The Fallacy of Visualisation

Posted on August 18, 2010 by Errant

Earlier, in a rather dramatic post, Wired declared that “The Web is Dead, Long Live the Internet“. Which is a pretty amusing bandwagon for them to be on in the first place.

It would be fun to rip the article itself apart but 50 odd commenters and Hacker News did all that heavy lifting.

The visualisation they used is a problem though; one that gets me regularly grinding my teeth. To any savvy reader it screams “DANGER, Unfinished Road” louder than a Looney Toons, uh, cartoon. Wylie coyote doesn’t stand a chance.

The first thing that jumped out at me was the FTP traffic – which is inexplicably not registering any more. Either Wired are suggesting that no one is uploading new websites or we are exclusively using Vi over SSH for our editing1.

The issue isn’t so much that the graph is so blatantly flawed; it is that it is being used to support quite a strong statement. Carl Sagan2 wouldn’t be very impressed:

Extraordinary claims require extraordinary evidence

There is a bigger problem. The article is the age old apps are the future3 argument – and it builds it up by talking us through a “normal” day on the internet (which conspicuously lacks using a browser). Here’s their conclusion:

You’ve spent the day on the Internet — but not on the Web. And you are not alone.

Interesting, lets look at that visualisation again; Video traffic has eaten a massive proportion of the current share. Web is “dying”, Peer 2 Peer ditto. Email doesn’t feature.

Trouble is, almost all of the apps that Wired list in their normal [sic] day completely fail to fall under any of these categories. Look: IM, Skype, Facebook/Twitter/News (on the iPad), RSS, Pandora, Xbox Live. Somehow I don’t think that comes under “Video”, perhaps Other?

Except Other is a tiny and decreasing category on the graph.

Uh oh.

Luckily they do mention “watch[ing] a movie on Netflix’s streaming service.” So that’s ok then4

Wired could be right about this, apps could be future, stranger things have happened. But it doesn’t give you much hope when such insight is pretty much directly contradicted by the graph visualisation used to “explain”.

This is a growing and annoying problem. I am sure Wired’s excuse is that someone else did the visualisation (in paint and, probably, whilst feeling very clever and enlightened by the article they just read) and that the authors point stands. For the tech-savvy it’s not an issue – we can roll our eyes and moan.

For everyone else it becomes a problem; because they’ve just read an article they don’t really understand and, so, turn to the graph for support. “Look, the Web is dying, Video is the future

Englightenment?

Not really.

Graphs like this make people who didn’t grasp the argument (at least enough to critically assess it) into mini-experts. I expect someone in a pub somewhere next week will single me out and explain to me that the web is dying5.

I mean, just say the words out loud right now – do you feel a bit silly? I did.

Graphs are dangerous in the wrong hands (lies, damned lies, and statistics) – handing one to a journalist is akin to pulling the pin out of a grenade then swallowing it. Indeed, any visualisation is like crack to them.

Data can be misrepresented to fit your theories, this is just a pain in the neck. “Data cooking” that undermines your entire thesis is just incompetence, and all the more dangerous!

—-

  1. This is an hilarious “in” joke – I’ve spent all evening pretty much doing this
  2. Marcello Truzzi said it first, I prefer his version but Sagan made it quotable
  3. They probably are, right?
  4. Except it isn’t, really, because you need a browser for that…
  5. Letting on you’re a computer Geek attracts such attention, I’ve seen people swell with pride at their new found “geek smarts” when you walk into the room
Posted in rants | Tagged , , | Leave a comment

I am my Web Host

Posted on July 8, 2010 by Errant

As I blogged about a few days ago I’ve fallen out with my web host. This tends to happen every few years; the standard of “cheap but reliable” hosting has taken a dive. Especially in the area of customer service (I don’t ask much, just that you read my support requests!).

This is a pretty lengthy post, so bear with it!

And, so, I decided to switch out to another provider. Which is where it got interesting. For a few years I have run a dedicated machine next to my shared hosting – for testing, game servers and, occasionally, web hosting. It was the latter that got me thinking. I use the dedicated box to host sites with, say, background processes or limitations that mean a shared host is no use.

Why couldn’t I switch to hosting all of my own sites?

So I’ve given it a go.

The Dispute

For those who like that kind of thing (so, most of you) this is how my old host (Servage) pissed me off: bad customer service.

A few weeks back a programming mistake (and, I argue, a configuration mistake on their part) locked up the shared server – so they suspended my account. Which consisted of returning a Servage suspension page and a 404 header. Oh, and they never told me (apart from a cryptic copy of a “top” output) what the issue was.

They then proceeded to not read my support requests and act like I was a criminal :) so screw ‘em.

The Solution

Hosting your own sites is actually pretty easy; VPS’s are easy and cheap to purchase nowadays and the tools are few clicks a way. Here is my ingedient list:

  • VPS’s (I use Gandi; so far they have been excellent)
  • DNS (DynDNS provide for my main site, more on that below, but other sites are self hosted using PowerDNS)
  • A Web Server (no contest: Nginx)

Once you have the pieces it is fairly simple to slot together. I recommend you have two (or more) smaller servers rather than one massive server. This means you can keep production/development separate and have fail over DNS. So far I have successfully put together hosting and DNS provision for about 50% of my active sites and plan to pull the others over before Servage asks for renewal.

The most important thing is to PLAN your approach to this; I made several mistakes with the first few sites transferred leading to annoying down time.

Hosting

Hosting is the easiest part of the puzzle (and will be specific to your language choices/needs).

Most of my code is in PHP so I was after an LNMP (Linux, Nginx, MySQL, PHP) stack – guides to which are only a Google away. There are a couple of ways you can pipe Nginx into PHP but I chose the Fast CGI route in the end which is proving stable (go with what you prefer). After a little deliberation I decided to install pretty much all of

One good idea I had was to set up a sub-domain for every VPS; that way you can host Mysql and other services under that name (i.e. no need to make them available under your hosted domains).

Iit is worth setting up some form of caching with PHP (I recommend Xcache). While most of my PHP code ran fine WordPress slowed to an absolute crawl. Xcache brought what can only be described as “astonishing” speed improvements.

Oh and if you do use Gandi you have to install sendmail manually to get mail() working (I was stumped by this for ages thinking it was a problem with PHP)

DNS

DNS was the most difficult part of the setup. In my previous setup most of my domains were registered with Fast Hosts (they still are as it happens) and Servage provided my DNS.

One major problem with self-hosted DNS is that fact that you need to register “glue” subdomains with the central repositories (this is so that DNS lookups don’t go into a recursive loop of doom). After an initial play, and fail, around with Bind 9 I cast about for hosted DNS. In the end I went with DynDNS for my personal domain – it was pretty cheap ($29.99 for a year) and seems a stable service. Doing this made me a lot happier about attempting to self-host DNS for the other sites.

Bind is a pig; there I said it. Luckily I came across PowerDNS, which for me, had several advantages:

  • Installation was a breeze, just a few seconds
  • It is MySQL based (which fits in with some future plans)
  • There is Power Admin, a drop in PHP configuration manager

Power Admin really is the killer feature; it is by far the easiest piece of DNS setup I have used. Because of the MySQL based configuration you can provide two DNS servers (which is recommended) by installing Power DNS on another VPS and setting up MySQL replication (I cannot stress how beautifully easy this was to do).

Once happy I added my DNS zones, asked Fast Hosts to register ns1/ns2.errant.me.uk as Glue records and changed all the DNS records. Phew.

Side note: I wish I had explored Power DNS before buying DynDNS! It could easily have convinced me to risk the full self-host.

Cost

I suppose cost is important. For me costs went down (as I will explain) but for those with only shared hosting you may end up paying more. It’s up to you but I much prefer the versatility!

My previous setup was:

  • Shared Hosting with Servage: £75/year
  • Dedicated Server with Fast Hosts:  £960/year

So around £1000/year.

Currently I have two shares with Gandi priced at £240/year. Which is a pretty substantial saving overall – though a big leap up from shared hosting costs.

On the other hand there are a lot of advantages that may make it worth it; not least that you have full access to the server to do whatever the hell you like (site deployment using Mercurial has become a dream!)

Next?

  • Domains: My next plan is to administer my own domains directly. At the moment they are spread about amongst Fast Hosts, Gandi and Servage and it would be handy to consolidate those into one place. From what I can gather this is looking to be rather expensive, so perhaps for a later date. It’s something I would like, though, just to be entirely self sufficient.
  • DNS:  soon I plan to ditch DynDNS and bring all my DNS service “in-house”. That’s a pretty major leap so I plan to be very ready before trying :)
  • Control Panel; hand configuration of Nginx is pretty trivial if you don’t have many domains (a lot of the cfgs can be reused). Plus I have Power Admin and PHPMyAdmin for DNS and MySQL maintenance. But an “all in one” method would be quite nice (particularly one that could handle domains/DNS together). None of the current control panels support Nginx very well – so it is easier to hand configure.
  • Mongrel 2; an interesting project which is configured using SQLite. As soon as it becomes stable I will be testing it to sit in front of Nginx (or even directly in front of PHP) – because of the SQLite approach it should be easy to hack together a Power DNS/Mongrel based control panel.

Final Thoughts

Self hosting has been on my mind for a while, but I have always shied away from the difficulty. So I am actually pleased Servage gave me a push.

One major concern was that this makes me responsible for server maintenance – I’m not a bad sysadmin but you could hardly call me great. The positive thing is that this is proving to be less of a worry that I thought. The only serious stumbling block so far has been the caching/slowness issue with PHP; but I managed to figure that out in just a few hours.

Best of all I am learning a lot of useful stuff in the process.

Security is another major problem. I think everything is safe but I do need to remember to update software regularly (this is becoming an advantage because I can update much faster than most hosts!).

If you want to do this then I highly recommend it! But I also recommend you take it slow and do your research. I rushed the initial process (due to being mad at Servage) and made some mistakes.

By the way, yes, the blog you are reading is self hosting. I hope it coped!

Posted in websites | Tagged , , , | 9 Comments

Bank Simple actually personalise their email

Posted on July 2, 2010 by Errant

I am very impressed with Bank Simple (a neat project I came across via HN). Banking startups are an interesting (and hard) area so, in the spirit of “why not”, I left them my email a few months back. As a brit it seems unlikely they will cater for me any time soon but keeping track of their efforts seems worthwhile.

Anyway, they just sent me an email.

How did they know that?

At first it reads like a typical marketing mail – “don’t forget about us m’kay” (which, after all, is why I gave them my email). But after a first scan my brain did a backflip as it read the following:

Even if you don’t want to talk about banking matters, I would love to hear more about how you started you own social networking site and be updated on its progress.

Wait. What?

In the past (i.e. 3 years ago) I was involved in developing a social networking site. How the hell did they find that out?

I am guessing that what they did is use one of the social discovery tools to track down some information about me. Then read and digested what they found to choose something relevant to talk about.

I’ve run it over in my mind and there is no way this could be from an automated process. For a start the email address I gave is not easily linked to my personal or the Live Meta site. So finding me is non-trivial (2-3 minutes at least). Figuring out the connection is also non-trivial; someone either read my resume or the Live Meta site and clicked through to make the link (another 2-3 minutes). Those 5 minutes are not a lot – but it’s more effort than the vast majority of companies make.

Ok, so this is gimick; but it’s a completely genuine one. Bank Simple make a promise on their home page: “We treat you with respect“. So, yes, it is a gimick. But it is also them sticking to the promise – and I do feel respected. Particularly as there is a high chance a goof number of us signed up….

I think that bodes well for them as a service.

Which is good because starting a bank like that is a very difficult problem. I c0nfess prior to this my feeling was “cool, but I have a feeling this will fall apart”. I still think it is a very hard task they have set out to work on, but on an emotional I damn well hope they do it.

But for that pesky Atlantic Ocean they’d have a new future customer :)

Posted in opinion | Tagged , , | 10 Comments

Why I want an Eco-House

Posted on July 1, 2010 by Errant

When people ask me (admittedly not very often) what sort of house I want in the future I usually say “a low impact, grass roof eco-home. This follow up is usually something along the lines of:

“huh, no way you are an eco warrior”.

And I am not, but I still really really want to live in an eco home.

Why? Well as I see it there are numerous benefits and very few real downsides. The first (to my mind) is that you get to physically build something of your own. There is a definite element of pride in owning things you spent blood and sweat on.

In a practical sense there are other benefits; given reasonable funds (i.e. less than the amount needed to build a “real” home) it is now possible to build an entirely self sufficient house – electricity, water, heating and sewage. No longer are you forced to make big “personal comfort” sacrifices. And by the time I get to building one technology should have gotten even better/cheaper.

Self sufficiency is one thing I particularly desire; think how much you could save if the only regular bill was internet & mobile phone (or to put it another way; imagine what an awesome internet connection I could afford). From a practical perspective you are less susceptible to national disasters (say, oil shortages).

There are other aspects. It’s cute, for one, and very outdoorsy. That’s a good thing to my mind. I love shiny tech but am becoming more and more disheartened by our consumer society. There is an apeal in the quaintness of a small, natural materials home. I’m getting caught up in this and makes me counter productive. Simply “giving up” consumerism does not feel like an option (actually, yes it does – but I would not last).

Friends who have actually made the “leap” tell me life is more relaxing when you can wander around tending a nice, big, lush, vegetable garden in the evening after a long work day. And that is what I mean by escaping consumerism!

The very best thing is that because I am not an eco-warrior compromises are not an issue for me, and I will readily make them. As I see it environmentalism is a great thing to be aware of and contribute too – but going back to the stone age is counter productive. I realise many modern eco-warriors (sorry, ecologically aware individuals:)) are in the the same boat, but my point still stands. From observation I reckon the main drawbacks to eco-living arise out of not compromising on the ecological vision – and, so, I can’t see any downsides!

So, yes, I very much want to live in an eco-home! :)

Posted in life | Tagged , , | Leave a comment

The dangers of relying on 3rd party APIs

Posted on June 29, 2010 by Errant 
You may remember a short while ago Twitter had some downtime; connections seemed to drift into the ether and time out after a number of seconds (or even minutes). 

Even the API was affected, and as a result so was I – pretty dramatically.

Tweetbars

A while ago I threw together a quick little site idea called Tweetbars. It got some interest & coverage at the time but eventually I left the site to one side – happily serving Twitter status images to a few punters. At the moment about 500 bars are under active use with around 4000 hits per minute (these are rough figures – the stats tracking provided by my last host was rudimentary at best).

The code is simple and hacky; when a “bar” is displayed for the first time a call is made to the public Twitter API for the requested user to recover the latest tweet. This is cached on disk and, when the image is requested subsequent times the code checks the disk cache and either uses that or refreshes from the API again. Requests are made using PHP cURL.

Easy. Peasy.

Unfortunately in my hurried creation of Tweetbars I made a crucial engineering mistake: Relying on Twitters API

When Twitter started to time so did my cURL connections – but very slowly. I’d never considered this scenario and, so, hadn’t set CURLOPT_TIMEOUT (the default for which is “never timeout”). As a result some of those connections were hanging around for up to a minute; any bar with an expired cache kept opening connections on every call. Ouch.

To compound matters, for some inexplicable reason, my host hadn’t set up PHP to kill slow executing pages.

Cue a locked up server (the stats they showed me had about 3000 open connections and 89% CPU assigned to my php processes). Youch.

Understandably they shut down my account; taking 20 websites (including this one) with it. Which was a pretty major blow.

The Moral

Never rely on a third party API.

Twitter are in no way to blame here; it was entirely my fault but when Tweetbars was built I assumed performance and features would be consistent with what I was seeing at that moment in time. An error caused this issue, but a number of other factors could have resulted in the same problem (for example slight changes to how the API worked or returned data).

Always figure out a way for your app or site to fail gracefully when it hits unexpected problems – it is better to slightly annoy your users for a short while than have to wait 12 hours for your provider to unlock a hosting account :)

Posted in websites | Tagged , , , , | 4 Comments

That Piracy thing again (debunking the arguments)

Posted on June 24, 2010 by Errant

So piracy is back in the news this week with the US government’s proposed “Joint Strategic Plan to combat intellectual property theft“. Cue the typical hand waving and ranting from both sides of the orchard.

I always hate times like this because it seems that no one is able to have an adult conversation about the issues and, so, Copyright is still broken and the RIAA still think suing people is better than sorting out proper digital media for me to enjoy.

Bah.

Allow me to review some of the typical “bunk” statements that get rolled out by both sides.

“Piracy is theft”

This is always a good poster boy for the pro-Copyright brigade. This time Joe Biden trucked it out for them:

“It’s smash and grab, no different than a guy walking down Fifth Avenue and smashing the window at Tiffany’s and reaching in and grabbing what’s in the window.”

Pro-piracy advocates get to have a merry little dance at statements like this; and rightly so, it is an amusing concept. Partly from a practical perspective (copyright infringement is a civil matter, not criminal) but also from a moral one. It does seem unfair to label all of those downloading unauthorized material as “theives” compared to someone stealing a physical item.

What gets argued is that “theft” is a way of describing the act in “raw, understandable terms” (or something). I may be cynical but I suspect the real aim is:

  • to guilt people into not pirating by making it morally inappropriate
  • to pave the way for making copyright infringement a criminal matter

It is the last that worries me.

Ultimately how I always feel is this; if someone is pirating your work then I don’t mind if you call them a thief (in anger or whatever). But if you’re not one of those people then it’s a weasel word to be using.

“You do not have the right to expect to profit from your work”

This is one from the pirates (often accompanied with lots of high fives and “yarrrr”-ing :P ). And this time it is me rolling eyes and smirking.

What this argument highlights is merely a rhetoric failure, for the following reason: it is the truth and not something you can dispute.

However.

So is the reverse. “You do not have the right to expect to receive other peoples work for free“. In absolute fairness I have heard that uttered a few times from the likes of the RIAA.

I fail to see the use of simple, logical concepts like this. Yes, you are both right. Can we please stop using it as an argument. I do not have the right to expect you to pay me for X, but you don’t have the right to take X for free. Impasse established, let’s keep negotiating.

Anti-Entitlement

To demonstrate this point I want to quote Swombat (via HN)

“Intellectual property” is a contradictory concept. Claiming that ideas, thoughts, and other non-physical entities “belong” to someone is contradicting the very nature of the universe.

I called that “pseudo-philosophical mumbo jumbo” in a reply comment, which was possibly a little unfair. But I think it is a true assessment. The problem is that it breaks down in the “real world”.

The whole original concept of intellectual property, copyright and patents were built on the idea that there had to be some way to quantify and protect the value of a persons work. In a general sense, of course, no one can “own” an idea but, to save protracted philosophical arguments, we invented some social rules that cover such situations.

It seems reasonable (and right!) to argue the limits of those rules – but their existence?

It is pretty impossible to copy protect digital media anyway

True. You are using this as a pro-piracy argument?

Oh dear.

Piracy Harms/Helps X

This is my “favourite” bunk argument.

Of course; there is a lot of “data” supporting both sides but, as with all these things, most of it is a case of selective interpretation.

The problem is that it is so hard to estimate the impact of such a broad (and relatively untrackable) activity like piracy on a wide range of heuristics. Often it is claimed piracy hurts sales; which I am sure is true in some cases, but how do you identify that? Sales are affected in lots of ways and to this point I’ve not seen any “proof with numbers attached”.

I hate this argument because there is a tendency to pick numbers out of the air – and that not only harms the argument but makes you look pretty silly (yes, RIAA, I am looking at you).

The opposing point is that piracy can promote sales/revenue. The oft cited example is that musicians make the most money (sorry, record companies fleech the most money from musicians :) ) via live performances and that piracy of their music increases people’s exposure and therefore can drive ticket sales. It’s a good argument and I am pretty sure that in a lot of cases it is true.

The issue I have had with this particular idea is that it is ignoring the fact that the content creator ends up with no choice. You are promoting yourself this way, tough, no option.

Conclusion

Of the whole Hacker News thread that grew from the original news article one comment from Pyre stuck out at me:

Copyrights, trademarks, and patents also weren’t as complex and over-bearing when they were first created as they are today. If anything, the content industries only have themselves to blame with their egregious extensions to copyright terms amongst other things.

This pretty much sums up my feelings on the whole matter.

As a concept I don’t think intellectual property is a bad idea; in fact I think it has been a pretty acceptable “social hack” in the past. The problem is our growing litigious and regimented modern culture. Where everyone has absolute rights and “the right thing to do” only seems to apply when it is useful.

This malaise is not limited to the issues of piracy and copyright. At its root our modern culture is slowly rotting.

I’ve been on both sides of the piracy debate. Not all that long ago I was downloading music and watching films from torrents, it was easy and came with no moral and little legal risk. I came to understand the (personal) moral guilt of what I was doing and stopped; now if something costs too much or (the more likely case) is not available to me I just get mad, or rant or shrug.

I’ve also been the “victim” (though I do hesitate to use that word) of piracy. What makes it so amusing is that I am a huge Free Software advocate and release the vast majority of my code with a BSD/MIT license. Pretty much all of my written word gets released under various open licenses. The very few times I have not done so it has been pirated. My very short lived “career” with an indie games programmer was blighted by piracy.

The worst thing part is that consumers are consistently the losers whatever happens.

Content creators (and particular lobby groups like the RIAA) are obsessed with stamping out piracy with a load of ill considered schemes rather than developing modern and usable digital media distribution. We have the technology to be able to watch the latest films online all over the world; and yet only a tiny minority are available in an even smaller number of countries.

My stance? Being pirated tastes very sour, and I dislike the scratty little b’tards who did it to me (I tried to offer you value at a fair cost, screw you :) ). But on the other hand I hate the scratty little b’tards of the RIAA who want to sue people thousands of dollars per illegal download. I think the solution is in simplification and streamlining of copyright law and work to limit the ability of corporations to use their massive legal resources in litigation (this is a wider problem also). I also think we should, collectively, encourage media creators to come to the internet with better consumer offerings. Though, really, what is needed is a paradigm shift in society where paying for digital media becomes an acceptable alternative, where people can see the effort that goes into creating stuff for them and where we are less worried about litigation and riches and more worried about making cool stuff!

More importantly can we stop throwing out these bunk arguments and address real issues. Please. :)

(I’m not even going to start dissecting Obama’s new “Strategic Plan”, it’s “nails on the blackboard” painful all round)

Posted in opinion | Tagged , , , | 2 Comments

How to write a good CV

Posted on May 31, 2010 by Errant

Writing a CV often seems a pretty easy task to most (or, worse, a fairly unimportant one). The sad fact is that a lot of people are just god-awful at it.

Here’s how to write a really killer CV (tldr: simplicity is key)

Presentation

A CV should be terse and concise; it’s not an essay about how good you are but the basics facts about your employability.

Avoid colours at all cost. The one exception to this is if you are applying for a design or advertising role. Then your CV (essentially an advert about you) is worth spicing up (I can’t advise beyond that; design is your forte :) )

Lists are fine. Nay, lists are encouraged. This relates to the first point about conciseness but also lists are much easier to scan compared to a paragraph that says the same thing.

Fun is allowed. But avoid being smug, self satisfied, idiotic or using too many jokes. If in doubt keep it serious or at most light hearted.

Avoid in-jokes.

In terms of layout/design:

  • 12pt font, black, one font maximum
  • Tahoma or Verdana for computer copies, Tahoma or Times New Roman for print
  • Keep bold to a minimum (headings and qualifications/jobs) for max impact
  • Use italics even less (I usually say address, qualification schools and employers)
  • Center your name and address/contact at the top.
  • Everything else left align

What to include

A CV will have 4 sections:

  1. Personal details/intro
  2. Education
  3. Work/Experience
  4. Skills

Personal Details

Keep this brief; obviously name and contact details are key. Your address should be as brief as needed – if you’re applying for a job in the same county (or state) then drop that bit.

An introduction is appropriate; it’s about the only part you can really sell yourself in sentences. Keep it down to about 4-5 of them and avoid being smug or over the top.

Be honest.

Education

This is a fairly easy section; list headings of your degrees/education, dates and the school it comes from. There is no need to add the level or score you got; personally the fact you were there and took part is the most important part (we can test knowledge some other time).

One thing most people forget is to add some bullet points about what you did for each qualification. Just add the major points, not just in terms of classes but extracurricular activities, positions of responsibility, skills etc.

Don’t list ancient qualifications (keep it relevant)

Do list non-academic qualifications.

For example I always briefly mention that I attained the Gold Duke of Edinburgh’s Award (reasonably prestigious and definitely a difficult achievement). The best way to decide whether to include or not: ask, was it hard to get?

Work/Experience

A crucial part.

List only key or relevant employers (the number of CV’s I see listing “Mc Donalds” as an employer is, well, awful).

It doesn’t matter if the list is very short – pad it with extra bullet points for each employer rather than irrelevant jobs.

For those bullet points focus on a good mix of key skills, responsibility and things you learned. If you ever had decision making (especially in control of a budget) responsibility or were in charge of a team/group always mention it.

This should generally be your longest section.

Skills

This is often the worst part any CV, usually for one single reason, people have no idea which skills to sell.

Take one example I read recently; the writer had failed to add his skills in security research and instead had listed his programming languages. That makes little sense as the security stuff is a much rarer (and more marketable) skill. Unless it is completely irrelevant to the job add it.

As an example: I usually sell consultancy work based on my own security skills. It’s that little bit extra that sets me aside from other contract programmers.

Always list your rarest or hardest acquired skills first. This might take some thought so grab a piece of paper and a pen and actually brain storm for half an hour or more.

By all means list programming languages, but keep it brief.

This entire section should be bullet points. NO excuses.

Never, ever, ever, ever list reading or swimming. If you do I will personally come round with a pony and beat you mercilessly.

References

Never include them; always use the phrase:

References available on request

Conclusion / Final Thoughts

Writing a CV needn’t be difficult; the key is keeping it simple and really thinking it through. Don’t fall for the trap of believing a CV is unimportant either – it can make or break getting a foot through the door.

Make sure you take time to customise or tweak a CV for each job (or type of job)

Key ideas:

  • Simplicity
  • Stay concise
  • Really consider what you are putting
  • Relevance

Any other ideas? Feel free leave them in the comments.

Posted in business | Tagged , , | Leave a comment

A laid back approach to email

Posted on May 26, 2010 by Errant

Technology is amazing; you can now converse with someone the other side of the globe effectively instantly via IM and email.

The question is: is this a good thing?

Clearly in a lot of cases it is. But what about for non-urgent matters? Conversations that previously could have been conducted at a snails pace are now instant, and over in a few hours. People we have a single conversation with are, effectively, single serving friends.

On an individual level email is becoming a flood! Over the course of a day I can get up to 100 that might need replies – and that is probably a small amount.

So I am trialing a new three step approach to email:

  • I will reply to around mail 48 hours after is recieved
  • The exclusion to this rule is:
    • If this is your first email to me
    • The matter is urgent/needs resolving within 48hrs
    • You’re a personal friend (or direct client)
  • Any replies will tend towards just a few sentences

With this I hope to achieve a much more leisurely pace to email conversation. I’ve been using it effectively for the last few weeks and a few people have already commented that they particularly enjoy emailing/discussing with me.

From a technical perspective I filter mail with the following Gmail filter:

after:2010/[m]/[d-2] before:2010/[m]/[d-1]

Where d = todays day of the month and m = the current month. If anyone has a better filter (that I don’t have to change the dates for then please let me know!)

Posted in ideas | Tagged , , | 1 Comment

Why I think “Draw Mohammed Day” is a bad idea

Posted on May 20, 2010 by Errant

Draw Mohammed day is this silly idea someone came up with in an attempt to show unity against extremists who threaten death to those who, well, draw Mohammed.

(for background; Muslims often find it offensive when people draw Mohammed because they do not believe you should depict the prophet. I don’t pretend to understand why they might feel that way – but that is irrelevant).

Many people will suggest it is wrong to do this day because it is also attacking Muslims (I don’t think that’s the case, and is certainly not the spirit of the endeavour).  This is a bad argument and wrong.

The problem I do think exists is that this is exactly the response the extremists expected and hoped for.

Consider; they can turn to converts now and say “look how evil America is, they are escalating this, lets go kill them!”.

Even that is not the main problem.

The problem is that this feels very much like someone reacting fearfully. “Oh shit, we need to overtly show unity and strength and we need to show it now“. It’s the typical OTT reaction that you get from people living in fear.

I can’t get behind it mostly for that reason. I feel there are a lot better ways to show unity and strength – the very best is probably just to ignore these idiots who are sending threats (indeed, only react if the threat is credible, which most aren’t).

The final reason this doesn’t sit well with me is that I think it misses the point. Clearly it will only encourage the extremists; they will smell the fear and realise that sending threats is, inexplicably, getting results.  But what it risks is alienating a few more Muslims – not through offending them but because they would see this as “a bit silly”.

In a way it is possibly a little intolerant and ignorant. Ok, so you or I cannot understand why a picture might cause offence, it’s fine for us to consider that a bit silly, indeed it’s even fine to draw those pictures (assuming the sole  intention is not to cause offence – and if it is then whoever does it is clearly just an intolerant idiot). But what isn’t fine is saying “oh it doesn’t matter, your being silly so stop it now and let us taunt the extremists“. That sounds patronizing and I wouldn’t blame Muslims for considering that a little rude.

I would much prefer a banner that even Muslims would feel comfortable getting behind.

If you still don’t buy my argument then consider this, from the person who originally came up with the idea:

Norris said that if millions of people draw pictures of Muhammad, Islamistterrorists would not be able to murder them all, and threats to do so would become unrealistic.

Is the threat not already unrealistic? This whole new problem originally came from a blogger who made vague threats of death against the South Park guys.

It was very unrealistic threat. Norris actually gives it credbility - that is fear.

Posted in rants | Tagged , , , | 4 Comments

We all be hatin on Facebook, right?

Posted on May 17, 2010 by Errant

This anti-Facebook diatribe currently kicking around the interwebs is starting to get a bit tedious. The irony is that in barely any time at all it will probably be forgotten (and everyone will be jumping onto a new train of hate).

Which sucks for those of us who’ve been playing the Facebook privacy game for at least the last year.

So, here is an attempt to open some more sane debate on the issues. Across 3 posts I’m going to :

  1. Analyse Facebook from the perspective of someone who has been studying them for over 18 months
  2. Discuss Diaspora (the new “solution” on the block), why it is a great thing to work on and why it might not be a proper solution
  3. And suggest a simple, effective solution to the privacy concern.

Facebook

So, part one, the eponymous Facebook.

We’ve been hearing a lot about how crap their new privacy control is and that everything you  post is now public. I’ve been sticking up for them a little; partly because I tend to stand up for the attacked (whether they deserve it or not, everyone should have a defender) but mostly because pretty much all of the ranters have come to this issue recently and have, honestly, no clue how bad it used to be.

Ye Olde Days

Lets go back to early 2009. As a security researcher I maintain a number of Facebook accounts with which to do testing and monitoring – back then accessing someone’s details was trivial. Even those who locked up their profile could be cracked with a minimum of effort.

Through all of ’09 Facebook addressed those concerns one by one, locking it all down.

And, so, they came into 2010 in pretty good shape; not the best by a far margin, but those who wanted too could lock themselves up pretty tight (and a surprising number did so).

This, I guess, is where it all went to hell; because then Facebook inexplicably started to open things up again. Or did they?

The truth is that most elements of Facebook privacy settings are honoured by the social graph API and fan pages etc. While it was popular to claim “there is no way to stop your posts appearing on fan pages if they are deemed suitable matches” the truth was that if you lock up your wall posts they won’t show.

That’s not to say there weren’t valid concerns, but they seemed to get lost in a swill of rants and raves.

One such concern are pictures; and people tagging you in them. Which segues me into the next section…

Why Now?

Picture tagging is a valid concern; but why is it an issue now?

Today photo’s are harder to find & access than they were this time last year. Ok, so if a friend sets his/her photo to public then the world can see your name on it. Right. However, 12 months ago even supposedly private pictures were pretty accessible.

This problem has been partially solved – and yet it is a big issue suddenly, today, right now.

Great, raise that problem (and the others) loudly and vocally. Keep it on the radar (hah…). But don’t brand Facebook evil in the process, right, because they’ve actually made this problem a bit less bad. Give a little credit!

Also you may not have noticed but some tags don’t appear, even on public photographs. This is the same for content all over Facebook – it’s more obvious with comments (when you come across a thread with a user apparently replying to thin air – one of the participant is just not there).

I’ve not actually managed to figure out what arcane combination of privacy settings will create this situation – but it appears to be something entirely under your control…. …if it could be understand.

The Real Problem (with Facebook)

Like a runaway train that takes me onto the crux of this matter; the real problem.

You see there *is* a problem with Facebook, it’s a big problem, it’s a privacy problem and we are going to need to solve it. Just like we needed to solve it last year.

It comes in three parts:

  • Complexity: privacy is complex, Facebook is complex, your social graph is complex. In fact it’s a complete mess. Ensuring that every reasonable element of information about you is correctly “privatised” is far from a non-trivial problem.
  • People: this is a huge problem. No one (not even you or I really) considers how information could impact them if they don’t take precautions. What makes it worse is that the vast majority of people don’t understand exactly what privacy means in the context of social networks – and why it affects them.
  • Abuse: I hesitate to use the word but it best sums up the third element. In a world where everything is minutely locked down companies like Facebook will struggle to make a quick buck in quite the same way. So there is a temptation make thing difficult for users.

“People” is not something we can necessairily fault Facebook for. In part the same applies to “Complexity”; as laid out above, Facebook have been tackling the problem head on for the best part of 18 months. They aren’t there yet (not by a long stretch) but it seems reasonable to let them give it a go.

“Abuse”, though, is somewhere we can call them on. Not in the “OMG FACEBOOK ARE EVIL” way that seems so popular at the moment. But instead by explaining some of the problems with the current setup.

Simple questions like:

  1. Why is it so complicated to lock down your profile
  2. Why is instant personalization working the way it does (this is a big problem)?
  3. Why can’t privacy be “in your face” obvious?
  4. Why is it not clear what is accessible when locked up, and what isn’t?

Which is a far from comprehensive list.

For Facebook the “right step” is in making Privacy much much easier for everyone to grasp, raising it’s profile and showing their users where their information appears. Currently that is not an open process…

It is a lack of openness more than anything that has lead to this recent spate of hatin’

Solutions? (and the real real problem)

There are a number of third party solutions trying to (sensibly) make Facebook privacy more understandable.

By far the best is Reclaim Privacy (which I recommend you check out).

In fact that is precisely the sort of “one click check” Facebook themselves should implement.

But Reclaim is simply an interim measure. There is a much wider problem that needs addressing – which is that Facebook has a stranglehold over the Social net. It has the biggest user base and, as such, they can play the game whatever way they like. If Facebook decides that our names are “public knowledge” then that’s how it goes – or get out.

It’s a shitty kind of set-up and, so, the future of social web has to be made up of independant projects and companies all capable of working together. This way the “industry” is self regulating – and if one provider breaks their bond of trust with users they simply lose custom.

The parts are there already; OpenID/Oauth, photo sites, Twitter, Blogging tools, Youtube. All we need is something to drag it, kicking and screaming together into a package even your gran can use.

Check back next time when I’ll talk about the current hot-topic “solution” Disapora* (and why it’s not really, in my eyes, that solution)

Posted in opinion | Tagged , , , | Leave a comment