Discussing software, the web, politics, sexuality and the unending supply of human stupidity.

You can recover and change your password without having to supply your two-factor authentication token. Just let that sink in for a moment.

WordPress is such a rich source of infosec comedy.

Medium is Geocities 2.0. It is a beautiful way to share your ideas and stories with the world, until the owners decide they can’t be bothered any more and shut it down or sell it or ‘sunset’ it or ‘pivot’ it or plaster it with fucking adverts or whatever the next excuse is to either delete or ruin all your contributions.

Build the alternative.

Pink News have an excellent piece debunking the lie that Pope Francis is in any meaningful way “pro gay”. Won’t stop the wishful thinking though. People desperately want to believe the hype.

Silicon Valley: where invite-only private members clubs are “meritocratic”, billionaires dreaming of privatising public services is “democratic”, and “disruption” is both a moral imperative and a compliment.

DVLA don't have information on how often their incompetence is detected

A week or so back, I blogged about the DVLA’s incompetence over verifying my date of birth on my driving licence. I also sent in a Freedom of Information Act request to see if they have any data as to how often situations like mine happen.

Alas, they don’t have any data on record about this. They don’t know how often they have to reissue driving licenses due to failures of data verification. This isn’t particularly reassuring. Should you trust driving licenses as proof of identity? That’s up to you. I’d certainly say that my trust of the DVLA’s capacity to verify identities is significantly lower than my trust of the UK Passport Agency. Passports remain gold standard when it comes to government proof of ID; driving licenses aren’t nearly as good.

A fictional conversation about progressive enhancement

“I am disappointed by modern web development. Too many bloated frameworks, too much JavaScript, single page web apps, hash bang URLs—it’s all a bit over engineered. We have lost the old techniques of progressive enhancement and in return we have ghastly nonsense like infinite scroll which looks nifty but does not really improve the user experience. It all seems a bit like we have reinvented the era of Flash intros but we think it is so much better because we have made all this pointless bullshit in JavaScript rather than Flash.”

“I take your point, granddad. Perhaps this technology is excessive for mere web sites but we are building web apps now.”

“At some point someone will give me a clear explanation of the difference, riiight?

“Well a web app is something you can’t really experience without a whole lot of scripting. Like, you can’t progressively enhance it.”

“So a web app is defined as a system that requires the JavaScript excesses for it to work. And the argument for the JavaScript excesses is that we need it to build web apps. That sounds a teeny bit circular to me.”

“Bah. Logic. I don’t need logic. Just because you can’t fit it into your theological categories doesn’t mean there isn’t a distinction. Like, I can point to clear examples of web apps. Gmail! Google Docs! They don’t make sense if you don’t understand them as apps. They don’t fit that old fashioned web pages with little blobs of progressive enhancement model that you grumpy old Luddites keep banging on about. If I want to build Google Docs, I need to do it in the new way.”

“You make a good point. You do kind of need a modern browser with bells and whistles to be able to edit a spreadsheet in Google Docs. The user experience of using that in Lynx is going to suck, so perhaps you don’t really need that.”

“See, this brave new world of apps is not so scary! Shall I help you with your Gulpfile now?”

“Let’s not be too hasty. I mean the argument is that Google Docs is completely useless without all the modern front end stuff all working.”


“And there is literally nothing you could display to someone viewing a Google Docs spreadsheet or word processing document if, say, their browser had scripting turned off?”

“Absolutely. This is why you need to approach it with an app mindset rather than a document mindset.”

“What is the user editing in Google Docs?”

“Well, rich text files and spreadsheets.”

“Which are types of what?”


“Can you repeat that word for me?”

“Oh fuck. Documents. You got me.”

“So what could you do if the user loads the page in a browser that doesn’t have the capabilities to edit the document?”

“Well, we could display the document, I guess.”

“And what technology do you need to render rich text and tables in browsers?”

“You know the answer already. HTML and CSS.”

“And if your browser can edit the document—”

“—then it loads the relevant code to edit it. It is still progressive enhancement! I get it.”

“And you can even use your silly Node.js reimplementations of GNU Make if it makes you happy.”

Russian translation

Liberal arts backgrounds have value in technology beyond sales

There is rather a good article currently doing the rounds: That ‘Useless’ Liberal Arts Degree Has Become Tech’s Hottest Ticket. It is good that we are finally moving beyond ridiculous “do STEM or you are failure” kind of nonsense in tech, but the article seems to suggest that with the exception of Slack, the primary use case for arts and humanities backgrounds is to have cultured salesmen (and women) to go impress clients who value things beyond algorithms and so on.

There are a whole lot of people with liberal arts backgrounds in tech. A while back, I was at a meeting of Semantic Web technologists and we realised that all of us sitting round a table had degrees in philosophy, with some also having joint majors in sociology or theology or anthropology. I know developers and designers with backgrounds in languages, in non-computer engineering, in music, in publishing, in media or theatre, and much else besides.

Technologists with backgrounds in the arts and humanities bring enormous amount of value. We want to build products and experiences that chime with humans. Understanding human cultures—how humans think, what humans value, believe in, care about—what matters to humans is something that arts and humanities education emphasises. It’s in the damn name.

Technical culture—Silicon Valley culture especially—likes to make it seem like programming is super difficult, and paint this picture of engineers as heroes. It all contributes to this very flawed Two Cultures model: that people with training in the humanities are incapable of understanding technical matters, and that those with technical backgrounds are completely anti-social and uncomfortable at a gallery drinks reception. Both can be taught and both can be learned.

I want a world where every engineer knows the value and importance of knowledge that falls outside of science, and where every non-technical person grasps the basics of algorithmic thinking. Creative problem-solving people should be enabled rather than limited by their training.

The Verge has an excellent “vintage” review of the Psion Series 5. It is worse than pretty much every device you can buy now, except for one thing… writing.

Good thing that nobody has to write anything anymore, right?

Alphabet graveyard: A for Answers, B for Base, C for Code, D for Dodgeball, E for Etherpad, F for Friend Connect, G for Gears, H for Health, I for iGoogle, J for Jaiku, K for Knol, L for Latitude, M for Meebo, N for Nexus Q, O for Orkut, P for Picasa, Q for Quickoffice, R for Reader, S for Sidewiki, T for Talk, U for University Search, V for Video, W for Wave, X for Google X.

I’m sure Google will discontinue a service starting with ‘Y’ and ‘Z’ soon. Rest in peace.

Firechat is a lovely idea in theory but in practice, it is completely useless. If they had built a private secure WhatsApp style service that used Bluetooth mesh networking to route messages when no Internet connectivity was available, it would be fantastic.

Instead, it’s a way for people who you have never heard of to send you spam in languages you don’t understand. Not exactly a compelling user experience.

35 tech journalism cliches

  1. This new product does not function the way I personally think it should, therefore it is not going to succeed in the marketplace because I say so.

  2. Company X is not producing a product in this category, and it is essential for them to do so because I say so, and if they don’t they will fail catastrophically.

  3. Company X is late to the market in a particular category, and if they don’t hurry up, they will fail catastrophically.

  4. I’ve found a drawing on the internet of what an unannounced product might look like, so it will definitely look like this.

  5. I’m a monolingual, English-speaking middle class Western white male in his 20s or 30s whose only experience of technology is in a milieu dominated by other monolingual, English-speaking middle class Western white men of roughly my age and I can’t figure out why anyone would want to use product X, so therefore nobody will use product X.

  6. Company X has a low market share in this category of products, so company X has failed regardless of tedious things like how much profit they make from said product. After this article, I shall write one on how Rolex aren’t nearly as successful a watchmaker as Casio along the same broad principles.

  7. I shall borrow a concept from one area of technology I don’t know much about and apply it to another area of technology I also don’t know much about.

  8. I shall try and explain a moderately complicated technical topic which I don’t really understand by coming up with an analogy that doesn’t actually fit very well.

  9. This new device that has come out will kill existing device for a bunch of subjective and arbitrary reasons.

  10. I’m going to draw some overly broad conclusions from sales or analytics data that represents a tiny fraction of the overall market or is otherwise misleading, and I’m not going to couch my conclusions in the required level of uncertainty that my source justifies.

  11. An analyst has written a report which I find similar to my opinions therefore it is gospel truth and contains no obvious technical flaws (not that I could spot them if it did).

  12. Let’s poke some fanboys and watch the sparks fly in the comments.

  13. I’m going to cover the new shiny stuff without discussing the social and political values embedded in the technology.

  14. I’m going to discuss the social and political values of technology but misunderstand how the actual technology works.

  15. I have no understanding of the history of technology, so when some goofball PR comes to me and tells me that some idea is new and revolutionary, I believe every word he says rather than taking five minutes to check Wiki-fucking-pedia and see that it is simply a rebrand of the same concept that has been marketed under five different labels, often by the same company. (See: cloud computing which is what used to be called grid computing or network computing, which is basically what mainframe timesharing systems were doing.)

  16. Teething troubles with a new product fatally undermines both that product—or even that whole class of products—for ever more.

  17. Big company X has introduced a new programming language, therefore it will come to magically dominate all programming for ever and ever. (See: the hilarious comments from people who thought Google’s Go language would suddenly become the lingua franca of back-end web development, replacing PHP, .NET, Rails, Node.js et al. despite being intended as a C replacement).

  18. Open source product X will destroy all of its proprietary/commercial competitors because it is open source and open source will always win.

  19. The products and services that young people use are the future because they are young people, and they are able to pay for said products and services using their vast income and resources and nonexistent credit cards.

  20. Here’s some shit security advice that doesn’t actually take account of the current threats.

  21. Someone told me about this database which is distributed, fully ACID and CAP compliant and has solved P=NP, and even though I don’t quite know what those words mean (and the Wikipedia article kind of goes above my head) but I believe them because why would a PR person lie to me?

  22. I went on an expensive course to learn how to make apps. They all had shiny new MacBooks and taught me some basic JavaScript and we made a web page. We had artisanal flatbreads with some very tasty hummous at a nice office in Shoreditch. I’m a programmer now.

  23. Bitcoin will change everything. But, yes, I did struggle to buy anything with my Bitcoin and had to pull out my debit card.

  24. I’m going to talk about free speech on social media while eliding the difference between free speech as a moral standard and free speech as a legal requirement. As part of this, I shall treat the First Amendment and other American free speech law as universally applicable because I’m an American and America FUCK YEAH GO USA.

  25. Let me guilt shame you about using ad blocking software even though the web is literally unusable without the parade of bloated shitvertising and spyware-infected Flash crap that we need to install so we can pay writers to turn out this turgid, poorly researched shit we like to call “quality technology journalism”. Our failure to find a sustainable business model is actually your moral failure.

  26. I’m going to just ignore user experience and decide which product is best based on a series of feature lists and specifications: because who gives a fuck if the feature is actually useable in real life by real humans?

  27. Rather than giving you a nuanced and detailed review describing the features and pitfalls of a number of competing products, I shall arbitrarily declare one member of this class of products the “winner”—because my subjective weighting of desired features and design will obviously match up exactly with yours, and it’s my job to do the thinking for you.

  28. Doing real research is hard, so I’m just going to rip some shit off an actual expert’s blog without credit.

  29. Why, yes, my representative sample of an open source community project is one cranky troll.

  30. Let me tell you about how the NSA are nasty and evil. Yes, you could install some crypto software to protect yourself against their spying, but it’s much more fun to get worked up into a lather about it than actually protect yourself.

  31. I went to TED and met some exciting thought leaders who are going to build their own libertarian paradise, megadose on vitamin pills and upload their brains to the cloud while helping Bono solve all the world’s social and economic problems. These people aren’t colossal wankers and the things they have to say aren’t horseshit. No, really.

  32. This guy on Reddit has a summary he wrote on the back of a cigarette packet of what he thinks will be Apple’s new product. He claims to have sources in China who tell him that they absolutely will be making this product. Yes, he’s a completely trustworthy source.

  33. Here’s a bunch of predictions about the future of technology X. You won’t hold me accountable to any of them. And, no, being the Psychic Sally of the tech industry isn’t demeaning to me at all. (For entertainment purposes only.)

  34. Big company P bought an infinitesimal stake in startup Q. Therefore, according to the bullshit law of valuations that everyone follows for some reason, Q is now worth $100 quintillion.

  35. X is dead. Yes, you know, that product X that has billions of satisfied users around the world. I say it is dead, therefore it is totally dead.

Thank god for tech journalism. We would be so poorly informed without it.

Why primary identity documents matter (and why the DVLA is incompetent at it)

I’ve been grumbling on Twitter about the DVLA.

A long time ago, I applied for and received a provisional driving license with the intention to learn to drive. That provisional driving license expired (I had other things to do besides take driving lessons), so I renewed it recently.

The license I had included a number of errors. Firstly, it had the wrong date of birth and it also had the wrong address. The typist who was putting the details in the system back when I was a teenager obviously was having a bad day and made a keyboard whoopsie.

When I got around to renewing my license, I thought “oh well, they’ll fix that”.

They’ve fixed the address (because I’ve moved since then) but the date of birth is still wrong. What this means is that the DVLA did not actually check the date of birth that I wrote on my application form against any other data: they didn’t look at the existing license and go “wait, those two dates are different - that’s a bit curious, we should probably check that against, say, your passport and birth certificate”.

In addition, when I renewed my license, because of a medical condition I am legally obliged to disclose to the DVLA, they will have requested confidential health details from a hospital where I seek treatment to verify my fitness to drive. In the response sent back from the hospital, it will probably have had my actual date of birth, which will not match the one in their system. But obviously nobody checked that either.

The whole point of having credentials that expire is that when you renew them, you can ensure that all the details are still correct and to protect yourself against making mistakes the first time.

What possible harm could come from issuing documents with incorrect dates of birth? Well, obviously, people who are underage could use them to get served in bars or sneak into nightclubs or whatever. That’s a concern, but not a major one for me.

Here’s a much bigger concern.

When you put someone through a Disclosure and Barring Service (DBS) check—a criminal background check used to verify if someone might have committed offences that might make them unsuitable to work with children or vulnerable adults—you have to provide a variety of forms of ID. It is possible to go through a DBS check with the following documents:

  • a UK driving licence
  • a bank statement
  • a credit card statement

You can use a driving license to open the bank account and then get the credit card simply because of your good history of banking with the bank. The false information on the primary identity document transfers through the rest of the system.

This means that repeated failure by the DVLA to check primary identity documents on license renewals is a potential way that someone who wishes to evade a DBS check could construct a false identity.

It’s a minor inconvenience for me: I have to send my driving license back to them and fill out yet more bloody forms to tell them who I am. But a malicious actor could exploit it to evade scrutiny.

Here’s where it is even madder: the DVLA told me that it isn’t even a criminal offence to knowingly use a driving license with incorrect information on it to pass a test. I phoned them up and told them that the date on my driving license is wrong and they were just “meh, send it back sometime, no biggie”. Not “we’re going revoke that license right now and send you a new one with correct details”.

Government agencies not doing their job when it comes to the very basics of identity verification is a major concern when those primary identity documents are used as a primary marker of trust in an enormous number of interactions. The DVLA’s identity management processes are a bad joke. If they were running a nightclub using the same kind of ID management, they’d probably have been shut down by now.

Sir Roger Moore:

In a world with boundless opportunities for amusement, it’s detestable that anyone would choose to get thrills from killing others who ask for nothing from life but the chance to remain alive. The animals whose lives he has so cold-heartedly snuffed out have precisely the same capacity to feel pain and suffer as we do. All leave family members or mates behind when they’re killed, and none is exempt from grief.

Jane Goodall:

I have no words to express my repugnance.

TechCrunch's Gigster profile is proof tech journalists will believe just about anything

Read this if you want a giggle.

Got a startup idea? That and some cash is all you need to get a fully functional app built for you by Gigster. Launching today, Gigster is a full-service development shop, rather than a marketplace where you have to manage the talent you find.

Oh, you mean like hundreds of other software development companies?

Just go to Gigster’s site, instant message with a sales engineer, tell them what you want built, and in 10 minutes you get a guaranteed quote for what it will cost and how long it will take.

10 minutes for a fully estimated project plan: that’s the biggest load of bilge I’ve ever heard.

Once you get your project back, Gigster will even maintain the code, and you can pay to add upgrades or new features.

You bet. Can you get anyone else to add upgrades or features? Or do they have any IP interest or right of first refusal? Those sort of questions are things a journalist might ask. But, oh, this is tech journalism.

And “maintain”. Bit more detail required.

Gigster fixes [management issues] by assigning a project manager to handle 100 percent of the management of your developers and be your sole point of contact. If the project is behind schedule, Gigster just assigns more developers to it or fires under-performing ones so it gets done on time.

Yeah, let’s ignore that the Mythical Man Month problem is a thing. Chuck more developers at the problem! “Beatings will continue until morale improves” is not a good management philosophy.

I’m sure that when your motivation is “get this shit out the door and get cash money now” and your clients are the sort of idiots who believe that they can hire coders like they do Uber cabs, you’ll produce reliable, well-tested and secure code. Right? I mean, no motivation to cut corners or anything.

The Gigsters come from companies like Google or Stripe that are looking for some extra projects

I’m sure they don’t have any no-compete or employer-owns-all-employee-produced-IP constraints in their contracts. Should work out just fine, right up until the client finds out that Google or Facebook owns a whole bunch of their IP.

10 minutes for full project costings? Mythical Man Month solved? This snake oil sure is deee-licious.

The idea that a guy who has built a whole bunch of Facebook apps is going to wave a magic wand and make software development cheap, predictable and with the kind of modularity and simplicity of booking a cab is such a laughable notion that the only people I can see believing it are tech journalists.

Just reading about how “brain training” games like Lumosity seem kind of bullshity. But the exact flavour of bullshit that smart people will buy into, just like all that Singularity bollocks…


Please stop wishing hypothetical LGBT children on homophobes as "punishment"

I’m writing this because I’ve seen this shit far too often from people who ought to know better.

It would be really nice if “straight allies”, whether self-identifying or not, could stop with this nasty little trope of wishing gay children on homophobes. It has become a common enough joke: some self-righteous preacher or politician makes some cruel homophobic remark, or works to enact a piece of legislation that will disempower lesbian, gay, bi, trans or queer people in some way, and then a sassy commenter will joke about how it would be a hilarious bit of fate if one of said homophobe’s children to end up being L, G, B or T themselves. A gay son, a lesbian daughter: those would be be fitting punishment for such a ghastly person!

Yeah, hilarious.

Except it isn’t so hilarious when you actually think about it. If you asked the person making this joke whether they consider having a child who grows up to be LGBT to be worse than that child growing up to be heterosexual (and cisgender), they’d tell you that they value the two equally, even though their words could cause one to dispute this claim. Why is having a queer child such a punishment? Is their LGBTness some kind of moral stain that marks the child out?

No, no, no, they say, it’s not me who thinks it’s bad. But the homophobic person, they would think it is bad!

Perhaps what they are hoping is that the sudden plot development of the Rick Santorums or Maggie Gallaghers of the world finding out that one of their offspring is themselves LGBT is going to cause them to rethink their position, much as it did for Republican politicians like Rob Portman and Dick Cheney. Sure, that would be a nice result, but what seems to get forgotten is the kids themselves, the unconsenting means to the desired Damascene end.

The imagined gay son-of-a-homophobe imagined by irony-loving liberal commentators would be subject to an upbringing of unending terror for their entire childhood. (And, you know, kids being in an unsafe environment is something I think we can probably agree is bad.) Even the kids of lovely hippy liberals feel a whole lot of often unwarranted fear and shame about coming out, but if you grew up watching your father go on TV comparing gay people wanting to get married to advocacy of “man-on-dog” marriage? May as well make that closet door out of concrete.

The lives of gay children aren’t there to teach some moral lesson to the nasty homophobes of the world. Year after year of bullying, homophobia and fear is not a fair trade for some kind of “the universe is fucking with you” karmic justice for homophobes. And that’s presuming that it actually works: homophobes having gay kids won’t magically lead to some happy Oprah Winfrey redemption story where everyone comes out of it happy. That’s sappy daytime TV shit. Some of those homophobes aren’t going to feel shamed into not hating LGBT people because they happen to be related to one. They’ll just kick them out, disown them and treat them like shit, just as they do to all the other LGBT people they come across. There’s a reason why so many homeless teenagers are LGBT, especially in bastions of godliness like Utah.

But even if it did lead to some kind of conversion, that doesn’t justify the pain the kid will have gone through. Just consider the harm to the kid and weigh it up with the benefit of their parent not being homophobic any more: there’s a massive imbalanace of harm vs. good there, and the harm all goes to the hypothetical gay kid. All that fear and bullying and self-doubt (not to mention increased risk of self-harm and suicide) that the LGBT kid goes through by being born to parents ideologically committed to homophobia isn’t some kind of “trade” for the eventual reluctant acceptance by their parent. The hypothetical queer kid’s life story is—in this scenario—dictated by their reaction and resistance to the bigotry of their parents. Sorry, hypothetical queer kid, you don’t get a happy childhood, nor do you get your own life or ambitions, you have to exist to satisfy the desire for some poetic justice by a straight person with a rainbow flag avatar on Facebook.

The person invoking this nasty trope doesn’t care about the hypothetical queer child: they care about God, karma or Mother Nature or whoever using them as a way to get back at the homophobic baddie. The safety or best interests or wishes of the hypothetical queer child don’t matter, because said child is just an actor in a morality play. The fact that actual LGBT people would find the prospect of growing up as the gay child of some big-time homophobe to be utterly horrifying doesn’t matter, because their safety doesn’t matter. They are soldiers in the war, and if winning the war means losing some troops, well, you gotta break some eggs, right?

The gay-kid-as-comeuppance-for-homophobia trope is exceptionally sad because it casts the child into a drama not of their own making: their life doesn’t matter, their place in the grand historical psychodrama of whether or not their parent gets over their bullshit prejudices is what matters. For the whole history of representations of LGBT people, our existence has been less about defining our own stories, being the master of our own lives, telling our stories (albeit often through a queer lens), but has been about being the side plots, the amusing stereotypical fairy who does the straight protagonist’s hair and nails perfectly, the oddball who provides comic relief, the Village People cartoon rather than the complex and nuanced people that heterosexuals get to be in films and TV.

We’re either oversexed to the point of derangement or rendered in ascetic celibacy so as to not offend. We’re the people who get interrupted when the bumbling straight dude wanders into our bars where we gobble him up like a piranha, or the sassy queen able to dispatch flawless fashion advice to his rich straight girlfriends—we’re there to civilise straight people, whether by forcing them to confront their own prejudices or by fixing them up with an amazing manicure. We’re not there to actually be ourselves or to have struggles or romances or lives of our own, just to serve as a plot device in the service of the straight protagonist. Existing solely to serve as divine punishment for wrongdoing is an example of this.

Thanks to this morality tale trope, we get to serve a new and exciting role as clumsy moral example by being legally tortured by our parents for years in order to finally shame them them into reluctantly admitting that we are human beings. Yeah, that sounds like a life I’d actually want.

The hypothetical queer kids are not actual people in this story, they are a curse. When you use this trope, you kind of imply that we’re a curse too.