And now, a break from your unscheduled programming
2008-04-11 22:06:00
Webcowgirl, while trying to take notes for a review of Wayne McGregor's "Random Dance", noted, with mild frustration, that she "couldn't find the words". As such, I've been deputised to attempt to review a dance performance, something of a first for this journal.
Indeed I suspect it would have been impossible to find the words in this piece; it's defined purely by numbers. It is, I suspect, somewhat rare in having as its ideal audience mathematicians with an appreciation for beauty.
The piece was mathematical, energetic, powerful, captivating, and frequently humorous. Some of the jokes are of extreme subtlety and there are small riddles and references scattered throughout the piece, some so subtle that, in a suitably Heisenbergian twist, they would probably vanish if studied too closely.
The piece starts with an early zootrope-style movie of a running dog; one of the first technical experiments to scientifically study the mathematical properties of animal movement. It's a clever reference, and a gentle introduction into what's to be expected later on.
The stage is framed by what appear to be airfoil-shaped screens on crane-like mounts; these simple levers are used to great effect throughout the piece as projection screens for abstract mathematics, probablities, the human form and the flight of birds. When they rise later in the piece they cast a knowing glance at the Angel of the North, one of the most acclaimed (not to mention both vast and controversial) pieces of industrial art in the UK. The music is varied, powerful; intially baroque and thumping electronic later as it evolves. The lighting is stunning and beautifully designed.
Of course I've not yet mentioned the dancers, and this is intentional. They are a part, the focus, of the piece, but they are far from being its entirety. They are, it must be said, of extreme skill and incredible physique and imagination. They are dressed extremly simply in close white vests and black briefs which allows them to strip down (wordplay intended) to their raw and efficient forms. They dance mathematically; not rigidly, but with the full flexibility of numbers at play, of geometric curves and the algorithms that determine the flight of birds (the sudden on-screen metamorphosis of a string of differential equations into a flock of birds later in the piece is a humorous confirmation of this analysis).
There is, it has to be said, a robotic aspect to the dance, but it is not so much the sharp angular movement of a pre-programmed machine so much as the tenative, reversing movements of a learning intelligent system, reminiscent of cybernetic experiments in which robots teach themselves to walk (and here, perhaps, to dance). The smoothness of the movements increases through the piece to a point of particular monchromatic humour, but the mathmatical or engineer's eye will spot patterns in the energy and action of each small dance action or entanglement, and there's a temptation to try and work out the numeric rules which seem to lurk just below the surface.
These rules later take centre stage when classic geometric figures are projected onto the floor, becoming part of the performance; the dancers move within them, interact with them, are covered in them, following for example the sequence of the Golden Spiral. The effect of a dancer writhing within the squaring-the circle problem, shading lines flowing across his body, is frankly mesmerising. And there's a definite erotic tone in there too; McGregor (and the dancers) are clearly not shy of near-sexual interactions between male dancers, transferring incredible energies.
A few more words can round out this report; but they are hard to place in grammatical context. It is abstract, theoretical, organic, mesmering; certainly collosally demanding of the dancers, but ultimately it is a unique, intense and numeric experience.
Indeed I suspect it would have been impossible to find the words in this piece; it's defined purely by numbers. It is, I suspect, somewhat rare in having as its ideal audience mathematicians with an appreciation for beauty.
The piece was mathematical, energetic, powerful, captivating, and frequently humorous. Some of the jokes are of extreme subtlety and there are small riddles and references scattered throughout the piece, some so subtle that, in a suitably Heisenbergian twist, they would probably vanish if studied too closely.
The piece starts with an early zootrope-style movie of a running dog; one of the first technical experiments to scientifically study the mathematical properties of animal movement. It's a clever reference, and a gentle introduction into what's to be expected later on.
The stage is framed by what appear to be airfoil-shaped screens on crane-like mounts; these simple levers are used to great effect throughout the piece as projection screens for abstract mathematics, probablities, the human form and the flight of birds. When they rise later in the piece they cast a knowing glance at the Angel of the North, one of the most acclaimed (not to mention both vast and controversial) pieces of industrial art in the UK. The music is varied, powerful; intially baroque and thumping electronic later as it evolves. The lighting is stunning and beautifully designed.
Of course I've not yet mentioned the dancers, and this is intentional. They are a part, the focus, of the piece, but they are far from being its entirety. They are, it must be said, of extreme skill and incredible physique and imagination. They are dressed extremly simply in close white vests and black briefs which allows them to strip down (wordplay intended) to their raw and efficient forms. They dance mathematically; not rigidly, but with the full flexibility of numbers at play, of geometric curves and the algorithms that determine the flight of birds (the sudden on-screen metamorphosis of a string of differential equations into a flock of birds later in the piece is a humorous confirmation of this analysis).
There is, it has to be said, a robotic aspect to the dance, but it is not so much the sharp angular movement of a pre-programmed machine so much as the tenative, reversing movements of a learning intelligent system, reminiscent of cybernetic experiments in which robots teach themselves to walk (and here, perhaps, to dance). The smoothness of the movements increases through the piece to a point of particular monchromatic humour, but the mathmatical or engineer's eye will spot patterns in the energy and action of each small dance action or entanglement, and there's a temptation to try and work out the numeric rules which seem to lurk just below the surface.
These rules later take centre stage when classic geometric figures are projected onto the floor, becoming part of the performance; the dancers move within them, interact with them, are covered in them, following for example the sequence of the Golden Spiral. The effect of a dancer writhing within the squaring-the circle problem, shading lines flowing across his body, is frankly mesmerising. And there's a definite erotic tone in there too; McGregor (and the dancers) are clearly not shy of near-sexual interactions between male dancers, transferring incredible energies.
A few more words can round out this report; but they are hard to place in grammatical context. It is abstract, theoretical, organic, mesmering; certainly collosally demanding of the dancers, but ultimately it is a unique, intense and numeric experience.
It's the security, stupid
2007-11-21 22:41:00
I've commented a few times on just how bad customer authentication is in the UK's banks, but hadn't got around to blogging about it. Now that the UK government's managed to achieve one of the greatest confidential leaks of modern history, it might be worth doing so.
So, for those outside the UK, or who might, for other reasons, not have heard about this story:
From http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm
Now, NI numbers (approximately equivalent to US Social Security numbers, although much less widely used or risky) are definitely sensitive data. Bank account numbers, while not an explicit risk by themselves, become a very useful target for identity theft when coupled with, for example, full names, dates of birth and addresses. The extra security information you tend to need are your Mother's maiden name and some sort of signature or PIN. Online and phone banking systems sometimes only ask you for two digits of passcode (sometimes from as few as four) to gain full access. And, to start a standing order, or direct debit, little more than the above data seems to be required.
There also seems to be an incredible superstition held by banks that your mother's maiden name and your date of birth (and sometimes place of birth) are mysterious and unknowable. One has to assume from this that banking security experts are lonely people whose friends never remember their birthdays, and to whom they never talk about themselves. In particular, none of them are amateur genealogists, as their insistence on making such family data dangerous to share is a downright nuisance to anyone wishing to trace their family tree.
These data are, frankly, not secure, and nor should they have to be. Part of the essence of a good password is that it is hard to guess. Another is that it can be changed when required. A third is that it has no external meaning. Personally fixed data like this are therefore about the worst things you can use as a password.
A signature's not much better, as the growth of chip-and-pin cards attest. They are (comparatively) easy to copy, and no-one ever really checks them anyway.
And these authenticators are only useful if they're fully checked anyway. Often enough banks staff and so on seem to assume that, if you ask for something belonging to someone, then you must be that person. Defence against social engineering is shoddy at best, and staff, if they follow procedures at all, just tend to go through the motions without understanding what they're doing or why they're doing it. There needs to be a wholesale revision of the methods of, and approach to, data security in this country.
But, as yet, the data that's escaped should not be enough to access bank accounts without either serious extra work, extremely braze social engineering, or guessing of passwords. As in, it's hard - not impossible.
Of course, since many people use their children's names or birthdates as passwords (remember War Games?), that may not be so difficult.
The highest risk at the moment seems to be that of extremely convincing phishing attacks. Currently my various banks authenticate emails by addressing them to my full real name, and including some part of my account number, or my postcode.
In fact I'd also expect an opportunist wave of unsophisticated "To protect your data after this leak" phishing - which doesn't even require the data to be in bad guys' hands.
But, do the bad guys have it? The police and government "reassure" us that "There is no evidence that this data has fallen into criminal hands". This is one of the most astounding pieces of weaselling that either party has ever acheived. One might also ask, since no-one knows where the data is (and recall that, even encrypted, it can be infinitely duplicated), what evidence there is that it has *not* fallen into criminal hands.
There's also considerable doubt about the security measures placed on the data - according to government sources it was "password protected but not encrypted" - which is complete nonsense, and therefore probably wrong. If the data is not encrypted, it should all be assumed to be in the wrong hands. If weak encryption was used, data criminals have large enough botnets of infected, hijacked machines to make short work of it. If strong encryption was used - and given the complete lack of other security considerations taken, this seems unlikely - then perhaps we are more justified in just crossing our fingers and hoping for the best.
And that's what most people seem to be doing anyway, taking the approach that "nothing bad will happen to them". This might be pure fatalism; it may be trust of government (and bank) weaselling, or it might just be a complete unawareness of what can be done - as noted above, most of this data cannot be changed. I suspect that, under these circumstances, I'd be strongly considering changing bank, or at least getting them to re-assign my account number - which would admittedly be a massive nuisance. We have to give our bank details to so many people that re-providing it would be as complex as changing address when moving house - more so in fact, as there would be no realistic possibility of assisted notification or redirection services without further compromising security.
So, for those outside the UK, or who might, for other reasons, not have heard about this story:
Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.
The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.
From http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm
Now, NI numbers (approximately equivalent to US Social Security numbers, although much less widely used or risky) are definitely sensitive data. Bank account numbers, while not an explicit risk by themselves, become a very useful target for identity theft when coupled with, for example, full names, dates of birth and addresses. The extra security information you tend to need are your Mother's maiden name and some sort of signature or PIN. Online and phone banking systems sometimes only ask you for two digits of passcode (sometimes from as few as four) to gain full access. And, to start a standing order, or direct debit, little more than the above data seems to be required.
There also seems to be an incredible superstition held by banks that your mother's maiden name and your date of birth (and sometimes place of birth) are mysterious and unknowable. One has to assume from this that banking security experts are lonely people whose friends never remember their birthdays, and to whom they never talk about themselves. In particular, none of them are amateur genealogists, as their insistence on making such family data dangerous to share is a downright nuisance to anyone wishing to trace their family tree.
These data are, frankly, not secure, and nor should they have to be. Part of the essence of a good password is that it is hard to guess. Another is that it can be changed when required. A third is that it has no external meaning. Personally fixed data like this are therefore about the worst things you can use as a password.
A signature's not much better, as the growth of chip-and-pin cards attest. They are (comparatively) easy to copy, and no-one ever really checks them anyway.
And these authenticators are only useful if they're fully checked anyway. Often enough banks staff and so on seem to assume that, if you ask for something belonging to someone, then you must be that person. Defence against social engineering is shoddy at best, and staff, if they follow procedures at all, just tend to go through the motions without understanding what they're doing or why they're doing it. There needs to be a wholesale revision of the methods of, and approach to, data security in this country.
But, as yet, the data that's escaped should not be enough to access bank accounts without either serious extra work, extremely braze social engineering, or guessing of passwords. As in, it's hard - not impossible.
Of course, since many people use their children's names or birthdates as passwords (remember War Games?), that may not be so difficult.
The highest risk at the moment seems to be that of extremely convincing phishing attacks. Currently my various banks authenticate emails by addressing them to my full real name, and including some part of my account number, or my postcode.
In fact I'd also expect an opportunist wave of unsophisticated "To protect your data after this leak" phishing - which doesn't even require the data to be in bad guys' hands.
But, do the bad guys have it? The police and government "reassure" us that "There is no evidence that this data has fallen into criminal hands". This is one of the most astounding pieces of weaselling that either party has ever acheived. One might also ask, since no-one knows where the data is (and recall that, even encrypted, it can be infinitely duplicated), what evidence there is that it has *not* fallen into criminal hands.
There's also considerable doubt about the security measures placed on the data - according to government sources it was "password protected but not encrypted" - which is complete nonsense, and therefore probably wrong. If the data is not encrypted, it should all be assumed to be in the wrong hands. If weak encryption was used, data criminals have large enough botnets of infected, hijacked machines to make short work of it. If strong encryption was used - and given the complete lack of other security considerations taken, this seems unlikely - then perhaps we are more justified in just crossing our fingers and hoping for the best.
And that's what most people seem to be doing anyway, taking the approach that "nothing bad will happen to them". This might be pure fatalism; it may be trust of government (and bank) weaselling, or it might just be a complete unawareness of what can be done - as noted above, most of this data cannot be changed. I suspect that, under these circumstances, I'd be strongly considering changing bank, or at least getting them to re-assign my account number - which would admittedly be a massive nuisance. We have to give our bank details to so many people that re-providing it would be as complex as changing address when moving house - more so in fact, as there would be no realistic possibility of assisted notification or redirection services without further compromising security.
A few comments for iPhone buyers
2007-11-10 10:22:00
1) If you want to transfer your number, ordering your PAC a week in advance would be a good idea. Apparently they last for 30 days anyway. Conversely, if you can't get the PAC before buying, you should be able to transfer your number up to 15 days after starting a new contract (I am told this but am not yet able to prove it).
2) You *can* pay cash for the iPhone, or at least they were allowing it last night.
3) You still have to go through a credit check for O2, which happens after you've bought the phone and while you're activating it via iTunes (for which you'll need address and bank info). What happens if you fail, I don't know.
4) The O2 data package is apparently *genuinely* unlimited, in that it does not have "fair use" limits. These were removed a couple of days before launch.
5) The bluetooth headset is not included. Apparently you can't use bluetooth keyboards with the phone either?
6) The audio jack socket is a standard 4-way (Left,Right, Microphone, Earth) 3.5 phono jack, but there's a thin collar / tube around the socket so you'll need an adaptor to use it with normal ear/headphones. There's an in-store choice of a 7quid Griffin adaptor that doesn't include a handsfree mic, or a 30-something quid one fron Shure that does. Or you can get isolating headphones with a built-in mic from v-moda, which seem decent. Oh, and the button on mic on this last apparently acts to pause music playback in *some* circumstances. There are volume control buttons on the phone itself.
7) Typing passwords (eg mail, WPA) into the device is a nuisance. The keyboard is tricky at first, has no caps-lock, and all passwords are typed in obscured, so you have to *really* concentrate.
8) Safari can crash (and it'll sync a crash report to your desktop to send to Apple), but is generally extremely stable and astoundingly usable.
9) The phone comes with a basic cloth-bag case; first thing I bought, besides the above mentioned headphones (my old isolator pair having fallen apart the day before) was a side-loading belt case and a screen guard. There are plenty of options for accessories at the Apple store.
10) EDGE data transfer really doesn't seem too bad, but then I'm used to an old GPRS? Treo.
11) I don't think you can use an iPhone as a datamodem for a laptop; I'm unlikely to need to try.
12) The email client is pretty good, and can read HTML emails and attached PDFs very smoothly. Mail on OSX however, with which it's supposed to sync, sucks compared to Thunderbird.
2) You *can* pay cash for the iPhone, or at least they were allowing it last night.
3) You still have to go through a credit check for O2, which happens after you've bought the phone and while you're activating it via iTunes (for which you'll need address and bank info). What happens if you fail, I don't know.
4) The O2 data package is apparently *genuinely* unlimited, in that it does not have "fair use" limits. These were removed a couple of days before launch.
5) The bluetooth headset is not included. Apparently you can't use bluetooth keyboards with the phone either?
6) The audio jack socket is a standard 4-way (Left,Right, Microphone, Earth) 3.5 phono jack, but there's a thin collar / tube around the socket so you'll need an adaptor to use it with normal ear/headphones. There's an in-store choice of a 7quid Griffin adaptor that doesn't include a handsfree mic, or a 30-something quid one fron Shure that does. Or you can get isolating headphones with a built-in mic from v-moda, which seem decent. Oh, and the button on mic on this last apparently acts to pause music playback in *some* circumstances. There are volume control buttons on the phone itself.
7) Typing passwords (eg mail, WPA) into the device is a nuisance. The keyboard is tricky at first, has no caps-lock, and all passwords are typed in obscured, so you have to *really* concentrate.
8) Safari can crash (and it'll sync a crash report to your desktop to send to Apple), but is generally extremely stable and astoundingly usable.
9) The phone comes with a basic cloth-bag case; first thing I bought, besides the above mentioned headphones (my old isolator pair having fallen apart the day before) was a side-loading belt case and a screen guard. There are plenty of options for accessories at the Apple store.
10) EDGE data transfer really doesn't seem too bad, but then I'm used to an old GPRS? Treo.
11) I don't think you can use an iPhone as a datamodem for a laptop; I'm unlikely to need to try.
12) The email client is pretty good, and can read HTML emails and attached PDFs very smoothly. Mail on OSX however, with which it's supposed to sync, sucks compared to Thunderbird.
Dear Apple...
2007-10-29 23:07:00
Now precisely what use is this to anyone? I can't back up my files in a usable fashion because I want my home directory to be secure? I have to log out to achieve even the monolithic protection of being able to restore my entire home directory in one lump? I don't log out; I lock my system and hibernate it; it's a single user system and the hibernation works extremely well.
And to add insult to injury, this is the error message I get *after* spending hours decrypting and re-encrypting my home folder, discovering backups were silently failing, and turning TimeMachine off and on again. The first time I tried this after upgrading from Tiger I was told that "Your home folder cannot be backed up as it was encrypted with a previous version of OS X. You will need to turn FileVault off and on again to enable Time Machine backups" (this is not verbatim, I didn't expect to need to screen grab it). And I get a little help dialogue (or possibly a link to a video, I don't recall now) showing me how to do this, and how to chose 128- or 256- bit security. Except that when you try and to that, it gives you no such choice, takes hours to de- and re-encrypt, and still doesn't let you back up anyway!
It would appear that the FileVault and TimeMachine teams at Apple are not on speaking terms, and that neither are giving correct information to the documentation team. This is shoddy, and the differing dialogues suggest that this is an incomplete feature that was rushed to release.
For now, I'll be sticking with Retrospect backup. That backs up what it claims, including FileVault folders, encrypts the backups on request, and restores properly. The interface isn't what you'd call user-friendly, but still it's a bit more friendly than a system that turns around and says "Oh, I didn't back any of your personal files up - didn't you guess?"
Blockery is theft!
2007-10-28 17:24:00
So, the background level of corporate / self-righteous complaint about ad-blocking software has boiled up again, to the extent that some webmasters, whether independent or corporate, are threatening to prevent site access to users who might be blocking adverts.
Now, this is one of those knee-jerk reactions that just opens up a whole world of dumb, for numerous reasons:
1) Many users are, rightly or wrongly, so morally opposed to on-line adverts that they will flatly refuse to click any ad links. Forcing them to view these just wastes your, or your advertising network's, bandwidth, and their time. Eventually you'll just push them away.
Why does this matter? Do you care about non-paying viewers? Well, this sector contains a significant proportion of technically savvy users and opinion-formers. Chances are, if your site has a community element, they may also be significant contributors there. You may, quite possibly, be pushing your best users away.
2) Some of these adverts are so intrusive as to severely degrade the user's experience of the site. Adverts that automatically play audio when you arrive on a page, for example, are going to send people straight away again - if they can hear them. In this case users may actually be doing you a favour by preventing these from blocking the audio and sticking with the site, rather than just turning tail. Office workers, who may well have a legitimate reason for visiting your site - say you're a technical review site or IT magazine - are not going to put up with sites that embarrass them at their desks.
3) Some adverts are actively harmful, and users are seeking to protect themselves and their systems by blocking them. These ads fall into two types.
Firstly, adverts that act as a conduit to install adware or other malware. I had something of a fight earlier today with a piece of in-page software that was determined to make me believe that my PC was infected with malware, and refused - for my own good - to let me navigate way from the invasive page. Now I'm sceptical at the best of times, and the fact I'm using a mac, not a PC, was a fairly conclusive giveaway. But, had I been on a PC, I'd have seen what appeared to be a popup from the system tray, followed by a number of system warning dialogs, and an automated scan starting. No doubt this would have then "found" something which would have required to me to install an application - possibly after payment - onto my system to "fix". What that app would have really done to my system I leave as an exercise to the reader. In any case, I think you'll agree that the advert was morally beyond the pale.
And this wasn't on a disreputable webpage either. It was on a respectable blog host who happen to use a (theoretically also reputable) third-party advertising supplier. This supplier, however, seems to be incapable or uninterested in maintaining their reputation and quality of their adverts, and so open a channel for disreputable advertisers to attack the end user. In most businesses, damaging your end-users or their property would be seen as a Bad Thing. I can only assume that adversing suppliers have some strange new business model in which this doesn't matter. Which, in turn, makes them, for all their vaunted professionalism, no better than spammers.
Secondly - damaging the end-user? How can an advert harm a *human*? We'll leave aside the case of bad, untested, forged or misprescribed drugs for the moment, and go for the direct approach. Some humans are very sensitive to flashing or flickering lights and colours, and to particular patterns of movement such as apparent fast or shaking movement. I'm mildly photosensitive - flashing lights at certain frequencies can give me a headache or, at worst, call me to gray out. And I'm not even particularly sensitive; I'm far from clinically epileptic. These ads could do some real damage to some people. The presumption of advertisers that allow this has to be that they simply don't care about human health.
4) If we now accept that some, if not all or most, users actually need to block some or all adverts, the policy of trying to "kill off" these users seems particularly foolish. But the dumb goes even further. It's at best hard to know if a user is blocking adverts, so the sites are either going to have to rely on fallible heuristics or sledgehammer tactics. One I've heard widely suggested is entirely blocking the Firefox browser from some sites, since it makes it moderately easy to block many forms of adverts. The problem is that Firefox is widely used by the technically savvy opinion makers who might buy your content or recommend your site - keep them away and you might as well just shoot yourself in the server rack. Ultimately, site owners are not going to be able to keep even the 'wrong' users away without a lot of collateral damage.
So, ad-blocking good, ad-blocker-blocking bad, right? So, where do the sites get their revenue if users aren't going to see the ads? Surely they'll all shut down, bankrupted by all those evil ad-blocking users, and won't that serve us all right?
Erm... No. Not unless the site owners have a complete failure of both intelligence and imagination - which is, admittedly, not unknown. Site owners, in conjunction with ad networks and users are, however, going to have to do some thinking - starting off, in the case of the ad networks, by policing their houses rather more carefully, and acting much more quickly against rogue, lying, or damaging adverts. Site owners need to recognise that they are a customer of their ad providers, and that they should not be making themselves look uncaring or foolish by accepting damaging adverts. Ad networks need to recognise that they, as businesses, have certain legal and moral responsibilities, and will also harm themselves if they fail to meet these. And users need to be involved in a trusting interaction with sites; if they are getting benefit from a site, then it is reasonable to expect them to give something in return. New income models may need to be found - pro accounts, paid features or non-invasive ads may be a couple of examples, but there's definitely room for some imagination here.
In the meantime, sites and ad networks need to stop trying to ram increasingly harmful, irritating and irrelevant adverts down their users' throats, and I thoroughly encourage site readers to contribute to this progression by actively blocking invasive material - ultimately it will be in everyone's best interests if we can all outgrow this ridiculous online advertising war.
Now, this is one of those knee-jerk reactions that just opens up a whole world of dumb, for numerous reasons:
1) Many users are, rightly or wrongly, so morally opposed to on-line adverts that they will flatly refuse to click any ad links. Forcing them to view these just wastes your, or your advertising network's, bandwidth, and their time. Eventually you'll just push them away.
Why does this matter? Do you care about non-paying viewers? Well, this sector contains a significant proportion of technically savvy users and opinion-formers. Chances are, if your site has a community element, they may also be significant contributors there. You may, quite possibly, be pushing your best users away.
2) Some of these adverts are so intrusive as to severely degrade the user's experience of the site. Adverts that automatically play audio when you arrive on a page, for example, are going to send people straight away again - if they can hear them. In this case users may actually be doing you a favour by preventing these from blocking the audio and sticking with the site, rather than just turning tail. Office workers, who may well have a legitimate reason for visiting your site - say you're a technical review site or IT magazine - are not going to put up with sites that embarrass them at their desks.
3) Some adverts are actively harmful, and users are seeking to protect themselves and their systems by blocking them. These ads fall into two types.
Firstly, adverts that act as a conduit to install adware or other malware. I had something of a fight earlier today with a piece of in-page software that was determined to make me believe that my PC was infected with malware, and refused - for my own good - to let me navigate way from the invasive page. Now I'm sceptical at the best of times, and the fact I'm using a mac, not a PC, was a fairly conclusive giveaway. But, had I been on a PC, I'd have seen what appeared to be a popup from the system tray, followed by a number of system warning dialogs, and an automated scan starting. No doubt this would have then "found" something which would have required to me to install an application - possibly after payment - onto my system to "fix". What that app would have really done to my system I leave as an exercise to the reader. In any case, I think you'll agree that the advert was morally beyond the pale.
And this wasn't on a disreputable webpage either. It was on a respectable blog host who happen to use a (theoretically also reputable) third-party advertising supplier. This supplier, however, seems to be incapable or uninterested in maintaining their reputation and quality of their adverts, and so open a channel for disreputable advertisers to attack the end user. In most businesses, damaging your end-users or their property would be seen as a Bad Thing. I can only assume that adversing suppliers have some strange new business model in which this doesn't matter. Which, in turn, makes them, for all their vaunted professionalism, no better than spammers.
Secondly - damaging the end-user? How can an advert harm a *human*? We'll leave aside the case of bad, untested, forged or misprescribed drugs for the moment, and go for the direct approach. Some humans are very sensitive to flashing or flickering lights and colours, and to particular patterns of movement such as apparent fast or shaking movement. I'm mildly photosensitive - flashing lights at certain frequencies can give me a headache or, at worst, call me to gray out. And I'm not even particularly sensitive; I'm far from clinically epileptic. These ads could do some real damage to some people. The presumption of advertisers that allow this has to be that they simply don't care about human health.
4) If we now accept that some, if not all or most, users actually need to block some or all adverts, the policy of trying to "kill off" these users seems particularly foolish. But the dumb goes even further. It's at best hard to know if a user is blocking adverts, so the sites are either going to have to rely on fallible heuristics or sledgehammer tactics. One I've heard widely suggested is entirely blocking the Firefox browser from some sites, since it makes it moderately easy to block many forms of adverts. The problem is that Firefox is widely used by the technically savvy opinion makers who might buy your content or recommend your site - keep them away and you might as well just shoot yourself in the server rack. Ultimately, site owners are not going to be able to keep even the 'wrong' users away without a lot of collateral damage.
So, ad-blocking good, ad-blocker-blocking bad, right? So, where do the sites get their revenue if users aren't going to see the ads? Surely they'll all shut down, bankrupted by all those evil ad-blocking users, and won't that serve us all right?
Erm... No. Not unless the site owners have a complete failure of both intelligence and imagination - which is, admittedly, not unknown. Site owners, in conjunction with ad networks and users are, however, going to have to do some thinking - starting off, in the case of the ad networks, by policing their houses rather more carefully, and acting much more quickly against rogue, lying, or damaging adverts. Site owners need to recognise that they are a customer of their ad providers, and that they should not be making themselves look uncaring or foolish by accepting damaging adverts. Ad networks need to recognise that they, as businesses, have certain legal and moral responsibilities, and will also harm themselves if they fail to meet these. And users need to be involved in a trusting interaction with sites; if they are getting benefit from a site, then it is reasonable to expect them to give something in return. New income models may need to be found - pro accounts, paid features or non-invasive ads may be a couple of examples, but there's definitely room for some imagination here.
In the meantime, sites and ad networks need to stop trying to ram increasingly harmful, irritating and irrelevant adverts down their users' throats, and I thoroughly encourage site readers to contribute to this progression by actively blocking invasive material - ultimately it will be in everyone's best interests if we can all outgrow this ridiculous online advertising war.
Installing PHP 5.3 on Mac OSX 10.4
2007-10-16 15:29:00
NOTE: This will not work on Leopard / 10.5 - the httpd on there runs as an x86_64 binary, and the instructions below create an i386 php5 build, which can't run as a shared module. Fink libraries do not yet appear to play nice with x86_64 builds of php5.
My current workaround is to rebuild apache from source as i386, with
PHP 5.3 appeared on snaps.php.net today, and one of the features therein is namespacing. Now I've been curious about namespacing for some time - my code's currently full of class prefix_classname{} declarations - so I thought I'd like to try it out.
Now, the first slightly trick issue here is that I use a MacBook Pro as my main dev system, and installing PHP on these systems from source is supposed to be a bit tricky - so I've been using Marc Liyanage's prebuilt packages for some time.
However, while installing from source is certainly non-trivial, it's not actually all that tricky.
I started off with Guillome Boudreau's installation guide, in combination with my own old install instructions and config statement. And a PHP 5.2 stable tarball, as I thought I'd try running a known-working codebase before diving into development code.
Note that I'm going to assume you have some basic experience unpacking tarballs and installing PHP on linux here, and am going to miss out some steps. If you don't, read my older post first.
First things to note - the package list I show in that old post simply doesn't work with fink's apt-get command line - most packages which would be something-dev on debian seem (corrections welcome) to be something-shlibs in fink. So, I started off with a reduced fink line of:
Now, that didn't entirely work - not surprising as there's a few server-specific paths in there. Also, some of the packages needed weren't installed yet. Saving you the gory details of all the iterations I went through, I also executed
I also admitted defeat on a few non-essential config options: --with-gettext (due to a complaint about a missing intl.h) and --with-pspell as I couldn't be bothered to install it (most browsers have spellchecking now anyway). Finally, the config script ran, but warned me:
so you could probably drop those too.
Then on compiling it, I got complaints about a syntax error in tidy.h, so I dropped the tidy extension too.
So, the config options I used in the end were:
This works, and compiles; running make test does throw up a few fails, but the result seems to install OK, and running phpinfo(), my unit test suite, and the code itself, seems to work quite happily.
As mentioned, the first run through of this was with 5.2; repeating the exercise with php5.3-200710161230 Just Worked.
At some point soon I'll start playing with the namespaces; however in the meantime I hope the above instructions help someone.
My current workaround is to rebuild apache from source as i386, with
./configure --enable-rewrite --enable-so - note that this means there will be 2 apache binaries in the system unless you configure to install over the one apple provides.
PHP 5.3 appeared on snaps.php.net today, and one of the features therein is namespacing. Now I've been curious about namespacing for some time - my code's currently full of class prefix_classname{} declarations - so I thought I'd like to try it out.
Now, the first slightly trick issue here is that I use a MacBook Pro as my main dev system, and installing PHP on these systems from source is supposed to be a bit tricky - so I've been using Marc Liyanage's prebuilt packages for some time.
However, while installing from source is certainly non-trivial, it's not actually all that tricky.
I started off with Guillome Boudreau's installation guide, in combination with my own old install instructions and config statement. And a PHP 5.2 stable tarball, as I thought I'd try running a known-working codebase before diving into development code.
Note that I'm going to assume you have some basic experience unpacking tarballs and installing PHP on linux here, and am going to miss out some steps. If you don't, read my older post first.
First things to note - the package list I show in that old post simply doesn't work with fink's apt-get command line - most packages which would be something-dev on debian seem (corrections welcome) to be something-shlibs in fink. So, I started off with a reduced fink line of:
sudo fink install libjpeg libtiff libpng3 libmcrypt ming flex, which all seemed happy, then tried the configure command I last used on my live server (ubuntu linux):
./configure --disable-cgi --disable-rpath --disable-debug --disable-magic-quotes --disable-posix --with-apxs2=/usr/bin/apxs2 --with-mysql=/usr --with-zlib --with-dbx --with-ctype --with-openssl --with-pcre-regex --with-gettext --with-mcrypt --with-mhash --with-iconv --with-gd --with-jpeg-dir --with-png-dir --with-zlib-dir --with-xpm-dir --with-ttf --with-xsl --with-tsrm-pthreads --with-tidy --with-freetype-dir --enable-gd-native-ttf --enable-calendar --enable-mbstring --enable-spl --enable-ftp --enable-bcmath --enable-sockets --enable-dom --enable-xml --enable-soap --enable-libxml --enable-session --enable-simplexml --enable-memory-limit --with-curl=/usr/ --with-curlwrappers --with-pspell --enable-pdo=shared --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-sqlite=shared --enable-exif
Now, that didn't entirely work - not surprising as there's a few server-specific paths in there. Also, some of the packages needed weren't installed yet. Saving you the gory details of all the iterations I went through, I also executed
sudo apt-get install freetype freetype-shlibs to try and solve a 'missing freetype.h' error (it didn't work, I've sacrificed freetype support for now), sudo apt-get install libmhash libmhash-shlibs to add the missing 'mhash', and sudo apt-get install mysql14-dev mysql14-shlibs for missing mysql client libs. I'd rather have installed mysql15-dev as those are mysql version 5.x, but the packages are missing in fink. It seems to work anyway.
I also admitted defeat on a few non-essential config options: --with-gettext (due to a complaint about a missing intl.h) and --with-pspell as I couldn't be bothered to install it (most browsers have spellchecking now anyway). Finally, the config script ran, but warned me:
Notice: Following unknown configure options were used:
--with-dbx
--with-ctype
--with-libjpeg=/sw
--with-libtiff=/sw
--with-libpng=/sw
--enable-memory-limit
so you could probably drop those too.
Then on compiling it, I got complaints about a syntax error in tidy.h, so I dropped the tidy extension too.
So, the config options I used in the end were:
./configure --disable-cgi --disable-rpath --disable-debug --disable-magic-quotes --disable-posix --with-apxs --with-mysql=/sw --with-zlib --with-dbx --with-ctype --with-openssl --with-pcre-regex --with-mcrypt=/sw --with-mhash=/sw --with-iconv --with-gd --enable-gd-native-ttf --with-libjpeg=/sw --with-libtiff=/sw --with-libpng=/sw --with-jpeg-dir=/sw --with-png-dir=/sw --with-zlib-dir --with-xpm-dir --with-ttf --with-xsl --with-tsrm-pthreads --enable-gd-native-ttf --enable-calendar --enable-mbstring --enable-spl --enable-ftp --enable-bcmath --enable-sockets --enable-dom --enable-xml --enable-soap --enable-libxml --enable-session --enable-simplexml --enable-memory-limit --with-curl=/usr/ --with-curlwrappers --with-pdo-mysql=/sw --with-pdo-sqlite --with-sqlite=shared --enable-exif
This works, and compiles; running make test does throw up a few fails, but the result seems to install OK, and running phpinfo(), my unit test suite, and the code itself, seems to work quite happily.
As mentioned, the first run through of this was with 5.2; repeating the exercise with php5.3-200710161230 Just Worked.
At some point soon I'll start playing with the namespaces; however in the meantime I hope the above instructions help someone.
State of play
2007-10-15 23:07:00
So, I've fixed the RSS feed on phase.org, taking the chance to play with some PHP DOM code. The feed's actually built up as DOM operations - probably overkill for RSS, but an interesting exercise, and it should mean I can't somehow create a badly-formed feed. Although, as the post itself is encoded as CDATA, I'm not quite sure what'd happen if I tried to include the CDATA escape sequence. No, I'm not gonna try it now, it's late.
Why fix the feed now? Because Nigel James has come up with the great idea of aggregating the blog feeds from PHP-London members, and he was going to include mine 'til I broke the feed. Plus, my imagination has just been fired up by recently attending FOWA, *and* I've just got a new job, *and* I've got two weeks off, *and* I've been promising for far too long that I'd actually start blogging again. I've also been meaning to put some social and political content on here too (much as many other tech bloggers do) and Ming Campbell's resignation tonight provides as good a start point as any. Oh, and the revelation that people think I might actually be saying stuff worth following is useful too...
Why fix the feed now? Because Nigel James has come up with the great idea of aggregating the blog feeds from PHP-London members, and he was going to include mine 'til I broke the feed. Plus, my imagination has just been fired up by recently attending FOWA, *and* I've just got a new job, *and* I've got two weeks off, *and* I've been promising for far too long that I'd actually start blogging again. I've also been meaning to put some social and political content on here too (much as many other tech bloggers do) and Ming Campbell's resignation tonight provides as good a start point as any. Oh, and the revelation that people think I might actually be saying stuff worth following is useful too...
Trivial SSH tunnel
2007-10-10 09:52:00
Since the syntax for ssh tunnels is plain weird, and all the online examples are pretty much as impenetrable (generally assuming you want to route things via at least one third-party server), here's the basic syntax:
ssh -l routingUsername -L localhostPort:destinationServer:destinationPort -N routingServer &
Note that routingServer can be the same as destinationServer but is required! -N means don't open a shell, just build the tunnel, and the & is to background it as it naturally stays in the foreground.
eg, if your ISP is blocking port 25 outgoing, use:
ssh -l myusername -L 2525:my.remoteserver.com:25 -N my.remoteserver.com
and connect to port 25 locally.
ssh -l routingUsername -L localhostPort:destinationServer:destinationPort -N routingServer &
Note that routingServer can be the same as destinationServer but is required! -N means don't open a shell, just build the tunnel, and the & is to background it as it naturally stays in the foreground.
eg, if your ISP is blocking port 25 outgoing, use:
ssh -l myusername -L 2525:my.remoteserver.com:25 -N my.remoteserver.com
and connect to port 25 locally.
FoWA show report - the talks
2007-10-05 13:01:00
For references to sites mentioned below, visit http://del.icio.us/wechsler/seenAtFowa
Over the last couple days I've been at the Future of Web Apps expo, held in Excel, London. This proved to be an extremely interesting and rewarding experience, if exhausting.
The show was structured as multiple tracks alongside an expo floor of (probably) about 20 stands. I spent most of my time in the 'Developer' track talks, in a room with a capacity of about 1200. The speakers I saw were universally of high quality and were generally world-class 'names' or experts in their field.
One thing that was striking in the talks (and in many of the stalls, I think I spoke to about 90% of them) was the strength of certain common threads:
- Interoperability & APIs
- Identity & privacy
- XaaS (Xtuff as a service)
- Taking the web offline
The core philosophy of the modern web has been described as "Small pieces, loosely coupled". In fact, the size of the pieces seems comparatively unimportant, but the coupling or interoperability is critical - web sites and services can no longer operate as islands.
For most people, the web serves primarly as a platform for interpersonal contact - not merely in the form of email, but in the newer technologies of blogging and instant messaging (and their hybrids of microblogging and moblogging) and in community sites such as facebook.
Supporting this, the assertion was also made that every site should have a community element - something that gives people a sense of belonging, a reason to stick around, and a personal investment in the site or product. Otherwise sites can be little more than posters on the wall, providing sterile information and nothing more. Even the 'online office tools' (such as Google Documents and Calendar, Zoho and Slideshare) which might seem to provide a counterpart to this assertion exist not merely as an alternative to desktop apps, but primarily to share documents and collaborate in their creation. This is taken a level further by direct collaboration apps such as Huddle, Webex, Thinkfold and yuuguu.
The primary goal then of these contact and community applications is information sharing. The critical question for each application is then what information to share with whom. An added level of complexity is then found in the problem of identifying user without requiring them to have a login on each individual site.
For example, when it comes to IM, a user may have an account on Skype, Yahoo! IM, Gtalk, ICQ, Jabber, AIM, Pownce, Jaiku, MSN messenger, Gadu-Gadu, MySpace IM, Groupwise, and Zephyr, to name but a sample of the more focussed IM products. Then you can add SMS, Email, Twitter, Pathable, Second Life in-world messaging, MySay, and internal messaging systems on any number of non-interoperable websites - without even getting into various forms of blogging which are often used as a group notification system.
(It may be appropriate here to stop and explain microblogging and moblogging. Microblogging consists of systems that are designed not for screeds of content such as this, but for short, transient messages which may be low-content, low value and/or have a limited lifetime of relevance. Moblogging is any form of blogging from a mobile, but tends to mainly be, due to device limitations, microblogging).
One solution to part of this is that provided by meecard or {mental blank here} - services which combine many of (but rarely all) of your IMs and/or IM identities in one place. Another is desktop clients such as Adium or Trillian which support (with greater or lesser tolerance by system operators) multiple IM protocols. However, these systems are essentially a domain-specific hack and do not solve the multiple password / multiple identity issue.
The management of inter-system message transmission can be provided by common APIs or micorformat data interactions, but this rapidly runs into the larger problem of multiple identity and remote authorisation. As ever, there are numerous (non-interoperable) solutions including openID, Oauth, BBAuth (from Yahoo) and Google Account Authorisation, which generally serve to remove the multiple password problem by asking one (central) web site to confirm a site vistor's identity; the user will generally then have to be logged into that central site.
The problem of authorisation is distinct from identity but often closely coupled; for the moment it is probably enough to define it as 'enabling one system to understand from another whether the user of the first system wishes to allow a user of the second system to access or modify information related to the first user, by means of identifying the second user in some way meaningful to the first system and then mapping permissions onto that second user'. Which is admittedly one hell of a mouthful, but far simpler than sinking into the minutiae.
One of the most evident cases where remote authorisation is critical lies with geolocation apps such as Plazes, Dopplr and Yahoo!s FireEagle (and possibly twitter). These serve to integrate a person's current location as a factor in service provision to provide services such as 'find a local shop' or 'find nearby friends'. Sharing with the world, for example, the fact that you've just travelled from your home to an airport, is unsafe. These data can easily be used for criminal purposes, so it is critical to be able to use a trusted location broker service which can then identify who you want to share this information with.
Leaving aside the identity issue, geodata also provides a clear use-case for cross-site data gathering, colloquially known as 'mashups'. Imagine you've an account with the FireEagle location brokerage service, and you want a map to the local non-corporate coffee house. This is generally one of those over-excited future predictions that never seem to come true, but it is actually now possible in certain situations. The method might be as follows:
Your cellphone notifies FireEagle directly of the cell ID it has just entered. Plazes corroborates this with the registered location of an open wireless network it has just passed through. You ask your mashup server for the route; it then authenticates with FireEagle for permission to know your location, possibly converting to a postcode via a third party. This data is then exchanged with a site such as delocator, which provides the locations of possible destinations. The source and destination data can then be sent to, for example, google maps, which then returns a graphical representation of your route to your smartphone.
As a possible extension, Plazes also notices that one of your friends is near to one of the cafes, by authenticating your identity and theirs, and then verifying that you each allow the other to know your position; it then informs you of this to help you make your choice. For extra points, it allows you to invite all your friends in a mile radius to join you.
This is clearly a complex operation, and relies on a number of other companies proving information and services far better and more cheaply than you could do yourself, and therefore involves much use of Xaas - Stuff as a Service, where Stuff may be authentication, identity ownership, information, location, or the hosting or software used by all parties involved. Delocator probably don't run and host their own servers. Plazes don't go out and make maps. Yahoo! didn't write the webservers they use. Each party in the pattern uses the others, and some not considered, as services, to make use of their expertise and economies of scale.
The remaining factor is that of 'taking the web offline'. With current technology, the above web app/mashup will only work while the smartphone's browser is connected to the web - once the user goes offline, even past searches and information will be lost. Two (at least) new technologies can tackle this, by allowing the service to work (albeit without new data) while the device cannot connect to the network, by providing local data storage and processing. A more evident application of this would be a webmail client which continues to work with downloaded emails while disconnected, allowing the user to read and reply to all existing mails, and can synchronise incoming and outgoing messages once the connection is returned. These technologies are Google Gears, which works inside the browser to provide local processing and storage, and adobe AIR, which allows html/css/js bundles to run as stand-alone apps.
Over the last couple days I've been at the Future of Web Apps expo, held in Excel, London. This proved to be an extremely interesting and rewarding experience, if exhausting.
The show was structured as multiple tracks alongside an expo floor of (probably) about 20 stands. I spent most of my time in the 'Developer' track talks, in a room with a capacity of about 1200. The speakers I saw were universally of high quality and were generally world-class 'names' or experts in their field.
One thing that was striking in the talks (and in many of the stalls, I think I spoke to about 90% of them) was the strength of certain common threads:
- Interoperability & APIs
- Identity & privacy
- XaaS (Xtuff as a service)
- Taking the web offline
The core philosophy of the modern web has been described as "Small pieces, loosely coupled". In fact, the size of the pieces seems comparatively unimportant, but the coupling or interoperability is critical - web sites and services can no longer operate as islands.
For most people, the web serves primarly as a platform for interpersonal contact - not merely in the form of email, but in the newer technologies of blogging and instant messaging (and their hybrids of microblogging and moblogging) and in community sites such as facebook.
Supporting this, the assertion was also made that every site should have a community element - something that gives people a sense of belonging, a reason to stick around, and a personal investment in the site or product. Otherwise sites can be little more than posters on the wall, providing sterile information and nothing more. Even the 'online office tools' (such as Google Documents and Calendar, Zoho and Slideshare) which might seem to provide a counterpart to this assertion exist not merely as an alternative to desktop apps, but primarily to share documents and collaborate in their creation. This is taken a level further by direct collaboration apps such as Huddle, Webex, Thinkfold and yuuguu.
The primary goal then of these contact and community applications is information sharing. The critical question for each application is then what information to share with whom. An added level of complexity is then found in the problem of identifying user without requiring them to have a login on each individual site.
For example, when it comes to IM, a user may have an account on Skype, Yahoo! IM, Gtalk, ICQ, Jabber, AIM, Pownce, Jaiku, MSN messenger, Gadu-Gadu, MySpace IM, Groupwise, and Zephyr, to name but a sample of the more focussed IM products. Then you can add SMS, Email, Twitter, Pathable, Second Life in-world messaging, MySay, and internal messaging systems on any number of non-interoperable websites - without even getting into various forms of blogging which are often used as a group notification system.
(It may be appropriate here to stop and explain microblogging and moblogging. Microblogging consists of systems that are designed not for screeds of content such as this, but for short, transient messages which may be low-content, low value and/or have a limited lifetime of relevance. Moblogging is any form of blogging from a mobile, but tends to mainly be, due to device limitations, microblogging).
One solution to part of this is that provided by meecard or {mental blank here} - services which combine many of (but rarely all) of your IMs and/or IM identities in one place. Another is desktop clients such as Adium or Trillian which support (with greater or lesser tolerance by system operators) multiple IM protocols. However, these systems are essentially a domain-specific hack and do not solve the multiple password / multiple identity issue.
The management of inter-system message transmission can be provided by common APIs or micorformat data interactions, but this rapidly runs into the larger problem of multiple identity and remote authorisation. As ever, there are numerous (non-interoperable) solutions including openID, Oauth, BBAuth (from Yahoo) and Google Account Authorisation, which generally serve to remove the multiple password problem by asking one (central) web site to confirm a site vistor's identity; the user will generally then have to be logged into that central site.
The problem of authorisation is distinct from identity but often closely coupled; for the moment it is probably enough to define it as 'enabling one system to understand from another whether the user of the first system wishes to allow a user of the second system to access or modify information related to the first user, by means of identifying the second user in some way meaningful to the first system and then mapping permissions onto that second user'. Which is admittedly one hell of a mouthful, but far simpler than sinking into the minutiae.
One of the most evident cases where remote authorisation is critical lies with geolocation apps such as Plazes, Dopplr and Yahoo!s FireEagle (and possibly twitter). These serve to integrate a person's current location as a factor in service provision to provide services such as 'find a local shop' or 'find nearby friends'. Sharing with the world, for example, the fact that you've just travelled from your home to an airport, is unsafe. These data can easily be used for criminal purposes, so it is critical to be able to use a trusted location broker service which can then identify who you want to share this information with.
Leaving aside the identity issue, geodata also provides a clear use-case for cross-site data gathering, colloquially known as 'mashups'. Imagine you've an account with the FireEagle location brokerage service, and you want a map to the local non-corporate coffee house. This is generally one of those over-excited future predictions that never seem to come true, but it is actually now possible in certain situations. The method might be as follows:
Your cellphone notifies FireEagle directly of the cell ID it has just entered. Plazes corroborates this with the registered location of an open wireless network it has just passed through. You ask your mashup server for the route; it then authenticates with FireEagle for permission to know your location, possibly converting to a postcode via a third party. This data is then exchanged with a site such as delocator, which provides the locations of possible destinations. The source and destination data can then be sent to, for example, google maps, which then returns a graphical representation of your route to your smartphone.
As a possible extension, Plazes also notices that one of your friends is near to one of the cafes, by authenticating your identity and theirs, and then verifying that you each allow the other to know your position; it then informs you of this to help you make your choice. For extra points, it allows you to invite all your friends in a mile radius to join you.
This is clearly a complex operation, and relies on a number of other companies proving information and services far better and more cheaply than you could do yourself, and therefore involves much use of Xaas - Stuff as a Service, where Stuff may be authentication, identity ownership, information, location, or the hosting or software used by all parties involved. Delocator probably don't run and host their own servers. Plazes don't go out and make maps. Yahoo! didn't write the webservers they use. Each party in the pattern uses the others, and some not considered, as services, to make use of their expertise and economies of scale.
The remaining factor is that of 'taking the web offline'. With current technology, the above web app/mashup will only work while the smartphone's browser is connected to the web - once the user goes offline, even past searches and information will be lost. Two (at least) new technologies can tackle this, by allowing the service to work (albeit without new data) while the device cannot connect to the network, by providing local data storage and processing. A more evident application of this would be a webmail client which continues to work with downloaded emails while disconnected, allowing the user to read and reply to all existing mails, and can synchronise incoming and outgoing messages once the connection is returned. These technologies are Google Gears, which works inside the browser to provide local processing and storage, and adobe AIR, which allows html/css/js bundles to run as stand-alone apps.
Page element function adminlink not loaded
Navigation
Standards
Contact
Comments and queries welcome - feel free to mail me!
Contribute
Page element function codebaseversion not loaded