Inserting liquid syntax into Octopress codeblock

The not entirely reliable trick I’ve found for inserting liquid code into an Octopress codeblock is to double wrap your code with [% codeblock %] [% raw %] ... [% endraw ] [% endcodeblock %]. But use curly brackets { } instead of square brackets [ ]. I can’t use the curly brackets because if I do they bugger up the codeblock below.

Read More

Generating Jekyll pages from data

I wrote a Jekyll-generated site for Botanic Organic that sells products and includes product and ingredient pages that are generated from data. Jekyll is a blog aware, static site generator. Botanic Organic’s site was forked off of Octopress, which uses Jekyll but adds a few plugins and styles.

Read More

Careful when handling consumer trust

I recommend the article Identity & Trust: The Keys to the Game in Winning the Hearts (and Wallets) of the Consumer by Allison Cerra. Allison comes from a telecom background and had an early perspective on the value of what she calls the 3Ps. These are presentation (how a consumer constructs and manages an ideal image of himself), protection (data privacy) and preference (helping a consumer make choices). She speaks of the gold mine of opportunity in targeting experiences and applications for consumers.

Read More

Happy 80th Birthday Mom!

A happy birthday to my mom who was born 80 years ago today in rural Lithuania. She had the sort of teenage adventure that few of us today could appreciate, as she made her way by foot across Lithuania, Poland and Germany, then back and forth again, before finally settling in Canada as a refugee after WWII. I love you Mom!

My mom (center) with her sisters Emily (left) and Martha (right)

HTML5 and Javascript Are Not Enough

The capabilities of today’s browsers are not sufficient for meeting the security needs of web applications requiring authentication and payments. One of the two primary deficiencies is that content from one site cannot be adequately sandbox when executed on a relying web site. Yet embedding such third party micro-apps has become commonplace. The second deficiency is the reliance on passwords, as is so eloquently described by this post from Eevee.

Take making a PayPal transaction at a merchant web site as an example of the first deficiency. To make this work the merchant web site must redirect the user to PayPal’s web site where he or she then authenticates and authorizes the payment. The user is taken out of context, away from the merchant’s web site, with the possibility of being subject to phishing. This is done because any PayPal code running within the context of the merchant’s site would not be secure: PayPal and the merchant cannot isolate each other’s code.

Read More

Experimenting with Octopress

My personal blog began life on Blogger and was switched to Posterous in late 2010. The switch to Posterous was driven by an interest in easier media publishing, but I haven’t found Posterous to have lived up to my hopes. In particular I’ve found performance of their site to be a bit lacking, and have been disappointed that basic editing features have not evolved.

Being adventurous, and now having to support multiple web sites, I thought I’d experiment with Jekyll and Octopress and see what their limits are. I know this is not going to provide an improved editing experience, but this will address performance issues and provide a place for me to experiment.

Read More

600,000 identities compromised per day at Facebook

Facebook put out an infograph revealing that 600,000 identities are compromised per day. That’s a lot of identities. Continuing from a previous post of mine, you could perhaps conclude that Facebook Connect is suitable for casual identity, but not for strong identity.

It’s not that Facebook isn’t trying to protect identities.The infograph reveals an impressive array of risk management tools. Facebook certainly look like they are setting themselves up to be a strong identity provider.

I suggest that the casual value of Facebook to most people is what gets in the way of Facebook acting as a strong identity source. People chose weaker passwords and are less inclined to be serious about account recovery steps then they would be with a bank, PayPal or even email account. A second issue is that users are more susceptible to phishing and spam issues by virtue of Facebook being a popular target with a large attack surface. Not to mention that users may be a little wary of Facebook’s track record of leaky privacy and therefore less willing to give up vital data needed to protect their identity (e.g. cell phone numbers and security questions).

For a further examination of the issue of Facebook identity compromises please read this Sophos article.

PayPal is an identity provider

It would seem that PayPal is now an identity provider. I’m not surprised, and in fact I think it’s a good move. I said as much in a post nine months ago.

Think of it: if you want a strong identity, you want one that is backed by financial information. That makes banks great natural identity providers. But financial institutions don’t seem to be interested in this space, and/or regulatory issues are in the way.

Read More

Bixi Bikes a Tourist's Dream or Credit Card Nightmare?

There is absolutely no better way to get around an urban core then by bicycle. Walking limits your range and is tiring, while cars can get you caught in grid lock and are a hassle and expensive to park. Being on a bike, however is massively liberating as you sit comfortably upright, weave around traffic, cruise by blocks and blocks of great sites, and noodle into places not accessible by car. The problem is that taking a bike with you when travelling to a city is largely impractical. An added problem is locking the bike up.

Enter Bixi. Bixi is a system running in Montreal, Toronto and Ottawa that allows you to pay just $5 a day for unlimited access to a bike. That’s a bargain, but the system is more interesting then this. With Bixi you take a bike out from any number of conveniently located lockup stations, usually about three blocks apart from each other, then park it at the same or any another station. You are required to check your bike in every 30 minutes else you ring up penalty charges: this is presumably to encourage you to use the bike for point to point travel and to make sure the stock of bikes at stations doesn’t drain low.

Read More

Cheap GPUs are rendering strong passwords useless

GPUs have brought brute force breaking of any 7 character random alphanumeric password down to a maximum of 17.5 minutes, as compared to 4 days with a CPU. For 8 characters it takes 18.5 hours with a CPU, or 1 year with a CPU. This is what Vijay Devakumar found when he used a GPU card and the free password hash cracker called ighashgpu to crack the NTLM password hash, which is used when logging in to Windows.

Read More