James Galvin

Ubuntu have named their 8.04 release. This one will have Long Term Support, so you can expect to hear a lot about it, as it will be Ubuntu’s next big push and will be around for a long time. With that in mind, you might think they would put a bit of thought into the code name.

They could have chosen:

• Hearty Hamster
• Humble Horse
• Hefty Hippo (battling the temptation to opt for ‘Hungry’)
• Hostile Hyena
• Homnivorous Hummingbird

How great would it be tell people that you’re trying out a new home theater platform on Hefty? Everyone loves hippos and they tie nicely into the African theme. Hippos have great personality. Herons? They just stand there all day doing nothing! Who ever heard of a hardy heron? And as for HARDY??? What kind of signal are you sending to potential users who are contemplating a switch to Linux but worried about the steep learning curve. Next we’ll be seeing Impossible Iguana, Justforgetaboutit Jack-rabbit. Myself, I would have skipped the H entry altogether, given that we’ve already had a Hoary Hedgehog.

I heard good things about Facebook and its open API, supposedly a major step in the evolution of social networking and the internet, but to me it feels like we’re going backwards. As I decline my 4th invitation to install the latest “Brain-guzzling Shoggoths” app added by an enthusiastic new Facebook user, I’m reminded of the old days - periodically changing my email addresses in order to escape from the mailing list of some vague acquaintances and their chain letters/campaigns to put an end to the horrors of Bonsai Kitten. Some time in 2005, the internet heaved a collective sigh of relief when people finally got the message and stopped forwarding on those “>>> 30 reasons why Jesus was Irish” mass-emails, and yet here I am bombarding my contacts with an invitation to Warbook - a scaled-down clone of those old webgames that I stopped playing eight years ago. 1997 has come back to haunt us. All we’re missing is Longwave Radio Atlantic 252 grinding out Mmmbop on loop. Shudder…

“It’s all about communication and interaction - you can keep in touch like never before”, they say. In 1997, we used to idle on IRC channels, occasionally slapping someone with a trout. These days, nobody even takes the courtesy to use a trout anymore. The only reason IRC is dying out is because you can’t advertise on it. I could be immersed in World of Warcraft, or some expansive telnet-based MUD from the 90’s, but instead I’m playing Duck Hunt in the browser window beside my profile. We have so many options for organised discussions, from powerful forum software to IRC and the likes of Tangler, but here we are restricting ourselves to 400 pixels of HTML tucked nicely above a big flashing ad banner.

It makes me wonder, will the novelty wear off, or is this the future? Back in the “beforetime”, people would speculate about the newest superchair with built in microwave-slash-toilet that allowed a user to control his entire life from the comfort of the living room. Now, as long as he keeps his profile up to date, he doesn’t even need to be himself anymore. The internet is a big place with some great applications, and we are too content to sit on the sofa.

Perhaps I’m missing out on something big, but for me, Facebook has only one major attraction - the ability to find and get back in touch with your former next-door neighbour’s pet goldfish. But, aside from a few gimmicky applications, is this any different from BeBo and all the rest?

The web was a more interesting place in 1997, when we all tried our best to make those Geocities templates work. We collected brightly flashing animated gifs to decorate the page - yes, it was ugly, but at least we were putting some thought into it! Facebook says you no longer need to make that effort. You paint yourself blue and white and line up along the wall with your copy of Scrabulous like everyone else. All together now:

“This is my profile. There are many like it but this one is mine. My profile is my best friend. It is my life.”

The social networks help people find each other, but it is the internet that brings them together. In the future, as open standards are further developed and syndication improves, I hope that there can be some engine that will reunite you with all your buddies, without requiring you to sell your soul to an advertising machine. We should be branching out to use the best software that is available to us for each task, rather than settling for primitive technology simply because it’s where our friends are.

Saw this on boards.ie somewhere.

The question:

“Recent polls have shown a fifth of Americans can’t locate the US on world map. Why do you think this is?”

The answer:

It’s time to raise the bar in internet security, and this needs to start with the likes of Paypal. Since I began using the internet in 1996, it has been the same old story - plenty of advice about strong passwords and good security policies, but attitudes have still not changed. Good advice will get us nowhere - this was proven many times over, when the ILOVEYOU worm was followed up by Sircam and a thousand other bizarre email attachments that people insisted on opening.

Today I created a Paypal account for “casual” online sellers (there’s a pun in there somewhere but it is beyond my ability, unfortunately). Paypal requires a minimum of 8 characters in your password, and if you try to use “password” it replies: “Password contains a forbidden word”. This is a start, at least. So then instead, I use ‘qwertyui’. It is not difficult for a hacker to work off a list of the most common 8- or 9-letter passwords. How many Irish people do you think use ‘liverpool’ as their password? It might be safer to take the responsibility out of the user’s hands altogether, and force them to learn a random password, but that would most likely lead to sticky notes on the monitor.

A safer solution is to get people used to long pass phrases (15+ characters), with numbers, special characters, and letters in upper and lower case. If you make it difficult enough, then maybe they won’t be inclined to use the same password with every mickey mouse unencrypted database they sign up to, which can only be a good thing. I really don’t think Paypal are going to lose customers just by making it slightly harder to log in. Look at Bank of Ireland’s Banking 365, as an example: to log in, you need a seemingly random 6 digit user ID that nobody knows AND a 6 digit pin that nobody knows AND the answer to a security question that most people could find out. This is a major contrast to Paypal’s login: an email address that everyone knows, and potentially a weak password that most people could guess. And still you get groups of phishing victims who try to sue 365 Online for inadequate security.

Remember, this is not just some web forum or Wordpress blog you’re signing up to, it is more or less an online bank. You are leaving significant sums of money and your credit card details, flimsily protected by 8 letters. If I went through all the eBay sellers who were selling Liverpool merchandise, and attempted to log in to their Paypal using their email address and the password ‘liverpool’, how many accounts would I have access to?

As for the two security questions, here is a screenshot:

There is a serious oversight here. On one hand, Paypal give you two solid, difficult security questions that only you and your close family could answer (Last 4 characters of driver’s license and Last 4 digits of social security number), but then they undermine it with two questions so blindly obvious that you wonder why they bother with security questions at all? Which two security questions do you think the majority of the users are going to select? Definitely not the one that means they have to go rummaging for their driver’s license, and trying to remember their social security number.

I was never a fan of security questions anyway, simply because of the fact that anyone who knows me can find out the answer to just about any of them. I always lie, which kind of defeats the purpose. What about the people that don’t lie? How difficult would it be to log onto their Facebook and find out their dog’s name or city of birth? Why don’t Paypal just allow me to put in two secondary passwords, instead of answering dumb questions? Or why not allow me to define my own security questions, like some sites do? Better yet, why not get rid of security questions altogether - if you forget your password, you can phone up the support team, and they can ask you a bunch of security questions in the old fashioned way.

“But it doesn’t matter if they can answer my security questions, because they don’t have access to my email!” exclaims the Man in the Yellow Hat, giddily. I’m not the person to say how secure or insecure your email is, but from my days as a Linux sys admin, I did notice a couple of things:

• Do you send your password in plain text? If you’re not using SSL or TLS to connect POP3/IMAP server (most people are not), it could be painfully easy for someone on your network to get your password using a sniffer
• Is your DNS safe? I once emailed an Irish ISP and asked them to change the MX records for a decent sized domain - about 300 users actively using the email. They were very nice and friendly, and swiftly complied with my request, neglecting to ask for my credentials or a fax or phone call to verify the request. I was a new employee at the company and they had no way of knowing that I was authorised to make this change. I could have been anyone, and I could have configured my mail server to forward on all emails to the real mail server, so that the company would never even know they were being intercepted.

I’m sure there are hundreds of reasons not to trust in the security of your email account, but those are the two that taught me to take nothing for granted.

Any company that stores credit card information should be legally obliged to set a minimum security standard. I believe there are laws like this already in existence, does anyone have the details? I’m guessing they need to be either stepped up or actually enforced. It could be so easy to make a positive change in the general attitude, but as long as big sites like Paypal are happy with sub-par security policies, then we will always believe that typing more than 6 letters in a password is an unnecessary inconvenience.

I can’t believe I missed this a couple of weeks ago… QuakeCon is a major computer gaming event held anually in Texas since 1996. This year’s event had over 7,000 attendees, and dished out $100,000 in prize money.

What do you think of this:

To promote the event, the organisers posted some pictures from the previous year on their website. One of them showed idle.ee, the Estonian team who won Enemy Territory competition, on stage holding their cheque.

This caused a buzz on some of the gaming community sites (eSReality, xfire) for the wrong reasons. It turns out that someone, probably the QuakeCon webmaster, didn’t think that the original photo projected the right image for Quakecon:

Eventually, the Photoshopped image was removed from the front page, and the original was put in its place, without any explanation from the Quakecon staff. Apparently, the guy who was removed is a German Enemy Territory player called Urtier. I think he has a right to be fairly pissed off.

The Forrester has compiled a list of the 100 oldest .com domain names.

I have to apologise to the Cork football team for dismissing any chance of them reaching the final in this year’s championship. True, the route could have been more difficult, but as Dublin fans have often stressed in the past, you can only beat what’s in front of you. Now the big question is: would we prefer to meet Dublin or Kerry in the final?

Call of Duty 2 in the Office (U.S.):