Archive for the ‘Technical’ Category

TapiTunes account

9 Jul 2010 12:16 by Rick

You may (or may not) have heard that some iTunes accounts have been hacked recently. One incident was a developer who managed to elevate all his products into the top 50 which made them look really popular. Other more isolated incidents have been to use the hacked accounts to purchase downloads, though no one is quite sure how the perpetrator managed to gain anything worthwhile.

Anyway, the recommendation is that you change you iTunes password, as always, but also to remove any automatic credit card from the account. This is a good recommendation in any case because these card details held by vendors just in case you should happen to pass by again are at risk if anything subverts their systems.

The snag is, if you don’t happen to have your iTunes registered system with you, either iP* device or computer, then how do you change your account. There is no obvious web site you can login to except by starting up the iTunes software which you don’t have. What is not widely known is that the “Apple-id” that you use to purchase from the Apple web store is actually the same account so you can reset it there. Go to, change to your correct country (at the bottom of the screen), move to the Store and then, at the top right is an “Account” button. Login there and change you details as required.

TapFlash Bang Wallop

16 Jun 2010 15:41 by Rick

Little known fact—Adobe Flash has to be installed on BOTH Internet Explorer and any alternative browser you have even if you don’t use them.

Well known fact—Installing Adobe Flash is a pain in the backside.

The official method is to go to click on “Get Adobe Flash Player” and follow the instructions remembering to un-tick the undesirable “free offers” on the way. It goes on to perform up to two restarts of the browser using a download manager.

This process is incredibly complex, unnecessary and very prone to failure. On one of my systems the Download Manager aborts, on another it is blocked by a firewall I don’t control; on a third it wants missing plugins—just the ones I am trying to install! Even if it works you can end up with more stuff than you want.

They haven’t made it easy to avoid, whatever route you take you always get to the same “Agree and Install Now” button, but there is a way. Near the top of the Flash player install page is a link titled “Different operating system or browser”. Clicking that takes you to a menu page—select the OS you are using and Continue. Now you get two choices “Internet Explorer” and “Other Browsers”. You CANNOT select the browser you are using—that will take you straight back to where you started; but if you select the other one then the “Agree and Install Now” button does a straightforward download of an executable (without any free extras). The trick is to use each browser to download the code for the other one and then just run them. If you need them on other systems then put them on a memory stick, it saves a lot of time.

TapDigital TV Blues

5 Jun 2010 14:09 by Rick

and Greens and Reds.

One thing they kept very quiet about in the all hoo-har and glitz of the Great Digital Revolution is that if you run your TV from a set top aerial as you may well do if you are in a bed-sit, caravan or, as in our case, a portable for the guest room, then you will get NO TV SERVICE whatsoever. Previously you might have got a picture that was a bit fuzzy but it was watchable and you could hear the sound. Now, unless you are living in good line of sight from the transmitter out your bedroom window you will not even be able to tune the programs properly. Those that do register will be pixelated, break up and have no sound.

Actually two things they didn’t tell us. The second is if you have to use one of the fill in relay transmitters you will receive nothing like the 40 or more advertised channels whatever aerial you use. Previously you were deprived with no channel 5 on analogue. On digital you will get few of the independent commercial channels.

So it is off to the aerial shop this afternoon to get a cheap external aerial and 15m of cable. I hope I can get it onto the existing mast ok.

TapBimbo the Budgie

28 May 2010 12:11 by Rick

Well we can all rejoice I hope, now that the ID cards and National Register and Biometric Passports will all be scrapped. What is sad is that all the money wasted on it cannot be recovered and there is very little that can be saved from the wreckage. I hope that the contractors that took on the work won’t be compensated as they knew in advance that, if the government changed, the job would be cancelled. That is the risk that they took.

David Blunkett’s version of what was to be implemented is very different to what he proposed back when he was home secretary and for him to say (Radio 4 this morning) that the information he provided to get his now useless ID card was no more than we would have needed for a passport can only be credited to the continual public opposition to the whole idea. There was no doubt that once it got established, more and more would have been demanded and other existing government databases would have been cross-referenced.

In case you are wondering and didn’t hear the interview, Bimbo was David Blunkett’s first pet as a child. It came up in conversation because he said it was the only piece of information that he provided that wasn’t needed for a passport application and that if anyone could find a use for it then good luck to them (or words to that effect). Well I can. As most people will realise, banks and other institutions are always asking us for a password which they can use to authenticate you and a secret question and answer is quite a common method to do this. Information like this is not as secret as we think it is. Even if the answer to the question is not known, the set of possible answers is quite small, though admittedly, Bimbo is not in the first dozen that I would try. I have seen questions like “What is your favourite colour?” Now how many possible answers are there to that? This is *VERY* low security and not worth the name.

The reason I could use the information is that people reuse passwords for multiple applications. Presumably he will no longer use that one now, but had I discovered it previously on some account that was compromised then there was a good chance he had used it elsewhere so was worth a try. That is why when some low impact login system is cracked and the passwords leaked, it is so much more dangerous than it seems. There is a good chance that many people will use the same credentials for other much more important systems and it is worth the effort of the criminals to try them out. If you think your email password is not critical, remember that if you click the “I’ve forgotten my password” button on any site, it is your email address that they send the new one to.

[Corrected: I accidentally wrote John Prescott instead of David Blunkett—shows how similar all these politicians are]

TapMy Hovercraft is Full of Eels

25 May 2010 12:46 by Rick

One aspect of web design that has become very popular in recent years is the functionality available by hovering the mouse pointer over some object and for it to do things. Hovering in this case means moving the pointer over the object but not clicking any buttons.

The effects can be achieved in a number of ways. One of the simplest is automatic in many browsers; if you hover over some pictures and links, if they have the “title” attribute then that title will pop up in a little box. Try it in the “Latest Comments” in the sidebar of this blog. Another simple and more controllable method is to use the CSS property “a:hover”. You can also see that in action on the sidebar and almost all other links on here—the background changes colour as you move over the link. Other effects can be achieved in the same way, some more desirable than others.

A more complex but much more versatile method can be obtained using Javascript “onmouseover” and “onmouseout” properties. A good example of this can be seen on our church website: the drop-down menu is created using that type of code. Another very widely used technique is using Adobe Flash. In fact it seems that nearly all Flash objects use mouse hover actions in some way. Take for example YouTube; The video starts automatically (I hope you enjoy it), but if you move the mouse over it then the progress bar becomes more prominent. This is even more pronounced on Vimeo. Other uses of Flash are much more sophisticated using not only hover but mouse movement to activate functions; games often do this.

Now to the point—how do you hover on a touch screen? I have done a few experiments using an iPod Touch and have discovered that the title & CSS codes don’t work at all; there is no way of activating the hover functions. Javascript, however, seems to be quite clever; the first touch activates the hover functions and touching elsewhere cancels it. If you want the click function then you need to touch the object twice. This means that the drop-down menus work intuitively. In fact I hadn’t noticed what was happening until I consciously thought about it. But Flash is just a big bag of eels. As we have been made very aware recently, it doesn’t work on the iP* devices at all. If Adobe/Google ever get it working properly for the Android phones, I wonder how they will cope with the crippled UI? Many video web sites like YouTube detect the device type and send a different form of video to mobiles and Apple is banking on this happening generally. HTML5 promises to offer many features in this area but each will need to be considered in the context of the user.

The challenge for web designers is to think in advance for mobile devices and how people will interact with then and also to do extensive testing on different types. For professionals they can offset samples against tax and expenses but for people like me; no chance, I will just have to think, hope and pray.

TapUnicode in WordPress

8 May 2010 19:01 by Rick

As I mentioned in the previous post, there can be a problems inserting foreign text into WordPress. I have done it in the past with simple accents for French and German with no problem and for some special characters I used the &#….; codes but when it came to pasting in a chunk of Arabic it didn’t work at all, just displaying a bunch of question marks. I suspect that there would be a similar problem with Hebrew, Chinese, Japanese, Cyrillic and any other non-western scripts. I had a search around and the first suggestion I came across was Obsessed with the Press which suggested commenting out the lines for DB_CHARSET and DB_COLLATE in wp-config.php. This appeared to work (on a test site) but looking at older posts I could see that some characters in there were now corrupt, displaying a white question mark in a black diamond. In the comments on the same page there was a suggestion to not do that but just change DB_COLLATE to the value ‘utf8_general_ci’. This didn’t really work either. There were suggestions on other pages to set it to ‘utf8_unicode_ci’ and various other things, so it was time to do some more serious investigation.

It looks like the problem is not really the fault of WordPress at all but the MySQL installed on some sites (including mine). Deep in the MySQL is a configuration parameter for the default character collation and it is often set as supplied to ‘latin1_swedish_ci’—Why? Because MySQL was originally Swedish! If it was just taken out of the box and installed then that will be the default you get for most of your tables because DB_COLLATE in WordPress is set to null and so takes the default. In practice you will find some tables are different, perhaps because they discovered it was important.

So, what does that mean for fixing the problem? DO THIS AT YOUR OWN RISK—I AM NOT AN EXPERT.

First—the second suggestion above was correct—change the DB_COLLATE line to read

define('DB_COLLATE', 'utf8_general_ci');

If you are setting up WordPress for the first time, this may be sufficient because it will use this value, but if you are hacking an old installation then you will need to correct it a bit. You need to go into phpMyAdmin and change some of the collations on your tables. The important one, which fixed my problems, is table wp_posts, field name post_content, but if you are planning to use unicode in post titles, comments and other places then you may need to do more of them. I am planning to be a bit cautious about changing too many in case it breaks something else.

TapInternational TLD

10:56 by Rick

A few days ago (5 May) saw a great leap forward in the development of the internet. For the first time, top level domain names (TLD) are permitted using non-Latin scripts. In particular, three country codes have been assigned by ICANN. These are for مصر (Egypt), السعودية (Saudi Arabia) and امارات (United Arab Emirates). They are the first country codes which are not two characters (except the “cat” = Catalan anomaly), possibly because they thought there was no need to maintain the restriction if they were branching out into other scripts.

These first ones are all in Arabic which is a right to left language. That means that when you see one in the address bar it will appear the other way round to usual with http://TLD dot then the lower level parts of the domain name in reverse order but still followed by the / and the directory path as usual, even if in Arabic. Actually this is more logical all round and is how all URLs should have been but it is too late for that now.

[I would like to have shown you examples directly here but my editor and WordPress don’t work well with these scripts—I will need to work on that.] A good place to look is the Wikipedia page towards the bottom.

The implementation in browsers seems to vary and may also be dependent on what the server does as well. The ICANN Arabic test page http://مثال.إختبار/ works well in Firefox (Mac and Win) and Safari (Mac & iPhone)—the whole of the URL in the address bar after the http:// is in Arabic. In IE7 & 8 (Win) the address you see in the top bar is what looks like random Latin characters. For the tests I have done, Safari always gets it right, Firefox sometimes and IE never; I would be interested to hear of other results. An example of one that doesn’t work well in Firefox is the Egyptian Ministry of Communications and Information Technology http://وزارة-الأتصالات.مصر/ .

The code conversion is called Punycode and uses a rather strange algorithm to convert any Unicode text into ASCII. It is pretty unreadable but has to exist because the DNS system only allows ASCII so Punycode allows domain names in any character set (and any mix) to be uniquely resolved. I don’t know if this is always the case but the ones I have seen all start “xn--“. I imagine that, in time when implementations are sorted out, that this will become transparent to the user.

One worrying security implication of these “foreign” character codes in URLs is that some letters look very similar to Western Latin ones. So if you see a familiar link, to your bank say, it may not be quite what it seems. For example if the “ο” in “www.llο” is actually a Greek Omicron (which it is on this page) the fake address could direct you to a phishing site. It is possible that the behaviour of IE is deliberate to avoid this problem but I somewhat doubt it.

[This post has been revised since I discovered how to insert the Arabic characters. I will write up how it is done later.] [Updated to include IE7 & iPhone]

TapBlind copy

6 May 2010 12:11 by Rick

I hope that everyone reading this knows when and how to use blind copy (Bcc:) for emails. If not then you can review it here.

A feature I miss from modern email programs is the facility to create a blind distribution list which saves having to remember and also has a title. A mainframe mail system we used in the eighties had this feature. That way you just sent the email to the list and the program used the title in the “To:” field and sent to everyone using Bcc. A useful extension of this feature would be to allow you to specify in the distribution list who should get it in clear and who should get it blind. It would be very useful for circulating minutes etc.

TapDisaster upon Disaster

22 Apr 2010 10:26 by Rick

What happens if you get a real disaster during a disaster training exercise? Iowa State discovered yesterday. The exercise was a simulated bio-hazard at a major sports event. The real disaster was a simultaneous failure of all the 911 computer systems across the state. It also affected city and council management, fire and police services. Read the full story for the details. The culprit—McAfee Anti Virus false alarm. They will take a while to recover the negative PR from that one.


16 Apr 2010 11:39 by Rick

These are all machines I have worked on in the past—hover for more details.

Thanks to Mark Richards for the photos.

^ Top