*Terms and Conditions apply

Tornado (a Python based web-server) doesn’t like writing int’s. However, it will write strings and dicts. Casting to a string solves the problem.

This is the error traceback I was seeing. The server was returning a 500 error.

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/tornado/web.py", line 927, in _execute
    getattr(self, self.request.method.lower())(*args, **kwargs)
  File "second_breakfast.py", line 10, in get
    self.write(result)
  File "/usr/lib/python2.7/site-packages/tornado/web.py", line 446, in write
    chunk = utf8(chunk)
  File "/usr/lib/python2.7/site-packages/tornado/escape.py", line 159, in utf8
    assert isinstance(value, unicode)
AssertionError

On February 8^th my Mastercard was successfully used to book a Ryanair flight between two Eastern European cities. The flight was to depart the following day, and cost €446.70.

Over the next week another Ryanair flight was booked, originating from a separate Eastern European city, along with an authorisation charge for Hotels.com. Both of these charges were declined.

On February 28^th I used my Mastercard to buy petrol at Topaz beside NUIG, having left my debit card at home. When I got to a computer to pay the charge, a nasty surprise was waiting for me:

Not recognising the €446.70 charge I rang AIB. The CSR gave me details on the three charges, including the names of the passengers on the flights, flight codes and the hotel name.

AIB refunded the fraudulent charge, cancelled the compromised card and issued me a new card at no cost. I’m impressed and happy with the level of service and response from my bank, AIB.

I learned a few things from this experience:

1. I was able to use the card legitimately after it was flagged as compromised and two further charges were denied. I like this, it shows a smart fraud prevention algorithm, which doesn’t negatively impact the customer.
2. I had no idea so much information was transferred between businesses when payments are made on-line.
3. I signed up for Mastercard’s SecureCode service, but individual website’s must opt-in. This makes the service next to useless in preventing on-line fraud, but adds an extra burden to customers who want to protect themselves when shopping on-line.

I’m a little worried about how my credit card information ended up on (presumably) an Eastern European black market. I’m cautious with on-line purchases, and only use my own laptop, meaning either:

1. I have a virus on the Windows partition of my laptop
2. An on-line retailer I’ve used in the past stored my information in the clear and was compromised.

Neither is a very nice situation. I might re-purpose the Window’s partition to be sure. If it’s the other option, e-commerce has much bigger problems.

How could the current system be improved to help customers? Modify the CCV system to use TOTP codes. Here’s how it would work:

1. Customer rings bank, asked to move to “Two-factor system”. Bank asks if customer needs to be sent a fob or wants to use smart-phone application. If fob activate system on bank’s end when fob arrives; if smart-phone, activate now.
2. Presuming smart-phone: Ask customer to download phone app and give shared secret to customer. This is entered into the authenticator app.
3. The authenticator (app or fob) generates two 3 digit CCV codes every 90 seconds. One is to be used for payments processed immediately, one for preauth payments.
4. In the case of preauth payments, the bank keeps track of which seller the customer has assigned this preauth CCV to, and allows further payments to be charged from that card with that CCV, from that seller for up to 30 days. This would be used for hotel room charges and the like.
5. In the case of immediate charges, the CCV is only valid for 90 seconds and will expire after that.

Two-factor authentication isn’t for everyone as it add’s an extra step to on-line transactions (pulling out your phone/fob to check the code). However, it does offer a greater level of protection to customers who opt-in, and doesn’t require seller adoption as their systems (should) already handle CCV codes. With SecureCode criminals only need to avoid the on-line sellers using SecureCode, and customers can still be defrauded.

The conference has started. The venue is one of the most impressive hotel’s I’ve ever been in, reminds me a bit of the Layer Cake country house.

I’ve already seen some interesting areas that I’d like to peruse when my work on Quantum Walk’s is done. In particular, quantum complexity theory (QMA) has caught my eye. The poster session has been a great eye opener too; the field of QIP is quite diverse, from very abstract math, to experiments with lasers.

One of the feature speakers pulled out, and Christian Kurtsiefer gave a lecture in his place. Christian’s work on QKD hacks featured at DEFCON17. I got chatting to him about the comparisons between an academic conference like QIP and hacking conferences like 27c3 and DEFCON.

I think one of the fundamental differences between academic and hacker conferences is the level of participation, curiosity and application. Please keep in mind that the following views have been my own experiences, and are not supposed to be a stereotyping or generalisation of either community.

The poster session at QIP has shown that a very high proportion of attendees (50%+) are creating new work, actively pushing the boundaries of what is currently known in the field. At hacker conferences, I feel there is a much smaller proportion of people who do genuinely ground-breaking, new work (like Dan Kaminski, or Travis Goodspeed). Most of the audience are hobbyists, they will take a look at someone else’s work and play with it, but (in my experience) the majority don’t create substantially new work of note. How many people who have seen a GSM talk by Harald Welte or Chris Paget will be able to present a new finding on GSM in the next year? How many people who know what rainbow tables are will enter “Crack Me If You Can” next year?

However, the hacker community are a group of individuals with a wider and more varied curiosity, they often have a wealth of knowledge outside their area of expertise. I feel there is a much strong lust for information and knowledge in the hacker community. Hacker conferences are more fun, with games like Hacker Jeopardy, music events (DJ sets, chip-tunes concerts), and capture the flag style tournaments.

I think both communities can learn from the other. It would be nice to see more work coming out of the hacker community, or even a way to publicise what individual’s are working on. A poster session would be a nice way to do this. Likewise, academic communities may benefit if their member’s broadened their scope of interests, paving the way to greater collaboration.

I’ve been in Singapore over 24 hours now and I’m shattered. Only getting sleep in 3-4 hour sessions, hopefully it’ll all be ironed out by Monday when the conference starts.

Sentosa, the Island I’m staying on, is beautiful, and there’s a ton of stuff to do, for everyone (kids, couples, a group of lads up for a session), from nice restaurants, to theme parks, beaches to golf. There seems to be quite a few Australian couples and family’s staying in this hotel.

A few things have caught my attention so far.

• Singapore drives on the left like the UK & Ireland. The most popular bands of car are Japanese (Honda, Mitsubishi, Toyota) and German (Mercedes Benz, BMW).
• I’ve spoken with 15-20 locals, mostly shopkeepers, bus drivers, taxi drivers, the hotel staff. The quality of English among those of Indian decent is perfect, those of Chinese/Malay decent have poor to no English. One bus driver had 4 words of English, of which the most common were “Sorry”, “English” and “No”.
• Busses are very frequent, and every stop services multiple lines (some 20+). Fares are based on distance travelled. Most people are using RFID cards to swipe on/off the bus. I haven’t found a way to pay for a transfer to another line using cash. The average trip costs ~€0.75.
• The sports at the university that were people were playing were soccer and rugby.
• High street shopping contains many brands familiar to one shopping in Dublin or London: Topman/Topshop, Pull and Bear, Esprit, Quicksilver, River Island, United Colors of Benetton, GAP, Lacoste, Marks & Spencer, Starbucks, The Body Shop, Prada, Giorgio Armani, Louis Vuitton, Dior, Dolce & Gabbana, and Bvlgari. There are also some brands I recognise but have never seen their brick and mortar stores before, like Patek Philippe, Cartier and The National Geographic.
• The internet connection in the hotel is decent. A Flash speed-test tells me I have a 11Mbps up/1Mbps down connection to a server in .sg. Blacknight’s flash test tells me I’m 1.2Mbps down/800Kbps upto Ireland. Blacknigh’s VoIP results are: 0% packet loss and 0.2% jitter. MTR to Google and Skynet.
• Internet is important here. Every ad I’ve seen has a “Find out fan page on Facebook” link, or the equivalent (I’m sure) in Chinese/Malay. M1 are advertising fibre heavily. 100Mbps synchronous fibre is apparently available to students for ~€23 a month. A 1Gbps synchronous connection costs ~€240 per month.
• Microsoft and the Singaporean government are the major players in TV, though MediaCorp and XINMSN. NewsCorp doesn’t have much of a footing.

Two of the retail staff of Indian decent I was chatting two showed a keen interest in Ireland, I was surprised by their level of knowledge. One was a shopkeeper in a news-agency, the other a tailor. Both knew of the Irish financial crises, both knew the name Anglo, and the tailor had a more in-depth knowledge of the public’s view of Cowen, Lenihan’s sickness, and NAMA. This was more than the information one could glean from the Economist, I suspect either Ireland pops up in the news here a lot, or there are many chatty Irish people here.

I picked up my poster today too, and promptly spilled coffee on it (it’s vinyl and wiped clean). Patrick Hayden’s tutorial on Information theory via decoupling was interesting.

Just about to leave Prague. It’s my first time in this city, a nice one to see. I was expecting more soviet era concrete monoliths, but the city center has preserved centuries old architecture, which makes for nice (if chilly) walks.

Google are heavily advertising Chrome in Prague. They have bought ad space at in prominent locations around the city and in the airport. They’ve been able to put up large canvas posters too on the side’s of buildings.

This is my first visit to South-East Asia. I’ll be presenting a poster at the 14^th Workshop on Quantum Information Processing in Singapore. It concerns the work I’m doing for my MSc, on Quantum Random Walks.

I’m looking forward to seeing .sg first hand. I considered doing a study abroad semester in Nanyang when I was back in UL, but went to .nl for nine months on Co-Op instead. Ever since I’ve wanted to visit.

Time to go catch BA857 then BA11 (both of which seem to be on schedule).

I’m using a DD-WRT’d Linksys WRT54GS with my UPC broadband. I wanted to put the UPC router (EPC 2425) in bridge mode leaving all routing up to the Linksys.

My firmware revision is epc2425-E10-5-v202r12812-100519cs_upc . Boards.ie provided some useful information about places to look for the setting as it was not immediately available. For future reference, user: admin, pass: W2402 gives access to the advanced settings page.

As it turns out, you can also access the router though the 192.168.100.1 IP, despite the fact that my network was 192.168.1.0/24. The settings accessible via 192.168.100.1 and 192.168.1.1 are different.

“Gateway Mode” was not listed in the menu under .1.1, but was on the .100.1 config page. The link is accessible using either IP, on http://192.168.100.1/GatewayMode.asp or http://192.168.1.1/GatewayMode.asp, and can be set using either.

I’ve had to do a project in ASP for college. It’s taken me a while to wrap my head around the following construct in ASP, the idea is that you include a file from a HTTP GET variable, with path parsing (to ensure you don’t leave your application open to attack). This allows you to have a common header and footer and change the body of the page as necessary.

Make sure you’re handling your 404’s correctly. In this example 404.{asp,php} doesn’t actually exist, so it will naturally 404. Maybe not the prettiest, but this is a bit of a hack.

This is the code in PHP:

<?php
$MyFile = $_GET['page'];

if ($MyFile == "")
	$MyFile = "homepage";

$MyFile = str_replace('.', '', $MyFile);
$MyFile = str_replace('/', '', $MyFile);
$MyFile = str_replace('\\', '', $MyFile);

$MyFile = 'pages/' . $MyFile . '.php';

if (file_exists($MyFile)) {
	include($MyFile);
} else {
	header( 'Location: http://doma.in/404.php');
};
?>

And this is the equivilant ASP:

<%
Dim MyFile
MyFile = Request.QueryString("page")

If MyFile="" Then
	MyFile = "homepage"
End If

MyFile = replace(MyFile,".","")
MyFile = replace(MyFile,"/","")
MyFile = replace(MyFile,"\","")

MyFile = "pages/" & MyFile & ".asp"

Dim FileSystemObject
Set FileSystemObject=Server.CreateObject("Scripting.FileSystemObject")
If FileSystemObject.FileExists(Server.MapPath(MyFile))=true Then
	Server.Execute(MyFile)
Else
	Response.Redirect("404.asp")
End If

Set FileSystemObject=nothing
%>

Back in early 2008 myself and Eoghan O’Brien ran RagRadio. The setup consisted of a PC for playing music, two CD decks, 3 stage mics and a mixing desk. We took the mixer output and ran it into a laptop which encoded it, shipped it off to Icecast and broadcast our little radio station to the Internet. It was during Rag week and we interviewed a few bands who were floating around; Fred, The Saw Doctor’s and Messiah J.

We peaked at about 24 concurrent listeners and averaged 6 if memory serves.

I fell in love, ian – The Internet Audio Network was founded. That summer I went to the US on a J1. Armed with my iRiver and a borrowed SM-57 I took off on an interview hunt. With the ian domain registered and a stack of business cards I attended HOPE and DEFCON, as a member of the press. Through sheer brass neck I landed a few interviews, including the only press interview at DEFCON that year with the team captain of the winning capture the flag team.

When I came back to Limerick I bought a Zoom H4 for ian. I traveled to 25c3 and FOSDEM ‘09 on a determined content hunt. The game was on.

Last summer the semblance of a website came together and a podcast started: ITFreely. It was recorded over Skype with Gareth, Joe and Patrick. We had no idea what we were doing but had one rule: keep it under half an hour. The first two shows were an amazing shambles, they’re not going public (maybe for a year anniversary or Christmas Special bonus show).

While all this tech oriented content chasing was going on a second itch presented itself to me – the music business. I set out to find musicians to interview.

My interest here was in the future of the music industry, how piracy is really affecting music, and what an upcoming artist should brace themselves for. I got into the VIP area of Oxegen, was at the debut single launch of an Irish pop band, traveled to London to interview an Israeli outfit in the Ministry of Sound, and had a smattering of back-stage chat’s. Neck and business cards.

As I was coming to NUIG in September I contacted the local campus radio station – FlirtFM. I secured two half hour FM shows, off the back of the content I had put online. ITFreely ported from a collection of bedroom’s to a modern studio broadcast over the FM (at 12:30pm on Wednesdays, just so you know). Joe took a work related sabbatical and Gareth started a night course in Law, so myself and Patrick were joined by Shane Tuohy, Niall Campbell and Andy Regan.

Niall joins me on the second show to talk about rights, lawsuits and piracy from a Music point of view, we call the show Talk Like A Pirate. Unfortunately as we include copy-righted music in the show we can’t freely distribute it online, or Podcast it, but you can tune into the web-stream live (Tuesdays at 12:30pm).

In the last few week’s we’ve really started to settle into a groove with ITFreely. We’ve tried to concentrate less on opinion and comment, and more on original research. We’ve had Lecturers on the show, representatives from companies and organisation’s, started to do live streaming of the pre-record sessions, set up IRC channels for live feedback during the show, got onto iTunes, and set up a Facebook group and Twitter feed to keep in contact with you. We even got some intro music.

We’re learning production values the hard way, through trial and error. We’re getting there, but we’re a long way off before ITFreely become’s the show it could be. We want to bring you a though provoking and interesting weekly show about some aspect of Irish or Global Tech.

This is where we need your help. We need you to let us know when the show is dull and what just isn’t working. We’ll post a laptop sticker to anyone who give us some feedback, leaves us a comment or sends us a mail (any good economist will tell you that humans are incentive driven).

So check out our back catalogue, sign up to the mailing list, and most importantly, let us know what you think.

We’re out of our public Alpha. We’re entering our public Beta. Hop on board.

I upgraded my Blackberry 9500 (Storm 1) to OS5 this week from OS4.7. There are a few new features this brings that I like, and a drawback or two.

Pro’s:

• Major speed improvements. The OS is no longer sluggish, without removing any applications or data.
• gTalk, BBM and AIM status updates are shown when viewing a contact.
• Ability to Flag E-Mail’s for follow up.
• Bedside mode can be restricted to only activate within certain hours.
• Threaded bubble SMS interface, akin to the iPhone.
• Saner Keyboard layout in Landscape mode.
• New Font BBAlpha Sans Condensed allowing more characters on screen while keeping readability, a major UI boost.
• Macro shooting mode for camera.
• Radio is no longer disabled when battery is low. This was a real pain.

Con’s:

• Links between gTalk and the Contacts application break frequently, I haven’t been able to pin-point a cause.
• Still no useful E-Mail folders or filters. I can flag a mail for follow up, but I can’t see a list of just the mail’s i need to follow up, or a list of drafts.
• gTalk requires two lines per user. Before you could view 15odd users at a time, now it’s more like 6.

I own a Blackberry Storm (9500) and my dad has a Curve (8900). Both phones allow you to turn off data when roaming (Manage Connections -> Mobile Network Options -> Data Services), so that you don’t rack up expensive data charges (useful, I’m told, in places like Switzerland). However, this means you don’t get your e-mail.

The Curve has 802.11 b/g (Wi-Fi), but we were having trouble connecting to AP’s. It turns out that by turning off data for the Cell part of the phone, you turn off data for the whole device, meaning that the phone will never get an IP address, even with DHCP off (and manually assigning a valid static IP).

So, to get your Email (and other data apps that support Wi-Fi) working abroad follow these steps:

1. Turn OFF data, go to another country
2. When you want to check your mail, turn OFF the Mobile network
3. Turn ON Wifi
4. Turn ON Data
5. Scan for a Wi-Fi network and associate with it
6. Get your mail
7. Turn OFF Data
8. Turn OFF Wi-Fi
9. Turn ON Mobile network

The “Data Services” option should only turn off data transmissions over the Mobile network, not disable the IP stack (which I think it may be doing). Hopefully this bug is fixed in OS 5, I’ve not tried it yet.