Original URL: https://www.theregister.co.uk/2011/09/19/verity_stob_september_shorts/

Verity's secret shame revealed

Password techniques and retrospective Daleks

By Verity Stob

Posted in Verity Stob, 19th September 2011 09:41 GMT

Stob I defrosted my ideas box, and found several morsels which wouldn't make a whole meal in themselves, but nonetheless needed eating.

Palmed off

Here you are: a free chance get to laugh at-not-with me.

I am a Palm Pre owner, pretty much the last one in the box. I hold this status in a work environment of iPeople. I feel my position deeply.

I was an enthusiast. In the bright early days of Pre ownership, I joined the developer programme, and actually wasted some time creating a noddy app or two, in anticipation of the fortune this skill would bring me once it all took off. I was excited when HP bought the company. I thought they would likely take a belt-and-braces approach to progressing WebOS.

So they did: carefully tying the braces around their middle, and knotting the belt around their metaphorical neck. When they dramatically and abruptly scrapped all their WebOS hardware, 1) I was not best pleased and 2) I received a circular email from one Richard Kerris, VP WebOS Developer Relations.

Dear webOS developer:

We have opened the next chapter for webOS, and we understand that you must have many questions. Yesterday we announced that we will focus on the future of webOS as a software platform but we will no longer be producing webOS devices. While this was a difficult decision, it's one that will strengthen our ability to focus on further innovating with webOS as we forge our path forward. [...]  We will continue to support, innovate and develop the webOS App Catalog. Our intent is to enhance our merchandising and presentation of your great products and to continue to build our webOS app ecosystem.

But without any hardware to run it on. Right.

The tone of this ridiculous email seemed familiar, but it took me a while to place it. At the end of the splendid video game Portal, after the player's character has defeated and apparently destroyed the deliciously malicious computer GlaDOS, she – GlaDOS – is restored from backup and returns in the credits sequence to sing:

This was a triumph.
I'm making a note here: HUGE SUCCESS.
It's hard to overstate my satisfaction.

Same logic, no?

Once this mapping was achieved, everything else fell into place. HP is of course channelling Aperture Science, the game's lunatic corporation ('we do what we must because we can') whose inventions – Aperture's, not HP's – include Douglas Adamsesque robot machine guns that apologise as they shoot you to bits. HP's boss Leo Apotheker is modelled on Aperture's Cave Johnson, whose robust approach to life's lemony gifts is justly famous.

Mr Apotheker certainly found the HP Touchpad had a citrus flavour. I have so far seen no evidence that he has implemented Cave's threat regarding their inflammatory engineering; on the other hand, you can't be too careful. Those "lucky few", who managed to catch one of the rare, cheap models might consider investing in a fire safe to keep it in.

Perhaps HP also makes fire safes. Which talk. And run WebOS. Perhaps you will soon be able to nab a cheap one in an HP fire safe fire sale.

OK, OK, I'll stop bitching. Just a word of calm and rational advice to Mr Apotheker, you Palm-killing monster. Don't surround yourself with sycophants: sooner or later you will inevitably slip up in their syc. This is Cave Johnson; we're done here.

Tone up, tone up your passwords

His worship xkcd recently filed a piece on password strength, which has been much commented on and admired. Our Toony Laureate's contention is that it would work much better if, instead of using 12-letter passwords rich in both cases, punctuation and numeric digits, we all selected four random common words and just used them.

That's all very well, but even allowing that I can accurately recall a short phrase – say "Remember the fifth of November" – the chances of me typing something that long and getting it right are not good. (Please do sit down again. This is not a real password. All passwords in this item are fakes, impersonated – badly – by actors.)

When I type


what do you think is going to come out?

Rembeer th efifth of nOvember

That's what, and there isn't a computer in the world that will accept the substitution.

The trouble is, xkcd's 40-character phrases do not fit in the 14 byte cache of finger memory which is where I must store passwords if I am to type them accurately.

And if I can't type them accurately then I am in big difficulties, because I will be deposited in Password Reminder Personalised Question Hell ("What was the name of your second-favourite Auntie's third cat?" "What was the motto of your stepmother's primary school?") without passing Go and collecting £200 to pay the gas bill.

Slasher's delight

Ever since – what, MS-DOS 2? – Microsoft OSes have used backslashes in their file paths. When writing in a C-ish programming language, this is a pain, as the backslash is the escape character and has to be doubled up in any string constants:

"C:\\App Path\\"

If you are rash enough to use UNC path names, which begin with a double backslash, you need to put four of them in a row:

"\\\\machinename\\share\\App Path\\"

Now regex's have finally arrived in C++, and we have the exciting prospect of using them to process and verify paths, just as Perl users have done for the past 150 years. Naturally enough, a regex needs an escape character. No marks for guessing which character was chosen, causing a further redoubling.

boost::regex unc_name(
    string("(\\\\\\\\(\\w+)\\\\(\\w+(\\W\\w+)*\\\\)?)") + ...

This is getting silly. And I haven't even considered the extended-length path prefix \\?\, which itself looks like a broken-off piece of regex even before you start escaping it.

So here is my proposal. To fix things, or at least make them slightly less frightful, Windows 8 paths should use forward slash throughout, and so fall in line with Unix and internet URLs. (Yes, I know they can already sometimes; but this should be the full production.) In all the excitement about Metro this and touchscreen that, I have seen no coverage of this important issue, but I notice the developers' conference was called //build/ (sic), so I live in hope.

Meanwhile, here is this week's code homework. Write a constant for a C++ regex that matches text containing a PHP regex assignment that matches text containing a JavaScript regex assignment that describes a Windows UNC path with extended length on a machine called 'minimum'. Only, to make it interesting, use the Tom Lehrer spelling of 'minimum'.

First person to break the \ key wins.

Doctor Renew

Don't usually do DVD reviews here, but I see they have issued a new version of the Doctor Who story Day of the Daleks. Jon Pertwee comes over very grand and Old Shirburnian: riding his trike, necking his plonk and generally carrying on, as Jo herself observes, like a one-man cheese-and-wine society.

I vividly remember the first, 1972 screening: Dad hooting with laughter as three lonely Daleks, rather obviously stuck in the middle of a large, treacherously-tufty lawn, were shot at by the Brig and his boys. The latter party rather weedily fell back, as was their confirmed habit when confronted with any mild alien difficulty. In the new DVD version, with upgraded special effects, UNIT's finest appear to be menaced by nearly 10 Daleks, and their caution is slightly easier to defend.

This is a fine idea, this retrospective fixing up of Doctor Who, and I eagerly look forward to its more general application. For example, they might start by re-engineering last week's episode.

For a start, they could correct the tendency of (otherwise admirable) Matt Smith to mumble through the important bits, simultaneously taming the sickly swirls of over-emotional music that Murray Gold inexplicably lards over the top of the soundtrack. On the video side, the CGI boffins could dazzle us with their skill by replacing the bandage that Amy wears with some sort of skirt.

I realise that last suggestion might be regarded as controversial in some quarters. However I am confident that Reg readers, who watch the programme solely for the intellectual enjoyment of high sci-fi concepts, will unanimously welcome the removal of this irrelevant, supposedly-titillating distraction.

E you later

It seems to me a ridiculously common thing: to be required to spell out one's email address over the phone. Surely it would be better to text it? one suggests. But no, the other party is not having this, and instantly one is trapped in the 'v-for-verity, e-for-echo' palaver that precedes an unwanted correspondence with a dimbulb.

I have developed a counter-measure which, since it is you, I am prepared to share. My unhelpful phonetic alphabet differs from the usual golf-uniform-foxtrot-foxtrot in that it favours ambiguity over clarity, and confusion over straightforwardness, and feeble attempted humour and Sound of Music misquotes over all things. Here you are:

Or not to. O
Story of
Catherine P
D'Oyly Carte Q
Ffolkes the cartoonist S
Gym T
Aitch U
A sheep, a female sheep
A name I call myself
As in vi but not as in emacs
Katherine X
Xero- prefix
Llandudno Y
Mnemonic Z

This alphabet won't save you any time – quite the contrary. But it will at least allow you to inflict some revenge, and with careful use there is a good chance that it will keep your true email address a secret. Have a lovely day. ®