Neil Turner's Blog

Blogging about technology and randomness since 2002

April 17, 2014
by Neil Turner
0 comments

What happens when you change your Facebook password

Screenshot of a Facebook password being changed

On Tuesday I changed my Facebook password for the first time in forever. I literally hadn’t changed my Facebook password ever before, and I’ve been on Facebook for seven years. I also used my Facebook password on other services as well.

I assumed that I would be okay because I use two-factor authentication for Facebook, and so this wasn’t one of the passwords that I changed at the weekend. However, Facebook alerted me to some ‘unusual activity’ on my account which I didn’t recognise, so it forced me to set a new password. I duly created one of my standard 24 character passwords in 1Password and went with that.

As well as having to sign in again on my iPhone, iPad, and on desktop machines, Facebook also reset OAuth credentials for all third-party apps that use my account. The main ones that I’ve had to re-link are Timehop and Sunrise which need regular access. The Jetpack plugin for WordPress also needed re-connecting to Facebook, which was a little more involved; I kept getting error -10520 until I completely disconnected Jetpack from wordpress.com, re-connected it, and then connected to Facebook. And IFTTT emailed me to re-authenticate as well.

Facebook was one of the web sites that was identified as being susceptible to the Heartbleed bug so it could be that someone got hold of my password that way. I’ll never know for sure, and it could have been something that I did, but as the location of the login attempt was listed as being somewhere in London I decided to err on the safe side. I’ve also had a similar notification from Yahoo!, where someone in California attempted to access my account (which has a much stronger password) so that has been reset this week.

Worryingly, I probably would not have known about either incident had it not been for me enabling two-factor authentication – I was only notified because the attackers (if they were attackers) where thwarted when asked for codes. As my email address is public knowledge, then on services where two factor authentication isn’t available, all an attacker needs to do is guess my password. And whilst I choose very strong passwords, if an attacker is able to capture my password from somewhere then on most web sites they will have no problems getting in. Thankfully, most of the really important sites that I use have two-factor authentication available – Tumblr being the latest one that I’ve activated.

Mumsnet has already fallen victim to Heartbleed with one of its founders getting hacked – thankfully by someone without major malicious intent. I expect more sites will come under attack as time goes on – especially over the Easter weekend when fewer staff will be around to sort out server issues.

April 16, 2014
by Neil Turner
0 comments

Real ale and craft beer

Tasting trays of real ale

I’ve been a member of CAMRA – The Campaign for Real Ale – for a couple of years now, to support their work in promoting real ale and community pubs. Though I’m not a heavy drinker, and only a recent convert to beer, I enjoy getting discounted entry to beer festivals, and finding out more about independent microbreweries.

The beginnings of the real ale movement

CAMRA has been around for over 40 years, having been founded in 1971 against a tide of amalgamation and homogenisation by breweries. In days gone by, Britain had many breweries, but by the time the 1970s had rolled around we were left with a few large breweries making bland, mass-market beer, and eschewing traditional hand-pulled casks for newer keg systems.

Over time, their work has paid off. Nowadays, the larger of CAMRA’s beer festivals, like the recent one in Manchester, can offer over 300 beers, many of which were from local breweries. West Yorkshire, the county where I live, now has the highest concentration of microbreweries of any English county, and new microbreweries are opening on an almost weekly basis across the UK. Wetherspoon, probably Britain’s best known pub chain, offers real ale at all of its pubs.

From across the pond, craft beer

More recently, over in America, a similar but less formal movement has become mainstream over the past few years, in the form of craft beer. Like real ale, the beers tend to be crafted with care by small, independent microbreweries, instead of being mass-produced by large conglomerates. However, it’s a much broader term; ‘real ale’ tends to focus just on bitter, stout, ale and porter, and is served in casks. Craft beer, on the other hand, can be any type of beer, including lager, and can be dispensed in kegs as well. In other words, you could say that all real ale is craft beer, but not the other way around.

Hipsters versus old northern men

Whilst the two terms could be seen as being interchangeable, there are also different stereotypes attached to them which usually results in either one, the other, or both being used separately. CAMRA started up in the north of England and real ale seems to attract a particular stereotype – older men, usually from the north, drinking in traditional old pubs. Craft beer, being newer and having its British origins in East London, has a more hipster-ish vibe to it, consumed by younger people in trendy bars with rustic features.

Cask versus keg

To me, both cultures should be complementary, and you would hope that CAMRA would be pleased that the younger generation are interested in decent beer. Sadly, all is not quite so rosy. CAMRA is still strongly opposed to keg beer; whereas beer in casks still contains yeast and carries on maturing even whilst on its way to a pub to be sold, keg beer is chilled, filtered to remove the yeast and then pasteurised. CAMRA argues that this ruins the flavour of the beer, but, on the other hand, keg beer is easier to dispense, lasts longer and easier to store. Some pubs – those that do not participate in the Cask Marque scheme – may not store their cask ales properly resulting in a poorer taste.

So there are advantages and disadvantages of both methods – cask is the traditional way, but it requires more care, and keg is the modern, easier way but doesn’t necessarily produce the same taste. Breweries often use both – for my stag weekend last year, we visited The Great Yorkshire Brewery (formerly the Cropton Brewery) which can produce bottled, cask and keg beer. Some newer craft ale breweries may only offer their beers in kegs.

CAMRA’s opposition to keg beer means that any beer that is offered in kegs is not welcome at the beer festivals it organises – only cask ales are available. Controversially, this includes any beer offered in both formats – some breweries will offer the same brew in keg and cask, in which case, neither will be welcome at a CAMRA beer festival. CAMRA’s view is that the taste will be different between the two – but this is also the case when you bottle beer as well, and, as far as I am aware, CAMRA have no such limit on cask ale that is also available in bottles.

Perpetuating the stereotype

Whilst I’m still happy to be a member of CAMRA and believe its work in promoting real ale and community pubs is important, I feel its opposition to keg beer is petty, and will turn away the younger generation. I already mentioned the ‘old northern men’ stereotype and by alienating craft beer drinkers, CAMRA is putting its own future in jeopardy. Maybe not in the short term, but when its members get older, in 20 or so years time, a lack of young and energetic volunteers could make the organisation of events more difficult.

Preserving knowledge about traditional methods is important, and I’m sure there are many breweries out there that will be happy to carry on producing cask ale for years to come. But I feel CAMRA should also support those small, independent microbreweries that want to experiment and embrace new technology, whilst maintaining the wide variety of quality, crafted beers that are are now widely available thanks to CAMRA’s work.

April 15, 2014
by Neil Turner
1 Comment

Explr.fm – map the music you listen to

Map of where the artists I listen to come from, generated by explr.fm

The map above shows you the countries of origin for the artists that I listen to. It was generated using explr.fm, which uses your scrobbles from last.fm to map out your listening history by country. Darker colours mean that I listen to more artists and bands from the country.

Overall, I’ve listened to artists from 48 of the 197 countries that explr.fm is aware of. Naturally most are from the UK, the US, Canada and Australia, since I mostly listen to music sung in English. But Germany, Finland and Sweden are also hotspots as well, probably because many European bands also sing in English even if it’s not their first language.

I tend not to listen to much world music, so explr.fm wasn’t able to show much in South America, Africa or Asia, apart from Japan where my small collection of J-Pop makes an appearance. The data is amassed using last.fm tags added by users, so not all of the data may be accurate.

One of the main reasons why I scrobble the music I listen to using last.fm is to get data like this. With over 70000 song plays scrobbled, it’s possible to get some meaningful data – not just recommendations of other music that I enjoy, but also interesting data like this.

April 14, 2014
by Neil Turner
2 Comments

The big post-Heartbleed password change

Screenshot of the heartbleed.com web page

Following last week’s revelations about the Heartbleed bug, I spent quite a bit of time over the weekend changing passwords. Not all of them – I’ve been using this list of affected sites from Mashable – but quite a lot.

At the same time I’ve also taken the opportunity to audit other passwords from non-affected sites. I use 1Password as my password manager, on OS X, Windows and iOS, and it has a ‘Password Audit’ feature that shows weak, old and duplicated passwords. Ashamedly, I had quite a few of all three.

As a reminder, the generally accepted guidelines for strong passwords are as follows:

  1. As long as possible
  2. Using a mixture of lower and uppercase letters, numbers and special characters
  3. Are unique
  4. Avoiding any words that could appear in a dictionary

Using a password manager is therefore a very good idea, as they can usually generate strong passwords that meet those criteria, and offer to remember them for you. I tend to go for 24 character passwords like ’3&yjGJNrE)Up2no8W:iNduYg’, to give an example of one that 1Password has just given me, and there’s no way that I could memorise that. The only passwords I have committed to memory are my 1Password Master Password, for obvious reasons, and my logins for Google, iTunes and Facebook. Whilst they satisfy the first three criteria above, they do use actual words – albeit with numbers and symbols replacing some of the letters – because these are the ones I use the most frequently. They’re still ‘strong’ according to most password meters.

Having said all of that, your passwords also have to fit within the constraints set by the web sites with which you have accounts. Whilst most of the sites I’ve been using have no problem with 24 character passwords, and are happy to accept symbols, not all of them are. Quite a few would only take passwords up to 16 characters, and others won’t accept special characters – or both. In which case, I had to make do with weaker passwords, but at least they’ll be unique.

There are, however, two web sites that were significantly worse than others. hmvdigital doesn’t let users change their password, unless you contact customer services. The worst offender, however is the Intercontinental Hotels Group, who owns the Holiday Inn and Crowne Plaza chains. If you’re in their IHG Rewards scheme – I am, and I have gold membership – then your password is a 4 digit numeric PIN. So there are only 10,000 possible password combinations, which could be cracked within minutes by an average home desktop computer. In 2014, this is horrifying, and for this reason, if you use IHG’s hotels, please don’t store your credit card details with them.

On the other hand, it’s been enlightening seeing which sites have removed my accounts for inactivity. For example, dabs.com have deleted my account, presumably because my last purchase from there was circa 2005. And other sites simply don’t exist anymore.

April 13, 2014
by Neil Turner
0 comments

Kickstarted: Frisky & Mannish’s Pop Education Trilogy

What was it?

The twelth project I backed on Kickstarter was Frisky & Mannish’s Pop Education Trilogy, which sought to edit and post their three tour shows online for everyone to watch.

How much did I pledge?

Just £1.

What did I get?

I didn’t select a reward so I didn’t get anything specific in return for backing the project, but the money raised meant that all three videos are available on YouTube for everyone to watch free of charge.

Christine and I went to see Frisky & Mannish when they came to play in Bradford in September 2012. I’ve been aware of them for a while, after a former housemate shows me some of their videos on YouTube. Essentially they are a cabaret duo who do musical parodies, such as Kate Bash – combining the works of Kate Bush and Kate Nash, and a ‘grime’ re-working of Top of the World by The Carpenters. Though these short videos are good, they are far better live as it’s the interactions between the songs that make them worth watching. So now that they have posted three of their full length shows for all to see, you can see what they’re really like.

At the moment, Frisky & Mannish are on a break, but they are doing a stint at the Edinburgh Fringe Festival this summer. Hopefully this will lead to another tour – either way, if you have the chance to see them, please do, as we had a really good time.

April 12, 2014
by Neil Turner
0 comments

Links from Delicious for April 12, 2014

Here are the articles or web sites that I’ve found this week and linked to on my Delicious Bookmarks:

Digest powered by RSS Digest

April 11, 2014
by Neil Turner
0 comments

Disconnecting from work email

iPhone 4

When I first got my iPhone in 2010, I very quickly set up my three most-used email accounts on it – my personal account at this domain, my Gmail account, and my work email account. Soon, every time I got an email on any of those accounts, no matter what time of day it was, my phone would duly ping me.

At weekends, when going through the unified inbox overview of all three, I’d duly delete the ‘calls for papers’ that various conferences send me (because they assume that anyone who works at a university is an academic) and carefully flagged up the emails that needed action for when I got back in the office on Monday. I thought I was being more productive this way, but actually, all I was doing was spreading what would be a five minute task at work throughout my weekend, when I should be relaxing.

More to the point, it was making it harder to switch off from work, and making checking my personal accounts more difficult as I had to wade through work emails to get to them.

It took until the start of 2012 before I finally decided that this was a silly way to do things. I was off work for two weeks – I’m lucky enough to work for an employer that gives everyone time off between Christmas and New Year, and I had some annual leave in early January. I was getting notifications of work emails, but it would be more than a week until I would be back in the office in order to actually do anything about them. So, I deleted my work email account off my phone.

In the time since, I have kind-of added it back. I use the now abandoned Sparrow client to access my work email on a purely ad-hoc basis, if required, but it’s kept separate from my personal email accounts (in the stock Mail app on my iPhone) and I don’t get notifications for it. So it’s there if I do need to access it – usually if I’m at work but away from the office – but I can’t be disturbed by work emails when I’m not at work.

I’m therefore pleased that, in France, there’s a new labour agreement to stop employees looking at work email after 6pm. France already has a mandatory 35 hour working week, meaning that French employees work shorter hours to improve their work-life balance. This goes further, and helps to prevent employees from doing work-related activities outside work hours.

If you are regularly checking work email when you’re not at work, I would recommend you to stop. It’ll help you disconnect from work and enjoy your free time more. And it often doesn’t save you much time at work either.

April 10, 2014
by Neil Turner
0 comments

Stem my bleeding heart

Screenshot of the heartbleed.com web page

If you read tech news on the internet, then you will have almost certainly come across the Heartbleed bug. As well as being probably the first programming bug to have a logo and brand name, it’s also very serious. It affects, or affected, a significant number of web sites and web services – pretty much anything that used SSL or TLS and the OpenSSL library. This will include many sites using the open source Apache and nginx web servers, which between them account for a majority of web sites.

The Heartbleed bug was in the ‘heartbeat’ component of OpenSSL, and first appeared in a code commit made at around 11pm on New Years Eve 2011 – make of that what you will. The first stable release of OpenSSL with the bug came in March 2012, and it was only fixed relatively recently. It’s therefore estimated that 17% of the world’s web sites may be affected.

If you administer a server that uses OpenSSL, then you’ll need to make sure that you update to the latest version which fixes the bug. But you may also need to revoke your SSL certificates and acquire new ones, and, if you suspect any foul play, do a full security audit. You can check your server using this tool – I’ve verified that this site was never affected.

If you’re just a regular user of the internet, then you may notice that some web sites will have forcibly logged you out. Some may also require you to change your password, and possibly re-connect any third party apps linked to your account. IFTTT emailed me to suggest changing my password, and Pocket has advised its users to do the same. Ironically, so has the web site Should I Change My Password which notifies of data breaches. If you are not already, I would suggest using a password manager such as 1Password, RoboForm, Keypass or LastPass. LastPass users can also find out if any sites they use have been affected by Heartbleed.

Some security experts have suggested that users change all of their passwords, although only once the web sites have implemented their fixes. This may not be necessary and PayPal has said they were not affected by Heartbleed. However, if you’re not using strong, unique passwords for every web site then now may be a good time to do so, regardless of whether sites have been affected or not, and the aforementioned password managers will help you in that regard. A lot of sites will now accept passwords that are more than 20 characters long, with special characters, which should be very, very difficult to crack.

April 9, 2014
by Neil Turner
1 Comment

Farewell, Windows XP

Windows XP Desktop Yesterday saw the release of the last security updates for Windows XP, ending over 12 years of support from Microsoft. XP was the longest-lived of any of the Windows operating systems, and one that I used regularly at home and at work, from late 2001 right up until last summer.

I got to start using Windows XP within a month of its release in the late autumn of 2001. We had it on my parents’ computer, although I set it to dual-boot with Windows 98 – the operating system that came with the computer – as there were a couple of programs that wouldn’t work.

Indeed in the early days compatibility turned out to be a bit of a nightmare. Windows XP was the first operating system in the Windows NT (‘New Technology’, not ‘Neil Turner’, sadly) family to be made available to home consumers – previous NT releases, including Windows 2000, where aimed more at business users. Home users were used to Windows 95, 98 and Me, which had a different architecture. Though XP had the ability to mimic these earlier operating systems, many games refused to run. And you needed new sets of device drivers too, if XP didn’t already come with them.

The computer my parents had just about met the minimum system requirements for Windows XP. It had a 400 MHz AMD K6-2 processor, a 10 gigabyte hard drive and 128 megabytes of RAM, which had been upgraded from 64 MB. 128 MB was the minimum that XP required, which was towards the high side even then.

Underneath, Windows XP wasn’t massively different than the well-received Windows 2000, but the new ‘modern’ interface was controversial with some if I remember correctly. I liked it personally but I know some people used to call it ‘Tellytubby’ or ‘Fisher-Price’ mode. Either way, you could easily switch back to the ‘Classic’ interface if you so wished. Or, if the blue of the so-called ‘Luna’ interface wasn’t to your liking, you could change it to a silver or olive theme, but Microsoft never really bothered to add many other official themes – ‘Royale’ was the only other one I came across and it was never officially released.

One innovation Microsoft introduced with Windows XP was ‘ClearType’, its name for anti-aliased fonts which de-pixelated the text on screen. Except it was off by default and buried away in Control Panel, so most users weren’t aware of it. It wasn’t until Windows Vista followed in 2006 that ClearType would be enabled by default. Apple, on the other hand, enabled anti-aliasing from an early stage on Mac OS X which helped it to look better when compared with Windows at the time.

Early issues with its new interface and compatibility aside, Windows XP has had extraordinary staying power, with a significant number of computers still running it even now. I suppose migration away from XP wasn’t helped by Windows Vista being poorly received – again, high system requirements and poor third-party driver availability gave it a bad name. And Windows 8 has had a flaky introduction, with a poor experience on non-touchscreen devices. It won’t surprise many that Microsoft is planning on re-introducing the Start Menu in a future update. But Windows 7 is a solid operating system which is well-supported and has another six years of updates ahead of it.

So, farewell Windows XP.

April 8, 2014
by Neil Turner
0 comments

How to measure influence on Twitter

My Twitter bio There are a number of sites out there which claim to measure how influential someone is on Twitter, and other social networks. Klout is probably the best known, which gives everyone on Twitter a score out of 100. I’d tell you my score but I opted out in 2011, and, in any case, I get the impression few people bother with Klout anymore anyway.

The problem with using a third-party service like Klout is that it gives you a score, generated using a secret, proprietary algorithm, that is largely meaningless. What would be better is actually looking at individual Twitter accounts yourself, to work out if it’s influential or not. And there are a few things to look for.

1. Has the account been verified by Twitter?

If the account has that magical blue checkmark next to it, then Twitter has verified the account as belonging to whoever it claims to be. This generally means that the person is important, has a reputation that needs to be maintained, and is therefore likely to be influential.

Not all verified accounts are so authoritative though. As I found in November, some verified accounts only have around 100 followers and never tweet, so it’s one factor to be considered, rather than the main indicator.

2. Does it have a large number of followers?

Pretty simple this one – the more people who follow an account, the more likely its messages are able to be amplified. Again, there are limitations here, as any number of shady web sites will sell you Twitter followers. And there are accounts out there with hundreds of thousands of followers that never tweet anything.

3. Is it followed by a large number of verified accounts?

There are some accounts out there with thousands of followers which are not verified. Just being a celebrity isn’t enough, apparently, so some official accounts of well-known and influential people are not verified. But if a lot of verified accounts do follow a particular non-verified account, then that latter account may still be worth paying attention to.

4. Is it retweeted a lot?

When you retweet something, you amplify the message to your followers, who may not already follow that account. If an account has tweets that are regularly retweeted, it’s a sign that the user posts engaging content that his/her followers are happy to share themselves. Therefore, their influence spreads beyond just their own followers.

5. Does the account interact with other accounts?

Broadly speaking, you can put Twitter accounts into two boxes – conversationalists, and broadcasters. I’m mainly a broadcaster – tweeting links, and mostly talking about myself, because I’m a massive narcissist. But others spend more time replying to other accounts, and engaging in a conversation. There’s a lot of overlap, but someone who regularly responds to replies sent to them is more likely to engage with you. This doesn’t necessarily make someone influential, but if they already meet some of the criteria that I mention above, then they may be worth engaging with.

These are just a few things to look out for when trying to find someone who can influence people. If you have a message you want to pass on using social media, such as promoting an event, raising awareness for charity, or just plain marketing – then targeting the correct people can really help.

One final tip is to make sure that the people you are speaking to are relevant to your message. Most Twitter users have some kind of niche, which should be obvious from reading a few tweets (or even just their bio) – ensure that you target the users with similar interests. Not only are they more likely to engage with you, but you’re less likely to get ridiculed for pestering people on social media about something they don’t care about.