bits & bites

What happens when you can’t sleep and you suddenly have a fit of creativity?

Well, when it happens to me I come up with all sorts of random ideas, and in this case I came up with @tryruby, a Twitter bot that evaluates Ruby code in tweets that mention @tryruby and sends the results back to the original sender.  Large chunks of the code are taken from tryruby.org.

Code is available on GitHub if you want to hack.

Praise be to science. I don’t know what’s changed, but it’s made my week.

Found in a nearby hallway:

Friendly Rationale. by Justin.Browne on Flickr.

Contrary to what you might be thinking, this is not an article about scurvy, but an article about social media.  I wanted to talk about my 5+ a Week rule for pruning Facebook friends.

Now, let’s put aside all the arguments about privacy and dodgy games stealing demographic information for a few minutes and take a moment to realise that Facebook is a great tool. Not because of any particularly amazing tech, or anything innovative but simply because even my technophobe friends use it, and with a vengeance. Literally everyone I care about has a Facebook account, and most of them take it more seriously than their email account. That’s a pretty significant change, and a pretty big value proposition even for an open source, copyleft, privacy freak like me.

As Cory Doctorow pointed out in his 2007 Information Week article; the biggest problem with Facebook is not leaky privacy policies, dodgy advertising practices or even those annoying quizzes that show up in your news feed all the damn time, it’s actually social media’s limited concept of the “friend” which will ultimately be it’s downfall… or would be if one doesn’t discipline oneself when dealing with it.

When I looked closely at my Facebook habits I immediately noticed two things, first is that there are really only half a dozen people with whom I communicate on a daily basis, I call these people “super friends”, a dozen or so “sub friends” with whom I interact anywhere between once a week and once a month. Secondly, what value are 100 people to me? Well that’s where my “5+ a week rule” kicks in. Every Monday morning I browse my list of “friends” and select the five people about whom I care the least and simply “de-friend” them.  A lot of people I talk to about this rule seem to think that it’s some kind of social media faux pas to remove people you’re only marginally interested in, they seem to fear potentially running into them in the street or perhaps at a party and being challenged about it, often in the same sentence as complaining about how they have trouble keeping up with everyone’s farmville scores or hiding their “which celebrity drunk are you” quizzes.  I have but one response to such spineless utterances; if you’re not interested in what they have to say in the first place, then why would you bother talking to them at a party or in the street? Now, perhaps I am not the best person to be preaching about social norms; I am, after all, someone who had a panic attack at the Playcentre xmas party last week because I couldn’t handle the heat, noise, and most of all, people. I am famously terrible in social situations even going to such lengths as deliberately rocking in my chair or muttering under my breath in order to get rid of people I am not interested in talking to. I think my point is still valid, however. Over the last few months I have removed over ninety contacts from my Facebook friends list, and there’s plenty more where they came from. Of all those people only one has ever noticed and actually re-sent her friendship request. She is also the first person to have ever been pruned twice and the four other people who got the chop this morning will probably never notice. In the unlikely event that they do, they most likely will not care and are probably just as relieved to not have to read my garbage about programming languages, laser cutters or space rock in their news feed as well.

Look, if my ramblings are really that interesting then I encourage you to follow me on Twitter, where I don’t have to follow you back.

I want to take a few minutes out of my day to congratulate the folks at Rocket Lab, who are currently attempting to locate the payload from their first Atea-1 rocket, Manu Karere which was successfully launched yesterday after several hours of delay and a helicopter trip back to the mainland for a $6 hydraulic coupling.

The first stage booster was found today by fishermen not far off the coast of Great Mercury Island, where Manu Karere was launched. According to 3News the booster was found this morning and in excellent condition, proving a successful engine burn.

Recovery of the payload seems to be delayed, and there is speculation that perhaps the payload’s GPS or Iridium satellite connection were damaged. The payload has about three days worth of battery charge and floats, so should eventually be found.  Once payload recovery is complete, or perhaps abandoned Rocket Lab will begin examining their data and preparing for a second launch some time in the new year.

The launch of Manu Karere is the first commercial space launch to take place in New Zealand, however not the first space launch to take place here; in 1963 an Arcas (All-Purpose Rocket for Collecting Atmospheric Soundings) sounding rocket, developed in the late 1950’s by the US Navy and Army and built by Atlantic Research Corp. was launched from Birdlings Flat in Canterbury.  The Arcas series of sounding rockets was widely used by NASA in it’s international atmospheric research programme (obviously pre-ITAR) and at it’s peak over 2000 were being flown per year. The Arcas rocket was extremely simple and cheap, costing a meagre US$2000 in 1960’s dollars and needing only a simple launch tube.  It had a maximum altitude of only 64 kilometres when carrying a 5.4kg payload, meaning that it doesn’t reach today’s definition of space (100 kilometres), however it did more than meet the 1950’s definition of 50,000 feet (about 15.2km) which was based around the physiological effects on an unprotected human at that altitude.  I guess that means you could still make an argument that Atea-1 is New Zealand’s first space launch, although it’s really just semantics.

Arcas Rocket Photo from rocketryonline.com

The New Zealand Arcas launch was a joint space programme by the New Zealand National Space Research Committee and the NASA.  The launch took place on May 23rd and was designed to collect data on the electrical characteristics of the lower ionosphere.  Scientific payload on the Arcas was built in New Zealand under the direction of Dr John B. Gregory of the University of Canterbury. The RNZAF assembled and launched the rocket. Two further launches were scheduled, however I haven’t been able to confirm that they ever took place.

Atea-1 Launch on YouTube

Atea-1 from markrocket.com

I had planned to write a blog about how great it is for New Zealand to be a space-faring nation and how much payoff this will have for New Zealand STEM (Science, Technology, Engineering and Maths) education, however it looks like a problem with a frozen fuel coupling has scrubbed today’s launch.

Stuff.co.nz is reporting:

The launch by New Zealand aerospace company Rocket Lab of Atea-1 from Great Mercury Island, off the Coromandel Peninsula, was delayed for several hours due to a fuel problem.

At 7.42am, 32 minutes after it was due to lift off, the rocket still sat on its launch pad with white vapour pouring from it.

It was understood that there had been a problem with nitrous oxide causing a coupling to freeze, and it would be three hours before the rocket could safely be approached.

I’ll be keenly watching Rocket Lab’s twitter account for more news as it becomes available.

Which way out? by Titine on Flickr.com

The first I heard about the possible hacking or skimming of car park payment machines was from a National Radio yesterday.  Today’s Herald article is light on details and heavy in supposition:

Thieves have hacked into payment machines at the Downtown carpark in central Auckland and stolen the credit-card details of thousands of people.

The matter came to light after banking systems pinpointed the council-owned carpark as a common point of purchase on fraudulent card transactions.

It is unclear whether the thieves attached a skimming device to the payment machines or accessed the devices’ credit-card database internally, in which case those responsible could be overseas.

The article presents two options as to how the attack was perpetrated; first card skimming and secondly hacking.

If the machines were skimmed then it’s most likely a failure of imagination in Auckland City Council’s risk management team and by extension a failure of physical security countermeasures like ubiquitous surveillance, regular security guard patrols and a questioning mentality of both the public and car park staff.  A move to skimming these devices is a fairly obvious change in tactic now that most ATM machines have “anti-skimming” devices installed. Remember that skimming is a fairly clumsy hack that requires not only the machine being physically modified but also regular trips by the perpetrators to retrieve the captured card data. That said, skimming machines that take credit card data is easier than skimming debit cards because with credit cards there is often no need for any two-factor authentication system, like a signature or pin number which reduces the cost and complexity of the attack by not requiring a concealed camera.

The second option, which I wanted to cover here is the possibility that these devices have been cracked remotely. This somewhat inevitable development has a strangely familiar ring to it and reminds me of arguments about proprietary and closed e-voting platforms in use in the United States.  The Open Voting Consortium have been making a case in support of Open Source voting systems for several years based, in part, around the California Top to Bottom Review’s findings that tested and code-reviewed machines fell far short of minimum requirements in relevant guidelines and many were easily exploitable by non-expert users.

Obviously the problem is more expansive than just electronic voting machines. The number of closed-source proprietary devices that the public interacts with is increasing on an almost daily basis; text-to-park systems, automated toll charging and pay machines at privately operated car parks just to name a few. When you add in proprietary web applications in use by businesses and central government we’re handing our identity and payment information over more than ever before, and leaving ourselves open to more attacks every day.  I don’t expect that many businesses would be willing to open the source to their online shopping cart software, but public institutions should have a duty to provide access to source for applications, embedded or otherwise that they use, just as they have to provide access to process and organisational data under the Official Information Act, after all software is just process for machines instead of people.

The public’s right to scrutinise and criticise public sector workings, not to mention the academic need to study policy and procedure should, in my opinion extend to machines which are essentially an extension of the public service.  This paragraph from Wikipedia would seem to sum it up nicely:

Since Open Source software is open, all of the defects and security flaws are easily found. Closed-source advocates argue that this makes it easier for a malicious person to discover security flaws. Further, that there is no incentive for an open-source product to be patched. Open-source advocates argue that this makes it easier also for a patch to be found and that the closed-source argument is security through obscurity, which this form of security will eventually fail, often without anyone knowing of the failure. Further, that just because there is not an immediate financial incentive to patch a product, does not mean there is not any incentive to patch a product. Further, if the patch is that significant to the user, having the source code, the user can technically patch the problem themselves. These arguments are hard to prove. However, most studies show that open-source software does have a higher flaw discovery, quicker flaw discovery, and quicker turn around on patches.

signal:noise test-vid113 by pablosanz on Flickr.com

For the last six months or so I have been a strong proponent of Inbox Zero. My particular practice involves me instantly deleting anything that is not important, and the remaining messages being moved to an archive folder after they have been read, understood and possibly acted upon. Even being brutal with the delete key has not significantly lowered the amount of time I spend dealing with email every hour.

A quick back of the envelope calculation puts the SNR for my @auckland email account for the last week at around 1:47.  In other words out of any 48 incoming messages 47 of them are likely to be noise (think of it like the Internet’s cosmic background radiation) and only 1 can be counted as signal (a message that is at least minimally deserving of my attention).

This has got to stop!

That said, I don’t really know what to do about it. I suggested to Russell yesterday over coffee that very soon I may be forced to delete my mailbox and simply let it bounce.  Whilst I don’t yet think it has come to this (although it is close) I have noticed several other prominent employees of IT Services have started some rather drastic action including automatically filtering out all messages for which the recipient is not in the To: field (ie: CC, BCC or mailing list messages) and automatically deleting anything that has been left in the inbox for more than 7 days just to name a couple.

I know that work has been done in evaluating various technological solutions including evaluating anti-spam appliances such as Cisco IronPort however further digging into my mail account reveals another interesting fact, the ratio of deleted messages to spam is approximately 3:1 meaning that out of any 48 messages received, roughly 36 are likely to be trashed, 11 will be spam and only 1 lonely message will be actually useful to me in some way. The point I’m  trying to make is that rather than spending large amounts of money trying to solve the spam problem why are we not investing in technology and cultural change that results in a lower number of unimportant messages overall?

I will leave any calculations of cost per message to more informed commentators in this area of IT Services, however I would suggest that just going by my rough figures for the last week, if it cost a mere $100 to provide the infrastructure and bandwidth to deliver those messages to my inbox (a gross underestimate I’m sure) then roughly $98 was wasted. Per week. Per employee.

In the mean time I’m closing my mail client and only opening it once every hour. If you need me then you should look on Yammer, Twitter or any number of instant messaging systems.

As some of you may or may not know, I’m finally back from parental leave after the birth of the awesome Peter James Harton, esq. on the 24th of September.

In my not-very-spare time over the last few months I have been working on designing things for laser cutting with Ponoko. Just this morning a good friend of mine received his gift of laser cut goodness:

I used the extra space on my laptop stand design to make a gift for Chris' two year old son.

With the judicious use of the delete key I have managed to get rid of the several thousand emails in my @auckland email account down to a mere dozen or two that require follow-up.

Too much too young.