My Yahoo account dominic_sayers@yahoo.co.uk seems to have sent out some spam emails today and also on 15th March and 7th March. Sorry if you got one. I’ve never knowingly sent an email from this account, it’s purely for Flickr access.
I exaggerate. I’m not really going to tell you my password but I am going to tell you roughly how I created it. You may find it useful when thinking about your own passwords.
Over the years I got into the habit of using the same weakish password for every website I registered on. This was OK for a while then one of the sites I use got its password hashes published and within a few days they were cracked and my password was there for all to see.
I decided to do the sensible thing and create a strong, unique password for each site I use. The two problems I had are the same as everyone else:
The second design goal was the one which made my approach slightly different to other ones you see around.
Here’s how I make my passwords:
The characters I have available on my Android phone are the lowercase letters a-z and the punctuation keys “,”, “.” and space. Your phone may be different.
Here are the components of my password:
An example. Let’s say I’m signing up to Facebook with the email address dominic@sayers.cc
My password would be fart fcbk ae.. ,,
It’s made up as follows
So my password is 17 characters long: not perfect but strong enough for today’s brute force attacks. It uses all the keyspace available without fiddling around on my phone’s keyboard. It’s unique for every account on every website (barring coincidences). It’s easy to remember.
You can obviously vary these elements considerably to suit yourself. For instance you could use the last four letters in the website’s name, maybe reversed or something. Rearrange the elements I’ve used.
This isn’t my actual algorithm, by the way. Just a little bit like it.
Notes:
Assuming Andrew Strauss resigns the captaincy after the current Test and chooses not to tour this winter, my team for the first Test in Ahmedabad in November would be as follows:
1. Alastair Cook*
2. Joe Root
3. Jonathan Trott
4. Ian Bell
5. James Taylor
6. Jonny Bairstow
7. Matt Prior†
8. Stuart Broad
9. Graeme Swann
10. James Anderson
11. Steven Finn
And the rest of the first-class squad:
12. James Tredwell
13. Graham Onions
14. Eoin Morgan
15. Tim Bresnan
Not 100% fit (mentally or physically) so not included: Ravi Bopara, Chris Tremlett
Unlucky: Monty Panesar, Chris Woakes, Samit Patel, Nick Compton
A bit boring and predictable for me, but I think that’s a testament to the good stuff coming from Andy Flower and Geoff Miller.
I’ve been asked a few times recently for general advice about getting a new business or project online. Here’s the skinny.
Any new business or project is going to need an online presence. So you just need to go and register a domain with GoDaddy, right? Stop! First read this handy guide to how to get it right.
You need three basic things
When you register a domain name, the registrar will want to do all these things for you. That way they get to keep all your money. But there are good reasons for keeping everything separate. Now read on…
It’s fun choosing your name, but it’s not easy these days because all the good ones have already been taken. Here’s some things to consider that you might not have thought of:
You need to tell the gods of the internet that you have chosen your name. You do this through a registrar. Many companies will act as a registrar for you because it’s money for old rope. They will also offer you other services like hosting and email. Here’s why you shouldn’t use the same company for everything.
Your domain names are your branding (and your trademark if you register it). It’s your identity and you should keep tight control of it. If you were a big company then your domain names would be under the control of your legal or marketing department, not your techies. If you outsource your web development, for example, you don’t want the developers owning your brand – what if you fall out with them?
So register the domain names yourself, but don’t buy any other services from the registrar. Keep the credentials for your account at the registrar very safe. Nobody else needs to know them except you. Ever. If they say they do then they are trying to rip you off.
My recommended registrar: Gandi. Many countries have appalling internet legislation that compels internet service providers to pull your domain on the say-so of law enforcement agencies. France, where Gandi are domiciled, is no exception. But Gandi at least have a policy of pushing back when asked to do something that is not in the customer’s interest. GoDaddy, on the other hand, are happy to hand over your data and your domain to the US security services at the request of a junior officer.
You’ll also need to register a Twitter handle. To do this you’ll need an email address, so let’s defer this until we’ve got our domain email services working. Registering a Twitter handle is easy: you’re just creating a Twitter account in the normal way.
It’s no good having a domain name unless you use it for something. Here’s some of the services you might use it for:
As it stands we’ve got a domain name (good) and email addresses like phil@yourdomain.com.test-google-a.com (bleugh!) and maybe a website at http://yourdomain.herokuapp.com (yuk!)
This isn’t what we want. We want emails like phil@yourdomain.com and our website to be at http://yourdomain.com – how do we do this?
The thing we need is the Domain Name System (DNS). Your domain has name servers. These servers tell the internet where your own services are located. It’s a bit of internet plumbing that we need to use to tie it all together. Bear with me, it’s not that hard.
I recommend using Cloudflare for your name servers. They are specialists at this and they do a free account that gives you all your basic needs, plus a lot of extra value on top. The Cloudflare account setup gives you all the help you need to get your services running on the right domain names.
When you’ve been through the Cloudflare setup you’ll understand it a lot more. But the basic steps are:
The last step is what achieves the important separation of responsibility between your registrar and your other service providers. It gives you the freedom to choose the best-of-breed hosting provider, email provider and DNS provider. You don’t have to be tied to your registrar for these services any more.
If you’re using Google Apps, the final step is to verify to Google that you own the domain. Google Apps setup will help you through this, but it’s very easy with Cloudflare to set up a TXT record containing information provided by Google. You’ll see what I mean when you try it.
Comments and suggestions appreciated.
Hyperlinks don’t have sell-by dates. Stale hyperlinks are a Bad Thing. A company that chooses to break hundreds of links to content that people found valuable is behaving very badly indeed.
I started using Flickr before they officially launched and I got my first Flickr Pro account in 2004 as a reward for testing their site. I’m still a customer today.
Dave Gorman has brought to light an issue that has existed without my knowing it since the US Digital Millennium Copyright Act came into force in 2009. Non-US users whose content is the subject of a DMCA takedown notice get their photos removed. For ever.
The most recent Internet Archive record of Dave Gorman’s original page is here:
Sadly, this is what it now looks like.
Dave Gorman successfully appealed the takedown and Flickr graciously allowed him to repost his photo. But the URL has changed. All the inbound links are now broken and the comments now go back to March 2012 instead of January 2006.
Flickr doesn’t work like this for US users. They get their photos restored as they were before (so Flickr can do this if they want to). They are choosing not to do so for me and all other non-US users, and as far as I can see they are not explaining why.
So goodbye Flickr after 8 years. I won’t delete my account because that would break all the links to my photos, but I will stop being a customer. My new photos, and my money, will go elsewhere.
Harriet bloody Harman made me write to my MP, Jim Fizpatrick, today. FWIW.
Dear Mr Fitzpatrick,
Given your comfortable majority I doubt you’ll be too worried at the loss of one vote, but can I briefly give you my reasons why I, as a lifelong Labour voter, could not vote for you at the last election and will not be able to do so next time either?
I was never too worried about civil liberties until a few years ago. I’d actually be happy if there was a national identity card, for instance. I don’t think I’m a paranoid libertarian nutter (fingers crossed). But I was dismayed by a number of measures introduced by the last Labour government starting in the climate of fear whipped up after the major terrorist incidents of 2001 and 2005.
Successive Labour Home Secretaries seemed to want to prove themselves more macho than their predecessor, and more tough on crime (rather than its causes) than the Opposition. Police were given more powers and used them to kettle protestors and prevent photography in public places. The UK acquiesced in the torture and long-term imprisonment without trial of British citizens. All this was not something that affected me personally so I noted it without allowing it to change my long-term loyalty to the party.
But then in the dying days of the government the Digital Economy Bill was introduced and passed without adequate debate. If there had been time to organize a coherent opposition to it then it would probably have suffered the same fate as the US SOPA and PIPA bills. But despite the help of people like Tom Watson, it was not possible to raise public awareness of the consequences of passing this bill until too late. It became the Digital Economy Act, the party lost the election (for unrelated reasons sadly) and we were stuck with it.
By contrast with the policing and security measures, the Act deals with something I know a little about: technology and the internet. I am a former technology director of an investment bank and am now the Chief Technology Officer of a financial services startup company.
My company’s success depends on being able to respond in an agile way to the changing business environment. We can do this much faster than large corporates, however much they spend on R&D. We can certainly do this much faster than regulators and legislators, no matter much lobbyists spend on influencing them. But we are left standing by the bad guys, who can innovate before a legislator has even heard of the problem.
My contention is this:
The last point is key. Perhaps I could include some comparisons between the user’s experience of piracy compared to a legitimate purchase:
Just to reiterate, I’m not supporting piracy. I’m saying if the content owners gave customers what they wanted, made it as easy as pirating it, and didn’t try to retain an inappropriate level of control over what the customer did with the content then they might still have a business model.
I could go on; I’m quite angry about this. The Digital Economy Act will have no effect on piracy (or child pornography or anything else it’s supposed to fix). I can think of ten ways of defeating its measures, so the bad guys can doubtless think of 100. Harriet Harman (and by implication your party) appears still to think otherwise: http://j.mp/zyvlFC
The Digital Economy Act reinforces the principal of a censored internet and adds disconnection for suspected infringers. What legislators should actually be doing is ensuring a free internet with access provided on a the same basis as other utilities.
I’d vote for a party that supported that.
Regards,
Dominic Sayers
I just wanted to get this idea out of my head so I can think about something else.
refdata.org
referen.org
referen.se
Let’s take currency data as an example:
http://referen.org/currency/antigua.json
which gives you the details of Antigua’s currency in JSON format. This would be the latest version of the format, and the current currency used in Antigua. For a specific data format you can add a version number, and for a specific data in history you can add a date:
http://referen.org/v1/2012/02/10/currency/antigua.json
As well as JSON, data would be available as XML or semantic HTML (the default), possibly as a microformat.
The API would try to be as smart as possible, like http://cricdata.org. So, you could specify antigua or USD or renminbi and it would try to give you an appropriate response. If ambiguous (e.g. dollar) then it would return a list of matching currencies.
Some data, like the currency example, is available for free from an authoritative source (in this case http://www.currency-iso.org/dl_iso_table_a1.xml).
Other data is available from a reliable source such as http://opencorporates.com
But some data might need to be mastered here. In which case a wiki approach could be taken. In this case a reputation-based system would be good so that vandalism could be countered algorithmically. In other words, if you spot some bad data then you can flag it up (possibly anonymously, although an identified person’s flagging would be taken more seriously than an anonymous one). Somebody whose contributions are flagged as bad will have their reputation compromised. Data contributed by somebody that is not flagged as bad will increase their reputation depending on how often it is eyeballed.
As a consumer of data you can choose to have all data, regardless of the reputation of the contributor. Or only high-reputation data. Or only authoritative data.
Obvious things like ISBNs, stock tickers, ISINs are actually fraught with licensing issues and generally poor design. But some attempt could be made.
Dream on.
The Labour Movement for decades aspired for the workers to own the means of production. Turns out it was better in private hands during the 20th Century. The Labour Party in its guise as New Labour recognised that in the mid-1990s when it dropped Clause IV from its constitution (better late than never).
Times change.
I think it’s time we seized control of something just as important in the 21st Century: the means of communication. Here’s the story:
Sometimes I help people out with web servers, email servers and other internet-related stuff. I often have to explain how we control what happens when you type in www.example.com or whoever@example.com.
Here’s my simple guide to how internet domains work.
When you type www.example.com into a web browser, how does it know where to go to get the web page? As many people know, the answer is the DNS system. This translates www.example.com into the address of a web server. More mysterious stuff happens to connect your browser to that address, but we don’t need to know about that today.
Your domain has a set of DNS records that say where on the internet your domain’s resources (email servers, web servers etc.) actually live. You can change these records yourself, it’s quite easy.
Here are the DNS resource records you might need to change:
Address records (A): If your web server is at the internet address 192.0.43.10, for example, then you need to create an A record for www.example.com that points to that address.
Synonyms (CNAME): If there’s a resource on a server that already has a name then you can simply tell the DNS that your resource is on the same server. This is how Google Apps creates a webmail site at mail.example.com; you simply create a CNAME record that points mail.example.com at ghs.google.com.. That’s all you have to know.
Mail servers (MX): Your email is transferred by mail servers. These are the servers that actually move mail around (not to be confused with your webmail site). For Google Apps mail, the settings for the MX records are specified in Google Apps help pages.
Where are your DNS records kept? This is determined by the domain’s registration setup.
When you first registered the domain you will have used a registrar like GoDaddy or Network Solutions (or Gandi, the registrar I recommend). For an annual fee this company will maintain your domain’s existence on the internet and one other thing: determine where the domain’s name servers are (the name servers hold the DNS records).
When you first registered the domain, the registrar will have used their own name servers for your domain. This is to make it easy for you, but also because they are control freaks.
This is important. Many registrars try to hide the fact that you don’t have to use their name servers. In fact there are advantages in using a separate DNS provider from your registrar:
So in a nutshell:
If this isn’t clear please leave a comment.