Overdoing the risk management

Posted on 2008-09-15 by Graham Lee

I own a notebook. In fact, I own several notebooks. One in particular has an interesting feature (where I use “feature” in the “different from the competition, though we don’t know whether anyone actually needs it” sense); inside the front cover is space to write your address, and a dollar value reward available to the person who returns the notebook.

Now the notebook itself is probably worth about $20, but on the face of it a used notebook is worth less than a pristine notebook, with a full notebook having no value. Presumably the value of the reward should be related to the value of the notes contained within it, and therefore can’t be ascertained until I’ve filled the notebook up. But then if I were to lose it before filling in the pages, I would not have entered an interim value; and if I had then whenever I made new notes I would need to update the worth of the book.

And who should be footing the bill, anyway? Are my musings of any financial benefit to me, or if my employers get more worth from them should they be contributing to the reward fund? Could I possibly make the same notes again were I to lose this book? Could I pay someone with a lower salary than mine to have thoughts with a similar monetary value? Would someone else who came across my notebook be able to extract the same worth from the contents than me? If so, should I write in an encrypted fashion? How much more would that cost me? Should the reward factor in the costs of decrypting the contents, possibly reverse-engineering the method if I’ve forgotten it?

Do ideas depreciate? Clearly patentable ideas do, will my ideas be patentable? Will I be able to benefit from the patents? If someone finds the notebook and returns it, are the ideas still patentable? What about non-patentable thoughts, do they all depreciate at a constant rate? Should the reward value be a function of time?

Clearly the only people who can answer all of these questions upfront, and therefore the people who can use this reward feature with confidence, are the people whose ideas can be modelled with a waterfall development process. Take Terry Pratchett; he might know that the content of one notebook equates to roughly 50% of a novel, and that each novel is worth £200k, and therefore the value to him of the notebook is less than £100k. A thought process which eventually results in a cash value for a notebook. For those of us whose ideas are somewhat more iterative (read: chaotic), this seems like a complete misfeature.

Posted in Business | 2 Comments

Me.com. Your identity, everywhere.

Posted on 2008-09-08 by Graham Lee

Title linky goes to a Sophos blog post I wrote about the relative success of MobileMe phishing scams, and the insecurity of MobileMe web access.

Posted in mobileme, security | Leave a comment

Apple 2, iamleeg 0

Posted on 2008-09-05 by Graham Lee

So, my few-year-old iPod decided it had had enough, and with pay day having only just passed I thought maybe it would be nice to get a new one. What’s happened today? Got the new one home, and it won’t work at all (searching for “error 1434” isn’t particularly useful, either). However, the one that previously broke, having now been taken apart, started working again. So my 20GB 4G iPod is now humming along nicely (running Podzilla), and my 160GB classic is b0rked :-(.

Posted in whatevs | 1 Comment

The twitter sitter hit a bitter critter

Posted on 2008-09-02 by Graham Lee

Yup, more on the subject of a home-grown Twitter client. This time, posting and sorting out the UI somewhat have both been achieved:

Posting tweets is amazingly simple – just take the tweet and stuff it into the body of a POST NSURLRequest. The Twitter API even handily returns the posted tweet, so the same code which parses the friends timeline can also insert the new tweet.

So, where to go next? Well, I’m getting bored of typing my password in all the time so Keychain would be nice, @reply buttons and perhaps searching. I’m going to need cache management soon, too.

Posted in whatevs | Leave a comment

Mac user Gmail account hack

Posted on 2008-09-02 by Graham Lee

I found today in Macintouch reader reports the news that a Mac user found his Gmail account had been taken over. He writes:

I woke up this morning and looked at my gmail and thought, gee that’s weird, it won’t accept my password. I figured it was a glitch and tried it on my iphone, same thing.

Then I asked for a password reset. When I got back into the account, found a bunch of sent emails from a Nigerian scammer. I also looked at the ip history in gmail and noticed the weird IP, which of course came from Nigeria.

This relates well to a point I’ve made repeatedly in podcasts and papers; namely that having information worth stealing is not a Windows-only situation. As more data is stored "in the cloud" then the security of the cloud and of the way we use it becomes as important what is going on in our own computers. Having a weak Facebook password compromised will work just as well if you’re on Trusted Solaris as Windows.

In other news, yesterday’s Twitter client is not really much further along, because a thunderstorm has meant I’ve unplugged all of my electronics (the laptop isn’t plugged in to anything, obviously). I am now very grateful to MarsEdit for having offline editing capability, otherwise I’d have to try and remember all this stuff later ;-)

Posted in security | 1 Comment

A better bit o’ twitter than the bitter twitter Tommy Titter bought

Posted on 2008-09-01 by Graham Lee

Just because everyone these days writes a Twitter client:

This was actually a quick hack project to make up for the fact that I missed CocoaHeads tonight (due to a combination of an uninteresting phone call, and a decision to recover from the phone call by using the rest of my petrol tank). Really just an excuse to play with some APIs (the tweets are grabbed by the controller using NSURLConnection, then some NSXML/XPath extracts the useful information (or not, it is Twitter after all) and puts it into the model), there are many things which need to happen before this is at all a useful Twitter client; the ability to write back, nicer formatting are just the starters. Shiny Core Animation twitting ought to happen.

Still, not bad for two hours I think.

Posted in cocoa, leopard, objc, ooa/d, xml | Leave a comment

Fuzzing as a security testing tool

Posted on 2008-09-01 by Graham Lee

Google have a new browser project, called chrome, and in their introduction they explain perfectly, through the medium of image, how fuzzing works.

Of course, as anyone could tell you, if you take a thousand monkeys and a thousand typewriters and put them all in a room for long enough, you will end up with a thousand broken typewriters, ten fat monkeys and 990 monkey skeletons.

Posted in Google, pictures | Leave a comment

Walking a mile dans ses chausseurs

Posted on 2008-08-29 by Graham Lee

The word ‘translator’ has an interesting history. In the Anglo-Saxon language, ‘wealhstod’ meant “learned in Welsh” more or less, and described someone who could parlay with the important members of the local British tribes. As is often the case with invasions the British started to use the word, so the Welsh title ‘Gwalstawt’ means “interpreter of tongues”, i.e. the Welsh word for “can speak another language” originally meant “can speak Welsh” (there’s another word more closely related to Breton treiñ or Cornish trélya in Welsh, too; trosi).

Anyway, to see what localisation people go through during the l10n process, I decided the best thing to do was to try it myself. To save the time it would have taken to write an internationalised app, I used someone else’s; namely TextEdit. Here’s the result after about 90 minutes of work:

Trahtendebyrdenne

The first thing to notice is that I haven’t actually got much done yet. I’ve started working on the main menu NIB file (Edit.nib), and I’m about halfway through that. At this rate, it would take me at least a (working) day to finish – granted I’m no expert at the task, so I’m having to make a more heroic effort on otherwise “standard” translations than most localisers would. Although I do have a glossary to help. Even so, TextEdit is a fairly simple app; it’s easy to see that even if the translation became a mechanical process, translating a complex program would take a long time.

The other thing you might have noticed is that Mac OS X doesn’t actually support Old English, and yet that’s the language of my translation. There’s a simple trick here; convince Mac OS X that it does support Old English ;-). Type this command in the Terminal:

$ defaults write NSGlobalDomain AppleLanguages ‘(ang, en, /* other languages */)’

and Robert, as they say, is your father’s brother. Apps will now look for localised resources in ‘ang.lproj’ when they start, so that’s where your Old English resources live.

Posted in cocoa, i18n, l10n | Leave a comment

Next CocoaHeads Swindon meeting

Posted on 2008-08-27 by Graham Lee

1st September (that’s this coming Monday), in the Glue Pot, Swindon. 8:00pm start. Chris Walters will talk about, well, something, and we’ll be drinking beer, listening and occasionally chipping in. See you there!

Posted in whatevs | Leave a comment

So are Macs uber-pricey?

Posted on 2008-08-17 by Graham Lee

No, but Sony Vaios are.

Posted in whatevs | Leave a comment