Andrew Breese

Musings of a professional geek

Neuromancer is 30 years old today

SoyletNews gave me a great tidbit of random trivia – the novel Neuromancer by William Gibson is 30 years old today. I remember reading this book when it came out and being totally dazzled by the concepts (don’t guess my age please, it’s not polite). Gibson wrote substance which resonated for decades, and is still pseduo-relevant even after so many other fantastic authors have launched further from his base.

Thank you Mr Gibson, the work is darn appreciated.

a bit more haiku malarkey

Here are a few more haiku, pondered while I was trundling home on the train. You sometimes go to strange places when you’re breaking the world into segments of 5-7-5. I’m not sure if there are also supposed to be titles for poems like this, so some have them and others do not.

Can I gantt this?

The office is calling
Tomorrow’s due date is past.
Deadlines are like that.

We’re always recruiting.

The office is calling
Your team is halved again.
We are here to help.

Am I a spy?

The office is calling
We know you are tired and cold.
You need to come in.


That isn’t English?
Tell me who understands you,
they’re a living saint.


Meeting tomorrow.
Work up to the 13th hour
And it’s a Friday


Servers down again.
Don’t they know it’s past midnight?
Let’s ring the PM.


Time scope cost mantra.
We meet to raise productivity.
Is that irony?


where did the time go?

You must record time,
Liar I don’t trust your times.
Are these bills correct?

Well folks seem to like (bad) PM haiku

I tweeted* a project management haiku recently and my twitter traffic went through the roof – well as through the roof as a change from zero tweets to one tweet can create. I think this is part of the reason why social media carries so much weight – it pays into the stimulation response we get from having something seen and quasi-appreciated.

Like a good doggie, I’ll do it again shortly and see if I get another biscuit**.

Lets not plan for giving up the project manager day job, as it would mean no more snarky tweets about being a PM and I’m under no illusion as to the amount of banter and wind already through into the digital wind

* I really dislike that word as a verb relating to posting content online. Birds should keep this word to themselves, and rise up in feathery rebellion against the human’s technology. Like a Planet of the Apes spoof where all they do is poop on our tablets and eat the phone lines. Rebellion! It is what it is, and the word won’t be changed till twitter dies.

** Yup, it’s Friday down here and I’m feeling tired and strange. Back to the geeky blog posts shortly.

a random haiku

I’m trying to …

A guessed budget
Scope is a little too large
What have we left now?

A bit of banter at work found that a few of us project managers like haiku. When done well (better than the above by half) they cam be a wonderful source of inspiration and calm. This one is a meant to be a bit of an odd riddle too, so try to guess what the title means in context with the haiku itself.

Yup, its a bit wanky.

Spoilers about the answer after the break.


Read more of this post

What are the eBay hack implications for ordinary people?

So eBay was hacked pretty badly (Soylent post, and eBay’s own announcement), which for the geeky type folk is interesting in terms of how they did it; but more importantly – every eBay user should take care and think about what they have shared with these companies.

The nature of the hack is typically complex, and the explanations of how are not really that relevant to every day users (I’m not being condescending by saying that, as I consider myself an end-user too). eBay has made a fair effort to give details recently, but can also be rightly questioned about how long the advice took to reach their customers. Rightly or wrongly it is around 2 months since the actual event, and that is a fairly long amount of time to wait to request password resets.

  • For users it means change your passwords now. Change them to something which is hard to guess; preferably a gibberish nonsensical combination of letters, numbers, and special characters.
  • Also change any passwords for services which you used with ebay too.
  • And please ensure the password is not the same as any other services you are using.
  • Consider using a password vault of some sort. It makes having all these different password easier, and also helps you when using multiple computers. Yes, it can be hacked too, but everything can be.

The reason for this is we don’t know what other attacks are being attempted, or what previous attacks might not have been understood well. PayPal is certainly a regular target for trouble too, so consider altering your credentials with them as well.

The tech jargon translates to mean that your password wasn’t easy to read, but it is only a matter of time until it is. Database encryption is a wonderful thing, but time and brute force will beat almost anything in use today; and by comparison the “safe”encryption methods of five or so years ago and now considered questionable.

Of the 140 million accounts compromised, wouldn’t you rather be one of the ones that isn’t open when the hackers decrypt all those old passwords?

Is this an alarmist approach?  We’ll no. This time resetting your credentials is the first step.

There are additional steps “normal” online users should do too:

  • Consider changing what personal information you are currently saving into and sharing with every online service (a.k.a. website). Each app, each URL, every vendor, all those games, and whatever Facebook widgets all collect information from you and you’re far better off if the collection of information out there is as vague as possible. I recently went through Facebook, eBay, paypal, and a few other services that I use and removed a lot of personal information. From now on they only get the minimum.
  • As part of that depersonalization, consider getting your orders delivered to a place which isn’t your home address. I often use my work address, as there will always be somebody there during postal delivery hours, but it also means that eBay and such have no idea of where I actually live.
  • Don’t trust your app vendors and more than you’d trust the guy at your local clothing store, cafe, or petrol station. Just like it is trivial for somebody working in the store to grab your card number, it is a lot harder but also a lot easier to do in huge quantities for online transactions. This means that while you’re generally more secure online for a single transaction, the methods of attack are far more complex and harder to understand.

Hope this was useful, and also wish the darn hackers would get into something a little less destructive and nasty. The skills to do some of this activity are significant, and there has to be a better way to gain money or notoriety.


Thwarting hackers with “honey encryption”?

A Boston Globe blog reported that a trickier approach to dealing with hackers might be a better approach. Essentially make the data messy and it will not be as desirable. It certainly sounds interesting as a concept. Brainiac wrote “rather than trying to block hackers, maybe it’s better to distract them.”

The approach is built into a new piece of software called Honey Encryption, created by Ari Juels and Thomas Ristenpart, and it works on a simple model. After hackers steal a trove of encrypted data, they hunker down to crack the code. It can take them thousands of tries before they’re able to guess the right cryptographic key, and Honey Encyyption makes them pay for each failed attempt.

Each time hackers enter the wrong password, Honey Encryption adds a piece of fake data to the dataset—by the time hackers finally get access to the data, it’s swimming with so many fake credit card numbers, for example, they’ll have no idea which ones are real.

Pardon? I think the readers might be missing a key aspect of the information here. This is a very specific circumstance and very unlikely frequency where this is plausible.

For this approach to work the “honey encryption” software needs to be running with the stolen data-set.  In fact it is unlikely that the data would be stolen at all, rather it is being attacked on it’s normal infrastructure. Frequently when data is stolen the database itself is extracted on mass; the encryption used on the information in the database is broken later. A hacker is not going to willingly run an application which does Honey Encryption on the data they are trying to hack. Is the assumption that the software for accessing the encrypted data is somehow packaged with the data in the DB? Huh? No! This means that for the times where the hack attempt is happening on the system live this approach might work, but otherwise it does not apply.

The same software could also alert very quickly to the admin teams that a potential attack is in progress too. This is the approach taken with the “honey words” concept, where a dataset is setup with a number of “deliberately bad” datasets for each user account so that when the hacker tries to decrypt the data an alert or action is triggered. That makes a heap of sense.

So this approach adds junk data into a live system to increase the ratio of bad data to good data for when it gets stolen? Yes, and as long as the good data is not altered by the “honey” then the end user is not affected, but the system owners can know of a potential exposure. Interesting.


How to almost sync with BitCasa mirrors

BitCasa is a free cloud backup tool, which has a basic mirroring function for files that you want to be automatically backed up into the cloud instead of scheduling a backup. I was looking for a replacement for SugarSync’s folder synchronisation feature, and BitCasa’s functions are close but not really there yet. It seems that they have a beta app which is based upon bittorrent, but again not for a live sync.

Aside – the BitCasa cloud solution is pretty neat. I’m impressed by what they offer and their price point. The paradigm that it uses is not an attached storage volume really, but more like an external drive which happens to be on a remote server. That drive is almost read-only to your machine, and certainly read only from any other machine that tries to access the files. It is cloud backup, not a sync service.

This is the scenario:

Initial setup was a folder on my laptop and desktop were set to always be kept in sync. This meant that files were always kept in reasonable sync, and I didn’t have to worry about manual copying or a scheduled copy which I might forget.

Now what I have is a folder on each location which are both copied up into BitCasa’s servers (yes, up into that fluffy white cloud of absolute trust). The difference is that each machine is used for slightly different things, so that what I do on the laptop generally isn’t used on the desktop. The sync is for emergencies, so it might work.

The trouble is that each machine uploads the selected mirrored folder into a separate space in that cloud, and the two areas are never sync’ed together. I’d love them to, but for the purposes of having my files backed up somewhere, this is enough.

When it comes to wanting to use one of the files which is on the other machine’s backup it needs to be copied back down to the new machine and stored. Just like an offsite solution, you don’t go editing the back-up tape. Now that I get the mindset, I don’t mind so much. If something exceptional happens in the file-sync space I’ll probably post it here, but till then BitCasa will get a bit of playing around.

Happy backups.

SugarSync goes paid only, darn it

SugarSync has cancelled their free offering, in a similar time frame to LogMeIn. Like LogMeIn the product itself was solid, and it was tempting to pickup a paid service for SugarSync. Unlike LogMeIn though the SugarSync people actually gave a fair warning for the product going to paid only, and offered a humungous discount for the people who are singing up. I reviewed and recommended SugarSync in Feb 2011 and liked their product all this time. Unfortunately the reason I use it is not something that allows me to generate extra income, so it is harder to justify signing up for.

The free equivalent I’ve started trialing is BitCasa. They offer the same sync-a-folder option between two computers which was the key feature I liked. BitCasa offers a staggered set of storage options, including an unlimited one, which I’d be tempted to see really how “unlimited” it was, given that these things usually have some sort of cap written into the fine print.

I’ll write up the impressions of BitCasa shortly. Secretly I’m hoping I can get a few folk on it too, and up my default free storage.

Goodbye LogMeIn, maybe Chrome can help?

LogMeIn are stopping their free product dead, effective now. As a user of the free version I’m affected, was unaware it was coming, but I’m not surprised. There are snarky posts and comments starting up all over, but on this choice I kind of agree with LogMeIn.

They’ve given away a reasonable product for free to a very large user base for around 10 years, and now they wish to be paid. There is a kind of grace period for the cutoff too, but that grace period is very short so won’t do much to dissuade the “freeloading” masses. As a freeloader I say meh. My usage was low and irregular enough that I’ll not be paying for the service, and that also means I am certainly not the type of user that LogMeIn wishes to continue to support for free. I’ve had a great run and it is time to cash up or leave.

It is a pity that the base cost is very high.  Superficially I think there is a lost opportunity for a pay-for-use option between the full yearly subscription and nothing. If it were more like a cup of coffee to use, and could be billed adhoc I’d give that some serious thought.


SO yeah – the “important changes” are that its no longer there. Surprise. I’m uninstalling as I type.

As an alternative I’m first going to look at what Google Chrome Remote Desktop can do, and perhaps even think about a VNC type solution. And there is also TeamViewer which a lot of the LMI ex-users are talking about.

The regular rate of subscription is discounted for now, perhaps as a gesture of encouragement.

They’ve not really informed anyone in advance, and perhaps that was the strategy. There was never going to be a good reaction from the free users on taking away the product. So perhaps they cut them off quickly in the hope that their need for the product is urgent enough that they are kind of forced to pay for the product even if it is just until they get a replacement. But then the subscription is annual, so they’re locking in for a while.

A Twittertape machine

We were blathering at work this morning about a machine to take a twitter feed and print it out like the old ticker-tape devices used in for stock market prices before computers took over. And like most crazy thoughts somebody has already built it, The Twittertape Machine. I want one.twittertape machine

%d bloggers like this: