing. Find your keywords, and let your audience discover you, using search engines as the gateway.
  • Blogging and Internet PR: The new way to launch a product or service?
  • User-generated content: Tagging and ratings and blogging, oh MY!
  • Syndication: Don’t be afraid of spreading your content across the Web. It’s free advertising; if it’s good and adds value, your users will come find you.
  • Location: Maps and location are now commodities. How can it add value to your app?
  • Social networks: Are commonplace–where are they going next?
  • Identity: Distributed identity is on the rise. What should you support?
  • Data: The importance of data is growing. How can you protect and respect your users by giving them a way out?

Perhaps its just me, but not one of those sounds like a trend or a shift to me – they all sound just like an advert for your contentless conference.

Powered by WordPress