Posts filed under 'Technology'
Web browsers have been broken ever since their invention. There is a fatal flaw in every single web browser I’ve ever used, and I bet you’ve come across this flaw without realizing how serious it is. Sure, you may have felt some frustration, but it was likely undirected and you were unsure why you were angry (well, this is how I’ve felt over the years, anyway).
I’ve drawn a very simple diagram to explain how I browse the web:
The idea in the diagram is this: We start at page A and then visit the second page, B. From there, we go back to A (likely by hitting the back button) and then visit another link called C. From C, we will visit D. In our web browser’s history, this web browsing session is A -> C -> D. If you’re paying attention, you’ll notice that we are completely missing B from our browsing history. Don’t believe me? Try it. I should clarify that when I refer to the browser’s “history”, I am referring to what is generally a drop down menu coming from the back button. Opera, Firefox and Internet Explorer all behave this way.
Before the days of tabbed browsing, this type of behavior would drive me crazy. It is absurd that a browser would willingly forget massive history lists, when surely the user would intuitively assume that all pages they’ve visited in the past would be listed in the “back” button’s list. Of course, with today’s browsers, I virtually never run into this problem since I open nearly everything in a new tab. However, I’m occasionally still forced to use Internet Explorer 6, which suffers from having no tabbed browsing and no decent history list.
Why do no browsers portray the history as a tree, such as the one I’ve drawn above? Is it too hard to design a user interface that works well, or is there another reason? If anyone knows of a small, nearly-unheard-of browser that does actually represent browser history as a tree, I would love to know about it!
May 12th, 2008
This image is from http://www.skype.com/allfeatures/subscriptions/#uscaSubscriptionTab.
I feel that commentary is unnecessary.
May 8th, 2008
Microsoft has been using a strategy of “validating” software for some time. They think that they can find out if you’re running a legal copy of Windows, and, if you’re not, stop giving you benefits. These benefits are downloads from Microsoft’s website that enhance Windows. If you’ve purchased a legal copy of Windows, then Microsoft has no problem giving you some applications for free. But if you’ve stolen Windows, they try to stop you from getting these programs.
Confused? Here’s an example for downloading Windows Defender. As you see, “Validation” is required. You must download another program that Microsoft can use to see if your copy of Windows is valid, before you can get to the download link for the file you’re after.
But do we really have to do this?
Looking at the page for the download, we’re given plenty of information about what it actually is. The file name is WindowsDefender.msi and it is 4.9MB. Lets search Google for WindowsDefender.msi and see what happens. The second link is to a website named MyTopFiles, and gives a direct link to the file, hosted on Microsoft’s website. Upon downloading this file, we can see that it is also 4.9MB and is almost without a doubt the same file listed on Microsoft’s download page. This time, however, there was no validation.
The key here is not that we obtained the file - this would be trivial, really, since of course people can search for files that have been stolen and re-uploaded to some blog. They key is that we obtained it from Microsoft directly, without validation.
Why does this matter? Well, often it doesn’t. Like most people who run Vista, I have a valid copy: it came with my computer. It’s merely kind of fun to just skip right on past their intrusive techniques of determining who you are.
–
IBC: 82,725 – 90,251
Music: Yes - Relayer
April 10th, 2008
My new computer arrived with a new, forgotten about feature. In all this excitement of actually getting a new computer, it had completely slipped my mind that it would be arriving with Windows Vista. I decided that I would not make any serious judgments until I had used it for a while: if I decide it’s going to be a huge disaster then I will get rid of it; if it’s going to improve my productivity then I will keep it. This decision has not yet been made. I’m also going to do a test run of Fedora 8 in a few weeks, so no final decisions will be made until then.
I’ve decided to make a short list of things I absolutely hate about Windows Vista, even though I’m a bit late on this one. These items are small annoyances compared to more large-scale issues that Vista might have, but these are the things that annoy me every single day. Even if the operating system itself may be functional, Microsoft’s lack of imagination and innovation angers me so much, I may stop using Vista on principle rather than performance.
1) Windows Calculator
I could rant for hours about my hatred of Windows Calculator, but I will make this point brief due to it’s relative insignificance. To be blunt: the calculator has not changed in any noticeable manner since Windows 95. This wouldn’t be a problem if there weren’t so…basic. No history function? It can’t graph? Unreliable automation? This calculator may as well have been abandoned in the ’90s. Why Microsoft has not included a better calculator into their operating system somewhere in the last 12 years is beyond me.
2) User Account Control
Microsoft has always had troubles with security in their operating systems. Usually, these problems show themselves in the form of self propagating worms and viruses. With Windows Vista, however, there are new and different problems. In concept, it seems as though Microsoft has won some major wars against the virus writers. I’m sitting here with Windows installed and no anti-virus software, and as far as I know, I’m clean. But I pay a price for this happiness; every two or three minutes, my screen blacks out and comes back with a scary warning message. I’m sure you’re all familiar with the “Cancel or Allow” decisions that Windows Vista users must face daily.
3) Gadgets
I think it’s pretty much universal that in every field or industry, competing companies use each other’s ideas. This theft of ideas has occurred countless time in the software industry, and most would agree that the end result tends to be a good thing. However, if you’re going to steal another company’s idea, it’s usually a good idea to change the name of the product you’re steeling before you market it. Apple has been making Widgets for years now. Microsoft started using Gadgets when Vista was released. To answer your question: no, Microsoft did not change the name. They changed the first two letters of it.
I called them Widgets because that’s what they are.
4) Notes
I would like to mention a specific Widget here: one that is called “Notes”. This has got to be the least thought-out Widget that Windows Vista. It’s a little notepad where you can type short notes to yourself. The idea seems nice, but it violates all principles of Windows applications. You can only choose from a selection of two fonts, each of which looks just like the other, and the font cannot be made smaller than default. On top of that, the Widget cannot be resized. This results in scrolling notes, even if they are short. It gets even worse by adding the fact that there is no scroll bar! Perhaps you’re not supposed to write notes that are more than five words long, but…gah.
There are plenty more, but these stuck out immediately. I suppose I should end this by saying that there are some cool things about Vista, but each and every one of those things should have been in XP since 2001. That, and none of them are new ideas to the world of computing. So here you go…things I like about Vista: Rolling folder search (Mac OS X, I think?), a small calendar appears by clicking on time (GNOME window manager, right?)…that’s about it.
And now for the regular segments:
The IBC is at 79,669 - 82,473. That number is really scary considering it was about 10,000 smaller when I last mentioned it a couple of months ago.
Today’s music is Genesis.
October 25th, 2007
I will preface this post with a cautionary statement: I wrote this in a fury of anger and so it is not fully grammar or spell checked. I hope it’s somewhat coherent.
My last entry in this blog was on July 30th. As you can read below, I had just sent off my HP DV8310 notebook to get the letter ‘T’ replaced, and was expecting it to return to me in three to five business days. This is the full story of the repair.
So, I waited, back at the end of July/beginning of August for the five business days to get my computer back. Seven business days later, I was called by Purolator and told I could come to the service center downtown and pick up my package. The next day, I rushed there before they even opened. When I got there and they let me inside, I could see the box sitting there, waiting for me. To my horror, however, as I ripped open the box on the floor of the Purolator transfer center, I found a note inside the box saying that there had been “no service call open for this serial number”, so my computer was being returned to me as broken as it was when I had sent it out.
Say it with me: “what?” Let me explain. When you open a service request with HP, they send you an empty box in the mail. You then put your computer in the box and send it back to them. It is impossible to have a box and not have a service call open, since one cannot acquire one of these boxes without having requested a service call.
So, how on earth could I have this box, but no service call?
I started making up theories in my head, on the way to work that day. What could have happened? Had HP lied to me? Granted, this was a bit of an odd case since I requested the box in March and not shipped until July. But I had *known* that I was not going to ship right away, so I had asked a representative about this on the phone as I made the order in March. He had told me that as long as I had a warranty, it didn’t matter how long I took before shipping it off.
Well, my warranty was good until Sept 16 or so. I had plenty of time. Well, of course the next step is to call HP and ask why my computer had not been repaired. They claimed that my warranty expired in the middle of July. A lady at HP asked where I had purchased the computer, and I told her it was the Future Shop on St. Catherine street in Montreal. She said that was fine; she was going to call them and get a proof of purchase slip from them, so she could then update the warranty information. This would then let me send the computer back to HP so that it would finally get fixed.
So, a new box gets sent with a new service request opened. It’s now the middle of July as I wait for this empty box to arrive. HP calls me back and tells me that Future Shop could not supply them with proof of purchase information and that I would need to fax it to them myself.
Well, my receipt is a bit worn down and illegible, so I went back to Future Shop to have it reprinted. The first person I spoke to about this told me they didn’t keep any receipts. Sure. Okay then, I’ll go ask somebody else. I did eventually get it reprinted, and they even faxed it to HP for me.
Upon arriving home, I had an email from HP thanking me for the fax, but explaining that they could not find the date on the proof of purchase and asking me to please re-fax it with the date circled. I looked at the page we had faxed them. I could clearly see the date of purchase marked - very clearly - in three different locations.
I emailed back telling them that I would not re-fax it, especially since I don’t have a fax machine at home. I told them that the date was on the first page in the upper left hand corner.
This did the trick, and they updated my warranty information. so that I could get the service done. Around the same time this was resolved, the empty box arrived for me. Good timing.
Now, during this past week I had been using my computer, of course, even though there was still no ‘T’. I had noticed some really odd noises that sounded to me like something was caught in the fan. Perhaps it was damaged in shipping? I figured that while I was sending the computer in to get fixed anyway, I may as well have them get that checked out. That decision dramatically changed the course of events for the next two months.
So, during the first week of August I sent my computer off again with an extra note saying I thought the fan might be broken but that I wasn’t sure. I was told again that I should expect my computer back to me in three to five days, but I knew for sure this time that those numbers were complete fabrications. I would wait the usual eight days before getting annoyed.
The next month went by uneventfully, except that I never got my computer back. Every two or three hours I would check the hp.ca/status website, and it would say the same annoying things every day. The important sections on the repair status website are the expected date of delivery, the shipping date and the tracking number. Now, “Expected Date of Delivery” did some weird things. More often than not, this date was in the past (huh?). Occasionally, it would jump ahead and say the date of the next day, whatever that might be. Then it would stay like that for a week or so. “Shipping Date” was always “not yet shipped” and “Tracking number” was always blank. Fun.
Two or three times a week I would call HP and ask why three to five days was turning in to more than a month. They would tell me I was waiting for a part that was on backorder. Hey, I was right! My fan *was* broken.
On September 5, a shipment of fans arrived, but, as luck would have it, I didn’t get one. I kept waiting.
A few days later, I got a call from a 212 number, which seems to be a different HP office. The woman on the other end of the phone told me she was sorry that I had to wait so long for my repair and that HP was prepared to offer me a choice. I could either wait for my computer to be repaired and they would give me $100, or they would buy me a new computer. Hm…tough choice.
I was told I could go to Future Shop, pick one out, and I would have it in 5 to 10 days. Fantastic! So, after calling her back to leave a message letting her know which computer I wanted, I had to wait. Her voice mail system told me that it was frequently monitored, and that I would be called within 4 business hours of leaving a message. That was a lie. It was about 32 business hours later that I got a response.
She told me I still had to wait to get my old computer back before I could trade with Future Shop and get a new computer. This makes so little sense I don’t even know what to say about it. When (if?) I get the old one back, I could expect a call from Future Shop offering the trade. More waiting.
So, I called the normal HP repair center again, asking for a new estimate on when the computer will be returned to me. They didn’t know, but someone told me she would put my case at a higher priority.
Leaving out a few frustrating details of shipping times, I got my old computer back on September 21 (my warranty is now expired).
Do I need to tell you about the state of my old computer, upon getting it back? They *did* put a ‘T’ on it this time! But that’s not all. Rather than leaving it with just a new ‘T’, they decided to replace my whole keyboard!
…but they got the language wrong. It was french, with “annul” and “eschar” keys (or something like that).
Trying to bottle in my anger (and trying to keep in mind that this isn’t my computer anymore, since it will be traded with Future shop), I tried to turn it on to have a look at my files. No go.
That’s right: HP sent me back my computer with a keyboard in the wrong language and with a fan in *worse* condition that it was in when I sent it to them!
I looked around, and there was a note in the box. It said that they were sorry they couldn’t repair it, but they had a reason. I’ll quote it:
“Unfortunately we are returning your system unrepaired. We 1-required approval to make repairs & were unsuccessful in gaining your approval.”
Ignoring the random “1-” in the middle of the sentence (there was no “2-” anywhere, just the “1-”….puzzling), there are so many things wrong with that sentence I barely know where to begin. I’ll leave that as an exercise to the reader.
So, I’m left with an out-of-warranty completely broken machine (that doesn’t turn on for more than 3 seconds at a time) and a vague promise from somebody at a random 212 number that I’ll get a new computer. (It should be noted that I did succeed in coaxing the computer to turn on for about 2 minutes one time, but I could never repeat this.)
What does one do in this situation? One waits. There almost begins a new saga, right here. The first phone call I made in this part of the saga was to HP. It was brief. They told me that they had informed the Futureshop of my situation, and that I should go there now for the exchange.
Upon arriving at Futureshop, I was told by three employees that they would not replace my computer, and to talk to someone else. I finally got through to the “Technical Director”. To be blunt, he was very rude. His message to me was that in his 8 or 9 years of working at Futureshop, he had never replaced a computer in this fashion. In fact, the only way I was going to get a computer would be if I went to the cashier and bought one. He even did a condescending, “Where are you, Futureshop or HP?” “Futureshop.” “What makes you think I care, then?”
Ouch. I left in a huff, and called HP. This call was well over an hour and a half long and I spent most of it on hold. The lady helping me was very kind, and explained a great deal to me. She told me that this case goes to HP’s corporate offices, who would contact Futureshop’s corporate offices. The message (the story of my new computer) would eventually trickle down to the store manager of the store where I purchased the computer.
Gotcha. So that’s why the employees wouldn’t do it; only the store manager would even know of my case’s existence. I’ll cut out some more angering details for the sake of brevity (ha!) and say that the store manager is nearly impossible to reach (he takes multi-hour lunch breaks and only works odd weeknights…or something). When I eventually did reach him, for about 2 minutes he interrogated me as to how I knew his name (some nameless Futureshop employee told me). When we finally got past that, he told me he did not know anything about my case, but sometimes these things take time. He’ll call me when he’s heard something.
A week later, there was still no call. I called that weird 212 HP number again, and left a message. The machine said that for this particular service, the expected call back time is four business hours (still). This time, it took about 12 business before I got called back. They’re improving. Kind of.
Anyway, the woman was confused when I mentioned that Futureshop didn’t know about my case. She then asked why I had gone to Futureshop and not Best Buy, like my file indicated.
My initial reaction was predictable:
What? Are you kidding me? I’ve been waiting two weeks for Futureshop to call me after they are contacted by HP, and…what? HP hasn’t even tried to contact Futureshop? They’ve been contacting the wrong company for two weeks?
Now, I did realize that Futureshop is actually owned by Best Buy. However, the HP woman knew nothing of this, which doesn’t, as they say, inspire confidence that the situation is going nicely.
Two weeks later, nearing the middle of October, I got a call from Futureshop. They offered an exchange! I went down to the store immediately. The whole process there took about three hours (numerous employees needed to be involved in finding me the right replacement, and each one of them required a reason for doing it. I recall one guy refusing, saying he’s never done anything like this before. Right…) but it eventually worked out.
So, it finally happened. I got a brand new computer, with a brand new warranty. I pose this question to the reader: Would you go without your computer for nearly three months if you were to receive a new computer and warranty at the end of it? (Keep in mind the replacement computer must match the specs as closely as possible to your old one. In my case, I got 40GB more hard drive space and a slightly faster processor.)
True story.
October 17th, 2007
As you all surely know, I’m in a computer class this summer. Until a couple of days ago, I hadn’t been in Concordia’s computer labs since April. And since then, the powers that be here at the University changed something. When I noticed the change, it took me a good two days of pondering to figure it out. And when I did figure it out, I was blown away.
I’m not sure if a specific incident caused the change or not, but in the last few months, a major (yes, absolutely major) security flaw was fixed. I hadn’t even noticed this flaw was there until they changed the way the doors work. Then it all became clear. I will try my best to explain it here.
At Concordia - and probably every other college/university out there - Computer Science/Engineering students get special computer labs to themselves. I’m sure other departments do as well, actually. All of these computer labs are protected by secure doors. There are two ways to get in. The first is to use a key, which I expect only technicians and administration type people have. The second is what professors and students all tend to do. We all have a six-digit key that we can type into on a keypad on the door. It then beeps and unlocks itself for us. These keys are provided to us on a website (encs.concordia.ca) that we need a password to use. I think that’s pretty standard.
I’ll describe how the doors worked from September last year until April this year (possibly later, since I’m not sure exactly when the change occurred). As I mentioned briefly, the door codes are 6 digits long. Lets pretend, for this example, that the door code is 555876. If you were to walk up to the door and press a 5 on they keypad, you would get a green light and a happy beep. If you press a 5 after that, you would get a green light and a happy beep. If you continue pressing the keys correctly, after the sixth key you would get a long extended happy beep and green light, and could then go into the room. If, however, you pressed any of the keys incorrectly, you would get a red light and an angry beep. You would then have to start over and type in the code properly.
Do you see the flaw? I used these doors at least twice a week for eight months without realizing how awful this design is.
This has got to be the single worst lock design I have seen in my entire life. Most locks out there have flaws, but I’ve never seen anything this bad. (I know a lot of twist-style combination locks can be reduced from hundreds thousands of guesses to just a few thousand).
Now I’ll describe how they currently work. No matter what you press on the keypad, you will get a red light and an angry beep. If you put in the six correct digits, the door unlocks (you can imagine my original horror when I typed in the well-memorized code and got a bunch of angry beeps). If you put in just a single wrong digit, you won’t know until the door refuses to unlock after six key presses.
Just in case you don’t see how serious this was, I’ll outline how easy and trivial it used to be to break in to every single computer lab at Concordia. Here’s the algorithm for breaking into a door before April:
1. Walk up to a door when nobody is around (there are plenty of labs in empty, far-away-from-everything-else hallways)
2. Press the first digit.
3. Green light? Press the first digit again (we start by looking for 11XXXX).
4. Red beep from step 2? Press the second digit (we’re now looking for 12XXXX).
5. Repeat until you have all six, which shouldn’t take long.
I could be wrong about the next bit, so read carefully and please let me know if I made a mistake.
You should only need to press a maximum of 210 keys before you could gain access. You would need a maximum of 10 key presses to get each next digit, and you also need to press in the code you have so far (if you’re guessing the fourth digit, you have to press the first three and then make a maximum of ten guesses to get the fourth).
I think the math works out to 210 total presses at the worst case scenario. I get 210 from 10+20+30+40+50+60, which I think is correct. Now, the way the current system works, you would have no idea if you’ve made a mistake until the very end of punching in the six digits, which means you have to try every single combination. From good old fashioned high school combinatorics (and a quick refresher course from Wikipedia), we know that 
Using n=10 and r=6, we get 151,200. I’ll take this number a bit further: That’s 720 times larger that the old number of 210. If we assume that a person can punch in four keys per second (I’d say that’s pretty fast), have a perfect memory, and never pause, then…
a) It would have taken them 210/4=52.5 seconds under the old system. Less than one minute to break into a lab.
b) It now takes 151,200/4=37,800 seconds, or 630 minutes, or 10.5 hours.
Of course, I assume that there is only one valid key per door, which there might not be. (I seriously hope the math above is correct.)
So there you have it! I cannot imagine any circumstance where a company thought this was a good idea. It’s like having a car that tells you how you’re doing when you’re trying to break into it.
It does make me wonder though. Did someone discover the problem and report it? Was there a break in? Did Concordia complain to the lock company? Who is the lock company?
I’m sure I could continue, but this post is probably long enough as it is.
I hope I’ve inspired some of you to check out your own university’s door locks. Are they the same as I describe? Do tell!
Music: Red Hot Chili Peppers
IBC: 66,602-72,910 (about a 100ish change)
June 29th, 2007
Prepare yourselves for a tech-heavy post. Hey, at least I wrote something.
My job here in Animal Sciences at McGill is to write a Java program that a bunch of people will hopefully be using by the end of the summer. Essentially, I’m writing a new version of an old benchmarking program that they want to ditch. It was too slow and insecure. And buggy. Very buggy.
The old program was written in Visual Basic 6 over the last few years. The code base gives the impression that the program was designed while simultaneously being coded: it ended up with thousands of lines of code in each file. It’s unmaintainable by pretty much anyone except the student who wrote it a few years back (some code is commented nicely, but some of it…well, isn’t). Anyway, what I’m getting at is that the old program works alright but is excessively sloppy. One of the worst aspects is the language handling. Since it is to be used by both French and English speakers, the application needs to be able to switch languages on the fly (not that hard of a thing to do, providing you know both the languages). This was not done properly in the old program: when you change languages, only half (ish) of the program actually gets changed.
I’ve never written a program that needed to support more than one language, but it’s definitely something I’ve thought about. In my recent research, I’ve found that the solution I had in my head was close enough to reality (text or resource files containing the strings in different languages, stored separate from the program and accessed at runtime).
So remember, internationalization and localization prevents misinterpretation! (I’d love to hear crowds of people chanting this in a protest somewhere.)
The programmer who wrote the old VB program, while probably a pretty decent coder, definitely fell into many of the traps described near the end of this posting. I really hope that in two years I don’t end up reading someone’s blog describing how painful my code is to read.
Iraq Body Count range: 66,500-72,800. (up 300ish from last post)
Music: Neil Young
June 27th, 2007
