After Orange coming up with a sensible solution to the “fun” of not existing in experian and equifaxes databases due to moving to a newly built house, they’ve unfortunately shown how not to treat a customer, and here is their special recipe. In order to prove to Orange that the house I live in existed I was asked to obtain a bank statement which showed my name and the current address.
I’ve recently moved into the second house to be finished in a new development and found out that due to a local transmitter the Vodafone signal is so poor that it’s barely usable, so I decided to switch to the Orange network (which has good signal strength), but hit a small snag called Experian. Experian basically make money from selling other peoples information, but the problem is their information isn’t update to date and so they say the house that I’ve now been living in for two weeks doesn’t exist.
It’s rare that anything in UK politics actually surprises me, but you would have thought after the bungles in Afghanistan and Iraq the UK government would think twice about blindly following US policy, but, alas, the UK governments endorsement of the US’s recent sanctions on Iran seem to show that it is still more interested in staying close to the US than it is about thinking about anything else. One key theory in group control is that if you can get the group to fear a common enemy you can get away with a lot of big mistakes.
Everyone knows that in advertising there is a certain amount of creativity, and that there are bounds to what most companies would consider responsible advertising, but I’ve come across a company which seems to be willing to set the borders of responsible advertising a little wider than most. The company is Crest Nicholson, a UK house builder, who, in web pages that are thinly disguised adverts for two of their developments (here and here) have large glowing quotes about how good these developments are and the company in general.
A password breaking program called John the ripper has been modified to use the CPUShare pay-per-MIP parallel processing network as a test. This means that anyone with an MD5 hashed password can now look to rent enough machine power to take a serious shot at finding the original password. This is a step along the current path of technology which is leading us away from single expensive solutions and on to more organic systems which can adapt to changes in usage as neccessary.
I’ve recently been having an Email conversation with some the guys who wrote the technical specification RFC3920 about the language used and it’s left me wondering how many more times I will see the same mistake made. Specifications are suppose to aide clarity, they’re suppose to make it easy to produce compatible systems because a good specification will leave little room for ambiguity, but the big problem is the eagerness of specification writers to either make up terms or redefine words to fit their needs.
The struts guys were pretty swift in releasing a fix to the problem I blogged about before, so if you’re using Struts 2 you really should to 2.0.9.
In the programming world two of the most widely understood types of problems are cross site scripting (sometimes called XSS), and user command injection (e.g. SQL injection), so you can imagine my surprise when I found the Struts 2 framework which has only been considered suitable for production use suffers both. This serves as a good example of why any development team should have at least one person who has a background in application security and is tasked with checking for the common types of security problems which come from fundamental design mistakes.
No matter how good you think a CD key generation scheme is there will always be legitimate users who encounter problems. You also have the problem that the key generation scheme will eventually be cracked, CD generators will be made, and you end up with the situation where even if you buy a new copy of the software from the primary distributor you still may not be able to use the software to it’s full potential.
Sony have been selling the PS3 for some months now as a network enabled home entertainment device, yet it seems to be lacking at least one piece of functionality which is available on Apple TVs that has also been available on Sonys' own PSP for over a year. There is no doubt that the last firmware update was a big step up for the PS3 as an entertainment center. Upgrading the DVD playback software to do a decent job of upscaling was a good move, and adding the ability to be a DNLA client is also a great boot because it allows users to play movies and music stored on DNLA enabled PCs and storage devices around their network, but the PS3 still lacks the ability to subscribe to Podcasts which the PSP has been able to do for over a year, and it’s quite frankly stumped me as to why it’s not available.