twitter

That's one continent clear of Catholicism. Where next? "The last Catholic priest in the Antarctic" http://t.co/pKKpPT2S6M

last.fm

Blur – Charmless Man

http://www.last.fm/music/Blur
last.fm

Suzanne Vega – When Heroes Go Down

http://www.last.fm/music/Suzanne+Vega
last.fm

Natalie Prass – Why Don't You Believe in Me

http://www.last.fm/music/Natalie+Prass
last.fm

Blur – End of a Century

http://www.last.fm/music/Blur
last.fm

Fleetwood Mac – Go Your Own Way

http://www.last.fm/music/Fleetwood+Mac
twitter

Possibly interesting fact. Back when Zimbabwe was called !Rhodesia", Hwange was called "Wankie" - https://t.co/AXLQASZpKw

twitter

Oh. I've been to this game park twice. "US dentist Walter Palmer 'regrets' killing Zimbabwe lion Cecil" http://t.co/5OgrvmjSK5

twitter

Almost half a million people in front of me in the queue for a OnePlus 2 invitation :-/ https://t.co/albe33mZnY

twitter

Of course that's what my life is missing. A smartphone umbrella app! "The World's 1st Automatic Smart Umbrella" http://t.co/tAk2lmgnAz

books read

Funny girl

Funny girl
author: Nick Hornby
name: David
average rating: 3.49
book published: 2014
rating: 0
read at:
date added: 2015/07/28
shelves: currently-reading
review:

davblog

Financial Account Aggregation

Three years ago, I wrote a blog post entitled Internet Security Rule One about the stupidity of sharing your passwords with anyone. I finished that post with a joke.

Look, I’ll tell you what. I’ve got a really good idea for an add-on for your online banking service. Just leave the login details in a comment below and I’ll set it up for you.

It was a joke because it was obviously ridiculous. No-one would possibly think it was a good idea to share their banking password with anyone else.

I should know not to make assumptions like that.

Yesterday I was made aware of a service called Money Dashboard. Money Dashboard aggregates all of your financial accounts so that you can see them all in one convenient place. They can then generate all sorts of interesting reports about where your money is going and can probably make intelligent suggestions about things you can do to improve your financial situation. It sounds like a great product. I’d love to have access to a system like that.

There’s one major flaw though.

In order to collect the information they need from all of your financial accounts, they need your login details for the various sites that you use. And that’s a violation of the Internet Security Rule One. You should never give your passwords to anyone else – particularly not passwords that are as important as your banking password.

I would have thought that was obvious. But they have 100,000 happy users.

Of course they have have a page on their site telling you exactly how securely they store your details. They use “industry-standard security practices”, their application is read-only “which means it cannot be used for withdrawals, payments or to transfer your funds”. They have “selected partners with outstanding reputations and extensive experience in security solutions”. It all sounds lovely. But it really doesn’t mean very much.

It doesn’t mean very much because at the heart of their system, they need to log on to your bank’s web site pretending to be you in order to get hold of your account information. And that means that no matter how securely they store your passwords, at some point they need to be able to retrieve them in plain text so they can use them to log on to your banks web site. So there must be code somewhere in their system which punches through all of that security and gets the string “pa$$word”. So in the worst case scenario, if someone compromises their servers they will be able to get access to your passwords.

If that doesn’t convince you, then here’s a simpler reason for not using the service. Sharing your passwords with anyone else is almost certainly a violation of your bank’s terms and conditions. So if someone does get your details from Money Dashboard’s system and uses that information to wreak havoc in your bank account – good luck getting any compensation.

Here, for example, are First Direct’s T&Cs about this (in section 9.1):

You must take all reasonable precautions to keep safe and prevent fraudulent use of any cards, security devices, security details (including PINs, security numbers, passwords or other details including those which allow you to use Internet Banking and Telephone Banking).

These precautions include but are not limited to all of the following, as applicable:

[snip]

  • not allowing anyone else to have or use your card or PIN or any of our security devices, security details or password(s) (including for Internet Banking and Telephone Banking) and not disclosing them to anyone, including the police, an account aggregation service that is not operated by us

Incidentally, that “not operated by us” is a nice piece of hubris. First Direct run their own account aggregation service which, of course, they trust implicitly. But they can’t possibly trust anybody else’s service.

I started talking about this on Twitter yesterday and I got this response from the @moneydashboard account. It largely ignores the security aspects and concentrates on why you shouldn’t worry about breaking your bank’s T&Cs. They seem to be campaigning to get T&Cs changed so allow explicit exclusions for sharing passwords with account aggregation services.

I think this is entirely wrong-headed. I think there is a better campaign that they should be running.

As I said above, I think that the idea of an account aggregation service is great. I would love to use something like Money Dashboard. But I’m completely unconvinced by their talk of security. They need access to your passwords in plain text. And it doesn’t matter that their application only reads your data. If someone can extract your login details from Money Dashboard’s systems then they can do whatever they want with your money.

So what’s the solution? Well I agree with one thing that Money Dashboard say in their statement:

All that you are sharing with Money Dashboard is data; data which belongs to you. You are the customer, you should be telling the bank what to do, not the other way around!

We should be able to tell our banks to share our data with third parties. But we should be able to do it in a manner that doesn’t entail giving anyone full access to our accounts. The problem is that there is only one level of access to your bank account. If you have the login details then you can do whatever you want. But what if there was a secondary set of access details – ones that could only read from the account?

If you’ve used the web much in recent years, you will have become familiar with this idea. For example, you might have wanted to give a web app access to your Twitter account. During this process you will be shown a screen (which, crucially, is hosted on Twitter’s web site, not the new app) asking if you want to grant rights to this new app. And telling you which rights you are granting (“This app wants to read your tweets.” “This app wants to tweet on you behalf.”) You can decide whether or not to grant that access.

This is called OAuth. And it’s a well-understood protocol. We need something like this for the finance industry. So that I can say to First Direct, “please allow this app to read my account details, but don’t let them change anything”. If we had something like that, then all of these problems will be solved. The Money Dashboard statement points to the Financial Data and Technology Association – perhaps they are the people to push for this change.

I know why Money Dashboard are doing what they are doing. And I know they aren’t the only ones doing it (Mint, for example, is a very popular service in the US). And I really, really want what they are offering. But just because a service is a really good idea, shouldn’t mean that you take technical short-cuts to implement it.

I think that the “Financial OAuth” I mentioned above will come about. But the finance industry is really slow to embrace change. Perhaps the Financial Data and Technology Association will drive it. Perhaps one forward-thinking bank will implement it and other bank’s customers will start to demand it.

Another possibility is that someone somewhere will lose a lot of money through sharing their details with a system like this and governments will immediately close them all down until a safer mechanism is in place.

I firmly believe that systems like Money Dashboard are an important part of the future. I just hope that they are implemented more safely than the current generation.

 

The post Financial Account Aggregation appeared first on Davblog.

cpan

WWW-Shorten-OneShortLink-9.99

=êåŠ{^­öœzÚ5²YÞ
cpan

WWW-Shorten-NotLong-9.99

=êåŠ{^­öœzÚ'¢Ùhž(
perl hacks

Culling My Modules

About a year ago, I dabbled briefly with Travis CI. I even gave a talk about my experiences. The plan was that I would start to use it for all of my code. But real life intervened and I never got round to getting any further with that project.

This weekend, I finally made some progress. I added a .travis.yml file to all of my Github repositories that hold CPAN modules. I even fed the details through to Coveralls so I get test coverage reports. From there it was a simple step to building a dashboard that monitors the health of all of my CPAN modules.

And it’s not a pretty picture. You’ll see a lot of grey boxes on that page, indicating that Travis couldn’t run the tests or, worse, red boxes showing that the tests failed for some reason.

Yesterday I made a few quick fixes to some of the modules (particularly in the WWW::Shorten namespace) and a couple more of them now work. But I want to work out how much effort it’s worth investing in the ones that are still failing. And, widening my scope a little, I’ve decided to take a close look at my CPAN modules and work out which ones are worth keeping and which ones I should just delete.

For example, twelve years ago I was really excited about the idea of AudioFile::Info. Most people were ripping music to MP3s, but I wasn’t following the crowd and was using Ogg Vorbis instead. AudioFile::Info and its friends was an attempt to make it easy to extract information from audio files no matter which format they were it. I suppose it was a kind of DBI for ID3 tags. But twelve years on, does anyone really care about that any more? I switched all of my music collection to MP3 years ago. If I recall correctly, the AudioFile::Info modules use a convoluted hand-crafted plugin system which never worked as well as it should. I could probably switch them to use some kind of plugin architecture from CPAN. But is it worth the effort?

Then there is Guardian::OpenPlatform::API – a Perl wrapper around the Guardian’s API. I believe they changed the API end-point several years ago so the module doesn’t even work. But the fact that I’ve had no complaints about that, probably indicates that no-one has ever used it.

It’s a similar story for Net::Backpack. To be honest, I have no idea whether or not it still works. Is Backpack still running? Ok, I’ve just checked and they’re no longer offering it to new customers. But if I’m not a paying customer is there any way I can test that it still works?

Finally, there is the WWW::Shorten family of modules. I released a module called WWW::MakeAShorterLink back in 2002, but it was Iain Truskett who realised that there should be a family of modules around the (at the time new) URL-shortening industry. I took over the module when Iain passed away and I’ve been maintaining it ever since. But it’s a real pain to maintain. The URL-shortening industry changes really quickly. For a long time, new services were popping up all of the time (and many of them closed down just as quickly). I haven’t been anywhere near quick enough at releasing versions that keep up with all the changes. I suspect that at least a couple of the current test failures are down to services that have closed down. I should probably investigate those over the next few days.

I don’t think WWW::Shorten is in any danger of going away (but I need to find a better way to keep abreast of changes in the industry) but the other modules I’ve mentioned here (AudioFile::Info::*, Guardian::OpenPlatform::API and Net::Backpack) are on borrowed time. If you’re using them and you’d like to see new versions of them in the future then let me know. If you’d like to take over maintenance, then that would be even better.

If I don’t hear from anyone (and I strongly suspect that I won’t) then I’ll be removing them from CPAN in a couple of months time.

The post Culling My Modules appeared first on Perl Hacks.

cpan

WWW-Shorten-Shorl-1.93

=êåŠ{^­öœzÚ,†Šår‰
cpan

WWW-Shorten-SnipURL-2.01

=êåŠ{^­öœzÚž*TD·(
perl hacks

Mailing Lists

Over the years I’ve set up a few mailing lists for the discussion of various projects I’ve been involved with. There’s always an expectation that mailing lists will flourish without much input from me. But it never works out like that.

The truth is that most mailing lists just quietly die. And, in many cases, they end up attracting a lot of spam – which the owner of the list has to check on a semi-regular basis on the off-chance that there’s something interesting or useful in amongst the crap. There never is.

So I’ve decided to close a few mailing lists that didn’t seem to be going anywhere. I don’t suppose anyone will miss them, but I’ve taken a copy of the archives and I may do something with them at some point in the future.

The lists that I have removed are:

A couple of these lists have received slightly special treatment. The xml-feed list is advertised as the support email address for XML::Feed. I’ve redirected that address so that mail now comes to me. Hopefully my spam filters will ensure that I’m not overrun with spam from it before I work out a more permanent solution.

The other list that has been treated differently is the training-news one. That was set up so that people could get information about upcoming training courses that I would be running. I still think that’s useful, so I’ve replaced it with a new list (run by MailChimp). If you’re interested in keeping in touch with what I’m doing then please sign up to the new list by entering your email address below. (The same form will now appear in the sidebar on every page of this site.)


Sign up here for occasional email about stuff I'm doing with Perl, information about upcoming talks and training courses and other updates.

(I promise not to spam you.)


So, there you are. I’ve removed a few moribund mailing lists. I hope that hasn’t ruined anyone’s day.

The post Mailing Lists appeared first on Perl Hacks.

davblog

Opentech 2015

It’s three weeks since I was at this year’s Opentech conference and I haven’t written my now-traditional post about what I saw. So let’s put that right.

I got there rather later than expected. It was a nice day, so I decided that I would walk from Victoria station to ULU. That route took me past Buckingham Palace and up the Mall. But I hadn’t realised that the Trooping of the Colour was taking place which made it impossible to get across the Mall and into Trafalgar Square. Of course I didn’t realise that until I reached the corner of St James Park near the Admiralty Arch. A helpful policeman explained what was going on and suggested that my best bet was to go to St James Park tube station and get the underground to Embankment. This involved walking most of the way back through the park. And when I got to the tube station it was closed. So I ended up walking to Embankment.

All of which meant I arrived about forty minutes later than I wanted to and the first session was in full swing as I got there.

So what did I see?

Being Female on the Internet – Sarah Brown

This is the talk I missed most of. And I had really wanted to see this talk. As I arrived she was just finishing her talk, and the audio doesn’t seem to be on the Opentech web site.

Selling ideas – Vinay Gupta

I think I didn’t concentrate on this as much as I should have. It was basically a talk about marketing – which is something that the geek community needs to get better at. Vinay illustrated his talk with examples from his Hexayurt project.

RIPA 2 – Ian Brown

Ian talked about potential changes to the Regulation of Investigatory Powers Act. It was all very scary stuff. The slides are online.

The 3rd year of Snowdenia — Caroline Wilson Palow

Caroline talked about Ed Snowden’s work and the way it is changing the world.

Privacy: I do not think that word means what you think it means — Kat Matfield

Kat has been doing research into how end users view privacy on the web. It’s clear that people are worried about their privacy but that they don’t know enough about the subject in order to focus their fear (and anger) at the right things.

The State of the Network Address — Bill Thompson

Bill thinks that many of the world’s woes are caused by people in power abusing the technological tools that geeks have build. And he would like us to do more to prevent them doing that.

The State of Data — Gavin Starks

Gavin works for the Open Data Institute. It’s his job to help organisations to release as much data as possible and to help the rest of us to make as much use of that data as possible. He talked about the problems that he sees in this new data-rich world.

Using data to find patterns in law — John Sheridan

John is using impressive text parsing and manipulation techniques to investigate the UK’s legislation. It sounds like a really interesting project.

Scenic environments, healthy environments? How open data offers answers to this age-old question. — Chanuki Seresinhe

The answer seems to be yes :-)

I stood as a candidate, and… — James Smith

James stood as a candidate in this year’s general election, using various geek tools to power his campaign. He talked through the story of his campaign and tried to encourage others to try the same thing in the next election.

Democracy Club — Sym Roe

The Democracy Club built an number of tools and web sites which built databases of information about candidates in the recent election – and then shared that data with the public. Sym explained why and how these tools were built.

The Twitter Election? — Dave Cross

This was me. I’ve already written up my talk.

Election: what’s next

This was supposed to follow my talk. Bill Thompson had some ideas to start the discussion and suggested that anyone interested retired to the bar. I put away my laptop and various other equipment and the set off to find them. But I failed, so I went home instead.

Yet another massively successful event. Thanks, as always, to all of the speakers and organisers.

The post Opentech 2015 appeared first on Davblog.

davblog

TwittElection at OpenTech

Last Saturday was OpenTech. It was as great as it always is and I’ll write more about what I saw later. But I gave a talk about TwittElection in the afternoon and I thought it might be useful to publish my slides here along with a brief summary of what I said.

TwittElection from Dave Cross

The post TwittElection at OpenTech appeared first on Davblog.

slideshare

TwittElection


A Talk from OpenTech 2015 about a tool I wrote for monitoring parliamentary candidates on Twitter during the 2015 UK general election.
perl hacks

Building TwittElection

I was asked to write a guest post for the Built In Perl blog. I wrote something about how I built my site, TwittElection, for the recent UK general election.

In the UK we have just had a general election. Over the last few weeks many web sites have sprung up to share information about the campaign and to help people decide how to vote. I have set up my own site called TwittElection and in this article I’d like to explain a little about how it works.

But why not go over to Built In Perl and read the whole thing there.

Incidentally, on 13th June, I’ll be giving a talk about TwittElection at this year’s OpenTech conference. If you’re interested in the positive impact that technology can have on society then you’ll, no doubt, find OpenTech very interesting.

The post Building TwittElection appeared first on Perl Hacks.

perl hacks

DBIC Training in Granada

It’s been a while since I’ve run a training course alongside a YAPC. By my calculations, the last time was Riga in 2011. But I’ve been talking to the organisers of this year’s conference and we have plan.

I’m going to be running a one-day introductory course on DBIx::Class before the conference (I think it’ll be on 1st September, but that’s not 100% certain yet). Full details are on the conference web site. There’s an early-bird price of 150 Euro and the full price is 200 Euro. The web site says that the early-bird price finishes today, but I wouldn’t be at all surprised if that gets extended for a few days at least.

Of course, readers of this blog will all already be experts in DBIC and won’t need this course. But I’m sure that most of you will have a colleague who would benefit from… well… a refresher on who DBIC works. Why not see if your company will pay for them to attend the course :-)

The course size is limited. So you might want to think about booking soon.

Hope to see some of you in Granada.

Two updates:

  1. The date has now been confirmed as 1st September.
  2. The early-bird pricing has been extended until 1st June.

The post DBIC Training in Granada appeared first on Perl Hacks.

perl hacks

Subroutines and Ampersands

I’ve had this discussion several times recently, so I thought it was worth writing a blog post so that I have somewhere to point people the next time it comes up.

Using ampersands on subroutine calls (&my_sub or &my_sub(...)) is never necessary and can have potentially surprising side-effects. It should, therefore, never be used and should particularly be avoided in examples aimed at beginners.

Using an ampersand when calling a subroutine has three effects.

  1. It disambiguates the code so the the Perl compiler knows for sure that it has come across a subroutine call.
  2. It turns off prototype checking.
  3. If you use the &my_sub form (i.e. without parentheses) then the current value of @_ is passed on to the called subroutine.

Let’s look at these three effects in a little more detail.

Disambiguating the code is obviously a good idea. But adding the ampersand is not the only way to do it. Adding a pair of parentheses to the end of the call (my_sub()) has exactly the same effect. And, as a bonus, it looks the same as subroutine calls do in pretty much every other programming language ever invented. I can’t think of a single reason why anyone would pick &my_sub over my_sub().

I hope we’re agreed that prototypes are unnecessary in most Perl code (perhaps that needs to be another blog post at some point). Of course there are a few good reasons to use them, but most of us won’t be using them most of the time. If you’re using them, then turning off prototype checking seems to be a bad idea. And if you’re not using them, then it doesn’t matter whether they’re checked or not. There’s no good argument here for  using ampersands.

Then we come to the invisible passing of @_ to the called subroutine. I have no idea why anyone ever thought this was a good idea. The perlsub documentation calls it “an efficiency mechanism” but admits that is it one “that new users may wish to avoid”. If you want @_ to be available to the called subroutine then just pass it in explicitly. Your maintenance programmer (and remember, that could be you in six months time) will be grateful and won’t waste hours trying to work out what is going on.

So, no, there is no good reason to use ampersands when calling subroutines. Please don’t use them.

There is, of course, one case where ampersands are still useful when dealing with subroutines – when you are taking a reference to an existing, named subroutine. But that’s the only case that I can think of.

What do you think? Have I missed something?

It’s unfortunate that a lot of the older documentation on CPAN (and, indeed, some popular beginners’ books) still perpetuate this outdated style. It would be great if we could remove it from all example code.

The post Subroutines and Ampersands appeared first on Perl Hacks.

davblog

Quoted By The Daily Mail

This morning Tweetdeck pinged and alerted me to this tweet from a friend of mine.

He was right too. The article was about Reddit’s Button and about half-way though it, they quoted my tweet.

My reaction was predictable.

I was terribly embarrassed. Being quoted in the Daily Mail isn’t exactly great for your reputation. So I started wondering if there was anything I could do to to recover the situation.

Then it came to me. The Mail were following Twitter’s display guidelines and were embedding the tweets in the web page (to be honest, that surprised me slightly – I was sure they would just take a screenshot). This meant that every time someone looked at the Mail’s article, the Mail’s site would refresh its view of the tweet from Twitter’s servers.

You can’t edit the content of tweets once they had been published. But you can change some of the material that is displayed – specifically your profile picture and your display name.

So, over lunch I took a few minutes to create a new profile picture and I changed my display name to “The Mail Lies”. And now my tweet looks how you see it above. It looks the same on the Mail article.

As I see it, this can go one of two ways. Either I the Mail notice what I’ve done and remove my tweet from the article (in which case I win because I’m no longer being quoted by the Daily Mail). Or they don’t notice and my tweet is displayed on the article in its current form – well at least until I get bored and change my profile picture and display name back again.

This afternoon has been quite fun. The caper has been pretty widely shared on Twitter and Facebook and couple of people have told me that I’ve “won the internet”.

So remember boys and girls, publishing unfiltered user-generated content on your web site is always a dangerous prospect.

The post Quoted By The Daily Mail appeared first on Davblog.

davblog

Public Service Announcement: Aegon Pensions

Do you have a person pension with Aegon? If so, I suggest you ask them to double-check the statements they have been sending you, as they might well be incorrect. I’ve recently discovered that mine have been wrong to the tune of several thousand pounds for seven years.

This year I’ve been transferring all of my personal pensions to a SIPP at Hargreaves Lansdown. It has generally been a painless process. You fill in a form and sent it to HL, they contact your current pension provider and a week later the money is sitting in your HL account.

Of course, you’ll want to know how much is in your pension fund, so you know how much money to expect to be transferred. But your current provider will be sending you annual statements. As the stock market has been rising for a lot of the last twelve months, the amount you’ll get will almost certainly be a little more than the amount on your last statement.

But there will be two values on your statement. – the fund value (FV) and the transfer value (TV). FV is the amount your fund is worth if you leave it with the current provider. TV is the amount they’ll send to your new provider. Looking at all of my statements, FV and TV were the same amount. So all was well with the world.

I found that I had six personal pensions (I really have no idea why I had so many – it seems rather more than you’d need) and, over a period of a few weeks, I set the transfers going on all of them. Five of them worked fine – I got a little more money than I expected. The sixth was with Aegon.

One Friday afternoon I got a phone call from an adviser at HL. Aegon wouldn’t make the transfer unless I confirmed that I was aware of the current valuations. He read out the valuations that Aegon had given him. TV was about 20% smaller than FV. This meant that I’d lose about a fifth of my money if I transferred the fund. I asked him to put the transfer on hold until I could confirm this with Aegon.

Aegon’s customer support line is closed over the weekend, so I couldn’t speak to them until Monday. But I double-checked my statements. There was a different between FV and TV in 2007, but since 2008 every statement had shown the two values to be the same. And, naively, I assumed that my statements were accurate.

On Monday I called Aegon. Their customer support people tried to help but really all they could do was to pass my questions on and tell me to wait for ten days or so.

A couple of weeks later I got a reply which basically just said that my statements were wrong and that, yes, there was a 20% early exit fee on my plan. I wasn’t happy with that so I wrote back to them asking how their system could issue incorrect statements for seven years without anyone noticing.

Today I got a reply to that letter. Here’s what they say:

Statements are system generated reports which are issued annually. These are usually issued directly to Policyholders or Financial Advisers without being checked. It was only when you brought the error regarding values to our attention the the matter has been investigated and future automated statements have been inhibited.

So there you go. There was apparently a bug in Aegon’s system which went undetected for seven years, until I tried to transfer my pension fund away from them.

I’m going to continue to try and find out how I can get my money out of Aegon without losing a large chunk of it. Given that most of the industry doesn’t work the same way that they do, I suspect my best approach is to accuse them of mis-selling the policy in the first place.

But if you have been receiving statements from Aegon over the last seven years, I’d ask them to check the values if I was you. Let me know what you find out.

The post Public Service Announcement: Aegon Pensions appeared first on Davblog.

flickr

Antsiranana

Dave Cross posted a photo:

Antsiranana

flickr

Antisiranana

Dave Cross posted a photo:

Antisiranana

flickr

Stray Dog in Antisiranana

Dave Cross posted a photo:

Stray Dog in Antisiranana

flickr

Antisiranana

Dave Cross posted a photo:

Antisiranana

sources

Feed Subscribe
OPML OPML

Powered by Perlanet