Wednesday, June 30, 2010

A quite hackable poll

A while ago I wrote about how to fraudulently vote on the BCS Pioneers poll. At the time I noticed that a very small number of votes were necessary to swing the poll.

Today, the result is out and Alan Turing has won with 39.5% of the vote. Hurrah! (Although it would have been a travesty if any of the other four pioneers had trumped Turing).

But the most interesting thing is that BCS has revealed the total number of votes. They say that 9,500 people voted. That's tiny, and shows why vote fraud would have been possible (and why I saw that automatic voting worked so well). Taking the percentages given by BCS we can get to actual vote counts for each Pioneer: Alan Turing 39.2% (3,439 votes), Sir Clive Sinclair 19% (1,805), Sir Tim Berners-Lee 16.5% (1,567), Hedy Lamarr 15.1% (1,434) and Ada Lovelace 10.2% (969).

So between Turing and Sinclair there are 1,634 votes. So, suppose you wanted to fraudulently put Sir Clive in first place. If you restricted your voting to UK working hours (to make the votes look probable), used a number (12 on the following list) of UK based proxies (to fool vote geolocation), and choose to swing the vote over a week you'd need to add one vote every 1.5 minutes. So a nice slow running script could do that work for you. No need to pound the server and set off any alarms.

This also explains why Hedy Lamarr managed to run up to the top so quickly. Even without automated voting the total number of votes was so low that a good campaign on social media (such as Twitter or Facebook) could have easily pushed her into top position. After all, she only got 1,434 in total.

Tuesday, June 29, 2010

The iGlove

iPhone 4 reception troubles getting you down? Don't know quite how to hold it?

Can't bring yourself to adulterate your magical device with a rubber bumper?

Stop! The solution is here!

jgc.org introduces the iGlove. Made from 100% latex with an ergonomic tip-hole for use with the touch sensitive Retina display, the iGlove prevents those annoying skin conductivity problems without spoiling your iPhone 4.


iGlove is available in the following colors: cream. New! Left-handed iGlove now available.

And at just $19.99 plus shipping and handling for a box of three iGloves you'll be getting four bars wherever you are (and however you hold it).

Also works with iPhone 3G and 3Gs: if you can't afford an iPhone 4 at least you can look the part with an iGlove.

Monday, June 28, 2010

Archive of my NewsTilt stories

Over the weekend I was informed that NewsTilt is going into hibernation. The site may stay up but it looks like the NewsTilt party is over.

So, here's an archive of everything that I wrote for them (for posterity):

Calendar Geeks

It all began in a British pub when a slightly tipsy nerd admitted a crush on a well known scientist. The confession unleashed admissions of nerd-longing from all present. One lady geek even admitted having a thing for 18th century scientist Sir Humprhy Davy (she said later it was because of his "pouty lips").

Not only did Davy discover sodium, potassium, calcium, magnesium, barium, and boron and invent the Davy lamp, he was a celebrity. Such was the popularity of his lectures at the Royal Institution in Albemarle Street in London that the street was the first in the city to be made one way to help control the crowds arriving to hear him talk.

As the pub night wore on a joke about making a pin-up calendar of British geeks turned into a serious suggestion to create a calendar of inspirational scientists and thinkers pictured in their natural habitat.

The calendar is no longer a joke. A collection of British geeks has been chosen, and photoshoots have begun. And the calendar now has a cause: reform of Britain's libel laws.

Libel reform is something of a British nerd cause célèbre. Great Britain's libel laws make it easy for plaintiffs to accuse scientists of libel to silence criticism. British nerds Simon Singh and Ben Goldacre have been the subject of libel accusations. Both were overturned, but required enormous effort on Singh and Goldacre's parts to defend themselves.

Singh was sued by the British Chiropractic Association over an article that appeared in The Guardian newspaper. Singh had stated that certain treatments offered by chiropractors were ineffective (he used the word 'bogus'). Eventually the court agreed that Singh's statement were factual.

Goldacre was sued after writing in The Guardian about the activities of vitamin pill manufacturer Matthaias Rath. In South Africa, Rath heavily promoted vitamin pills and supplements as effective against AIDS while denouncing AIDS treatments. Rath eventually withdrew his case.

Britain's libel laws are so strong that it's possible to obtain a super-injunction which prevents the accused party from speaking about the fact that they are being accused of libel.

Singh and Goldacre are likely candidates for the proposed 'Geek Calendar' which will be published for the 2010-2011 academic year. All proceeds from the calendar will go towards supporting efforts to change Britain's libel laws. In addition, an exhibition of the calendar's photographs is planned before the calendar launch.

The three-person team behind the calendar all work in science communication in the UK. Mun-Keat Looi is a science writer at the Wellcome Trust, Louise Crane is a picture researcher and works on special projects at the Wellcome Trust. Ringleader, Alice Bell has a PhD in science communication and lectures at Imperial College, London.

The full calendar line up is yet unconfirmed, but British nerds that are definitely appearing in the calendar include: Adam Rutherford, an editor of the journal Nature, author Alex Bellos, "stand-up mathematician" Matt Parker, scientist TV presenter Kat Akingbade, astrobiologist Lewis Dartnell and Imran Khan, Director of the Campaign for Science and Engineering.

The one thing that Bell is adamant about is that the geeks' clothes are going to be staying on: "No one wants to see a scientist wearing nothing but a lab coat".

Project Gutenberg shines on the iPad

I'm sitting on a London bus that's making its way up Sloane Street on its way to the historic central district of Mayfair where Lords and Ladies once entertained. I glance up from reading The Picture of Dorian Gray as I pass the Cadogan Hotel where the book's author, Oscar Wilde, was arrested in 1895.

As the bus trundles along I return to the glowing screen of an Apple iPad where, in Wilde's story, Lord Henry Wotton is entertaining in his Mayfair home.

I obtained the copy of Dorian Gray for free using Apple's iBooks application; Apple in turn obtained the text from an almost 40 year old project to scan books that are no longer under copyright called Project Gutenberg.

Project Gutenberg was started in 1971 by American Michael S. Hart when, on July 4, he sat at a mainframe terminal at the University of Illinois and typed in the US Declaration of Independence with the goal of making it available in electronic form. He sent messages to everyone he could, and his machine readable Declaration of Independence was downloaded six times.

Although storage space was tight, he didn't stop there. He worked his way through the vital documents of the US revolution including the Bill of Rights and finally the full Constitution, putting them all 'on line' for the few inhabitants of nascent cyberspace to read, take and exchange.

Hart's idea was that since the texts were in the public domain they would have the greatest utility if they were converted to an electronic form that could be exchanged and copied at will. He chose to use the most basic text language of computers at the time, ASCII.

ASCII, the American Standard Code for Information Interchange, is a collection of 128 characters, of which 33 are so-called control characters like 'new line', that contains the English alphabet in upper and lowercase and common punctuation characters.

It has since been superseded by Unicode, which allows all the world's characters to be written on computers. But even Unicode is backwards-compatible with ASCII. Ancient, in computer terms, texts written in ASCII are readable on any computer worldwide today.

What Hart was aiming for was a format that could be freely exchanged as widely as possible without restriction.

Within a couple of years storage space on computers had grown large enough for him to tackle typing in an entire book: he choose to begin this mammoth task with The King James Bible.

And then, book by book, Hart typed in the complete texts of more books, including the complete works of Shakespeare, Alice's Adventures in Wonderland and Peter Pan. His goal was to digitize books that were no longer protected by copyright. In total he typed in 313 books working alone.

He called his book digitizing task Project Gutenberg and when the web was born Hart could harness the distributed power of the network and volunteers at the other side of web browsers worldwide to digitize more and more books.

Today, Project Gutenberg contains about 30,000 texts in a variety of languages (although most, over 27,000, are in English). Because of Hart's choice of ASCII as the underlying format these books are readily converted to the exotic formats needed by ebook readers such as the Amazon Kindle or Apple iBooks application.

A quick look at the Project Gutenberg web site shows that the top 15 recent downloads are for Alice's Adventures in Wonderland, Pride and Prejudice, Manners, Customs, and Dress During the Middle Ages and During the Renaissance Period, The Adventures of Sherlock Holmes, The Kama Sutra of Vatsyayana, Adventures of Huckleberry Finn, The Outline of Science, Vol. 1 (of 4), Illustrated History of Furniture, Ulysses, Symbolic Logic, History of the United States, Myths and Legends of Ancient Greece and Rome, Dracula, The Adventures of Tom Sawyer and Frankenstein.

The vagaries of copyright law mean that Project Gutenberg is stuffed with classics. If you're like me, you may well have heard of, but never read, many of them. Apple also decided to include many of the titles directly in the iBooks application. So there's no need to go directly to Project Gutenberg itself and download the books, just fire up iBooks and select Free Books.

Before you know it you'll be sitting back and reading H. G. Wells' Time Machine courtesy of a volunteer who either scanned or typed in the entire book. Just be careful not to think of that person as a Morlock toiling away on the laborious book digitizing task or you'll be facing the Eloi's fate.

Starbucks is not a coffee shop

Throughout a week long trip to the US recently I repeatedly heard people organizing business meeting rendezvous say "There's a Starbucks close by". And during that week I passed through Starbucks on average two to three times per day.

And yet, Starbucks coffee is horrible. It's a weak, watery concoction served in bucket sized cups. And, in the US, is accompanied by the most sugary, fatty snacks possible.

But my US week made me realize that you're not supposed to drink the coffee: a Starbucks Grande Skim Latte is not a drink, it's an entrance fee to a private club. What you're being sold is a token that gets you a seat.

And the food, similarly, shouldn't be eaten. Search Starbucks' web site for foods low in fat and they'll suggest such delights as the Reduced-Fat Cinnamon Swirl Coffee Cake (340 Calories), the Reduced-Fat Banana Chocolate Chip Coffee Cake (390 Calories). Sure, you could have a Plain Bagel (300 Calories).

I would tell you which items are low in sugar or low in calories, but Starbucks' "Health & Wellness" menu page only has search options for low fat, low sodium, high fiber or high protein.

Starbucks' stated mission is to

>inspire and nurture the human spirit – one person, one cup and one neighborhood at a time.

Interestingly there's nothing about the quality of the actual coffee in their statement, and they go further when speaking about their coffee without mentioning making it actually taste good:

> It has always been, and will always be, about quality. We’re passionate about ethically sourcing the finest coffee beans, roasting them with great care, and improving the lives of people who grow them. We care deeply about all of this; our work is never done.

In fact, Starbucks all but admits my interpretation of their mission with the paragraph:

> It’s not unusual to see people coming to Starbucks to chat, meet up or even work. We’re a neighborhood gathering place, a part of the daily routine – and we couldn’t be happier about it. Get to know us and you’ll see: we are so much more than what we brew.

What Starbucks is actually offering is a consistent experience with a high density of stores. Their 2009 Annual Report states that there are 6,764 Starbucks in the US. With most of these in urban areas that equates to one Starbucks every 13 square miles.

In some areas the Starbucks density is incredibly high. From my office in London there are 159 Starbucks within a five mile radius. Similar densities are seen across the UK and US in major cities. In Silicon Valley the Starbucks web site will only let me view their locations in chunks of 50. Such density guarantees that there'll be a Starbucks close to wherever your next business meeting is about to take place.

And as a chain, Starbucks can guarantee a uniform experience. That uniformity, much hated by advocates of the 'real' local coffee shop experience, is a boon for the traveling businessman because it's a guarantee of a place to sit and wireless Internet access that works. Starbucks' locations are always warm and quiet enough for a business call.

The Starbucks logo, prominently displayed on every location, means that when rushing between meetings the nearest one can be spotted with ease. And if you can't find one just by looking there's always the myStarbucks iPhone App to point you in the right direction.

Once you're in a Starbucks you simply have to pay the entrance fee to turn it into an instant meeting place. You probably won't drink the entire coffee you order, I know I almost never do, but it's the warm, comforting token that tells you that you've arrived in the uniform, quasi-welcoming place that's just around the corner.

It's the sort of lowest common denominator, cookie cutter experience that won't spoil your business day with such ignominies as something a bit... different, or local, or unusual.

Ah, the happiness of conformity.

Thanks, Starbucks. I'll have a Tall Nonfat Latte to go.

Wikipedia trumps Britannica

While researching the history of places appearing in my book, The Geek Atlas, I used a lot of different resources.

For example, the Nobel Foundation makes the text of its prize winners' speeches available for free as PDFs. There's nothing like being able to read the actual words of a Nobel Prize winner to be sure that you've gone to a primary source (such as Ernest Walton's lecture on atom splitting).

Another great historical archive is the complete text of the New York Times. Here it's possible to find accounts of historical events such as the funeral of Nikola Tesla.

The National Register of Historic Places in the US is very helpful because it not only lists places that are of scientific interest, it provides access to the digitized forms filled in when adding a place to the register.

These forms contain a written record of why the site is historic and are utterly fascinating. While researching the Horn Antenna where the Big Bang was confirmed I was able to read the application for entry on the register which contains historical information about its significance.

NASA's Jet Propulsion Laboratory and other NASA locations have great web sites detailing the science behind rocket propulsion, flight and other technologies. NASA's Glenn Research Center has an entire microsite dedicated to explaining rocket physics. The JPL has a good site for understanding astronomy.

To get to the bottom of some topics in physics there's the amazing HyperPhysics web site from Georgia State University. The site contains tons of information about physics topics. If you are interested in understanding bremsstrahlung radiation and its role in producing X-rays then HyperPhysics is a great starting point.

But the most useful resource was Wikipedia.

At the start of writing the book I bought myself a subscription to Encyclopedia Britannica because I was worried that Wikipedia might be inaccurate.

What I discovered was that Wikipedia trumps Britanncia all the time because its articles are in more depth and provide better references. And the site design means that Wikipedia is easily navigable and focuses on the content, whereas Britannica's site assaults the eyes with distractions.

Initially, I'd find myself double-checking facts on Wikipedia by looking in Britannica. I'd read that Boltzmann died on September 5, 1906 on Wikipedia and jump to Britannica to check the date.

After weeks of doing this I realized that Britannica wasn't helping. Any errors I found on Wikipedia were because I was reading original source material (see for example this correction).

And more often than not I was finding original source material via Wikipedia. Because Wikipedia has a policy of linking to reliable sources it turned out to be a wonderful starting point for research.

Britannica, on the other hand, appears to view its role as being the reliable source. Because it is edited and managed, part of its brand is reliability. This leads to a sort of self-sufficiency which contrasts with Wikipedia's need to prove its reliability constantly.

The beauty of being forced to prove reliability is the wealth of third-party links provided by Wikipedia. For example, when reading about the Miller-Urey Experiment you'll find a link to Miller's 1953 paper describing the experiment.

If you search for "Miller Urey Experiment" on Britannica the best you'll find is a short (248 words) article about Stanley Miller that mentions the experiment. There are no links to external web sites concerning the experiment, and no references to material such as academic papers.

So Wikipedia's supposed 'unreliability' actually plays to enhance its reliability and usefulness because it's forced to continuously declare where a particular fact was found. At the same time Britannica is a walled garden of truth.

After a few weeks I canceled my Britannica subscription and worked solely with Wikipedia as a starting point for research. I never relied on Wikipedia as the sole source of information, but it was always a marvelous spring board to get me started.

The richness of Wikipedia trumped the hallowed reliability of Britannica.

The Facebook Cull

Last night I went through my Facebook friends and unfriended (defriended?) three-quarters of them. I didn't do it out of spite; I did it in an effort to separate my private, professional and public selves. With Facebook, LinkedIn and Twitter all providing social networks it was clear that the overlap between them was unnecessary and harmful.

So I pared Facebook back to actual friends and my family. In doing so I deleted 100 acquaintances, colleagues, people I'd met at conferences, friends of friends and fans of The Geek Atlas. It was a surprisingly hard thing to do, but now I'm left with 35 people that I actually know: people I'd actually talk to in the real world.

Facebook makes it surprisingly hard to unfriend someone. To do so you must go to your friend list and one by one click through to each person's profile. On the bottom left of the profile you'll find a "Remove from friends" link which asks for confirmation. Then it's back to the list to find another one.

But now I'm down to the lucky 35, I can speak more freely about my personal life. Details of my family, my travels and my thoughts that were too sensitive to broadcast to just anyone are now fair game. Even if you're not worried about a burglar
monitoring your Facebook postings to find out when you're on holiday, there's still something uncomfortable about details of family life being broadcast to people you barely know.

And as Facebook starts to expand to place its like buttons on third party sites you'll be creating a surprising trail of private information which any of those so called friends could read.

Before unfriending I sent out an apologetic note to everyone stating:

> I have removed all non-real-friends and family from Facebook. Decided to make a Facebook/LinkedIn distinction. Sorry to the people I have unfriended, feel free to follow me on Twitter or link up with me on LinkedIn.

Once the non-friends were gone I posted:

> If you are reading this it's because you survived my Facebook friend cull.

A surprising number of people replied "Phew!", leaving me wonder how many people that I cut felt offended.

The upside of my cull is that the Facebook News Feed is now filled with news and comments from and about people I care about. And I'm not sure I've lost anything because both Twitter and LinkedIn provide news feed functionality for other types of relationships.

Twitter is fully public. What I say there is broadcast to anyone who cares to follow me. I am free to follow others without any implication of a relationship. There I can say things that I wouldn't mind peopling repeating. In fact, I hope that people are retweeting what I have to say.

Over on LinkedIn any professional relationships I have can be maintained. There's even the LinkedIn Updates feed that keeps me abreast of professional moves and changes amongst my former colleagues and business partners. And being LinkedIn with some has no implication of actual friendship.

This split, Facebook for personal and private, LinkedIn for professional and Twitter for public, seems like the perfect cut. Of course, some people appear on the friend list of each of these services, but for the most part the friend lists are separate. And that's likely healthy: if everyone who I thought of as a friend was actually a former or current colleague, or if they hung on my every word on Twitter then it would likely be a sign of misplaced emotion.

Perhaps it's time you did your own Facebook cull and cut back to just the people you care about. The only remaining problem is that Facebook never forgets any email addresses you gave it in the past and will continue to present you to relative strangers as someone to friend.

You'll just have to resist those new non-friend friend requests.

The Silence of the Planes

Trace a dumbbell shape lying east-west from Heathrow Airport and you'll find the places most disturbed by the world's busiest airport's noise. Under that fallen figure eight are some of London's most desirable days out. With no planes flying overhead, now is the time to rush to them and see what they would have been like before the jet engine.

Heathrow's noise blights such delights as Windsor Castle and Windsor Great Park, Kew Gardens, Richmond Park, the London Wetland Centre and the house at Osterley Park. But with the Icelandic volcano keeping Heathrow Airport shut it's possible to visit all these locations in peace.

The two locations hardest hit by aircraft noise are the Queen's residence at Windsor Castle and the Royal Botanical Gardens at Kew. It's probably no wonder that the Queen only spends a month a year at Windsor (she spends the rest of her time at Balmoral in Scotland, Buckingham Palace and the peace of Sandringham).

Most of the time aircraft arriving at Heathrow descend over Kew Gardens drowning out the sound of the wildlife that lives at one of the greatest botanical gardens in the world. Departing aircraft shoot straight over the top of Windsor Castle and its grounds.

But this past weekend the British sun was finally shining and the aircraft that invade the skies around Heathrow were grounded. It was the perfect time to visit either location. Perhaps Windsor and Kew will see a silver lining in the ash cloud as visitor numbers jump. And with the arrival of spring Kew is a particularly hot destination as the flowers are blooming while the planes aren't booming.

If you don't make it to Windsor or Kew then places slightly off the flight path where aircraft turn for the final line up are similarly quiet. The only noise this weekend in Windsor Great Park, the 5,000 acre deer park kept by the royal family, was the clip clop of horses hooves: a carriage driving trial was underway.

Apart from a light aircraft that flew slowly by, you would have been forgiven for believing that neither the aircraft nor the motor car had been invented.

On the other side of Heathrow there's yet another royal park: Richmond Park where wildlife are in abundance. Not far from Richmond is the home at Osterley Park. The house is owned by the National Trust which has announced that visitors to Britain who are stranded by the ash can get free entry to any of their sites just by showing their passport and ticket. Osterley makes a perfect spot to wait for your flight to be cleared: it's just minutes from Heathrow.

And finally you can hear the bird song at the London Wetland Centre where 100 acres of old reservoirs have been turned into a reserve for wild birds who are finally getting a bit sleep undisturbed by man-made birds coming in to land.

Ode to the Number 11 Bus

If you're visiting London, stop before you spend £50 ($76) on a sightseeing tour and consider taking a bus used by Londoners to get to work. It might not sound like the best idea for an out of town visitor, but at £1.20 ($1.80) per person a trip along the 7 miles of the number 11 bus route will let you see the sights in true London double-decker bus style.

The number 11 is an ordinary red London bus with two decks, known locally as a Routemaster, that traverses London approximately east to west (and back again) cutting through the heart of the city. From its upper deck many of London's most famous sights are clearly visible. And if you're visiting London and buy a Visitor Oyster Card pass you can hop on and off along the route.

The best place to begin a number 11 tour is Liverpool Street Station. Liverpool Street is one of London's marvellous Victorian cast-iron railway stations and its proximity to the financial heart of London, The City, means that during rush hour it is bustling with people commuting from the east of England.

The 11 starts its journey passing through the heart of financial London and then taking visitors past St. Paul's Cathedral. One of the stops, Bank, is named after the nearby Bank of England whose museum includes an exhibit allowing visitors to try to pick up a gold bar. After that it passes along Fleet Street, the traditional and spritual home of Britain's newspapers.

The next sightseeing stop is Trafalgar Square with Nelson's Column in the middle and tourist-attracting lions guarding the column's base. Turning the corner visitors see Admiralty Arch, the gateway to The Mall leading to Buckingham Palace and the Horse Guards where the Household Cavalry that protect the British monarch are based.

Passing down Whitehall the gated entrance to the home of Britain's Prime Minister, Downing Street, is visible and it's possible to hop off and take a look at this tiny, short street where the PM lives at number 10 next door to the Chancellor of the Exchequer, Britain's finance minister.

Back on the bus the 11 takes you straight to the seat of government: Westminster. Stopping here visitors can see the Houses of Parliament and Big Ben. Just across the river is a newer attraction: the giant London Eye ferris wheel which affords a magnificent view of central London (once you'd braved the queue). Next to the London Eye is the newly opened London Aquarium.

The bus then passes Westminster Abbey, where royal weddings and coronations occur, and Westminster Cathedral, Britain's most important Catholic church; between the two there's a stop for New Scotland Yard. Another major railway station stop is Victoria where visitors can hop off and make the short walk to Buckingham Palace and the parks that surround it.

After Victora the bus passes into some of the best, high-end shopping in London as it stops at Sloane Square and then follows the King's Road into tony Chelsea. At the end of its journey the 11 drops visitors at Fulham Broadway where it's a short walk to the home of Chelsea Football Club: Stamford Bridge.

And if you haven't seen enough on that trip hop on a number 14 at Fulham Broadway and it'll bring you back to central London via a different route that takes in The Science Museum, Natural History Museum and Victoria and Albert Museum. The 14 then passes by Harrods and heads to Piccadilly Circus. For art lovers, just before Piccadilly there's a stop right outside the Royal Academy and opposite the department store Fortnum and Mason.

The number 11 (and 14) runs every day of the week skipping only Christmas and Boxing days. It takes a little over an hour to trundle a visitor across London in either direction. For the best experience avoid the rush hour times when the traffic is heaviest and the bus at its fullest. That isn't hard since the bus runs from 5am to gone midnight giving you the chance to see the city by day or night.

Of course, you won't benefit from a running commentary of what you're seeing (apart from the automatic announcements highlighting the next stop along the route), but you will soak up the conversations of Londoners going about their daily business.

The best view from a London double decker bus is found by sitting right at the front where the enormous front and side windows provide almost unimpeded views of the city. The best way to get around is with an Oyster card. These 'touch and go' cards are available across the city and make bus riding a cash-free affair (and they work on the underground and some trains).

Finally, Transport for London, the authority that handles all of London's public transport, provides a tourist map of bus routes that's available for download, as a one page PDF, here.

Long Haul Heaven

For many people the thought of a long haul flight is enough to fill them with dread and loathing. They loathe the indignities of airport security, the stale food and staler air, the cramped seats and cramped conversation. But I love a good long haul from London to San Francisco, or Miama to Buenos Aires. I love it because when I step onto a 747, an L-1011 or an A340, I'm entering my mile-high monastery.

Passengers boarding long distance flights are like monks leaving the everyday world for a special place free from its distractions. Your boarding pass is the ticket to a different way of life which values chastity (well, mostly), limited conversation, a fantastic view of the natural world, and plenty of time for reflection. It is, perhaps, this last aspect of flying that makes it so hard when traveling without friends or family: you are forced for hours on end to be alone with yourself.

But it's this aspect I enjoy the most. There I sit in an uncomfortable seat forced to pare my life down to the few possessions I can fit into a small bag. And what a joy it is to spend 11 hours being waited on, and only interrupted by the calls of nature of a seat-mate (calls from my mobile phone having been safely excluded by a flick of the 'airplane mode' switch).

Each airline, like a monastic order, has its own rituals and victuals. The Benedictines are the source of the herbal liquor that bears their name, while British Airways has its steaming jugs of tea. Air France serves plenty of excellent bread to passengers of all classes. And if you tip toe into American Airlines First Class you'll see motherly flight attendants serving hot milk and chocolate cookies to little boys who've grown into aging business men but who regress when sleepy.

Underlying these differences are common rites that every frequent flyer knows well: how to don the life jacket in the event of a 'water landing', the rigidly timed arrival of sparingly small meals and drinks, and the occasional reminder, from a higher power, that this little aluminium tube is subject to the whims of Mother Nature or God (you choose to whom you prescribe turbulent shaking).

It's perhaps thoughts of death that make arriving such a relief. Freed of the tiny seat, stifled conversation and polluted air, passengers become agited to escape the aircraft and find themselves on terra firma once again. Many an airline passenger will have empathized with Pope John Paul II's habit of kissing the tarmac on arrival.

But don't be so hasty to arrive; remember to savor being up in the air. There's plenty to do.

Flying for hours provides the perfect opportunity to read (the dawn of electronic books means that I can carry aboard more books than I could ever read), to sleep without consequence (no spouse to wonder why I'm sleeping, no child to wake me up), and to think. Above all (and above all), to think and dream. To think of work and hobbies, and dream of loved ones--long lost and present.

But my idyllic monastic life is threatened. Although telephones have been available on aircraft for years, they are poor quality, expensive and receiving incoming calls was hard. But now technology means that the phone and the Internet may invade my private economy seat space. O, how I wish it were not so!

The telephone is, after all, one of the rudest inventions of the modern world. A ringing phone demands attention, it must be answered quickly. The heart rate quickens and a mad scramble begins to find the darn thing before the ringing stops.

Of course, in flight Internet will be useful. When working I'll be able to use the world wide reference book to help me, but it also brings the incessant tide of email and instant messages. And so my thinking, sleeping, reading, writing, pondering time will be interrupted by the demands of work and loved ones.

What we need is a new social norm. And it comes in the form of sleep and a little white lie. Passengers must take control of their in flight time by quietly informing bosses, colleagues, spouses and parents that they plan to 'catch up on a little sleep' on the flight over. Then leave your mobile phone switched off, your email unopened and your instant messenger dormant. You'll be free to do as you please.

And in your haste to be uninterrupted you might actually nod off.

The missing element in travel: science

Here in the northern hemisphere spring has arrived and with it better weather and thoughts of summer vacation. While most people are probably thinking about a holiday of sand, sea and sun, I'm thinking about science. For years I've combined travel and science and packed many of my favorite destinations into my book, The Geek Atlas.

Science and summer might not seem like the ideal combination, but there's no need to switch your brain off while taking time off. There are lots of science-related destinations that are worth visiting and fun for all the family. Why not fit one of the following suggestions into your travel plans?

Here are seven places from The Geek Atlas covering the US, the UK and France. If this whets your appetite you'll find 128 worldwide locations in my book.

#### 1. Goldstone Deep Space Communications Complex, Fort Irwin, CA

More than 30 years ago, NASA launched the Voyager 1 probe, which continues to phone home from the edge of the solar system. Our own ET's call gets answered at Fort Irwin. The rugged landscape here, which was used to train Apollo astronauts, is dotted with massive dishes that hunt for faint signals from distant space probes in order to receive pictures and information about our solar system.

Goldstone offers free tours during the week that must be booked in advance. There's a museum detailing the science and history of deep-space communication and a guided tour (for which you'll need your car) of the site and its dishes.

#### 2. Very Large Array, Socorro, NM

In western New Mexico, in the middle of an empty plain, sit 27 radio telescopes that work together to study distant galaxies, stars, quasars, and pulsars by examining their radio transmissions. The Very Large Array of dishes are mounted on railway tracks arranged in a Y shape with 21-kilometer-long branches. By mathematically combining data from all 27 radio telescopes, the array acts as if it were a single dish 36 kilometers across.

When you arrive at the Very Large Array, the first place to go is the visitor center, where a short video introduces radio astronomy and the technique used to reconstruct a radio image from multiple dishes (interferometry). A fun experiment for children involves a pair of dishes facing each other, whisper into one dish, and the whisper is clearly heard in the other. The Very Large Array welcomes photographers, but remember to turn off your cell phone‚ the antennas are very sensitive and even a small phone can interfere with them.

#### 3. Atomic Testing Museum, Las Vegas, NV

In the 1950s, Las Vegas was the place to go to watch a nuclear test. At the nearby Nevada testing site more than 1,000 nuclear bombs were exploded, and the few tests that were not performed below ground were visible from the Las Vegas strip. And Vegas hasn't forgotten its part in nuclear history. There's a museum explaining the process and technology of nuclear testing.

This being Vegas, there's also an entertainment element, with a nuclear-blast simulator in which you can live the experience of being close to an explosion. The Ground Zero Theater sits you in a bunker observing a test blast, complete with sounds, shaking and shock wave.

#### 4. Gateway Arch, St. Louis, MO

The Gateway Arch in St. Louis, Missouri, stands at 192 meters, and is the tallest monument in the U.S. It was opened in 1967, and the view from the top is spectacular. The top is reached by riding in small five-person trams that travel up the legs of the arch to the observation deck at the top. While you're up there, you can contemplate the perfect shape of the arch‚ it's a catenary.

Even though the arch is man-made, there's something natural-looking about it, because a catenary is a shape made simply by the force of gravity. Take a short piece of rope (or string, or a necklace of uniform thickness) and hold one end in each hand. With your hands level, the rope falls into a graceful curve under its own weight pulled down by gravity. That shape is a catenary. The Gateway Arch has the same shape, albeit inverted.

#### 5. Experimental Breeder Reactor No. 1 - EBR-1, Arco, ID

Think of Idaho, and potatoes are more likely to come to mind than nuclear reactors. However, the Idaho National Laboratory (INL), created in 1949, covers 2,300 square kilometers and has the largest concentration of nuclear reactors in the world: more than 50 reactors have been built on the site. One of those reactors is the Experimental Breeder Reactor No. 1 (or EBR-1), the first nuclear reactor to produce electricity.

Smack dab in the parking lot of EBR-1 are two nuclear aircraft engines, looking like something a mad scientist dreamed up. The U.S. government originally built the two reactors as an energy source for modified jet engines. The plan was to build an aircraft that could fly longer and farther without needing to refuel. Such an aircraft would be able to quickly fly anywhere in the world from a safe base inside the U.S. At least, that was the plan.

#### 6. Down House, Downe, England

Down House, Charles Darwin's home from 1842 until his death in 1882, sits on seven hectares of greenery and greenhouses. After his years of travel on HMS Beagle, Darwin married and settled with his family at Downe, where he continued his studies surrounded by a garden filled with plants for observation and experimentation. It was here that he wrote his masterpiece On the Origin of Species by Means of Natural Selection.

Darwin built a circular sandy path in 1846, and used it daily for walking and thinking (Figure 43-1). He called it his 'thinking path' and walked around it counting circuits by using a pile of stones. Strolling in the shade of the path's trees today, it's not hard to imagine Darwin taking a daily constitutional and pondering natural selection surrounded by his own nature collection.

#### 7. The Arago Medallions, Paris, France

If you need an excuse to visit Paris, then take a trip to the Paris Meridian. Today, all maps use the Prime Meridian at Greenwich in London as zero degrees of longitude, but before an international agreement settled on London, most countries took a north-south line (a meridian) running through their capital as their zero degrees.

The French celebrate their meridian with 135 bronze medallions set into the Parisian streets and pavements. Outside the Paris Observatory, you'll find a statue of François Arago. Arago was the director of the observatory, and at his feet is a bronze medallion bearing his surname and the letters N and S. Follow the north direction and you'll walk through the observatory, through the Jardin du Luxembourg, across the Seine, then right through the centre of the Louvre courtyard.

---

Some of these locations are unsuitable for young children; as always, please check with your chosen destination before setting out.

Please stop using the -gate suffix

Wikipedia has a page listing scandals that have been named using the suffix -gate. There's Camillagate, Fajitagate, Kanyegate, two Spygates, three Strippergates and 132 more. With 140 -gates recognized by Wikipedia it's time to retire this overused and misleading suffix.

The original scandal, Watergate, that bred the -gating of everything from the Prince of Wales' relationship with Camilla Parker-Bowles to Kanye West's interruption of Taylor Swift at the 2009 MTV Video Music Awards was an actual scandal, not a piece of media enhanced tut-tutting dressed to look important with its -gate ending.

In 1972 five men broke into the US Democratic National Committee headquarters at the Watergate Complex in Washington, DC. The men were arrested and along with two others they were indicted. The burglaries at Watergate were used to photograph documents and place bugs. Using information gathered from the Democratic party it was hoped that the then President, Richard Nixon, would be in a better position to be re-elected.

Ultimately, Richard Nixon was forced to resign when it became clear that he had attempted to cover up the burglaries. Nixon kept tape recordings of his own conversations in the White House. On one tape he is heard discussing getting the FBI to stop investigating what happened at the Watergate complex.

Now, that's a scandal worth a -gate suffix. It's a Watergategate if you like. The sitting US President is forced to resign after conspiring to obstruct justice.

Very few of the Wikipedia listed -gates comes close to that level of scandal.

For example, in 1991 votes for the British Academy of Film and Television Arts (BAFTA) awards were allegedly incorrectly counted resulting in a surprise winner for Best Drama Serial. That's hardly worthy of a -gate, yet it's known as BAFTAgate.

In Nannygate US actor Ron Lowe's nanny sued him for alleged sexual harassment. In Nipplegate singer Janet Jackson's nipple was accidentally shown on television during the half-time show of Super Bowl XXXVIII. And during the 2002 Winter Olympics Skategate rocked the figure skating world when the gold medal for pair figure skating was awarded to two couples jointly.

None of these scandals come close to the progenitor of the -gate suffix.

A scandal that does come close to Watergate is Irangate (also known as the Iran-Contra Affair) in which US President Ronald Reagan arranged the sale of weapons to Iran (despite an arms embargo) and used some of the money to fund operations by the Nicaraguan guerrilla group the Contras against the communist government of Nicaragua.

The real problem with the -gating of scandals is that in doing so an air of authenticity and gravitas is added to the scandal. Recently, emails sent between scientists working on climate change prediction were published and their contents quickly spawned a -gate: Climategate.

By creating or promoting the word Climategate "climate skeptics" are playing a political game of attempting to make the public believe that the release of emails from the University of East Anglia's Climatic Research Unit is an incident to a Watergate-level scandal. It's not.

Another problem with -gate is that the Watergate scandal ended after a detailed investigation by the FBI, the US Congress, and the Washington Post. Very few of today's -gates are named after painstaking investigation, in fact the -gate suffix is rolled out at the first whiff of scandal.

Worse, by adding -gate a scandal may itself be created from an insignificant situation where no important scandal actually exists. In Flakegate British TV presenter Anthea Turner's wedding photographs were used to promote a new chocolate bar.

The -gate suffix has become such a political tool, and so overused, that it needs to be retired. Like the boy crying wolf, it should almost always be ignored.

Don't even get me started thinking about Tigergate. Comparing golfer Tiger Woods' infidelity with Nixon's obstruction of justice means that the -gate suffix has become debased and makes Watergate look like a minor scandal rather than a shocking indictment of the criminal behavior of a US president.

On Geeks and Gays

In 2009 I led a campaign for a government apology for the prosecution of British mathematician Alan Turing. Turing was gay at a time when homosexuality was illegal. He was tried for 'indecent acts' and sentenced to either prison or injections of female hormones to 'cure' him. He chose to avoid prison and accept treatment. He died a few years later in his early 40s by biting into a cyanide-laced apple.

My campaign was successful. On September 10, 2009, after tens of thousands had signed a petition to the UK government, British Prime Minister issued an unnuanced apology. I achieved my aim and Alan Turing's name rang out from every newspaper and news programme in the country.

Throughout the campaign two questions seemed to linger in people's minds: "Are you gay?" and "What's driving you to do this?". When I received Gordon Brown's telephone call that September evening he thanked me and described me as having been "very brave".

Did Gordon Brown think I was gay? Did he assume, and did others assume, that only a gay man would campaign in print, on radio and on television for this cause?

While the campaign was happening I thought little about these questions because I was focused (or perhaps obsessed) with achieving my aim. The question of my sexuality only came up once when I was asked a question on a live radio programme as if I was a representative of the gay community. I 'came out' as straight that night.

But after the hubbub had died down I was surprised to learn of the number of people who didn't realize that I could be straight and yet have the drive to stand up and be counted for a long dead gay man. The only real inkling of this during the campaign was hate mail I received describing my future torment in hell as I would be punished as "a fag" deserved.

But ignoring people whose hateful beliefs drove them to insult me (mostly via email), many cooler heads fell into the gay-trap of assuming that only a gay man would do what I had done.

And so I asked myself why I had stuck my neck out in public for a man who died before I was born. The answer is two-fold: because Alan Turing's treatment was wrong and because as a geek I empathized with the idea that being different from some societal norm brings enormous pain.

Now, of course, I can hardly compare the treatment meted out as I was growing up to Alan Turing's dishonorable prosecution and persecution. But there was too much in Alan Turing's story to ignore it forever. And every year around his birthday I had been saddened by this unclosed chapter of British history.

When I was a teenager at school I definitely did not fit in. I had glasses, was awkward, brainy, wore the school uniform because I had no idea what else to wear, and suffered insults from my classmates. One of these was the frequent and common slander "poof" (which is probably the closest thing to the American term "fag").

I was either ignored, or verbally abused, or physically assaulted. In one attack two boys pinned me down and asked me the incongruous question: "Do you prefer music or art?". "Art" after all was something only a poof would like.

I have never forgotten the cruelty of the teenagers around me, it has been a silent fire within.

After school I studied mathematics, computer science and cryptography. In each of these areas Alan Turing had an enormous impact and the more I understood what he had done and what had been done to him, the more angry it made me. Finally in 2009 I could contain that anger no longer and vented my frustration on my blog arguing that Britain should apologize for Turing's treatment.

The blog post begat the petition which begat the apology.

But there's a larger reason to fight for Turing than my personal story: Alan Turing's treatment was simply wrong. There's nothing more to it than that. We should not single people out because we don't like the way they choose to run their own lives.

Many of those people who wrongly assumed I was gay would probably be surprised to learn that I campaigned for Alan Turing despite having my own discomfort with homosexuality. I don't have clear thoughts about whether gay marriage or civil partnerships are better; I'm conflicted about whether gay couples should be allowed to adopt.

But my own feelings are different from what's actually ethical and moral. And so I fought for a principle that was right.

Ultimately, Alan Turing can even help us navigate such difficult questions. In thinking about artificial intelligence, Turing described a way of determining whether a machine could think. This is now known as the Turing Test.

In the test a human judge attempts to determine which of two entities is a machine and which a human. The two subjects of the test are hidden away from the judge who can only communicate through a computer by typing and receiving responses. If the judge cannot distinguish between the two, the machine is deemed intelligent.

The Turing Test is fundamentally about stripping away prejudice (the prejudice that the judge may believe a machine cannot think) and reducing a situation to its essence. By screening the judge from the subjects, prejudice is screened out and the truth emerges.

And in seeking the truth, I know I am not immune from needing to apply the Turing Test in my daily life. I am, after all, only human.

Friday, June 25, 2010

An interview with me about The Geek Atlas

This appeared on CNET this week:

Last week, Graham-Cumming took 45 minutes out of his schedule to sit down and talk over instant message with me about the book, his approach to traveling as a geek, and why his shyness didn't stop him from getting the British government to apologize for its terrible treatment of the famous scientist Alan Turing.

Q: Welcome to 45 Minutes on IM. How did you come up with the idea for the "Geek Atlas"?

John Graham-Cumming: I came up with the idea while working in Munich when I visited the Deutsches Museum. I had never heard of it, and I discovered it's a fantastic science museum that clearly rivals places like the Science Museum in London and the Air and Space Museum in Washington, D.C. I thought to myself: someone must have written a travel book for nerds. A Lonely Planet for Scientists. I really wanted it because I was embarrassed that I didn't know about the Deutsches Museum. That evening I made a list of places I'd been around the world and came up with about 70. From that, the idea of the "Geek Atlas" was born.

Read the rest here.

The greatest hotel socket collection... ever

So, here I am in the ITC Royal Gardenia in Bangalore and I'm impressed. Sure the hotel is world class, the weather is fantastic, the people are great, the food is delicious, but it's the sockets that are pleasing me. Check out this socket collection in my hotel room:


From left to right you've got composite video plus stereo audio, S-video, a VGA connector and PC audio and an HDMI connector. All of these go to the TV in the room (which is a large flat screen). Bring your own video/audio device and you can plug it in.

But it's the power that impresses me most.

First, there's a 5V power socket in the form of a USB socket. It's happily recharging my iPhone right now. Next up there's a multi-country power socket supplying 220V but accepting British, Indian, European and US plug shapes. (Yes, I tried them all).

Update. Some people have asked about data networking. There was an Ethernet and a WiFi hot spot. Both with a 1Mbps net connection.

What's wrong with Flash Cookies?

Flash Cookies (which are officially known as Local Shared Object storage) are similar in intent to better known HTTP Cookies. They are used to store information on a web user's computer so that from web browsing session to session the user's identity can be tracked.

As with ordinary cookies, Flash Cookies can be used for useful things (remembering who you are so you don't have to log in each time on web sites you commonly use) to annoying things (such as tracking your surfing habits to spy on you for commercial purposes by aggregating information from site-to-site).

Flash Cookies exist because regular HTTP cookies are limited in size; Flash Cookies are larger and provide more storage for applications written in Flash.

Unlike ordinary cookies, Flash Cookies are largely unknown to the surfing public and very hard to control. Here's a list of bad things about Flash Cookies.

1. Flash Cookies are hard to delete

All the major web browsers have control for regular HTTP cookies built in. In contrast, none of them provide control of Flash Cookies. That's a pity since we know that people delete their HTTP cookies very regularly. If you want to delete them then you need to visit this page on Adobe.com.

2. Flash Cookies are not kept private by browser 'private browsing' modes

Since Flash Cookies exist outside the browser (they are part of Flash, not the browser) they are not controlled by browser 'private' modes. Typically, in private modes any HTTP cookies set by web sites visited will be removed at the end of the browsing session. Not so, with Flash Cookies. The Flash system does not know about private browsing and will keep any cookies created during the private session.

This means that if, for example, you use the private mode to browse pornography even though your history and cookies will be protected, the Flash Cookies will give you away. Adobe announced last month that a new version of the Flash player would respect these modes.

3. Flash Cookies leak information from browser to browser

Flash Cookies are controlled by Flash, not by your browser. That means that if you have multiple browsers on your computer the Flash Cookies will be the same across all of them. If you browse a site that uses Flash Cookies in Internet Explorer and then open the site in Firefox you'll have the same Flash Cookies underneath.

4. Flash Cookies bring deleted HTTP Cookies back from the dead

Since Flash Cookies are so persistent (see #1), they are used by lots and lots of web sites. And one use it to recreate ordinary HTTP cookies. Suppose you visit my web site. I could set an HTTP cookie to track your visit and a Flash Cookie at the same time. If you subsequently clear the HTTP cookie my site could look in the Flash Cookie to find out the value of the HTTP cookie and reset it. Doing so makes cookie clearing in your browser useless.

5. Flash Cookies don't self-destruct

Ordinary HTTP cookies have an expiry date/time associated with them so that even if you don't delete them they'll get removed by your browser after a certain amount of time. And there are session cookies that persist just for one web browsing session. In contrast, Flash Cookies are eternal. Unless the Flash application itself decides to delete a cookie it's created, it will persist forever on your machine.

6. Flash Cookies are everywhere

Last year it was reported that 54% of the top 100 web sites are using Flash Cookies. My research says that that number continues to increase.

7. Flash Cookies circumvent 'third-party cookie' controls

Because Flash Cookies are beyond browser control they circumvent third-party HTTP cookie controls. Many browsers allow users to accept first-party cookies (cookies created by the site they are visiting; these can be useful for automatic login and remembering your preferences), but to refuse third-party cookies (which are used by things like Google Analytics or advertising agencies to track your web browsing habits).

This isn't possible with Flash Cookies: they are beyond the browser's control.

Wednesday, June 23, 2010

Lots of domains are using crackable DKIM RSA keys

Whoops. The other day I posted that Facebook's DKIM RSA key should be crackable.

They are not alone.

Jim Fenton has done an analysis of keys seen in the wild

Tribute to Alan Turing by a Second World War WREN

The following letter and poem was received by Bletchley Park. It was written by a WREN who working on the Turing Bombe. The poem was composed shortly after the Alan Turing apology petition was successful.

You'll find it here.

UI editing is a professional job

Once, while living in France, I decided it would be fun to go to a British pantomime put on at Christmas by a bunch of expats living in the area. Big mistake. The pantomime lasted for over three, excruciating hours. Like many amateur productions the wrong level of editing had been applied: the sets, costumes and dialog were great (apart from a few of the jokes), but none of the scenes had been cut.

The same sort of misguided editing happens with user interfaces all the time. The plague of any software product is the moment when non-experts in user interface design get to look at the UI. They instantly start copy-editing: they make small changes throughout the interface that locally are important (and might bring some consistency to the interface if carried through completely, or might wreak havoc instead). But they typically have neither the total overview of the product, nor the sheer will, to make the large changes necessary in a consistent fashion that will result in great UI.

This sort of ill-informed editing is a nightmare because...

1. Easy to see and change for personal preference

User interfaces are literally what people see when using your product, and so they are the first thing that people criticize. And a large part of their criticism is based on personal preference, not an informed opinion about what will make the product most successful.

For example, I like my terminal windows to look like this.


This is largely because when I started using terminals (after the line printer interface was replaced), they looked like that. So, it's a personal preference. But I'm a relatively old person when it comes to using computers. I wonder how many other people would want bright green on a black background. So, enforcing my choice as a default would likely be the wrong thing to do.

The same personal preference problem appears repeatedly when designing user interfaces, because it's hard for people to distinguish between something that's simply to their liking, and something that's likely to work for their users.

2. Informed only by single user experience

A related problem is that it's common for people to say 'well, that's how I would use the product'. Unless that person's goals are aligned with your customers', the way they are editing the interface is likely to be for their particular use (or flow) through the UI and not for the one your customers will actually follow.

The best way around this is to test with many users, by watching multiple users work through problems they need to solve with the user interface (even if the problems are simple things like "Add a person to the address book") you will be informed about their expectations and problems. A single user experience, and especially one from someone already familiar with the product, is likely to be off by some error factor.

3. No global view of the product itself

Also, it's easy to start editing part of a user interface without taking into account the effects of the edit on the overall product itself. Retaining consistency in both look and feel are vital, but even more important is maintaining consistency in how the application matches and guides user expectations.

Users will spend time exploring your application and it's as important to get the 'spelling' and 'syntax' of your application correct, as it is to get the 'grammar'. Badly designed applications often have different grammars in different places: at one point your application is flowing like an English sentence and the next you're speaking German. Maintaining this global view is very hard, and usually overlooked when people start editing a user interface.

Finally...

One of the worst things you can hear when working on user interfaces is the classic disagreement breaker: let's make it an option. If you're brave enough the response should be: let's not. What happens is person X's feature is not liked by N% of the team (including the UX expert), but to appease person X the feature is added to Preferences (or worse Advanced Preferences). What you end up with is a cockpit user interface with every button under the sun. Except in the cockpit those buttons are actually needed!

Flickr user virtualpilot88

This, of course, is an area where Apple shines. Sure, my iPhone can't do X and Y, but it doesn't matter: I use my iPhone non-stop. I use all its functionality, and the functionality it has has been game changing for me.

The difficulty in building an "Apple" experience is that you need a single person who has the UX experience and the will power to drive through the design necessary, and, above all, to say "No, we're not doing that".

What you need is what my expat pantomime didn't have: a professional (UX) director.

Tuesday, June 22, 2010

Duodecimal

My paternal grandfather enjoyed doing arithmetic using base-12. That's perhaps not surprising, he was an engineer, and he lived at a time when Britain used £sd. The British currency was pounds, which consisted of 20 shillings each containing 12 pence.

And the number 12 pops up all over the place: between noon and midnight there are 12 hours, 12 months in a year, 12 signs of the zodiac, a dozen is used as a common measure of eggs, there are 12 inches in a foot, ...

He referred to base-12 as duodecimal. At school I had to learn the times table up to 12 x 12. And the English language even has special words for 11 and 12.

Part of the reason that 12 is such as nice number is that it has a lot of factors: 2, 3, 4 and 6. Compare that to just 2 and 5 for 10 (as in base-10). With lots of factors numbers that are common expressed as multiples of 12 have easy to calculate 1/2s, 1/3s, 1/4s and 1/6s.

To use duodecimal you 'simply' add two symbols for 10 and 11: for example, you could use A and B and so you'd count like this: 1, 2, 3, 4, 5, 6, 7, 8, 9, A B, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 1A, 1B, 20, ... There 10 is the number we usually call 12.

It's possible that my grandfather was influenced by the 1935 book New Numbers: How Acceptance of a Duodecimal Base Would Simplify Mathematics, part of that book appeared in the Atlantic Monthly under the title An Excursion into Numbers.

Although it's unlikely that duodecimal will replace decimal in everyday use, especially since metric is used in place of imperial weights and measures across the world, and since the British pound was decimalized in 1971, other non-decimal base systems are in common use.

Computers use base-2 (binary), and programmers often use base-16 (hexadecimal). Vestiges of another computer base, base-8 (octal), still remain: aircraft transponder codes are four digit octal codes.

The BBC needs to fix its "Most Popular Stories Now"

Here's a quick snapshot I took moments ago:


And here are the dates of those stories:

1. 21 February 2010

2. 15 June 2010

3. 19 February 2008

4. 5 November 2009

5. 18 April 2006

So, two stories from 2010, one from 2009, one from 2008 and one from 2006. I'm sure that the BBC is doing the ranking correctly. People undoubtedly are sharing those stories. But how useful is this list?

The final story Blair defends higher GP salaries is four years old. It dates to when the Labour Party was in power and to when Tony Blair was Prime Minister. But what's the relevance today?

The story Feeling grumpy 'is good for you' has in recent weeks appeared many times here. Sure, it's a reasonable story, but do we need to see it all the time?

I suspect that the BBC's algorithm is taking into account just raw share numbers and social networking effects are pushing up these stories to the top 5.

A better default would be the "Read" tab not the "Shared". It reflects current news much better.

Monday, June 21, 2010

The Elevator Button Problem

User interface design is hard. It's hard because people perceive apparently simple things very differently. For example, take a look at this interface to an elevator:


From flickr


Now imagine the following situation. You are on the third floor of this building and you wish to go to the tenth. The elevator is on the fifth floor and there's an indicator that tells you where it is. Which button do you press?

Most people probably say: "press up" since they want to go up. Not long ago I watched someone do the opposite and questioned them about their behavior. They said: "well the elevator is on the fifth floor and I am on the third, so I want it to come down to me".

Much can be learnt about the design of user interfaces by considering this, apparently, simple interface. If you think about the elevator button problem you'll find that something so simple has hidden depths. How do people learn about elevator calling? What's the right amount of information to present to people? Do people need to know where the elevator is, or just that it's coming? Are up and down buttons necessary? What about having a single call button?

1. I don't know how I learnt that the correct thing to do was press the button indicating the direction I wished to travel. It's sort of elevator folk wisdom. Somehow you learn through experience or an elder passing on the knowledge. I've never actually seen an elevator with instructions. Have you?

So, it's quite natural that some people won't have learnt the user interface of an elevator. If you're designing a user interface it's worth stopping and pondering the things you assume 'everyone knows' about it.

2. The information about the current floor the elevator is on actually presents a problem for the caller. It's additional information that the person I interrogated assumed was needed to make a decision. Sometimes extraneous information takes on an importance all of its own. Here the user was assuming that you needed to know where the elevator was.

Actually all you need to know is that the elevator system has responded to your request and an elevator is coming.

3. Another oddity is that you call the elevator with up and down buttons (indicating a travel preference) and then get in the elevator and press a button. There's nothing to stop you contradicting yourself by indicating a different direction of travel. Which makes you wonder why you had to indicate the direction in the first place.

Typically, you have to tell the elevator your direction because an arriving elevator may already have people in it who have already instructed it to go to a certain floor. Thus the elevator is going up or down. If you register your request then the elevator can tell you whether it can meet that request.

One interface optimization would be to replace the up and down with a single call button. Passing elevators would stop and indicate which direction they were traveling. This simplifies the interface while placing a burden on the system which will perform wasteful stops for people who want to travel in the opposite direction. Here's where UI and internal system dynamics trade-off. A UI decision might actually make the system less efficient.

PS Of course, you can do away with buttons altogether and just have a Paternoster. I used to love riding in one in the engineering building in Oxford.

Sunday, June 20, 2010

A final reply about awarding a Knighthood to Alan Turing

Last October I posted the reply I received from Buckingham Palace in response to a letter I wrote to Her Majesty The Queen suggesting a Knighthood for Alan Turing.

The Palace had forwarded by letter to the Cabinet Office. Here's their reply:


I'm not sure what this has to do with sport (which the letter highlights), but I suspect there's some confusion because I didn't write to them on March 12 about a Knighthood (that was on the separate matter of honoring Turing at the 2012 Olympics).

Nevertheless, I'm not going to push any more for the Knighthood.

Friday, June 18, 2010

Facebook's DKIM RSA key should be crackable

If Facebook sends you a mail they will sign it using DKIM. Here are the headers from a mail I received the other day:

DKIM-Signature: v=1; a=rsa-sha1; d=facebookmail.com; s=q1-2009b;
c=relaxed/relaxed;
q=dns/txt; [email protected]; t=1276438946;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=Yn52UpOukFZwR3a9mIx7vzTOepw=;
b=RGMm2Lp2Jms1yLuanKsEhSfSLpXQ15Y9RaGb0KgzWfGqcnEFUeQlhazkJXuT0+Nh
3iNqMAfwE6TvLQmiv55YUA==;

The signature itself is the b field (RGMm2Lp2Jms1yLuanKsEhSfSLpXQ15Y9RaGb0KgzWfGqcnEFUeQlhazkJXuT0+Nh
3iNqMAfwE6TvLQmiv55YUA==
). The a field tells you the algorithm used (in this case, it's RSA/SHA1). The d field tells you the domain of the entity that signed the mail, and the s field tells you which key you need to retrieve (q1-2009b).

So, let's go get that key (the q field tells you that this can be retrieved by a DNS TXT query):

$ dig -ttxt q1-2009b._domainkey.facebookmail.com

; <<>> DiG 9.4.3-P3 <<>> -ttxt q1-2009b._domainkey.facebookmail.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19407
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 3

;; QUESTION SECTION:
;q1-2009b._domainkey.facebookmail.com. IN TXT

;; ANSWER SECTION:
q1-2009b._domainkey.facebookmail.com. 434 IN TXT "k=rsa\; t=s\; p=MFwwDQYJKo
ZIhvcNAQEBBQADSwAwSAJBAKrBYvYESXSgiYzKNufh9WG8cktn2yrmdqGs9uz8VL6Mz44
GuX8xJAQjpmPObe6p2vfTMWeztKEudwY6ei7UcZMCAwEAAQ=="

The answer section gives the actual key. It's an RSA public key, so let's turn that into a file that OpenSSL can handle:

-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrBYvYESXSgiYzKNufh9WG8cktn2yr
mdqGs9uz8VL6Mz44GuX8xJAQjpmPObe6p2vfTMWeztKEudwY6ei7UcZMCAwEAA
Q==
-----END PUBLIC KEY-----

Feed that file to OpenSSL and we can find out information about it.

$ openssl rsa -noout -text -pubin < facebook.key
Modulus (512 bit):
00:aa:c1:62:f6:04:49:74:a0:89:8c:ca:36:e7:e1:
f5:61:bc:72:4b:67:db:2a:e6:76:a1:ac:f6:ec:fc:
54:be:8c:cf:8e:06:b9:7f:31:24:04:23:a6:63:ce:
6d:ee:a9:da:f7:d3:31:67:b3:b4:a1:2e:77:06:3a:
7a:2e:d4:71:93
Exponent: 65537 (0x10001)

So, Facebook is using an 512-bit RSA key. Wikipedia says: "Keys of 512 bits have been shown to be practically breakable in 1999 when RSA-155 was factored by using several hundred computers and are now factored in a few weeks using common hardware."

Aside: that modulus is a 154 digit number. Good old pexpr can dump it in decimal for you:

$ ./pexpr 0x00aac162f6044974a0898cca36e7e1f561bc724b67db2ae6
76a1acf6ecfc54be8ccf8e06b97f31240423a663ce6deea9daf7d33167b3
b4a12e77063a7a2ed47193

8943186814115303114568660480537979564493722038302983441617064
6773160165001660444316004226000197630872797343250751845439313
40226281950481206150316967621011

Of course, the RSA modulus there is the product of two prime numbers and quite hard to factor. But there are techniques that can be used to break keys like that fairly fast. The General Number Field Sieve is widely used and there's a nice open source implementation called GGNFS for those that want to try.

Some months ago I started an 8 core Mac Pro machine at work on breaking this key. It ran for 70 days non-stop and was close to a break when I had to use the machine for something else.

If I can do that, pretty much anyone can. And those people will be able to forge mail from Facebook. Facebook has a simple solution, of course, just change the key length. And if you are using 512-bit RSA keys in your DKIM implementation, please stop.

PS The owner of a spam botnet could factor keys like that very quickly. Imagine having a few thousand machines that can be used for key factoring.

PPS I actually got interested in breaking DKIM keys when I read about the TI calculator break which was a break of a 512 bit RSA key done in 73 days.

Update: I received mail from Facebook indicating that they are taking this seriously and will switch for 1,024 bit keys.

Thursday, June 17, 2010

Your last name contains invalid characters

My last name is "Graham-Cumming". But here's a typical form response when I enter it:


Does the web site have any idea how rude it is to claim that my last name contains invalid characters? Clearly not. What they actually meant is: our web site will not accept that hyphen in your last name. But do they say that? No, of course not. They decide to shove in my face the claim that there's something wrong with my name.

There's nothing wrong with my name, just as there's nothing wrong with someone whose first name is Jean-Marie, or someone whose last name is O'Reilly.

What is wrong is that way this is being handled. If the system can't cope with non-letters and spaces it needs to say that. How about the following error message:

Our system is unable to process last names that contain non-letters, please replace them with spaces.

Don't blame me for having a last name that your system doesn't like, whose fault is that? Saying "Your last name contains invalid characters" is plain offensive. And I'm quite used to the situation that computer systems don't like the hyphen. On every flight I've ever been on I've been JOHN GRAHAMCUMMING.

The first time this happened the woman at the check-in counter did not say (in a robotic voice): "Your last name contains invalid characters", she actually said "I'm sorry, our system can't accept the hyphen". Fair enough.

So, form designers: stop blaming the user for your inadequacies.

PS Would accepting the hyphen actually destroy your database?

AOL sort of gets this right, although it claims it'll accepts numbers in a last name which, in fact, it won't:


Yahoo oddly believes that I don't know how to type my own name and decides to lowercase the C in Cumming. It's willing to accept the hyphen but not that I know who I am.



PPS Think of it this way; if I'm entering my name I'm probably signing up for your service. Do you really want part of my sign-up experience to be that you tell me that my name is invalid?

Tuesday, June 15, 2010

10:10 Code FAQ

Yesterday's post about my 10:10 code idea resulted in quite a lot of comments. Here are answers to common questions.

1. What about using both lower- and upper-case?

I could but that makes it a lot more fiddly to enter on a device since you are having to change between upper and lowercase. Using just uppercase is consistent and easy to enter (think most GPS device keyboards).

2. Take into account that at higher latitudes, longitude need not be encoded as accurately.

I agree that it would be possible to project onto a map projection to change this, and it would provide some improvement. The advantage of the system as proposed is simplicity. It gives gives 11.1m of accuracy at the equator and 7.1m of accuracy at 50 degrees of latitude (either north of south).

3. Don't combine latitude and longitude. Keep them separate, with a space in between.

The 10:10 code isn't meant to be interpreted by a human, it has a specific purpose for entry into mapping devices. There are plenty of other codes that allow comparison easily.

4. Hey Nice Idea man.. But I propose either to use alphabets only or remove some confusing (look a likes )LIke: (1 and I,l),(0,o,O),(B,8),(b,6)

The solution to this is mostly not to change the alphabet. As I originally wrote the solution is for systems that accept these codes to be permissive. For example, I don't have L or I in the alphabet, I also don't have 0 and O. So a system can interpret user input. Example: user enters O when they meant 0. The system just transforms it to 0. I agree that B and 8 might cause some confusion, but there is the check digit in there to spot those errors.

5. Do you have decoding code?

Yes, I will release this shortly in a nice, tested version that everyone can play with.

6. What are the licensing conditions?

The idea, the source code, the algorithm are all placed into the public domain. I would prefer that this get adopted widely to make everyone's lives better. I reserve the right to trademark "10:10 Code". The greatest reward for me would be people saying: "Ah, so you're the guy who invented that".

7. Why restrict yourself to 10 digits?

The idea is that 10 digits are a fairly common quantity for people to type. For example, a standard US phone number is 10 digits (e.g. (415) 555 1234). I write the 10:10 codes in a 3:3:4 form, e.g. R5T 3ED J9VW.

Monday, June 14, 2010

The 10:10 Code

Four years ago I wrote about a way to encode the latitude and longitude of any point on the Earth's surface to 10m of accuracy with a 10 character code. Apart from a modification to the way the check digit is calculated, the code remains unchanged.

The idea is this: instead of giving people addresses, or coordinates, you can give them something like a post code for any point on the Earth's surface. This can then be entered into a GPS device and decoded. Thus a business can provide its 10:10 code and know that people will be able to find it.

I was reminded of this, this weekend when I took the Eurotunnel to France. On their web site they say:


Now those latitude and longitude values are very hard to enter, and, although in the UK post codes are pretty accurate, they are not universal (e.g. in France and the US there's no equivalent). In contrast the 10:10 code is global.

Here's some JavaScript code that calculates the 10:10 code:



The 10:10 code of the Eurotunnel terminal in the UK is: MED 8FV N9K5

PS. Many people have pointed out that there are existing systems like this, and existing patents. As far as I am aware, none of them include a check digit. For example, there's the Military Grid Reference System, the Natural Area Code, this Microsoft patent and Geohash. The check digit is critical because it reduces operator error when entering a location on a GPS device.

Calendar Geeks

Another piece for NewsTilt:

It all began in a British pub when a slightly tipsy nerd admitted a crush on a well known scientist. The confession unleashed admissions of nerd-longing from all present. One lady geek even admitted having a thing for 18th century scientist Sir Humprhy Davy (she said later it was because of his “pouty lips”).

Here's the rest.