Discussing software, the web, politics, sexuality and the unending supply of human stupidity.

You can recover and change your password without having to supply your two-factor authentication token. Just let that sink in for a moment.

WordPress is such a rich source of infosec comedy.

Medium is Geocities 2.0. It is a beautiful way to share your ideas and stories with the world, until the owners decide they can’t be bothered any more and shut it down or sell it or ‘sunset’ it or ‘pivot’ it or plaster it with fucking adverts or whatever the next excuse is to either delete or ruin all your contributions.

Build the alternative.

Pink News have an excellent piece debunking the lie that Pope Francis is in any meaningful way “pro gay”. Won’t stop the wishful thinking though. People desperately want to believe the hype.

Silicon Valley: where invite-only private members clubs are “meritocratic”, billionaires dreaming of privatising public services is “democratic”, and “disruption” is both a moral imperative and a compliment.

DVLA don't have information on how often their incompetence is detected

A week or so back, I blogged about the DVLA’s incompetence over verifying my date of birth on my driving licence. I also sent in a Freedom of Information Act request to see if they have any data as to how often situations like mine happen.

Alas, they don’t have any data on record about this. They don’t know how often they have to reissue driving licenses due to failures of data verification. This isn’t particularly reassuring. Should you trust driving licenses as proof of identity? That’s up to you. I’d certainly say that my trust of the DVLA’s capacity to verify identities is significantly lower than my trust of the UK Passport Agency. Passports remain gold standard when it comes to government proof of ID; driving licenses aren’t nearly as good.

A fictional conversation about progressive enhancement

“I am disappointed by modern web development. Too many bloated frameworks, too much JavaScript, single page web apps, hash bang URLs—it’s all a bit over engineered. We have lost the old techniques of progressive enhancement and in return we have ghastly nonsense like infinite scroll which looks nifty but does not really improve the user experience. It all seems a bit like we have reinvented the era of Flash intros but we think it is so much better because we have made all this pointless bullshit in JavaScript rather than Flash.”

“I take your point, granddad. Perhaps this technology is excessive for mere web sites but we are building web apps now.”

“At some point someone will give me a clear explanation of the difference, riiight?

“Well a web app is something you can’t really experience without a whole lot of scripting. Like, you can’t progressively enhance it.”

“So a web app is defined as a system that requires the JavaScript excesses for it to work. And the argument for the JavaScript excesses is that we need it to build web apps. That sounds a teeny bit circular to me.”

“Bah. Logic. I don’t need logic. Just because you can’t fit it into your theological categories doesn’t mean there isn’t a distinction. Like, I can point to clear examples of web apps. Gmail! Google Docs! They don’t make sense if you don’t understand them as apps. They don’t fit that old fashioned web pages with little blobs of progressive enhancement model that you grumpy old Luddites keep banging on about. If I want to build Google Docs, I need to do it in the new way.”

“You make a good point. You do kind of need a modern browser with bells and whistles to be able to edit a spreadsheet in Google Docs. The user experience of using that in Lynx is going to suck, so perhaps you don’t really need that.”

“See, this brave new world of apps is not so scary! Shall I help you with your Gulpfile now?”

“Let’s not be too hasty. I mean the argument is that Google Docs is completely useless without all the modern front end stuff all working.”


“And there is literally nothing you could display to someone viewing a Google Docs spreadsheet or word processing document if, say, their browser had scripting turned off?”

“Absolutely. This is why you need to approach it with an app mindset rather than a document mindset.”

“What is the user editing in Google Docs?”

“Well, rich text files and spreadsheets.”

“Which are types of what?”


“Can you repeat that word for me?”

“Oh fuck. Documents. You got me.”

“So what could you do if the user loads the page in a browser that doesn’t have the capabilities to edit the document?”

“Well, we could display the document, I guess.”

“And what technology do you need to render rich text and tables in browsers?”

“You know the answer already. HTML and CSS.”

“And if your browser can edit the document—”

“—then it loads the relevant code to edit it. It is still progressive enhancement! I get it.”

“And you can even use your silly Node.js reimplementations of GNU Make if it makes you happy.”

Russian translation

Liberal arts backgrounds have value in technology beyond sales

There is rather a good article currently doing the rounds: That ‘Useless’ Liberal Arts Degree Has Become Tech’s Hottest Ticket. It is good that we are finally moving beyond ridiculous “do STEM or you are failure” kind of nonsense in tech, but the article seems to suggest that with the exception of Slack, the primary use case for arts and humanities backgrounds is to have cultured salesmen (and women) to go impress clients who value things beyond algorithms and so on.

There are a whole lot of people with liberal arts backgrounds in tech. A while back, I was at a meeting of Semantic Web technologists and we realised that all of us sitting round a table had degrees in philosophy, with some also having joint majors in sociology or theology or anthropology. I know developers and designers with backgrounds in languages, in non-computer engineering, in music, in publishing, in media or theatre, and much else besides.

Technologists with backgrounds in the arts and humanities bring enormous amount of value. We want to build products and experiences that chime with humans. Understanding human cultures—how humans think, what humans value, believe in, care about—what matters to humans is something that arts and humanities education emphasises. It’s in the damn name.

Technical culture—Silicon Valley culture especially—likes to make it seem like programming is super difficult, and paint this picture of engineers as heroes. It all contributes to this very flawed Two Cultures model: that people with training in the humanities are incapable of understanding technical matters, and that those with technical backgrounds are completely anti-social and uncomfortable at a gallery drinks reception. Both can be taught and both can be learned.

I want a world where every engineer knows the value and importance of knowledge that falls outside of science, and where every non-technical person grasps the basics of algorithmic thinking. Creative problem-solving people should be enabled rather than limited by their training.

The Verge has an excellent “vintage” review of the Psion Series 5. It is worse than pretty much every device you can buy now, except for one thing… writing.

Good thing that nobody has to write anything anymore, right?

Alphabet graveyard: A for Answers, B for Base, C for Code, D for Dodgeball, E for Etherpad, F for Friend Connect, G for Gears, H for Health, I for iGoogle, J for Jaiku, K for Knol, L for Latitude, M for Meebo, N for Nexus Q, O for Orkut, P for Picasa, Q for Quickoffice, R for Reader, S for Sidewiki, T for Talk, U for University Search, V for Video, W for Wave, X for Google X.

I’m sure Google will discontinue a service starting with ‘Y’ and ‘Z’ soon. Rest in peace.

Firechat is a lovely idea in theory but in practice, it is completely useless. If they had built a private secure WhatsApp style service that used Bluetooth mesh networking to route messages when no Internet connectivity was available, it would be fantastic.

Instead, it’s a way for people who you have never heard of to send you spam in languages you don’t understand. Not exactly a compelling user experience.

35 tech journalism cliches

  1. This new product does not function the way I personally think it should, therefore it is not going to succeed in the marketplace because I say so.

  2. Company X is not producing a product in this category, and it is essential for them to do so because I say so, and if they don’t they will fail catastrophically.

  3. Company X is late to the market in a particular category, and if they don’t hurry up, they will fail catastrophically.

  4. I’ve found a drawing on the internet of what an unannounced product might look like, so it will definitely look like this.

  5. I’m a monolingual, English-speaking middle class Western white male in his 20s or 30s whose only experience of technology is in a milieu dominated by other monolingual, English-speaking middle class Western white men of roughly my age and I can’t figure out why anyone would want to use product X, so therefore nobody will use product X.

  6. Company X has a low market share in this category of products, so company X has failed regardless of tedious things like how much profit they make from said product. After this article, I shall write one on how Rolex aren’t nearly as successful a watchmaker as Casio along the same broad principles.

  7. I shall borrow a concept from one area of technology I don’t know much about and apply it to another area of technology I also don’t know much about.

  8. I shall try and explain a moderately complicated technical topic which I don’t really understand by coming up with an analogy that doesn’t actually fit very well.

  9. This new device that has come out will kill existing device for a bunch of subjective and arbitrary reasons.

  10. I’m going to draw some overly broad conclusions from sales or analytics data that represents a tiny fraction of the overall market or is otherwise misleading, and I’m not going to couch my conclusions in the required level of uncertainty that my source justifies.

  11. An analyst has written a report which I find similar to my opinions therefore it is gospel truth and contains no obvious technical flaws (not that I could spot them if it did).

  12. Let’s poke some fanboys and watch the sparks fly in the comments.

  13. I’m going to cover the new shiny stuff without discussing the social and political values embedded in the technology.

  14. I’m going to discuss the social and political values of technology but misunderstand how the actual technology works.

  15. I have no understanding of the history of technology, so when some goofball PR comes to me and tells me that some idea is new and revolutionary, I believe every word he says rather than taking five minutes to check Wiki-fucking-pedia and see that it is simply a rebrand of the same concept that has been marketed under five different labels, often by the same company. (See: cloud computing which is what used to be called grid computing or network computing, which is basically what mainframe timesharing systems were doing.)

  16. Teething troubles with a new product fatally undermines both that product—or even that whole class of products—for ever more.

  17. Big company X has introduced a new programming language, therefore it will come to magically dominate all programming for ever and ever. (See: the hilarious comments from people who thought Google’s Go language would suddenly become the lingua franca of back-end web development, replacing PHP, .NET, Rails, Node.js et al. despite being intended as a C replacement).

  18. Open source product X will destroy all of its proprietary/commercial competitors because it is open source and open source will always win.

  19. The products and services that young people use are the future because they are young people, and they are able to pay for said products and services using their vast income and resources and nonexistent credit cards.

  20. Here’s some shit security advice that doesn’t actually take account of the current threats.

  21. Someone told me about this database which is distributed, fully ACID and CAP compliant and has solved P=NP, and even though I don’t quite know what those words mean (and the Wikipedia article kind of goes above my head) but I believe them because why would a PR person lie to me?

  22. I went on an expensive course to learn how to make apps. They all had shiny new MacBooks and taught me some basic JavaScript and we made a web page. We had artisanal flatbreads with some very tasty hummous at a nice office in Shoreditch. I’m a programmer now.

  23. Bitcoin will change everything. But, yes, I did struggle to buy anything with my Bitcoin and had to pull out my debit card.

  24. I’m going to talk about free speech on social media while eliding the difference between free speech as a moral standard and free speech as a legal requirement. As part of this, I shall treat the First Amendment and other American free speech law as universally applicable because I’m an American and America FUCK YEAH GO USA.

  25. Let me guilt shame you about using ad blocking software even though the web is literally unusable without the parade of bloated shitvertising and spyware-infected Flash crap that we need to install so we can pay writers to turn out this turgid, poorly researched shit we like to call “quality technology journalism”. Our failure to find a sustainable business model is actually your moral failure.

  26. I’m going to just ignore user experience and decide which product is best based on a series of feature lists and specifications: because who gives a fuck if the feature is actually useable in real life by real humans?

  27. Rather than giving you a nuanced and detailed review describing the features and pitfalls of a number of competing products, I shall arbitrarily declare one member of this class of products the “winner”—because my subjective weighting of desired features and design will obviously match up exactly with yours, and it’s my job to do the thinking for you.

  28. Doing real research is hard, so I’m just going to rip some shit off an actual expert’s blog without credit.

  29. Why, yes, my representative sample of an open source community project is one cranky troll.

  30. Let me tell you about how the NSA are nasty and evil. Yes, you could install some crypto software to protect yourself against their spying, but it’s much more fun to get worked up into a lather about it than actually protect yourself.

  31. I went to TED and met some exciting thought leaders who are going to build their own libertarian paradise, megadose on vitamin pills and upload their brains to the cloud while helping Bono solve all the world’s social and economic problems. These people aren’t colossal wankers and the things they have to say aren’t horseshit. No, really.

  32. This guy on Reddit has a summary he wrote on the back of a cigarette packet of what he thinks will be Apple’s new product. He claims to have sources in China who tell him that they absolutely will be making this product. Yes, he’s a completely trustworthy source.

  33. Here’s a bunch of predictions about the future of technology X. You won’t hold me accountable to any of them. And, no, being the Psychic Sally of the tech industry isn’t demeaning to me at all. (For entertainment purposes only.)

  34. Big company P bought an infinitesimal stake in startup Q. Therefore, according to the bullshit law of valuations that everyone follows for some reason, Q is now worth $100 quintillion.

  35. X is dead. Yes, you know, that product X that has billions of satisfied users around the world. I say it is dead, therefore it is totally dead.

Thank god for tech journalism. We would be so poorly informed without it.

Why primary identity documents matter (and why the DVLA is incompetent at it)

I’ve been grumbling on Twitter about the DVLA.

A long time ago, I applied for and received a provisional driving license with the intention to learn to drive. That provisional driving license expired (I had other things to do besides take driving lessons), so I renewed it recently.

The license I had included a number of errors. Firstly, it had the wrong date of birth and it also had the wrong address. The typist who was putting the details in the system back when I was a teenager obviously was having a bad day and made a keyboard whoopsie.

When I got around to renewing my license, I thought “oh well, they’ll fix that”.

They’ve fixed the address (because I’ve moved since then) but the date of birth is still wrong. What this means is that the DVLA did not actually check the date of birth that I wrote on my application form against any other data: they didn’t look at the existing license and go “wait, those two dates are different - that’s a bit curious, we should probably check that against, say, your passport and birth certificate”.

In addition, when I renewed my license, because of a medical condition I am legally obliged to disclose to the DVLA, they will have requested confidential health details from a hospital where I seek treatment to verify my fitness to drive. In the response sent back from the hospital, it will probably have had my actual date of birth, which will not match the one in their system. But obviously nobody checked that either.

The whole point of having credentials that expire is that when you renew them, you can ensure that all the details are still correct and to protect yourself against making mistakes the first time.

What possible harm could come from issuing documents with incorrect dates of birth? Well, obviously, people who are underage could use them to get served in bars or sneak into nightclubs or whatever. That’s a concern, but not a major one for me.

Here’s a much bigger concern.

When you put someone through a Disclosure and Barring Service (DBS) check—a criminal background check used to verify if someone might have committed offences that might make them unsuitable to work with children or vulnerable adults—you have to provide a variety of forms of ID. It is possible to go through a DBS check with the following documents:

  • a UK driving licence
  • a bank statement
  • a credit card statement

You can use a driving license to open the bank account and then get the credit card simply because of your good history of banking with the bank. The false information on the primary identity document transfers through the rest of the system.

This means that repeated failure by the DVLA to check primary identity documents on license renewals is a potential way that someone who wishes to evade a DBS check could construct a false identity.

It’s a minor inconvenience for me: I have to send my driving license back to them and fill out yet more bloody forms to tell them who I am. But a malicious actor could exploit it to evade scrutiny.

Here’s where it is even madder: the DVLA told me that it isn’t even a criminal offence to knowingly use a driving license with incorrect information on it to pass a test. I phoned them up and told them that the date on my driving license is wrong and they were just “meh, send it back sometime, no biggie”. Not “we’re going revoke that license right now and send you a new one with correct details”.

Government agencies not doing their job when it comes to the very basics of identity verification is a major concern when those primary identity documents are used as a primary marker of trust in an enormous number of interactions. The DVLA’s identity management processes are a bad joke. If they were running a nightclub using the same kind of ID management, they’d probably have been shut down by now.

Sir Roger Moore:

In a world with boundless opportunities for amusement, it’s detestable that anyone would choose to get thrills from killing others who ask for nothing from life but the chance to remain alive. The animals whose lives he has so cold-heartedly snuffed out have precisely the same capacity to feel pain and suffer as we do. All leave family members or mates behind when they’re killed, and none is exempt from grief.

Jane Goodall:

I have no words to express my repugnance.