Security

Things Storm bookmarked this week / 19-10-11

Things we liked this week:

Adam popped me over this rather nice interview with Peter Norvig giving a run down of AI techniques employed by Google. It’s a long piece but well worth a read as it explains how some of the magic actually works..

For once, Paul didn’t focus on the fail – this time his link (via @elliottkember) is all about testing in Ruby. It’s a tool called Heckle which will systematically break your code in every conceivable way, while running your tests. If a test doesn’t fail * then you need to get writing more. He tells me it’s a great tool for ensuring the quality of your tests, and therefore your code. [ * wait up, a fail! ]

Nicola sent me this interesting post about continual improvement and development – some really interesting stuff in there both for designers and anyone else wanting to up their game..

Liam sent over a couple: Firstly is a rather nice jQuery timeline plugin, called Timelinr (of course!). Second is the new homepage at http://desertbus.org/. Liam tells me that DesertBus is a charity event in which a bunch of Canadians play a mini-game from Penn and Teller’s never-released video game on Sega CD in which you drive a bus in real time, back and forth, until you get bored. They do it for charity every year – he helps them out with a bunch of graphing code of donations over time and other such analytics. Good work!

For me, it has to be the totally non-tech-related story about Fauja Singh finishing the Toronto Marathon in 8 hours 25 minutes. Pretty slow, you might think, until you realise the guy is 100 years old. Singh apparently ran his first marathon at age 89 and has since run seven more. He attributes his success to “ginger curry, cups of tea and ‘being happy’”. An amazing, inspiring story..

Finally, Andrew pointed me to this story over on TechDirt. I’ll let you read it and get cross all on your own, but in short – don’t ever point out a blindingly obvious security flaw on a bank website – it might get you into a lot of trouble. Shocking.

Things Storm bookmarked this week / 05-10-11

Things we liked this week:

…Liam was confused by people not understanding that the iPhone 4S is the iPhone 5 (not to mention the shameless ripping off by Apple of Google Latitude…). Meanwhile, he bookmarked: Amazon’s new Kindle without keyboard now shipping in the UK (but apparently UK folks don’t get the Kindle Touch, or ad-supported Kindles). He also discovered the reasonably awsome Layer Styles which lets you use a Photoshop-like web interface to build complex CSS3 shadows and borders. Nice!

Layer Styles: nice. New iCal design: not nice. Nicola: “REVOLTING. It’s not Apple’s sexy style, looks dated and ugly – it has ‘stitching’…”. Ouch.

Andrew’s bookmarks included this Smashing Magazine blog post on Conversation Techniques for Designers which he says will come in handy as he spends more time liaising with clients than doing design work…

Paul tells me it’s been another bad week for security: Russian software company Elcomsoft announced that they could recover Blackberry device passwords, while a massive security hole in HTC’s Android phones allows any app with permission to talk to the internet to extract any private information from the phone…

From Adam: “Cube is really neat looking open-source system for visualizing time series data created by disruptive credit card processing start-up Square. It let’s you really easy build a realtime dashboard of anything that can be tracked over time. It uses some very clever data processing techniques to deliver results as quickly as possible. It’s definitely a library I’m now looking for a reason to use!”

And finally – from me, another stunning example of how Amazon is building fiercely loyal customers by going way beyond the call of duty with their customer service. I’ve had a similar experience with the ‘zon when my Kindle case malfunctioned – instant phone call, totally intelligent customer service person, instant money back into my account. This is how it should be done…

Cake fine? Clearly it should be Dave for 1) Failing to contribute and 2) Being on holiday :-)

Storm news roundup 23-09-11

Storm’s favourite web stories from the week…

Liam:

“This week I’ve been induced into a Video Game coma with the launch of Gears of War 3 and OnLive, and the EuroGamer expo yesterday in London.

It’s not all play though – The OnLive service (http://www.onlive.co.uk) is a technical masterpiece.We’re huge fans of the technical challenges faced on the Internet, and that spans more than just our websites and apps. Streaming High Definition video is always a challenge, but pushing back control button data in as near realtime as possible to allow responsive gameplay – and have it actually work – is a game changer for Video Games. I don’t see it replacing your consoles for a while, but for younger kids, the price and cost of entry (basically free, but you can buy a standalone OnLive console if you don’t want to use your PC) make OnLive’s outlook very positive.”

Adam:

Facebook Music to be Last.fm killer… Facebook is announcing a new deep integration with Spotify which will ‘revolutionize’ the way we listen to music. Songs users listen to will be scrobbled to Facebook who will then use that data to populate your new Timeline (link somewhere) and produce recommendations from your social graph.

This all sounds very similar to Last.fm – which scrobbles tracks and then produces recommendations based on friends – so not terribly revolutionary. I don’t actually see the new UI for this yet so it’ll be interesting to see how Facebook have implemented this, but given the large user base I’m pretty excited to see the recommendations it produces. I’m also really pleased for Spotify who should get a shed-load more paying customers on the back of this.”

Paul:

“It’s been a bad week for online security in general and SSL specifically.

Dignotar, the disgraced Certificate Authority thoroughly hacked some months ago and was the source of fraudulent certificates thought to have been used to snoop on Iranian dissidents has been closed down. The whole mess has graphically demonstrated the fundamental flaw in the SSL certificate system: that it’s based on us trusting CAs not only to be honest, but also to be competent. Apple also got a lot of flack for taking a very long time to remove Dignotar’s certificate from OS X, and a bug prevented users from doing it themselves.

Moxie Marlinspike has a good writeup on the fundamental problems with our current model of trust on the internet, and why a DNSSEC based alternative being proposed won’t work

In other news, researchers Duong and Juliano Rizzo gave details of a vulnerability at the heart of the TLS 1.0 protocol. While TLS 1.1 and 1.2 are not susceptible, upgrading browsers, applications, and servers is proving to be rather more complex than expected.”

Andrew:

“This week I’ve almost solely been working on branding projects- it’s certainly my favourite discipline as a designer and the thrill of exploring and experimenting with a logo until it finally clicks is so enjoyable I often leave work with a sense of confused guilt about having had so much fun during a work day.

All this branding at Storm conveniently coincides with the ‘Brand New Conference’ which took place on the 16th- a conference held by Brand New, a popular blog chronicling corporate and brand identity work amongst high profile companies and corporations. Brand New have just released videos from the conference, the previews of which I have been enjoying this morning. It is a unique insight into the practises of the most prolific branding agencies today and at $5 each they’re very reasonable. Now where’s the Storm credit card…?”

Dave:

The internet is more important than food, according to a worldwide survey carried our by Cisco this week. I’m currently in two minds as to whether this is a sad reflection on humanity as a whole, or simply a nod towards the social revolution of the past decade.

The points made by the survey are compelling: Facebook is where people ‘start’ dating, more of the worlds business in conducted online than ever before and even physical activities are today augmented by the ‘internet in my pocket’ delivered by smartphones.

This was less ‘breaking news’ to me than it was a quick pinch in the arm to take 20 seconds from my day to consider how royally buggered we’d all be without internet. Scary huh!

Mike:

“I’m slightly obsessed with the trajectory that social networking is taking, what with the public opening of Google+, Facebook F8, and also a reminder email midweek from those chaps at Diaspora that they’re still going. The Diaspora email struck a chord with me – even though they’ve been an age in producing anything solid, they talk about the authenticity of connections made via good social tools. At the opposite end of the spectrum for me is the Facebook direction – and no-one summed it up more coherently than this post from Slate entitled Not Sharing Is Caring. To me, this all goes back to the classic Kevin Kelly post – we need better curation, not more sharing.”

———–

The Failing To Do A Post For The Storm Blog Cake StickCarrot Publicly Name And Shame Fine (TM) goes to….Felix…who not only failed to write a news piece but also failed to turn up at all this morning…

He With The Hair gets to buy cake next week :-)

Things Storm bookmarked this week / 21-09-11

Another week, another bunch of interesting web happenings. Here’s a few you may be interested in:

Google+ opened their doors to everyone, with a whopping great homepage arrow thingy. At roughly the same time, I stumbled across this rather frank assessment of the service: “perfectly adequate, fun to stumble onto but completely irrelevant…”.

Many in the tech industry are taking this angle, ready to write off the service as a rather poor third (or fourth..) place to do social. Our very own Paul Leeder is of the opinion (and are many others) that Facebook is likely to be the winner in this space for the forseeable future, with – what – 750 million users..

Personally, I don’t see this as an either-or situation and reckon it’s too early to call – Google has an unbelievably wide reach and the means to lever that reach across their web estates. Still, the question about how, where and whether it fits is going to get bounced around even more now the site is open to the public..

Liam sent me a post from Engadget suggesting we might soonish be seeing the appearance of Google Voice in Europe. Not the “call some people from chat” bit which has been around for a while, but hopefully the “one number to rule them all”, which is more compelling. Having said that, the post says deployment “hinges upon legal and regulatory issues” so maybe we should forget the whole thing for at least a couple of years…

Two security stories did the rounds – Apple “dropping clangers” with OSX password security and then this other Register piece about SSL:

BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,” Trevor Perrin, an independent security researcher, wrote in an email. “If the attack works as quickly and widely as they claim it’s a legitimate threat

Interesting (if slightly scary) stuff..

Finally, Adam got very excited about this video, all about the future direction of C# and Visual Basic. Apparently it includes “making asynchrony a first-class citizen in the language”. I have no idea what this means, but it sounds kinda interesting :-)