Rob and I moved in together several months ago, after our university accommodation tenancies expired. We’ve now got a pretty nice house in north Coventry. Making the transition from renting to owning a house, though, means that we needed furniture. Lots and lots of furniture. Naturally, a trip to Ikea was in order. We had already sorted bedroom furniture and sofas, so we needed things like desks, bookcases, coffee tables, et cetera.

The nearest Ikea was further than we thought, but easy enough to get to if you excuse the minor detour through Walsall (it’s really not my fault that I’m useless at map reading). But a few trips meant that we had the route down pat. We went around looking at all the stuff, decided what we wanted, and then went down to the box area to pick it all up.

Of course, when we saw the size of the boxes, we realised that this simply wasn’t all going to fit into Rob’s little Micra. Ikea to the rescue! If you find that you can’t fit any of the things you buy into your car, Ikea will deliver them to your door the very next day (for a fee, of course). So, we prioritised a bit, and had everything bar the TV stand delivered. Hurrah!

Also I reckon that I should mention: if you are planning on visiting Ikea any time soon, make sure you pick up one of those Ikea Family Card things. They’re loyalty cards just like the Tesco Clubcard, but you really do get some massive discounts; we got 25% off our desk, for example. They look really cool too… not that this affected my decision in any way *whistle*.


I really am terrible with keeping track of my passwords. I decided that it was high time I get back to updating my little corner of the internet, and lo and behold, I couldn’t remember either my username or my password to get into the admin section of WordPress. Not to be beaten, I decided to go and manually alter the database record for my user (don’t worry, my dear registered users, the passwords are stored as MD5 hashes, so you don’t need to worry about me finding out your passwords… unless anyone would like to give me a nice eight Xeon behemoth?). Anyhow, I got to the login page for that and realised that I’d forgotten -those- as well. Feeling terribly embarrassed, I had to go to the DreamHost control panel (which I could remember my login details for, fortunately) and reset things from there.

The moral of the story: update my blog more frequently so this sort of thing doesn’t happen. :)

Secure backup using rsync and SSH

I just found this article in my unpublished posts… not sure why I didn’t publish it, but there we go.

How to automatically back up your computers with rsync – Lifehacker

I saw this article pop up in google reader on Thursday, and realised that it was actually a pretty good idea. My DreamHost account comes with 200GiB of disk space and 2TiB of bandwidth. Additionally, these both grow in size every week by 1GiB and 16GiB respectively, so I’m hardly even losing data by backing stuff up. You’ll also need some kind of linux server that you can upload to, you may want to consider creating a DreamHost account.

Unfortunately, it’s not really as easy as it looks if you use Windows. I wanted to back up the My Documents folder, which as you might be aware, is a “special folder” (along with My Music, Shared Documents, etc.). Special folders will contain a file called desktop.ini that contains information about the folder (its name and icon, for example). However, according to KB326549, Windows likes to do something a little… unorthodox with the folder permissions – Windows will only look for the desktop.ini file if the folder is marked as read-only. Actually setting the folder as read-only, though, doesn’t actually make the folder read-only: in its infinite wisdom, Windows typically ignores the flag.

So, you might be thinking: “Why does that matter?” right now. Well, in order to run rsync, you will need to install Cygwin, which is (more or less) something that lets you compile unix programs and run them on Windows. Before you run away at the mention of the word “compile”, don’t worry – Cygwin comes with many programs pre-compiled for you, rsync and ssh included. You can get Cygwin here. I think it’s a pretty handy way of backing my stuff up.

Google: Hard Disk Drive Failure

Failure Trends in a Large Disk Drive Population

Another interesting little thing that I found, published this month, the paper outlines several conditions that are often perceived to be the cause of hard disk failure and, using the data that they have gathered from the hard disk in their server farms, have compiled some interesting statistics. It is, though, a technical paper – so not suited to everyone’s tastes, but it is quite a quick read.

Unfortunately, they don’t release the data about which manufacturers and models have the highest rates of failure, although it does refer in several instances to one hard disk manufacturer – for example: “When examining our population, we find that seek errors are widespread within drives of one manufacturer only…”[p. 9] It would be nice to know which this is, so they can be avoided; still, perhaps that is the very reason for why they did not publish the name.

RFID tags

Prompted by: InfoWorld Video | InfoWorld | RSA IOActive

While I was aware of this issue before now, the video in the article prompted me to write something. As I’m also procrastinating, it seems like a good idea to me.

RFID tags are the bits inside those cool little cards or dongles that you can wave at a reader to let you into a building. They’re widely used on campus, and I’ve also seen them used in the more modern apartment buildings for the main door. Unfortunately, these aren’t quite as secure as everyone would like to think. The video shows a compact sniffer device that can be used to record the signal that an RFID tag sends out, then replicate it at a later point, alowing them to impersonate you.

Obviously, this situation could easily be resolved by having a challenge-response system: both the system and the card know the card’s “password” – the number that’s is hard-coded into it, the reader sends out a challenge string, the card encrypts the challenge with the password and transmits the result, the reader checks the result against the expected answer, and access is either granted or denied. Simple… unfortunately, not so.

In the majority of cases, the RFID tag is passive, meaning that it does not have its own power source, it gets its power from the signal it receives from the reader. Thus, it is difficult to integrate the encryption hardware without increasing power requirements. Other methods include a rolling response – the response changes with each access – and many others. Hopefully, though, we see one coming into mainstream usage soon, as I don’t think it will be long until these devices become readily available.


I woke up today, around 07:30, and was greeted by the sight of lots of nice, white, pristine snow. Put me in a good mood right a way; quite a feat considering that I’m in no way, shape or form a morning person. However, all good things must come to an end, and my morning was marred by the prospect of slogging to lectures in this weather. So, I continued my morning routine, ignoring the conditions outside.

Fortunately, this morning I was getting a lift in from my boyfriend, Rob, so I didn’t have to hurry too much. The second we left the house, though, we noticed a slight problem: the roads had not been gritted overnight. Traffic was moving at 20mph at the very most, and conditions weren’t great with all the snow and slush. It took us about half an hour to make a 15 minute drive.

It’s odd that given the recent frosty weather, the roads have been nicely gritted every day this week, but the one day that it’s most required is the day that the gritters stay at home by the fire. Bah humbug.

RSS with HTTP authentication

For those of you not familiar with RSS, I’ll describe it briefly; RSS is a particular format of XML document that is often used by sites to provide a “news feed” to subscribers, this news feed can then be read by an RSS feed aggregator, and new items on the site can easily be disseminated to describers.

HTTP, as most will recognise as the protocol we use to fetch resources when we browse the web, has some rudimentary built-in authentication facilities, and although the idea of using these with RSS is not new, it surprises me that the technique is not more widely used.

Advantages of using authentication with RSS feeds provide several possible applications: firstly, it allows sites to provide “members-only” content; secondly, it allows users of a site to select content based on their interests (provided the site had such functionality); thirdly, and of more import to sites than to users, it would allow targeted advertising to be delivered to users.

The easiest way to implement authenticated HTTP would be to respond with a 200 response upon receipt of either correct auth data, or no auth data. In the latter case, the server would send out the public RSS feed; in the latter, the server would obviously send out the private version. In the case of incorrect auth data being provided, the server responds with a 401 response, just like any other authenticated transaction.

The downside to the above method is that the user won’t be made aware if a personalised service is available. If we slightly fudge the meaning of the 401 response, we can do the following: on recepit of either incorrect auth data, or no auth data, the server responds with a 401, and the body of the document contains the public version of the feed. When the server receives correct auth data, the server sends the personalised data with a 200 response.

In this manner, the client knows if a personalised version is available, because it knows that it sent no auth data, but feed data has been received. Furthermore, it knows if personalisation is not available, since it will just receive the 200 reply if it doesn’t send any auth data.

I’m sure there are other methods of providing the same service, these just strike me as the most intuitive that don’t require separate URLs for subscribers and non-subscribers.

Google Reader

I’m a self-confessed Google lover; I have my google homepage, my gmail, my google calendar, and various other bits and bobs. Thus, it should come as no surprise that when I found a funky new application in their labs about a month ago, I signed right up.

Google Reader is a web-based feed aggregator. It’s still in beta, so there are a few bugs here and there, but by and large it’s quite a nifty little piece of software. Interface-wise, it looks rather like GMail, RSS items are listed rather like e-mails would be, and you have the ability to apply your own tags to the news items. The feeds themselves act like folders, and can be sorted in their own folder hierarchy.

A nice little feature of Google Reader, though, is that you can mark items that you particularly like as “shared”, and these shared items can then be viewed by other people, with the link, or can be displayed on your own website.

On the subject of bugs, the only one that causes me any real annoyance is that, occasionally, one item, or several contiguous items from a feed will be duplicated. Now and then, a little red bubble will appear top centre saying “Oops there’s been an error”, but nothing obvious happens; once in a while the interface will just refuse to load, but this is always fixed by a refresh.

Up and running again

As you may already know if you checked the site in the last few weeks, I recently changed web hosts. My old host (portugalnetworks.com) wasn’t too bad, it was incredibly cheap ($12 [~£6] for a whole year), but the server performance reflected the price, unfortunately – downtime was high, along with the various other problems. So, I changed. I moved to DreamHost, which is admittedly significantly more expensive, but provides much more in terms of features – see for yourself

I can’t resist my inbuilt student moneygrabbing tendencies, so I’ll just say: if you do find yourself thinking about signing up, put me as your referrer :D. I’ll leave it at that.

Anyways, I decided to go with WordPress this time, rather than b2Evo, because it offers much better anti-spam facilities, as that was becoming a nuisance toward the end of January. So, now that I’ve got something up, I may even find myself updating a bit more often than I did in my site’s previous incarnation.