On the power of netbooks and laptops over Android/iOS

iOS and Android turn tablets into oversized phones, so no surprise they lose against phones – they have the same (or usually worse, at a given price point) capabilities while being larger, thus less convenient to carry and more fragile.

TeMPOraL on HN

Windows did try the same as Android and iOS with Windows RT, thankfully that was a disaster. Certainly that’s one of the bad points about iOS and Android they are so locked down that you have to jump through hoops if you wanted to use them as a work machine. You have almost no access to the file system and you have to pay iPad pro levels of money to get the novelty of having windows side-by-side.

Netbooks are ridiculously useful, I used to have a 15 minute bus ride to work with a 12″ Asus EEE and would manage to fill that 15 minutes with active development time every day. The work I did on that bus became the frontend for what now 10 years later is a $50m company. On the other end of the scale I spent weeks with my then 7 year-old nephew creating stop-motion animations using the same netbook.

For my current job I bought myself a $350 refurbished Thinkpad (T430, 8GB RAM, SSD, core i5), this brings me in all my income. You can compare that to people that pay $1000 for an iPhone X because they get bored of their iPhone 8.

The possible drawback is that a Thinkpad doesn’t have a touchscreen. But with my experiment of buying a laptop with a touch screen I found I pretty much never wanted to use the touch screen, it’s a slower interface than keyboard and mouse. You want the screen in front of you at arms length but then you have to reach with your arm to touch the screen.

I bought exactly the same spec Thinkpad for my 5 year old daughter. The Thinkpad T-series are great because you can pour a litre of liquid over them without problem [0] plus they’re built like a brick, so basically perfect for kids. My daughter immediately covered the grey brick with shiny stickers and gave it a name, ‘Fiona’. In theory Fiona has the full capability to do everything my daughter will ever need for the rest of her school years; I don’t imagine a massive shift away from laptops in schools for the next 15 years. Further to that Fiona’s got Ubuntu installed and I can then install Sugar [1] on top (the same software used for One Laptop Per Child [4]).

I can now teach her over the years what it means to have real freedom with your software and hardware.

P.S. I posted an original version of this on HN [3]

Advertisements

Password randomness and the UX of passwords

I’ve been having a look at passwords again as the WooCommerce/WordPress password strength meter has been causing problems.

The password meter actually likes the method popularised by XKCD – which assuming random words seems to have had it’s maths checked and re-checked and is based on a lower bound assumption (worst case scenario) that someone knows that you are using that method – is still a very good method.

i.e. ‘correct horse battery staple’ (550 years to crack) vs ‘Tr0ub4dor&3’ (3 days to crack).

It’s just the random bit in the XKCD definition which needs to be repeated to people again and again.

Also don’t forget the spaces – as even Bruce Schneier and an Ars article on password cracking ignore this. You can use dashes/underscores instead as some places (I’m looking at you Microsoft) refuse spaces. They’re handy extra bits of entropy for no extra (human) memory. We’re talking about exponentially increasing the length of time with each bit of entropy.

Randomness

One of the attacks mentioned in the Ars article talks about specifically targetting the XKCD method where two random long strings from two dictionaries are put together.

“Steube was able to crack “momof3g8kids” because he had “momof3g” in his 111 million dict and “8kids” in a smaller dict.”

The problems you hit are if someone else has used the same four words and their password gets hacked. Or if two halves of the password you select are commonly used.

The problem comes that people pick their own words and don’t generate random ones. And humans are more likely to pick words that other humans pick.

So what can be done for people to select random easily remembered words?

The simplest way is to add a suggestion of randomly created words as their password, using for example passphra.se. I’ve had a look at the source code to it and it the randomness of the selection seems to be pretty comprehensive, but I’m not a security expert.

However what I like about passphrase is that you can just use the example as a ‘seed’ for your password. Then you can tailor it slightly from the output to more relevant words for you.

How important is randomness?

What I see the point of the XKCD method being is to raise the bar that the weakest people choose.

We’re not talking about the passwords that security experts should use, we’re talking about regular people who don’t care about security.

I think even the inbuilt Firefox/Chrome password manager locked with an xkcd password is great for normal users based on this Super User answer. Even if they don’t have a password to lock the password manager – it’s still better that they’re using more secure passwords, it moves the point of weakness to their password manager which requires much more personal attacks.

Possible unproven minor improvements

To try and work with the kind of passwords that the weakest people will use. As per the XKCD, we want to produce passwords that are hard for computers to guess but easy for people to remember.

Here I’m assuming that someone doesn’t want to choose a properly random set of words. Are there words that people can think of that will be inherently more random?

I think that local slang is a good way of choosing words. Every community will have their own words – often unwritten, so no common spelling. Anyone who’s read an Irving Welsh novel (Train Spotting) will know some of the glorious Scottish slang that he writes. This means your source material gets more obscure, so less and less likely that it’s in a dictionary somewhere.

But obviously those examples are still written down and can be included into dictionaries.

What about the rather silly porn star names? e.g. first pet + street you grew up on / middle name.

You need words that are definitely obscure, but relevant to you.

Changing your password

Also what I like about the XKCD method is that for those who are force to change their work password every 90 days you can change one of the middle words (to another randomly chosen one). This only makes a minor change to the remembering but avoids the trick that the password crackers use here which is to cut off the last 4 characters and try all possible random sequences.

Keep it simple

I’ve also seen people suggesting that you should combine upper and lower and symbols with the XKCD passwords. But from what I understand that’s missing the point. Security minded developers keep wanting to make the words more complex – but that always makes it harder to remember. The point of lower case with spaces is that it looks completely natural and there is nothing else to remember. You just hold the image of what the four random words are in your head. You don’t have to remember the four words and then try thinking what kind of substitution did you do to those words. XKCD picks up on this from the hover text of the cartoon:

To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.

Attacking the modern JavaScript world

Learning all the JavaScript libraries that have come out in the past two years is hard work.

I attacked the modern Javascript approach through first focusing on functional programming.

1) Python + functional programming in Python

Python is hardly a pure functional language, but it’s lovely and simple and has all the core concepts including list comprehensions. This leads you on to…

2) Haskell

If you want to find a pure functional solution to a Python problem, first search for the Haskell one and translate it. Then read Learn You a Haskell which was the funniest programming book I ever read and almost, almost taught me about monads (I had it for a second, then tried to explain it in Python and all was lost)

Now you can relax cause the hard bit is done.

3) Read Javascript the Good Parts

Only pay attention to the functional programming bits. Suddenly mentions of currying aren’t so scary.

4) Work your way through the funfunfunction videos

The funfunfunction videos are brilliant, especially the functional playlist and for added bonus he has videos where he works through the first few chapters of Learn You a Haskell.

Then you’ve got map, reduce, filter all completely under control. Now immutability makes more sense, arrow functions don’t look so strange, promises are just friendly monads really and we all love those.

Now you’ve got Immutable.js, lodash, underscore all reasonable to understand.

React’s moaning about state and pure functions makes reasonable sense.

5) Following the Meteor + React tutorial

Babel really isn’t that hard, the Meteor + React tutorial got that all working without me really noticing. Then, holy moly you’re all reacted up, with JSX and pure sweet smelling functions.

6) Linting

Follow some of Dan Abramov’s excellent blog posts such as about getting eslint working in Sublime Text.

Yeah that’s as far as I’ve got, but adding in Redux to this mix doesn’t seem so scary, at least I understand the language now. Angular will just have to wait.

Installing Haskell ++ Emacs on Windows

Haskell

Firstly install the haskell-stack chocolatey package:

choco install -y haskell-stack

For me that perfectly installed haskell and meant that I could run stack commands and have stack ghci running in a DOS prompt.

Emacs

Chocolatey has an Emacs package:

choco install -y emacs

This puts the emacs binaries into the chocolatey bin directory. Then the .emacs file and the .emacs.d directory go into %APPDATA%.

This installs an Emacs windows program. I wondered if there was a DOS version similar to Vim. There is an Emacs For DOS – but this isn’t part of the Chocolatey package, which comes from the GNU Emacs FTP directory.

Intero

The haskell project have a new integration with Emacs. I have to say this installed remarkably easy. The only problem I had was that I’d put a bad config into %APPDATA%\stack\config.yaml and this created errors – that were well explained in Emacs.

It’s not 100% clear how you get things to work though. Bare in mind I’ve never used Emacs before today.

I have managed to get Haskell setup and working, which came with stack.

Following the Intero guide, the installation of the package was easy enough – just edit the %APPDATA%\emacs.d file. I restarted Emacs and the Intero package installed itself without errors.

Following the guide further I ran the stack new intro-demo command in a directory. This created the intero-demo directory and put everything in it. If you then ‘File > Open Directory’ in Emacs to open the intero-demo directory. Opening Setup.hs had the affect of getting Intero to install itself.

At this point things were actually working – but it wasn’t obvious the the error as you type checking was happening because it was erroring at the very first command of the Setup.hs

However if you open up a new Haskell file in the directory it should start doing error checking on the fly.

Hoping the Brexit vote was a protest vote, not a racist one

The only positive I hope from this is that the Brexit vote was a protest vote.

So I’m hoping the majority of ‘leavers’ aren’t siding with Farage, they don’t care about Boris – they just want to say Fuck You to all politicians and leaders.

This is probably the first and only time that the entire population have been given a protest vote. This is not a choice between one dodgy politician or another politician. This is not choosing between Trump or Clinton.

This is a chance to say fuck you to every single party. This is fuck you to the leaders of both the Conservative and Labour parties.

When this chance comes along – you don’t care about the consequences. You don’t care if the ‘leave’ campaign is spouting lies, you don’t care about the doom spouted by the ‘remain’ campaign. You just want a chance to say fuck you. You know the system is wrong and this is the only tool you’ve got to say so.

I certainly respect the people who protest for what they believe in. Perhaps I’m wrong for thinking all the pensioners don’t care about the consequences. Perhaps they know better than me that the pain of leaving is worth it.

There are some heart felt comments from leavers, not based on the crap spouted by the leave campaign, in this blog post Dear Brexiteer. What we need you to do now.:

“I voted leave , There its out there .. I trusted DC to come back from Brussels with a list of pledges that would let us have some tools to work with to make me feel that improvements could be made to the way we live..
Be it a better NHS ,Schools ,social care services,security. ..
He came back with nothing and nothing was offered .. in fact we were told that it would never change..
So people who have had enough like myself and 17 million others voted with our feet in the only way we know .. a very British revolt ..
Now we are being called racist and xenophobic but this is just so untrue for the masses.. we just need change .
The EU is a broken antique of a monster that isn’t up to listening to the working classes..
We have been called inward looking but again that is not true. . I concider myself Global I want to be able to talk with anyone across the world’s economy. .
Things will never be the same again and for that I feel that my cross mattered.
The first time I think the working class has ever mattered…”

So I hope when all the dust settles that we’re all still willing to tell Farage and Johnson to go fuck themselves (I’m pretty sure not many people care about what Gove says).

Jupyter on Windows with Chocolatey

Install Python

This is a quick post (and will probably be outdated quickly), but it took me a while to get it correct.

I wanted to install Jupyter on Windows. The recommeded route is via Anaconda but I like to use Chocolatey the Windows package manager as much as possible.

I used Chocolatey to install Python package (currently v3.5.1). Assuming you’ve installed Chocolatey already, run as administrator:

choco install -y python

This installs python to C:\Program Files\Python35. It also installs and pip.exe to C:\Program Files\Python35\Scripts.

Add C:\Program Files\Python35 and C:\Program Files\Python35\Scripts to your PATH then you should be able to run python and pip immediately.

Install PIP (hint: it’s already installed)

Note that pip gets automatically installed when you install python – nothing extra is required.

You can get led astray here by an official guide which suggests having to download and run ez_setup.py.

Don’t do this.

There is also confusingly a Chocolatey PIP package. Again don’t install this.

Otherwise you might end up here.

Running PIP packages

Because we’re using Chocolatey, the installation doesn’t follow the recommended installation for Jupyter.

The main thing is that you need to add the python Scripts directory to your PATH, as above.

Install Jupyter

Run as administrator:

pip install jupyter

This will install a jupyter.exe file into the Scripts directory. If that directory is in your PATH, then you should be able to directly run jupyter commands.

Create a Jupyter notebook

Jupyter runs inside the browser but installs files and all the save data in the directory that you run the jupyter command from.

mkdir jupyter
cd jupyter
jupyter notepad

If everything is working that will open up your browser at http://localhost:8888/.