The press writes a lot about this topic, and especially here in germany this release quite a storm of outrage about the evil internet company which wants to know everything about us. Even the german minister of consumer protection, Ilse Aigner (german), got involved. She already has a colorful history with Mark Zuckerberg about privacy issues concerning facebook.com where she threatened the world she will delete here profile there if nothing happens.

My opinion to all this stuff is: If you leave your network visible, or don’t use encryption, it’s your own fault! EVERYBODY could walk down the street with a laptop and record traffic of unencrypted networks. So why harass Google about it if people are simply too lazy to even care about their information? Sure, a scan for SSIDs in the vicinity should have been enough, but so what. Same goes for the insurgence about photographs of the houses for Street View itself. If you don’t want your house to be seen from the street, build a wall around it, or grow a hedge. I might come by with my 12 megapixel camera and take a photo. Hell, I might even put that photo on the internet!!

Recently I had to migrate Newsletter subscribers to a newly created subscription system which uses an Oracle Database (I would have preferred PostgreSQL) rather than a MySQL, as the old system does.

Programmers are lazy, and as expected the developers of the old system used the OLD_PASSWORD(str) function from the database available to hash the password entered by the user. This is a very convenient way to protect the users’ login credentials, but rather bad when migrating to another system which has different or none implementations of this functionality. So what do we do? The options are:

• Send every user a new password. Bad, we don’t want to harass them with our technical issues.
• Force them to set a new password when they log in the next time. See above
• Try to find a solution to validate the password against the old password hash.

As MySQL is widely used and a lot of data migration happens to and from, someone must have been run in this issue already, and most likely there is a solution to this problem in the net. And there is. I found a reimplementation of the OLD_PASSWORD() function in C# at yourhelpcenter.de (attention, german) and together with my coworker Maurice we ported it to Java, resulting in this piece of code:

public static String mysqlOldPassword(byte[] password) {
        int[] result = new int[2];
        int nr = 1345345333;
        int add = 7;
        int nr2 = 0x12345671;
        int tmp;

        int i;
        for (i = 0; i < password.length; i++) {
            if (password[i] == ' ' || password[i] == '\t')
                continue;

            tmp = (int) password[i];
            nr ^= (((nr & 63) + add) * tmp) + (nr << 8);
            nr2 += (nr2 << 8) ^ nr;
            add += tmp;
        }

        result[0] = nr & ((1 << 31) - 1);
        int val = ((1 << 31) - 1);
        result[1] = nr2 & val;
        String hash = String.format("%08x%08x",result[0],result[1]);
        return hash.toLowerCase();
    }

I give no guarantee this will work in all cases. My IDE complains all over the place about possible integer overflows. The usage of Integer.toHexString()did not work either, as the resulting String is not padded up with zeroes.

Finally, some Unit Tests for the interested user:

    @Test
    public void testOldPassword() throws Exception {
        final String expected = "0414ac6137ee1adc";
        byte[] bytes = "fooo".getBytes("UTF8");
        String foo = mysqlOldPassword(bytes);
        assertEquals(expected, foo);
    }

    @Test
    public void testOldPassword2() throws Exception {
        final String expected = "3fa0dce62ba931b5";
        byte[] bytes = "hastewas".getBytes("UTF8");
        String foo = mysqlOldPassword(bytes);
        assertEquals(expected, foo);
    }

Have fun with it!

Als aller erstes fällt mir auf dass der Safari auf dem iPad es nicht hinbekommt den WYSIWYG-Editor von meinem Blog hier richtig darzustellen. Das ist natürlich ziemlich doof wenn man bloggen will, und man nicht einmal den Fokus auf das Eingabefeld setzen kann… Und die Eingabe im Code-Modus ist genau so schlimm, denn man muss zwischen drei Modi der On-Screen-Tastatur hin- und herspringen um nur ein blödes Paragraph-Element zu öffnen oder zu schließen. Ebenso komisch ist es Umlaute zu tippen: hierzu muss man einfach länger auf dem a bleiben, um ein ä (oder andere Abwandlungen davon) zu bekommen. Für iPhone User ist das natürlich Usus und perfekt, die waren noch nie was anderes gewohnt. Fazit: Die Tastatur ist soweit nicht schlecht, aber effizient mit 10 Fingern erfordert Übung. Zumindest mehr als man an einem Abend rumspielen schafft. Auch wenn die Tastatur auf dem Bildschirm in etwa so breit wie die eines Laptops ist, der Winkel ist meiner Meinung alles andere als bequem und ich kann mir nur mit viel Fantasie vorstellen mit dem Gerät auf dem Schoß lange Emails zu tipppen.

So, nach zwei Absätzen der Pein bin ich jetzt wieder auf die gewohnte Tastatur meines Laptops umgestiegen. Nach den zwei Absätzen auf dem iPad hat sich doch eine gewissen Routine eingestellt. Ich konnte schon halbwegs blind tippen und sogar Umlaute gingen relativ intuitiv. Ebenso das Positionieren des Cursors im Text, wenn man sich vertippt hatte, sowie Copy & Paste. Auch wenn das alles schön und gut ist, und mit längerer Verwendung die Eingabe noch flüssiger geht: die fehlenden Umlaute auf der Tastatur (was natürlich dem Format geschuldet ist) stören den Fluss bei der Eingabe doch erheblich, und der ständige Modi-Wechsel für Ziffern oder Sonderzeichen ebenso. Soviel mal zur Texteingabe.

Mit dem mitgelieferten Safari hatte ich auch meinen Spaß. Wie weiter oben schon erwähnt weigert er sich den WordPress-WYSIWYG Editor benutzbar darzustellen. Selbiges sind mir mit einigen weiteren AJAX-Webseiten aufgefallen. So war es mir unmöglich den Google Reader zu steuern, sowohl in der Mobil- als auch in der Full-Fledged Variante. Auch wenn es solche Anwendungen sicher gute Programme für das iPad gibt sollte ein Browser doch zumindest reine HTML5+AJAX Funktionalitäten unterstützen, was Apple ja in seiner öffentlichen Diskussion mit Adobe bezüglich der Unterstützung von Flash auf Apples mobilem Betriebssystem ja als unterstützenswerte Standards angibt. Apple mutiert was sowas angeht tatsächlich zu einem kleinen Goliath.

Die restlichen Navigation ist Apple-typisch absolut intuitiv. Des öfteren habe ich mich über kurze Auswahl-Seiten wie z.B. im iTunes Laden gewundert, um dann festzustellen dass man da auch nach unten scrollen kann. Der Scrollbar (oder eine “Positionsanzeige”) wird beim Scrollen (und nur dann!) über dem Inhalt dargestellt. Diese Darstellung kenne ich auch von meinem N900, jedoch wird dort beim Laden der Seite im Browser der Balken immer eingeblendet, wird dann ausgeblendet, aber beim Scrollen auch wieder Sichtbar. Gut, das ist nicht wirklich wichtig, ich bin dieser Unzulänglichkeit aber auf den Leim gegangen.

So, mal von der Eingabe weg zur Hardware. Unabhängig davon ist das ganze schon ein sehr beeindruckendes Gerät. Absolut sexy Format. Es fühlt sich, ohne jetzt in den Apple-Fanboy-Talk verfallen zu wollen, einfach alles Richtig an. Auch wenn es prinzipiell nur vier aneinander-geklebte iPhones sind…

Mein Fazit ist demnach: Alles in allem ist das iPad ein typisches Apple Gerät: Hard- und Software sind qualitativ hochwertig, es fühlt sich gut an und erfüllt seinen Zweck. Wie die meisten anderen Apple-Produkte unterliegt das Gerät und die Software natürlich den Apple-Typischen Restriktionen: Nur Software aus dem App-Store von Apple, den Dock-Connector als einzige, proprietäre Schnittstelle. Hiermit haben sich die Apple-Fan-Boys/-Girls ja schon abgefunden. Das heisst: Wenn man ein kleines Surf-Brett für den Balkon oder das Bett, oder ein kleines Gerät für die tägliche Arbeiten wie Mails checken oder kleinere Dokumente schreiben haben will, und natürlich zum Zocken, kann sich die Anschaffung ernsthaft überlegen. Ich bin noch unentschlossen ob ich sowas brauche.

The more interested I was when I found out about steereo.de, a new and somewhat similar service comming from germany. They, integrated a nice player bar at the bottom of their page, and over all it’s a pretty funky page. Not, as tidy as last.fm, but it will work.

The most interesting part of this all is: They didn’t want to let me on their page. I think I use a pretty recent browser for my day-to-day portion of web surfing, but not as new as they want me to:

As it seems, they just support recent versions IE + FF, but no Safari. I thought we’ve passed this to implement major browser-dependend tweaks in our pages. As it seems I was wrong.

At least this trial might make some of us think about copyright and such things. There is a hudge discrepancy between what the crowd does and what the IP organizations want us to do. Once more I think Lawrence Lessig brings it to the point best:

In the analog times you had to buy book, a newspaper or a disk to gain access to the story or the song. So, making copies of books or songs was actually hard work back then. Nowadays, creating copies of digital content is easy peasy. In fact, everytime you view a digital content from the web, you actually get a copy.

Bug they will never understand…

Via Techdirt.

Awesome, somehow. Isn’t it?

Now, Facebook went one step further by displaying all activities in the facebook network on a globe, distinguishing events by colors, and stuff. The project is named Palantir, like the crystal ball from LOTR which Saruman used as means of communication with Sauron. See the demo video. Most astonishing: Palantir is implemented using JavaME!

This all looks pretty neat. Facebook users mentioned that Google has something similar to visualize searches for years, and even my old employer CortalConsors visualized all trades with volume and location in the lobby for about 2-3 years! But still, the Facebook Palantir awesome!

There are more interesting slides on these topics here at uxebu.com.

Thanks, Jens.

Via MacLife, domanske.de and Apfeltalk.

The more I’m eager to see what kind of web applications the new guys want to do with their web-banking and -trading applications now they have aquired an internet company. Now with the first wave of integration of the two web sites passed pretty smoothly, and the rebranding and accomodating redesign of the two websites rolled out, we’re ready for furthermore tasks to accomplish. Let’s see what comes next.

Interesting in this context is a article by finextra I stubled over at cometdaily. The article tells about X topics I want to comment A survey by WorkLight which questioned 1000 facebook users,

• whether or not they’d want or use Web 2.0 widgets or applications for their day-to-day online banking in Facebook or other launchpads
• whether they would consider switching to another bank to get such features.

The main message is

New research has found that around half of Facebook users would use Web 2.0 applications for online banking, while a quarter would even consider switching banks to obtain Web 2.0 services.

The switching part is the one my boss would be especially interested in I guess.

The article goes on:

Commenting on the survey findings, David Lavenda, VP, marketing and product strategy, Worklight, says: “To lose a quarter of your customers to competitors who have provided secure Web 2.0 banking would bear a significant impact on existing business. This is particularly true at a time when financial services companies are struggling to retain and acquire customers in a market that saturated with new competitors and countless new offerings.”

That’s true. In my experience numbers of new customer are much more interesting to management than the figures of the current customers’ activity. As you gain new customers, a certain percentage will have a fair amount of activity in trading and other products, another just won’t. These shares, once established, are rather stable. Clearly, the more new ones you get, the more active customers will be there.

Well, despite I like fancy Web 2.0 applications like Google Mail, and I clearly can see the point in gaining a customer base by offering nifty tools, but integrating my account statement and credit card bills into a portal like Facebook… Are they insane? Especially facebook is a nice platform for staying in contact with your friends, and doing froody Web 2.0 community stuff, whatever it is. But sharing financial spendings like that in a community, especially in this one sounds like a red rag, doesn’t it?

But surely there seems to be a market for this. We only have to take a look at Pages like wesabe or mint. Users can sync up somehow their account statements, credit card data and other stuff, get in analyzed, charted and stuff. The feature set sounds really nice, knowing one and for all where all the hard-earned money goes til the end of the month. Tagging spendings at certain locations, getting recommendations where to get this type of commodity cheaper or better elsewhere and discussing financial decisions with peers in the same situation.

Someone should do something like that here in Europe or Germany. It’ll be hard though, as for one, here in the old world it’s not so common to buy your take-away coffee or a pack of chewing gum with your credit card, so it’ll be hard for us to get the kind of complete and detailled listings like shown in the wesabe merry-go-round. On the other hand sharing financial data on this level with people I don’t know … I don’t know if there are a lot people here which will accept that easily. On the other hand we share every kind of information on the net: What music do I listen to? Where did I go party last weekend? What’s the best indian restaurant in town? Why not anticipate where I spend my money from my bills and compare them to the ones of other people?

What do you think?