Saturday May 31, 2008 Random ramblings
Saturday May 31, 2008 Howto share your web-browsing experience...
- Get an account at a bookmark-aggregation site, e.g. ma.gnolia (del.icio.us if you prefer, but their HTTP RPC API seems to be unreliable).
- Add their "bookmark a site" smart-booklet to your browser's toolbar, and/or install their browser extension (GNOME's epiphany browser already supports ma.gnolia and del.iciou.us - install the epiphany-extensions stuff). Ma.gnolia have a nifty, web-2.0, AJAX bookmarklet thing that's quite cool.
- Link to your bookmark-aggregation account's feed from your site, so that those who are interested may subscribe to it.
- Consult the documentation of your bookmark-aggregation site to see if they have some handy javascript you can stick in the template of your blog that auto-includes your latest bookmarks in a side-bar (e.g. ma.gnolia do - see my blogs web site).
- If you have a social-network profile, check if a plugin is available to connect your bookmark-aggregation account together with it.
- Don't enable your bookmark-aggregation site's "post linkroll to blog" feature, especially not if you already know your blog is syndicated by blog aggregators (if you don't know, it probably is).
Really, despite what your ego says, your web-browsing habits are unlikely to be more interesting than the various mechanisms that your bookmark/tag aggregator already supplies for finding interesting links, which other people already use, cause link-rolls are tedious..
This was originally a comment on another blog, but either I forgot to hit "submit" or it got deleted.
( May 31 2008, 12:34:19 AM IST ) Permalink Comments [1]
Thursday May 22, 2008 The Security-Industrial Complex
This piece in the Rolling Stone magazine on China's surveillance state is well-worth a read.
This piece finally gives me a sense that perhaps I can understand the economic (i.e. corporate) motivations behind the ever-increasing dominance of security in civil life, something that has puzzled me for a while. For example, the military-industrial complex clearly is a factor* in the USA's use** of military-intervention as a foreign policy tool. However, I could never understand the bias that many western-governments have shown against freedom, in favour of encumbering us with, sometimes absurd, security measures. In my naivety, I thought it had something to do with some kind of "psychology of fear"-as-political-tool - not thinking of the security industry itself as being a significant driver.
This piece though puts it into perspective. Just as there are large industrial interests driving military spending, via a revolving door between the military, the government and the industry, so that piece makes it clear there are similarly large industrial interests, and a similar revolving door (except perhaps substitute police for military+) around security. This security-industrial complex is helping to drive the security policies of our western governments, and so cause growing amounts of public (or governmentally-mandated) spending to be sent their way. Given this encompasses spending on data-retention (private spending, by EU directive), national identity databases (UK), and so on, the amounts are not quite insignificant.
It's important to realise that security-service++ spending is at best of indeterminable utility+++. At worst, it may largely be wasted, other than to a small number of people who manage to make a lot of money for little work. Further, even if there is some utility to this security spending, that money may have achieved more had it been spent elsewhere, e.g. education, research, health-care, etc. Given the dubious utility of such security spending, the opportunity costs may well be far more significant than the amount of that spending itself.
Sadly I've little confidence anything is going to change in the near future. I'm vaguely hopeful though that eventually some nations will gain a competitive, economic advantage from foregoing massive-spending on security-theatrics and so influence other states. At least now, I think, I have slightly less naive understanding of it..
* In the sense that there is clearly a strong feedback loop in the USA of high military-spending sustaining significant military-industrial interests in the USA, which lobby to have the USA sustain its high level of military spending. The end-result is a state heavily invested in military power.
** Not that I claim that other nations are more enlightened. Just that most don't have anywhere near the same military dominance***.
*** I.e. I'm uncomfortable with militarism, not nations.
+ There's also a revolving door between the military and the police forces. Many coppers seem to be ex-armed-forces in the UK at least, though I don't have hard data.
++ Note that I say "service". Money spent on research, e.g. face-recognition, low-energy, x-ray tomography of passengers, might find other applications. An X-ray scanner operator though is not contributing as much to society, in that capacity, as they might otherwise. Also, I'm thinking mostly of the kind of additional spending on indiscriminate surveillance, data-mining and check-points prevalent since 9/11, rather than spending on more traditional security, policing and civilian intelligence.
+++ Exactly how dubious, no-one knows. There is this, though it talks of the opportunity costs of terrorism rather than just of security spending - related, but not quite the same (i.e. implicit in my opinion above is that the current security theatrics are essentially useless in terms of preventing any future terrorism). I don't know of the studies into this, would be interested to hear of more.
( May 22 2008, 06:59:05 PM IST ) Permalink Comments [0]
Monday May 19, 2008 How not to improve the security of your online banking website
- Implement a browser white-list
While it may be a good idea to disallow customers with ancient, bug-riddled, phish-magnet browsers from accessing their online banking, doing so via a white-list of approved browsers is certain to annoy some of your more technically savvy users. Either implement a blacklist, so that the browsers you don't know about can still get in, or give the user the option to continue with an unapproved browser after warning them of the risks (it's their money..).
- Redirect HTTPS requests to your login page back to HTTP
There's a good reason why your customers might use a local bookmark to a HTTPS URL to access their online banking. Don't defeat it by redirecting them back to HTTP! The fact that your customers only can usefully bookmark your frontpage, thanks to your use of weird URLs that redirect to stranger URLs for site navigation, is part of the problem - presuming you want to minimise HTTPS load.
This blog entry was inspired by the RBS web site
( May 19 2008, 12:07:14 PM IST ) Permalink Comments [0]
Monday May 12, 2008 Found myself having to act on a set of things, in some specific order. Certain items are exceptional and if present then processing stops there. The common idioms for this, that I've seen in C, are:
- Tangled spaghetti-jungle of if/else with long conditionals
- Goto break out
The former is common enough (though, not in your code nor mine, of course 
) to make this blog posting worthwhile.
The latter is the neater approach, and possibly the only remaining legitimate use of goto today. However, it requires placing labels - which isn't error-proof - and maintaining discipline to not abuse (those labels are so tempting!). Some languages have dedicated syntax exception handling (try/throw/catch/finally), but these can feel a tad over-wrought for simple, localised exception handling.
There's another possibility though, generic to all C-like-syntax languages even, using a single-loop:
do {
if (foo)
do_stuff (foo);
if (bar)
break;
if (acme)
do_stuff (acme);
} while (0);
do_final_stuff();
The do {} while (0); pattern is of course already widely used in C, to encapsulate function-like macros. However, I've not personally seen it used in code bodies for such light-weight exception handling.
Another variant, that allows for some basic exception processing:
do {
if (foo)
do_stuff (foo);
if (bar)
break;
if (acme)
do_stuff (acme);
return;
} while (0);
do_exceptional_stuff();
( May 12 2008, 01:22:44 AM IST )
Permalink
Comments [0]
