A call to “standardised user account requirements” arms

We need to have a standard for management of user accounts.

Given the number of high profile companies that have been cracked into lately, I have been going through the process of closing accounts for services I no longer use.

Many of these accounts were established when I was more trusting and included real data. However now, unless I am legally required to, I no longer use my real name or real data.

But I have been bitterly disappointed by the inability of some companies to shut down old accounts. For example, one service told me that “At this time, we do not directly delete user accounts…”. I also couldn’t change my username. Another service emailed my credentials in plain text.

To protect the privacy and security of all users, an enforceable standard needs to be established covering management of user accounts. It needs to be applied across the board to all systems connected to the internet. I know how ridiculous this sounds, and that many sites wouldn’t use it, but high profile services should be able to support something like this.

Included in the standard should be:

  • the ability to completely delete accounts (unless there’s some kind of legislative requirement to keep, and then they should only retain the data that is absolutely necessary)
  • the ability to change all details including usernames
  • a requirement to encrypt and salt the password (that covers the credentials in plain text issue noted above)
  • determine the minimum practicable data set that you need to maintain an account and only ask for that. If there’s no need to retain particular account details, don’t collect them. For example, I’ve never been contacted by phone by any of these companies so why was I forced to enter a phone number?

This is a short list from my frustrations today. Please comment to help me flesh this out with other things that should be done on a properly supported user account management system.

And please let me know of your experiences with companies that were unable to properly protect your privacy and security.

Fun with JavaScript!

Hoping someone can help me with this JavaScript problem. I’m trying to pass an array to a getElementById with the purpose of making multiple cells in the table take the class. I can get it working with one array location but not with more than one. Please help!

<!DOCTYPE html>
function changecolors(redsarray,yellowsarray,greensarray,graysarray)

var redsarray = new Array();

var yellowsarray = new Array();

var greensarray = new Array();

var graysarray = new Array();

<style type=”text/css”>
.red {background-color:red;}
.yellow {background-color:yellow;}
.green {background-color:green;}
.gray {background-color:gray;]
Content …
<table border=”1″>
<td id=”r1_c1″>
<td id=”r1_c2″>
<td id=”r2_c1″>
<td id=”r2_c2″>
<td id=”r3_c1″>
<td id=”r3_c2″>
<td id=”r4_c1″>
<td id=”r4_c2″>

<button type=”button” onclick=”changecolors()”;>Button</button>




In an ideal world … how to change my address

Recently I moved house.

I  hate moving. Not just for the having to pack everything into boxes at one end then then unpack everything at the destination (which for this move I didn’t have to do!), but mostly because I have to go through the pain that is changing my address.

It turns out that I interact with a lot of organisations, from finance institutions (banks, credit card companies, car insurance, house insurance, health insurance, etc), to official organisations (driver licencing, Medicare, electoral, organ donor register, etc), to community (Red Cross blood donor, 3RRRFM, etc) and mundane organisations (Costco, etc). And that’s just a fraction of them.

I was thinking that, rather than having to fill in what feels like a million forms and waste time that could be spent being a productive public servant or dad for my kid, why isn’t there a central contact details database that I update once? I’m sure that smarter minds than mine have considered this, but I think an opportunity exists for some organisation (government or private) to do this. In the day and age of ‘over-sharing’, are people still averse to putting their address, phone number and email details into a central database? Login security could be addressed using two-factor authentication, such as used by Google Authenticator, or sending a one-time code via SMS or email.

Many services, such as Twitter and Facebook, are set up to authorise other apps to access them. An example of this is when I used my Facebook account to sign up for Freecycle which operates as a Yahoo Group.  I ‘authorised’ Facebook to talk to Yahoo. I’ve also authorised Twicca on my Android smartphone to talk to my Twitter account.

In the same way, in this theoretical single contact details database, I could let the various companies and organisations that I interact with, access my updated contact details. Maybe they could poll this database once a week to look for updated details. I understand they’d have many different backend CRM systems so there may be some manipulation required, but nothing that’s too hard to fix with a bit of scripting.

I could also remove their access when I cease using their services. If I’m not longer banking with Bank A, then I revoke their access so they can’t find out how to contact me.

Does this sound sensible or silly? If sensible why hasn’t Google or someone done this already?

Idea from BarCamp Canberra #barcampcbr

Yesterday I went to the second half of BarCamp Canberra 2012 (I was busy in the morning and couldn’t make it).

As per usual for a BarCamp there were many great ideas being discussed. Someone (Craig?) suggested that we all go home and write blog posts about our own great ideas.  So here goes …

My ideas is this: to build a website to facilitate the transfer of mobile phone credit from people who have a surplus to people who need it.

My wife and I are currently using Telstra pre-paid and every so often when it gets near the expiry date, if there’s any unused credit we transfer some (or all) of that to the other account. Telstra call this ‘CreditMe2U’ and my understanding is that it can be used on any post- or pre-paid accounts. There’s a few limitations, such a maximum of $10 per day and some limit per month.

I see the site facilitating someone posting up that they need, say $5 credit. Anyone should be able to do this for any reason. The request could be as little as just a phone number and an amount.

Someone else, who has surplus credit, would transfer them some credit from their account, and then mark that the transaction has happened. This ensures that the requester doesn’t get flooded with credit transfers and multiple people who have surplus credit don’t end up  helping just one person. The requester would also not be able to make another request for 24 hours (based on phone number).

I would be reluctant to require people to register for accounts, as I think that would kill it entirely. It should be able to be truly anonymous. I would also be really keen to see that the site is not indexed in any way (robots.txt, archive.org exclusions, etc), so that numbers can’t be linked with requests.

I’m not sure if carriers other than Telstra have this option, but it’s worth investigating.

While there would be obvious ways to ‘game’ this system, and it’s not a fully thought through idea, it could become so with some feedback. So, what do you all think?

Three Ubuntu 11.10 annoyances

A while back I posted up a few of the issues I was having with Ubuntu 10.04 “Lucid Lynx”.

I’m now using the latest version (for the next few weeks), Ubuntu 11.10 “Oneric Ocelot”. And while it works well on my new laptop, it suffers from three pretty annoying issues.

  1. IPv6 and Network Manager. I am experiencing regular wireless drop outs when I enable IPv6 on my router. When I disable IPv6 on Network Manager it is perfectly stable again.
  2. For most USB keys, write speeds are really slow. And I mean excruciatingly slow. USB HDDs seems to be OK. The issue seems to be in the way that Ubuntu deals with caching.
  3. Sandy Bridge power draining. This is a well known and documented issue, with fixes that have been issued (to be incorporated into the 3.3.x kernel). They are not being integrated into the current version of Ubuntu (which uses the 3.0.x kernel), but are being backported into the next version, 12.04 (which will use the 3.2.x kernel).

These things are quite frustrating, and while I am pretty confident that the power issues will be resolved, I really hope that the other problems are addressed for the next version which is due 26 April 2012. From those bug reports and blog posts, it looks like they will be, which is heartening.

My new laptop!

In May 2010, I posted about what I thought were some pretty underwhelming specifications for laptops.

I have bitten the bullet and upgraded to a laptop with 1366×768 display resolution anyway.

But on a 13.3 inch screen. So it actually works pretty well.

It is a system worth about $2500 that I got for around $700. And no, it didn’t fall off the back of a truck! It fell off the back of the Dell Outlet Store.


  • Dell Latitude E6320
  • Core i5-2520M
  • 4GB RAM (although as an ‘Enterprise’ system, it came with Windows 7 32-bit, so only 3.2GB is visible to Windows. Fixed that by dual-booting Ubuntu 64-bit)
  • 250GB HDD
  • Wi-fi
  • Bluetooth (which I personally think is next to useless)
  • Backlit keyboard (which I think is the BEST thing ever!)
  • 6 cell battery

It’s also mil-spec hardened (or something) which means that it’s almost child-proof!

It does 1080p video and with 4 cores (2 physical and 2 virtual ‘hyper-threading’) video editing works well. Really well.

I want to post up a full review at some stage, but it may not be soon.

Follow up: The woeful state of communications in Australia’s capital city

In January 2011, I posted about my experiences in trying to get an internet connection provisioned at my new home

I am now posting from our Internode naked DSL connection. To be honest, this has been working for many months, I have been slack in posting this follow up!

The Telstra guy did come back and install the line. But only after we ordered a full phone line, dial tone and all, at around $30/month. Not to mention the $299 installation fee.

After that was installed, Internode activated the ADSL. Even that took multiple calls to get the technicians back to the exchange as things went wrong.

After that was all sorted out, it was then converted to a ‘naked ADSL’ service. Effectively cancelling the dial tone service.

The rampant stupidity of the Australian communications system is truly breathtaking. And expensive. What should have been a very simple thing to get going – a naked ADSL line – proved to be extremely difficult and expensive.

But now we have Internode naked ADSL and NodePhone. Finally.

(As an interesting side note, we retained our Melbourne based phone NodePhone (VoIP) number. When the Mitchell chemical fire occurred the other day and half of Canberra was on alert, we received a call on the VoIP number, as it is registered at this address. Both mine and my wife’s mobile phones are through Optus, also registered at this address and didn’t get an SMS or call. Either the emergency alerting system or Optus messed up there. I’d be guessing the latter.)

Unfortunately, we are so far away from the exchange that we only get around 500 KB a second (half a MB a second). Back in Melbourne, close to the exchange, I was getting 2.2 MB a second, so around four times faster).

But at least we have it :)

Stupidity with passwords

We all know and understand how important passwords are. We all know that we should be using strong passwords.

What’s a strong password? Something that uses:

  • lower case characters
  • punctuation, such as !@#$%^&*()<>?”:{}+_
  • and should be 8 characters or longer

So, to put it mildly, it really annoys me when I come across services that don’t allow me to use strong passwords. If I possibly could, I’d boycott these services, but sometimes that’s just not possible.

For example, my internet banking is limited to a password of between 6-8 characters. WTF?! This is hardly a secure password policy!

Another financial service I use is limited to 15 characters and doesn’t allow most of the punctuation set. Why? Is it too difficult to extend your database validation rules to cover all of the character set?

Ironically, I didn’t have a problem with Posterous, Facebook or Twitter (and others) in using properly secure passwords. So, these free services give me a decent level of security, but Australian financial services companies can’t. It’s stupidity in the extreme.

The woeful state of communications in Australia’s capital city

For those who may not know, I recently moved from Melbourne, Victoria to Canberra, Australian Capital Territory (ACT) and am now living in a house in the inner north-west. Of course, being a geek, I wanted to get the internet connected as soon as possible! After such a smooth transition I’d expected some problems and this is where they all cropped up.

In Melbourne I had an Internode ADSL connection and before I moved I called them up to relocate this service. This, of course, relied on getting an active Telstra line at the new house. I knew it would take a bit of time to relocate the service, so in the interim I bought a Telstra wi-fi internet device. This is actually a ZTE MF30 and supports up to 5 connections via wi-fi, so I can get both my iPhone and laptop on at the same time. Quite simply, this device is brilliant at what it does and I couldn’t be happier with it.

So, at the moment I’m online via the Telstra device, which is just as well really, as I soon encounter communication issue number 1: Optus.

It appears that Optus have a woeful network in Canberra. I have an iPhone 3GS, which I know can only use 850MHz and 2100MHz 3G networks. Optus uses 900MHz and 2100MHz for their 3G, so the iPhone will only work in Optus 2100MHz coverage. In Melbourne I never had a problem getting on the internet at good speeds.

When I looked at the Optus overage maps for ACT and click on “3G Single band” (the 2100MHz network coverage), it shows the inner north-west being well covered. It really isn’t. Both from home and at work in Belconnen, I can barely get two bars of GSM phone signal. The connectivity is so bad that I can barely make phone calls and send SMSs. Occasionally, I get the “Searching…” message which tells me that it has completely lost GSM connectivity. This never happened in Melbourne, where I had 4-5 bars of signal pretty much all the time.

The 3G connection drops in and out so often that I have to be standing in exactly the right location to be able to access the internet on my iPhone. Even this afternoon in Kingston in the inner south, I wasn’t able to get onto the internet and post to Twitter. I had to use the Telstra device, which hasn’t missed a beat in any location for network connectivity, to establish a connection. This really isn’t good enough for the middle of Canberra. I am seriously considering calling Optus, lodging a complaint and trying to get out of my 2 year contract (which has another 10 months to run), so I can switch over to Telstra. I never thought I’d say this, but I actually want to use a Telstra service!!!

Communications issue number 2: TransACT. From what I can find out TransACT have a cable TV network which also has telephone and internet capabilities. When this network was established about a decade ago, it was revolutionary and competitive. Today the network has been expanded to support ADSL connections, but there is no ability to get a naked service as all connections require an active phone service. Additionally, as a quick look at some of the internet connectivity plans show, after factoring in the required phone service, it is a costly service for below average download allowances.

When I moved into the house, the process of relocating the Internode ADSL service from Melbourne to Canberra triggered a visit from a Telstra technician. However, he wasn’t able to find a physical Telstra line into the house. Being an older suburb of Canberra, this house will have a Telstra cable. Or rather will have had as apparently it is not unknown for TransACT installers to cut the Telstra cables out as “You won’t need THAT anymore!”

So now I have to pay for a new cable to be installed from the house to the “Telstra network boundary” (presumably the street or nearest light pole where it can be connected to Telstra’s infrastructure). Then we have to pay again for a new Telstra connection at a cost of $299. Considering that if the Telstra cable had been left in place, the connection cost would be $55, this is turning into quite an expensive proposition just to get a naked DSL service.

All in all I am not impressed with the state of communications in Australia’s capital city, Canberra. All I can say is please, please, please bring on the National Broadband Network (NBN)!