Spotted on the cover of ACM’s “Computing Reviews” (vol 46, number 8):
Information wants to be free. Information also wants to be expensive. Information wants to be free because it has become so cheap to distribute, copy, and recombine – too cheap to meter. It wants to be expensive because it can be immeasurably valuable to the recipient. That tension will not go away. It leads to endless wrenching debate about price, copyright, “intellectual property”, the moral rightness of casual distribution, because each new round of new devices makes the tension worse, not better.
The above is an obvious truism for anyone paying attention much today, and hardly worth blogging. What’s interesting is that those words weren’t written today – they were written an eon ago, in 1987. It’s from “The media lab: inventing the future at MIT” by Stewart Brand. I find it interesting that this perception existed even back then, before HTTP was invented and the net exploded onto the public consciousness. I also find it interesting that the term “intellectual property” gets quotes around it, presumably because of its unfamiliarity and dubiousness – which don’t think it would today.
Also, from vol 46 number 5:
Technology is a servant who makes so much noise cleaning up in the next room that his master cannot make music. — Karl Kraus, “Half-Truths and One-and-a-Half Truths”, 1990.
About a year or so ago, Bash and I opened a joint account with Smile, who call themselves “the internet bank”. Now, perhaps there was a time, long ago, where Smile were ahead of the pack and could justify calling themselves that. Unfortunately, it looks to me like that time (if it ever existed) is long gone, and the only justification for the moniker is that they don’t have any actual physical presence (apart from call centres, of which more later).
Allow me to explain. First, however, I’d like to solicit suggestions about alternatives. Specifically, does anyone know of a UK bank with a decent online service (not suffering from the problems outlined below) but which has an ethical investment policy? Smile is part of the Co-operative Bank, and as such makes that claim, which appeals to us. However, the warm fuzzies are being nullified by their poor service, so if anyone can suggest where to move, I’m all ears.
OK, so: for anyone without the benefit of a year of Smile, allow me to explain why I think they Could Do Better.
Weak authentication upon login.
The login procedure is as follows: you enter your sort code and account number, you enter a secret four-digit code, and finally you’re asked one of about five personal questions (eg “Please enter your significant date”).
The first observation is that only one of these things can really be called “secret”. The sort code/account number are easily found out (eg if I give you a cheque, or want you to transfer money to my account), and the personal questions are obviously only weakly secret. Many people in the world know what the last school I attended was. Many know the first. Other items (memorable names, memorable dates) are the kinds of things that can be guessed.
The second observation is that the secret code is only four digits long. Four digits (0 to 9), not four characters.
I was on the phone to them yesterday, and the chirpy call centre girl I spoke with had the nerve to state that their security was “better than everyone else’s” as if this were incontravertible fact. Well, with Lloyds TSB I have three keys, only two of which I get to choose and none of which are associated with my account. None of them are only four digits long, either. The first key, which is effectively my username, is a nonsensical mix of numbers and letters. Hard to remember, completely unguessable.
The only mitigating factor here is that of course, failed attempts to log in lock down the account – but that’s also the case with other banks, so how is this stronger? Answer: it isn’t.
The third observation is this: hang on, this is a joint account – we both enter the same sort code/account number. How does it tell the difference between us? Answer: with the 4-digit security code of course! It’s not just for authentication, it’s also the username. Nice! And when I get it wrong three times, it locks me out and it locks out Bash! Because it doesn’t know which of us is getting it wrong/being attacked. In the words of The Mighty Boosh: Genius!
Oh, wait. That’s not genius. That’s stupid design.
OK, so enough about logins. Suffice to say, it’s messy.
No downloadable statements.
The next most annoying thing is that statements aren’t available in electronic format for download. Unbelievable but true! This hasn’t been a big problem for me thus far but at some point in the future I will want to do this and it will be annoying to scrape the HTML by hand. I’ve written to them twice about this with no response. To me, this is a no-brainer, especially for “the internet bank”. Yeah, right.
And yet every month they email me telling me my statement “is ready”.
Inconsistent statement formats, and no running total.
Your old statements have a running total. Obviously. Your latest statement doesn’t. In general, they seem to be different things, your latest statement is somehow “special” rather than just happening to be the most recent page of activity. As a programmer, that makes me think “yicky”. But that missing running total is the worst thing about the statements. Awful!
No dates on standing orders.
Obviously when you set up a standing order, you assign a date to it. For example, “monthly, on the first of the month”. But when you edit them, all you see is “monthly”. What the hell? When’s it going? According to Chirpy Call Centre Girl, the way to find out is “look at your statements and look at when the last one went”. a) That’s just lame, and b) What if the first payment hasn’t gone yet? I just have to sit and wait. Rubbish!
Those are the main things have have bent my widgets over the last year. There are other, smaller, niggly things – such as kicking you out if you accidentally hit “Back” on your browser (Lloyds TSB can deal with this – why not Smile?), but let’s leave it there for now. I know it’s going to take months, but I want to to move to something better, and if anyone’s got any good suggestions, let’s hear them. Thanks!
/me LOL at the OpenBSD yp(8) man page:
If ypbind cannot find a server, the system behaves the same way as Sun’s code does: it hangs.
Also, /me was very impressed by Tom Cosgrove’s talk earlier on Exploit Mitigation Techniques, describing some of the Cunning Stuff which OpenBSD does to make Mr Script Kiddie’s (or even Mr Mafia Funded Russian Hacker’s) life less fruitful. 2 second summary: Much good use of randomisation, basically… :-)
The UKUUG Linux 2005 Conference is taking place right now here at Swansea University. Naturally, I’ve been taking a look.
I skipped the tutorials yesterday, although it sounds like the one on Zsh was quite interesting and in particular showed off lots of shiny things you can do with that. One of the reasons I didn’t go is because, well, I really can’t swap from Bash can I? What would the wife think? Well, it turns out she’s clued in enough that apparently, if Zsh really is that good, she’ll consider changing her name. ;-)
I’m currently missing some talks, but this morning there was a really good one on “Experiences of a large linux deployment in education“. It seems that schools in this country waste shedloads of (taxpayers’) money on IT, paying and re-paying for proprietary software licenses, constantly churning hardware (eg 3 year cycles are typical), usually without real in-house IT expertise. The government’s target is a 1:4 ratio of computers to pupils, which 33% of schools had met last year, but that number is going to decrease not increase because many of those schools have now run out of budget for upgrades they’ll need over the next couple of years. Their installations are expensive, complicated, fragile in the face of “improperly-motivated” students, and require lots of time-consuming installation and maintenance.
The guys speaking this morning went into a school in Felixstowe last September and installed IBM Blade application servers and loads of thin clients running Linux and KDE. They have a Windows 2003 Terminal Server for their legacy Windows stuff. The students don’t resist using Linux – they don’t care, they pick it up in no time – but there’s been resistance from staff, who are only just dealing with Windows. So the staff continue using Windows laptops to admin this stuff, with NX bridging the gap. KDE’s a win for them because it looks like Windows, but also because it’s apparently got a very tight and manageable “kiosk mode” in which it’s completely locked down. Over the 12 months since rollout, the school has had one “tampering” incident to deal with, as opposed to the previous situation of having to rebuild/reinstall one or two boxes per week because of malware or general student breakage. Win.
The thin clients can run on old boxes people are giving away. They heard about someone giving away 40 PIIIs, spent 47 quid hiring a minibus, and went and collected them. A classroom of PCs for 47 quid. The school in question has smashed the 1:4 ratio, and slashed their IT budget by about 30 grand per annum. Using thin clients really has made the system trivial to maintain (they’ve only returned to the school for upgrades and development, not maintenance – the school has an IT guy, but he’s not a Linux guy… It just works.) and easy to expand.
Sounds good to me. Only shame is they’ve only done this on the educational/pedagogical side, not the schools admin/office side, which is apparently much hairier and where fat clients are still, realistically, necessary. Cutter Project for more info.
After that I went to hear about “Adopting a driver – from fixing typos to breaking thousands of machines worldwide” which was a bit more technical (though not hugely), and mainly about the woes of freeform open source development. Interesting, but less of a jaw-dropper than the first.
Then coffee in the Digital Technium atrium – a woefully small space for nigh-on a hundred geeks to drink coffee, talk, and (largely) sit around tapping away at laptops. Shame.
I decided to skip the current session and come here for some work. So I should really do some now, I guess. :-)