Neil Turner's Blog

Blogging about technology and randomness since 2002

April 14, 2014
by Neil Turner
2 Comments

The big post-Heartbleed password change

Screenshot of the heartbleed.com web page

Following last week’s revelations about the Heartbleed bug, I spent quite a bit of time over the weekend changing passwords. Not all of them – I’ve been using this list of affected sites from Mashable – but quite a lot.

At the same time I’ve also taken the opportunity to audit other passwords from non-affected sites. I use 1Password as my password manager, on OS X, Windows and iOS, and it has a ‘Password Audit’ feature that shows weak, old and duplicated passwords. Ashamedly, I had quite a few of all three.

As a reminder, the generally accepted guidelines for strong passwords are as follows:

  1. As long as possible
  2. Using a mixture of lower and uppercase letters, numbers and special characters
  3. Are unique
  4. Avoiding any words that could appear in a dictionary

Using a password manager is therefore a very good idea, as they can usually generate strong passwords that meet those criteria, and offer to remember them for you. I tend to go for 24 character passwords like ’3&yjGJNrE)Up2no8W:iNduYg’, to give an example of one that 1Password has just given me, and there’s no way that I could memorise that. The only passwords I have committed to memory are my 1Password Master Password, for obvious reasons, and my logins for Google, iTunes and Facebook. Whilst they satisfy the first three criteria above, they do use actual words – albeit with numbers and symbols replacing some of the letters – because these are the ones I use the most frequently. They’re still ‘strong’ according to most password meters.

Having said all of that, your passwords also have to fit within the constraints set by the web sites with which you have accounts. Whilst most of the sites I’ve been using have no problem with 24 character passwords, and are happy to accept symbols, not all of them are. Quite a few would only take passwords up to 16 characters, and others won’t accept special characters – or both. In which case, I had to make do with weaker passwords, but at least they’ll be unique.

There are, however, two web sites that were significantly worse than others. hmvdigital doesn’t let users change their password, unless you contact customer services. The worst offender, however is the Intercontinental Hotels Group, who owns the Holiday Inn and Crowne Plaza chains. If you’re in their IHG Rewards scheme – I am, and I have gold membership – then your password is a 4 digit numeric PIN. So there are only 10,000 possible password combinations, which could be cracked within minutes by an average home desktop computer. In 2014, this is horrifying, and for this reason, if you use IHG’s hotels, please don’t store your credit card details with them.

On the other hand, it’s been enlightening seeing which sites have removed my accounts for inactivity. For example, dabs.com have deleted my account, presumably because my last purchase from there was circa 2005. And other sites simply don’t exist anymore.

April 13, 2014
by Neil Turner
0 comments

Kickstarted: Frisky & Mannish’s Pop Education Trilogy

What was it?

The twelth project I backed on Kickstarter was Frisky & Mannish’s Pop Education Trilogy, which sought to edit and post their three tour shows online for everyone to watch.

How much did I pledge?

Just £1.

What did I get?

I didn’t select a reward so I didn’t get anything specific in return for backing the project, but the money raised meant that all three videos are available on YouTube for everyone to watch free of charge.

Christine and I went to see Frisky & Mannish when they came to play in Bradford in September 2012. I’ve been aware of them for a while, after a former housemate shows me some of their videos on YouTube. Essentially they are a cabaret duo who do musical parodies, such as Kate Bash – combining the works of Kate Bush and Kate Nash, and a ‘grime’ re-working of Top of the World by The Carpenters. Though these short videos are good, they are far better live as it’s the interactions between the songs that make them worth watching. So now that they have posted three of their full length shows for all to see, you can see what they’re really like.

At the moment, Frisky & Mannish are on a break, but they are doing a stint at the Edinburgh Fringe Festival this summer. Hopefully this will lead to another tour – either way, if you have the chance to see them, please do, as we had a really good time.

April 12, 2014
by Neil Turner
0 comments

Links from Delicious for April 12, 2014

Here are the articles or web sites that I’ve found this week and linked to on my Delicious Bookmarks:

Digest powered by RSS Digest

April 11, 2014
by Neil Turner
0 comments

Disconnecting from work email

iPhone 4

When I first got my iPhone in 2010, I very quickly set up my three most-used email accounts on it – my personal account at this domain, my Gmail account, and my work email account. Soon, every time I got an email on any of those accounts, no matter what time of day it was, my phone would duly ping me.

At weekends, when going through the unified inbox overview of all three, I’d duly delete the ‘calls for papers’ that various conferences send me (because they assume that anyone who works at a university is an academic) and carefully flagged up the emails that needed action for when I got back in the office on Monday. I thought I was being more productive this way, but actually, all I was doing was spreading what would be a five minute task at work throughout my weekend, when I should be relaxing.

More to the point, it was making it harder to switch off from work, and making checking my personal accounts more difficult as I had to wade through work emails to get to them.

It took until the start of 2012 before I finally decided that this was a silly way to do things. I was off work for two weeks – I’m lucky enough to work for an employer that gives everyone time off between Christmas and New Year, and I had some annual leave in early January. I was getting notifications of work emails, but it would be more than a week until I would be back in the office in order to actually do anything about them. So, I deleted my work email account off my phone.

In the time since, I have kind-of added it back. I use the now abandoned Sparrow client to access my work email on a purely ad-hoc basis, if required, but it’s kept separate from my personal email accounts (in the stock Mail app on my iPhone) and I don’t get notifications for it. So it’s there if I do need to access it – usually if I’m at work but away from the office – but I can’t be disturbed by work emails when I’m not at work.

I’m therefore pleased that, in France, there’s a new labour agreement to stop employees looking at work email after 6pm. France already has a mandatory 35 hour working week, meaning that French employees work shorter hours to improve their work-life balance. This goes further, and helps to prevent employees from doing work-related activities outside work hours.

If you are regularly checking work email when you’re not at work, I would recommend you to stop. It’ll help you disconnect from work and enjoy your free time more. And it often doesn’t save you much time at work either.

April 10, 2014
by Neil Turner
0 comments

Stem my bleeding heart

Screenshot of the heartbleed.com web page

If you read tech news on the internet, then you will have almost certainly come across the Heartbleed bug. As well as being probably the first programming bug to have a logo and brand name, it’s also very serious. It affects, or affected, a significant number of web sites and web services – pretty much anything that used SSL or TLS and the OpenSSL library. This will include many sites using the open source Apache and nginx web servers, which between them account for a majority of web sites.

The Heartbleed bug was in the ‘heartbeat’ component of OpenSSL, and first appeared in a code commit made at around 11pm on New Years Eve 2011 – make of that what you will. The first stable release of OpenSSL with the bug came in March 2012, and it was only fixed relatively recently. It’s therefore estimated that 17% of the world’s web sites may be affected.

If you administer a server that uses OpenSSL, then you’ll need to make sure that you update to the latest version which fixes the bug. But you may also need to revoke your SSL certificates and acquire new ones, and, if you suspect any foul play, do a full security audit. You can check your server using this tool – I’ve verified that this site was never affected.

If you’re just a regular user of the internet, then you may notice that some web sites will have forcibly logged you out. Some may also require you to change your password, and possibly re-connect any third party apps linked to your account. IFTTT emailed me to suggest changing my password, and Pocket has advised its users to do the same. Ironically, so has the web site Should I Change My Password which notifies of data breaches. If you are not already, I would suggest using a password manager such as 1Password, RoboForm, Keypass or LastPass. LastPass users can also find out if any sites they use have been affected by Heartbleed.

Some security experts have suggested that users change all of their passwords, although only once the web sites have implemented their fixes. This may not be necessary and PayPal has said they were not affected by Heartbleed. However, if you’re not using strong, unique passwords for every web site then now may be a good time to do so, regardless of whether sites have been affected or not, and the aforementioned password managers will help you in that regard. A lot of sites will now accept passwords that are more than 20 characters long, with special characters, which should be very, very difficult to crack.

April 9, 2014
by Neil Turner
1 Comment

Farewell, Windows XP

Windows XP Desktop Yesterday saw the release of the last security updates for Windows XP, ending over 12 years of support from Microsoft. XP was the longest-lived of any of the Windows operating systems, and one that I used regularly at home and at work, from late 2001 right up until last summer.

I got to start using Windows XP within a month of its release in the late autumn of 2001. We had it on my parents’ computer, although I set it to dual-boot with Windows 98 – the operating system that came with the computer – as there were a couple of programs that wouldn’t work.

Indeed in the early days compatibility turned out to be a bit of a nightmare. Windows XP was the first operating system in the Windows NT (‘New Technology’, not ‘Neil Turner’, sadly) family to be made available to home consumers – previous NT releases, including Windows 2000, where aimed more at business users. Home users were used to Windows 95, 98 and Me, which had a different architecture. Though XP had the ability to mimic these earlier operating systems, many games refused to run. And you needed new sets of device drivers too, if XP didn’t already come with them.

The computer my parents had just about met the minimum system requirements for Windows XP. It had a 400 MHz AMD K6-2 processor, a 10 gigabyte hard drive and 128 megabytes of RAM, which had been upgraded from 64 MB. 128 MB was the minimum that XP required, which was towards the high side even then.

Underneath, Windows XP wasn’t massively different than the well-received Windows 2000, but the new ‘modern’ interface was controversial with some if I remember correctly. I liked it personally but I know some people used to call it ‘Tellytubby’ or ‘Fisher-Price’ mode. Either way, you could easily switch back to the ‘Classic’ interface if you so wished. Or, if the blue of the so-called ‘Luna’ interface wasn’t to your liking, you could change it to a silver or olive theme, but Microsoft never really bothered to add many other official themes – ‘Royale’ was the only other one I came across and it was never officially released.

One innovation Microsoft introduced with Windows XP was ‘ClearType’, its name for anti-aliased fonts which de-pixelated the text on screen. Except it was off by default and buried away in Control Panel, so most users weren’t aware of it. It wasn’t until Windows Vista followed in 2006 that ClearType would be enabled by default. Apple, on the other hand, enabled anti-aliasing from an early stage on Mac OS X which helped it to look better when compared with Windows at the time.

Early issues with its new interface and compatibility aside, Windows XP has had extraordinary staying power, with a significant number of computers still running it even now. I suppose migration away from XP wasn’t helped by Windows Vista being poorly received – again, high system requirements and poor third-party driver availability gave it a bad name. And Windows 8 has had a flaky introduction, with a poor experience on non-touchscreen devices. It won’t surprise many that Microsoft is planning on re-introducing the Start Menu in a future update. But Windows 7 is a solid operating system which is well-supported and has another six years of updates ahead of it.

So, farewell Windows XP.

April 8, 2014
by Neil Turner
0 comments

How to measure influence on Twitter

My Twitter bio There are a number of sites out there which claim to measure how influential someone is on Twitter, and other social networks. Klout is probably the best known, which gives everyone on Twitter a score out of 100. I’d tell you my score but I opted out in 2011, and, in any case, I get the impression few people bother with Klout anymore anyway.

The problem with using a third-party service like Klout is that it gives you a score, generated using a secret, proprietary algorithm, that is largely meaningless. What would be better is actually looking at individual Twitter accounts yourself, to work out if it’s influential or not. And there are a few things to look for.

1. Has the account been verified by Twitter?

If the account has that magical blue checkmark next to it, then Twitter has verified the account as belonging to whoever it claims to be. This generally means that the person is important, has a reputation that needs to be maintained, and is therefore likely to be influential.

Not all verified accounts are so authoritative though. As I found in November, some verified accounts only have around 100 followers and never tweet, so it’s one factor to be considered, rather than the main indicator.

2. Does it have a large number of followers?

Pretty simple this one – the more people who follow an account, the more likely its messages are able to be amplified. Again, there are limitations here, as any number of shady web sites will sell you Twitter followers. And there are accounts out there with hundreds of thousands of followers that never tweet anything.

3. Is it followed by a large number of verified accounts?

There are some accounts out there with thousands of followers which are not verified. Just being a celebrity isn’t enough, apparently, so some official accounts of well-known and influential people are not verified. But if a lot of verified accounts do follow a particular non-verified account, then that latter account may still be worth paying attention to.

4. Is it retweeted a lot?

When you retweet something, you amplify the message to your followers, who may not already follow that account. If an account has tweets that are regularly retweeted, it’s a sign that the user posts engaging content that his/her followers are happy to share themselves. Therefore, their influence spreads beyond just their own followers.

5. Does the account interact with other accounts?

Broadly speaking, you can put Twitter accounts into two boxes – conversationalists, and broadcasters. I’m mainly a broadcaster – tweeting links, and mostly talking about myself, because I’m a massive narcissist. But others spend more time replying to other accounts, and engaging in a conversation. There’s a lot of overlap, but someone who regularly responds to replies sent to them is more likely to engage with you. This doesn’t necessarily make someone influential, but if they already meet some of the criteria that I mention above, then they may be worth engaging with.

These are just a few things to look out for when trying to find someone who can influence people. If you have a message you want to pass on using social media, such as promoting an event, raising awareness for charity, or just plain marketing – then targeting the correct people can really help.

One final tip is to make sure that the people you are speaking to are relevant to your message. Most Twitter users have some kind of niche, which should be obvious from reading a few tweets (or even just their bio) – ensure that you target the users with similar interests. Not only are they more likely to engage with you, but you’re less likely to get ridiculed for pestering people on social media about something they don’t care about.

April 7, 2014
by Neil Turner
0 comments

Office 365 University

Office 365

Over the weekend I bought a copy of Microsoft Office for the first time. In the past, I’ve managed with either what’s been pre-loaded on new computers, or, since I got my own computer, OpenOffice or its variants.

But now Microsoft offers Office 365 University. For £60, you get to use Microsoft Office on two computers, and an unlimited number of mobile devices, for four years. The catch being that you need to be a full-time student, or a member of staff at university. Thankfully, the latter is true in my case. Continue Reading →

April 6, 2014
by Neil Turner
0 comments

Kickstarted: Greedy Wizards

Oooh, my copy of Greedy Wizards has arrived. Backed on Kickstarter a few weeks ago.

What was it?

The eleventh project I backed on Kickstarter was Greedy Wizards, a two-player card game about two wizards who battle over who gets to eat a delicious cake.

How much did I pledge?

£9 – again, one of the higher pledges that I’ve made.

What did I get?

I got the above-pictured copy of the game, which is a special edition only available to backers (although I don’t think the game itself is any different, just the cover) and a pin badge.

The project flew past its original goal of £1750, ultimately raising nearly £8000 – almost four and a half times more than planned. Pleasingly the people behind the project were able to get things going very quickly and so my pack of cards was dispatched within a few weeks of the end of the funding period.

At this point, I would tell you what it’s like to play the game, seeing as I’ve had it for four months now. Indeed, the fact that I had not yet played the game was part of the inspiration for writing this series of blog posts about projects that I have backed on Kickstarter, as by writing about these projects I would force myself to make use of the things I had received in return. And one of the reasons why I backed this particular project was that it was a two-player game that Christine and I could play against each other – games such as Munchkin, which we also own, require a minimum of three players.

But, as you have probably gathered, we haven’t got around to playing it – and this is partly why this blog post is being posted so late on a Sunday night, as I was hoping that we would get time to play it. Alas, things conspired against us and we didn’t get time. On the other hand, when we do get around to playing it, it’ll give me something else to write about.

If you’re interested in purchasing your own copy of Greedy Wizards, then at the moment you’re out of luck. The official web site states that the game will be on general sale, probably on Amazon, ‘soon’, but when that will actually be remains to be seen as it’s not there right now.

April 5, 2014
by Neil Turner
0 comments

Links from Delicious for April 5, 2014

Here are the articles or web sites that I’ve found this week and linked to on my Delicious Bookmarks:

Digest powered by RSS Digest