It was during hellish holiday, I was sleep-deprived, and yet there I was in a book store and there’s a certain comfort that comes from having a new book to read. On a “recommended by staff” shelf I found an interesting looking title with terms like “international bestselling”, “dazzling”, “gripping” and “genius” on the cover. I cheerfully left the book store with the book in tow.

It was perhaps the most disappointing book I’ve ever read.

Tags: book, new york trilogy, paul auster, review

When I sign up to a new website, there’s typically a “password strength” indicator on the page where I submit a login name and password. Usually to get a strong password score, I need to have the password be at least six characters long, include both upper and lower case, and often a number or punctuation somewhere in there, too.

For passwords that I have used at work, this sort of scoring is used, and in addition, a strong password is considered to be one that hasn’t been used for too long (say, isn’t older than 3 months) and isn’t one that’s been in use before (say, within the last 3 years). This is all “hard-wired” into the password change system so that it is difficult to avoid.

However, it looks like mainstream IT media is now acknowledging that these concepts of password strength are misguided, and lead to passwords that either need to be written down somewhere (because they are too hard to remember) or are trivial manipulations of common words to make them comply with the policies (which make them easy for hackers to discover using computer software). Wired Magazine published an article on 13th January describing this problem and suggesting that finally research is being done to come up with passwords and policies that really are secure.

While normally “easy to use” and “secure” are attributes that necessarily lie at opposite ends of the design spectrum, when it comes to passwords, they aren’t too far apart. An easy password is a memorable password, and a memorable password is more secure because it doesn’t need to be written down (or even kept inside a password manager, such as LastPass or KeePass).

There’s a great comic from xkcd that covers that point. It suggests that simply using four common words strung together is both more memorable for people and harder for computer software to crack than typical complex passwords. The analysis used is to consider how many possible combinations exist that computer software would have to try before striking upon the correct password – entropy (measured in units of bits) is higher when more possible combinations exist.

Using this approach, 26 different possibilities (one for each letter) has 4.7 bits of entropy, and 70 different possibilities (lowercase letters, uppercase letters, numerical digits plus four common punctuation symbols) has 6.1 bits of entropy. A password made up of six characters with each of 70 possibilities has six times 6.1 bits of entropy, for a total of ~37 bits.

However, 5,000 different possibilities (one for each of the 5,000 most common words in English) has 12.3 bits of entropy. A password made up of four such words (even if all in lower-case, without any punctuation) has ~49 bits of entropy, which takes over 5,000 times as long for computer software to crack. In fact, just using three such words gets you ~37 bits, for equivalent security.

One problem with this approach is that many password systems have a maximum length, say of 12 characters. It’s not clear that imposing such a short limit increases security, but regardless, many systems do this. Four words strung together are likely to exceed 12 characters, making these passwords impractical on such a system. I wondered if there was some way to retain the spirit of this approach but fit within 12 characters.

I downloaded a list that claimed to be the 5,000 most common words from www.freevocabulary.com (it turned out to have 5,010 unique words) and did some tests on it. If you use the first three letters from words on this list, there are 1,103 different possibilities, which has an entropy of 10.1 bits. Putting four of these three-letter prefixes together would give you an entropy of ~40 bits, which isn’t too bad.

So, while I’m no password security expert, it does appear that you could use a “random four words” approach for most sites, and fall-back to just the three-letter prefixes of those words when a site has a maximum password length that’s too short for the normal password. In any case, this suggests that there is fertile ground for research into passwords that are both memorable and secure.

However, I know that even while such passwords are more secure than the typical complex password, unfortunately they still won’t be accepted when I try to register them at new websites. They’ll fail on the password strength indicators! Sadly, this is a case where both ease of use and security are being let down.

Tags: entropy, password, passwords, security, strength, xkcd

I post all the recipes for the dishes that I make for Recipe Club over on its own blog. However, where there’s a recipe I expect to make again, I’ll also post it here to ensure I can easily find it down the track. In this case, we made a Korean-style beef bulgogi again the very next night after I made it for Recipe Club, I liked it that much! It’s largely based on the recipe by Ben O’Donoghue in his book Ben’s Barbecue.

It serves enough portions to feed 6 as an entree, or 3 as mains.

Ingredients

• 500g rump steak
• 3 tablespoons (60mL) brown sugar
• 125mL light soy sauce
• 4 cloves of garlic
• salt
• 100mL mirin
• 2 tablespoons (40mL) sesame oil
• 1 bunch spring onions
• sunflower or vegetable oil
• 1 medium carrot
• leaves of 1/2 iceberg lettuce
• mint leaves
• ~200g kimchi
• other korean sauces that take your fancy

Method

1. Trim the beef of fat and slice thinly. Chop the garlic cloves finely. Slice the spring onions finely.
2. Combine the sugar, soy sauce, garlic, salt, mirin, sesame oil, and spring onions to make the marinade, and mix the beef slices through.
3. Leave in the fridge for at least 2 hours or overnight.
4. When it comes to cooking the beef, bring the beef mix to room temperature, then heat a BBQ hotplate to medium-hot.
5. Chop the carrot finely while waiting.
6. Oil the hotplate, and begin frying the meat. Once they’ve begun warming, then add the carrots, and fry everything together. It takes only a few minutes to cook so it’s tender.
7. Transfer bulgogi to serving dish and place on table together with lettuce leaves, kimchi, mint leaves, and any other tasty Korean sauces that take your fancy. Before eating, place everything on a lettuce leave and wrap into a delicious parcel.

Alternatives

• Instead of serving on lettuce, it would work also served on rice.
• Sesame seeds can be sprinkled over the top of the beef before serving, or toasted and included in the marinade. However, with the sesame oil it already has a nice sesame taste.
• According to Ben’s original recipe, instead of rump steak, sirloin can be used, instead of brown sugar, palm sugar can be used, and instead of mirin, rice wine can be used.

Tags: bbq, beef, bulgogi, korean, recipe

Of course, I nearly gorged myself on food at the family Christmas dinner yesterday. It was the second family feast this season, having had a Christmas feast with the Melbourne branch of the family a couple of weeks ago. For both, I made what is for me a traditional condiment for the pudding. It’s very easy, no doubt about it, but something that’s become absolutely essential: the brandy butter. (It also goes by the name “hard sauce“.) Drop it on the steaming hot pudding, watch it melt, and eat it as it soaks in.

I base my recipe on how I remember my grandmother’s brandy butter tasting. While some recipes suggest icing sugar (a.k.a. confectioner’s sugar), I prefer caster sugar (a.k.a. baker’s sugar) because of the texture. Also, I’ve got a fairly light amount of brandy in this recipe, and even my three-year old is known to have eaten it. You can probably double it, if you like a stronger taste.

Ingredients

• 250g unsalted butter
• 1 cup (250mL) caster sugar
• 2 tablespoons (40mL) brandy
• ground nutmeg, for decorating

Method

Tags: brandy butter, christmas, hard sauce, recipe, whipped butter

The Internet promises to disrupt many industries, but it’s finally getting around to disrupting the garment industry. There are now many sites devoted to providing exclusive-brand quality at mass-market-brand prices. They use approaches like out-sourcing design to their customers, taking a smaller profit margin than typical designer or bespoke operators, generating a larger volume of sales through global exposure via the Internet, and providing generous terms for dealing with wrong sizes.

Threadless and Cafe Press are the grand-daddies of the market, but there are now some Australian outfits getting in on the act, such as Shoes of Prey who are getting a profile for their high-end women’s footwear.

However, I want to do a shout-out for Carbon Copy Shirts who I’ve bought a few business shirts from. They have a great deal at the moment of 3 shirts for $99 that I’ve taken advantage of. Now the shirts have been through the wash a couple of times, I can say that they are good quality and they are in the regular wear cycle.

Tags: australian, clothing, online, shirts

This is another easy and tasty slice from the Country Women’s Association slice cook-book. The first time I made this, I followed the recipe and used dried apricot, but this time I used crystalised ginger and it worked a treat.

Consider it to be something like Adult Chocolate Crackles. I guess it’s called Stonehenge Slice because you could cut it into thin slices and assemble your very own Stonehenge, if you really wanted. Or even get more creative.

Ingredients

• 185 g dark chocolate (I prefer 55%)
• 125 g butter
• 125 g caster sugar
• 125 g pieces of crystalised ginger
• 3 1/2 cups rice bubbles (probably something like 125 g, too)

Method

1. Chop ginger into small pieces.
2. Grease a 18cm x 28cm slice tin.
3. Break chocolate into pieces and put chocolate in a microwave-safe bowl. Microwave on HIGH for 60 seconds.
4. Chop butter into pieces and add to bowl. Microwave on HIGH for 30 seconds then stir. Keep going like that until just melted.
5. Place rice bubbles in a large bowl and combine with the ginger and sugar.
6. Pour in the melted chocolate and mix together gently.
7. Press into the slice tin, cover and refrigerate for a couple of hours.
8. Cut into slices in the tin before serving. (Keep unused slice in the fridge.)

Tags: chocolate, chocolate crackles, party food, recipe, rice bubbles, stonehenge slice

Several years ago, I bought a book by Richard Feynman about science and the world. The following passage has stuck with me:

Now, another example of  a test of truth, so to speak, that works in the sciences that would probably work in other fields to some extent is that if something is true, really so, if you continue observations and improve the effectiveness of the observations, the effects stand out more obviously. Not less obviously. That is, if there is something really there, and you can’t see good because the glass is foggy, and you polish the glass and look clearer, then it’s more obvious that it’s there, not less.

I love this idea. It’s not just that you test a theory over time and if it hasn’t been disproven then it’s probably true, but that over time a true theory becomes more obviously true.

In forecasting technology trends, this is not necessarily a helpful thing. The more obviously true something is, the less likely it is that other people credit you with having an insight, even if it dates from when it was unclear.

Still, the converse of the idea is definitely helpful. If a theory requires constant tweaking in the face of new evidence, just to maintain the possibility of being true, it most likely isn’t.

I have no trouble coming up with crazy ideas about how technology might develop, but faced with a number of equally crazy ideas, it is difficult to know which are the ones with some merit and which are false. Happily, the above approach gives me a process to help sort them: giving them time. The ideas that are reinforced by various later developments are worth hanging on to, while those that fail to gain any supporting evidence  over time may need to be jettisoned.

Ideas that I initially supported but have been forced by time to jettison include: Java ME on the mobile, RSS news readers, ubiquitous speech recognition, mobile video calling, and the Internet fridge.

One idea that I’m proud to have hung onto was that of mobile browsing. I saw the potential back in the late 1990s when I was involved in the WAP standards, enabling mobile browsing on devices such as the Nokia 7110, even if it was wracked with problems. Several colleagues, friends and family members dismissed the idea. However, over time, mobile browsing received more evidence that it was credible, with the successes in Japan, the appearance of the Opera browser, and then Safari on the iPhone. Now, I regard Safari on the iPad to be the best web browsing experience of all my devices – PCs included.

While Feynman was a great physicist, and his advice has helped me in forecasting technology trends, there’s no guaranteed way to get it right. The last word should belong to another physicist, Niels Bohr, who is reputed to have said: prediction is very difficult, especially about the future.

Tags: forecasting, future, mobile browsing, prediction, richard feynman, technology

I don’t get to listen to music as much these days. When I was at school, I would have favourite CDs on repeat, studying or reading. However, perhaps I am beginning to re-live my youth, as I am starting to put CDs on repeat again, although it’s not exactly my idea.

The CDs are full of nursery rhymes or are by kids’ TV presenters. While these children’s CDs have simple melodies and the lyrics are easy to understand, they have an unfortunate tendency to get stuck in my brain for hours at a time. But I was pleasantly surprised by one CD we bought; it is a cut above the others.

Other suggestions for good children’s music will be gratefully accepted!

Tags: arthur baysting, cd, justine clarke, music, peter dasent, review, songs to make you smile

It isn’t just that expensive wine is more enjoyable, but actually paying more for wine makes it more enjoyable. Researchers from CalTech and Stanford found that the brain’s pleasure centre has more activity when tasting $90 wine compared with $10 wine, even when it is exactly the same wine.

I find it amazing that the brain has such sway over the body, but it’s something that the advertising industry has known for ages.

In Malcolm Gladwell’s Blink, I first read about the work of Louis Cheskin, whose work in advertising since the 1930s was revolutionary. His theory of sensation transference was used to design product packaging that would change the way people felt about, and even experienced the product. In one example with underarm deodorants, Cheskin sent the same identical formulation to testers in three different packs with unique colour schemes. The testers consistently reported differences in fragrance and effectiveness, and one colour scheme even resulted in rashes. Cheskin’s consultancy group was named the Color Research Institute, for obvious reasons.

So, given this background, I shouldn’t have been surprised by a recent article in Wired Magazine on placebos. It reported that the “placebo effect” is not a single effect at all, and using different colours or shapes of a pill can make that pill more or less effective in its treatment, even if that pill is just a sugar pill. In other words, the packaging of drugs, whether it is the form of the pills, or the design of the box, or how the medical practitioner gives it to a patient, can change how well a drug works.

While the placebo effect is associated with snake oil, it is considered to operate equally on legitimate drugs. That’s why in clinical trials, the main hurdle is to achieve levels of effectiveness higher than a placebo. But since the placebo effect itself can be made stronger or weaker, or achieve particular effects, you could imagine a trial where the placebo is chosen to have a weak effect so the drug stands a better chance of succeeding at trial. In fact, the Wired article claims that the placebo effect has become stronger recently, making it harder for drug trials to succeed. I can see a more worthwhile application of the placebo effect being to tailor packaging so that not only does it add to the drug’s effectiveness, but may even offset side-effects.

Perhaps in the future, the list of active ingredients on a drug’s packaging will also need to include aspects of the packaging like colour or shape. I may choose to avoid my paracetamol tablets if they are blue because it upsets my stomach. However, there’s one piece of information that’s already on the packaging that may yet be proven to work for other drugs (as it works for alcohol): the price.

And I will leave you with the thought that if more expensive drugs turn out to be more effective (purely on that basis), then may heavy subsidies of certain drugs be causing more harm than good?

Tags: advertising, medicine, neuromarketing, placebo, price, sensation transference

One of the reasons I post recipes on my blog is so that it’s easy for me to find them later. The category of Recipes on the blog is a bit like an ever-expanding personal recipe book.

And while this recipe is rather mundane, it was worked out through long trial-and-error to determine the optimal times for our 800W Sharp Carousel Microwave Oven. Coming into the warm weather, we are likely to have less porridge, and if I don’t write this down somewhere, I will probably have forgotten by the time the cold weather returns.

It is what Harriet reliably asks me for breakfast every morning, so woe betide me if I ever forgot how to make it. (She will consent to eat croissants instead of porridge, but I don’t think that’s a long term option.)

However, while it is simple to make, porridge is the prince of breakfasts. It’s healthy – low GI, low in gluten, low in sugar, high in fibre, high in protein. It’s been eaten for at least 4,000 years. There’s a special day devoted to porridge (10th October is World Porridge Day, if you must know). With a little creativity, it can be made into a variety of flavours.

I find the rolled oats packet’s suggested amounts make too little. Simply doubling them makes too much. These amounts are just right.

Porridge (Oatmeal) for One

Ingredients

• 1/2 cup (125mL) rolled oats
• 1/2 cup water
• 1/2 cup full-cream milk

Method

1. Mix all ingredients in a decent-sized microwave cooking pot (eg. a rice cooker). Place, uncovered, in microwave for 3:00 mins on HIGH (for 800W oven).
2. Remove and give a quick stir. Return to microwave for 2:30 mins on HIGH.
3. Rest porridge for 2:00 mins, then scoop out into a bowl.

Porridge for Two

Ingredients

• 1 cup (250mL) rolled oats
• 1 cup water
• 1 cup full-cream milk

Method

1. As above, mix all ingredients in a microwave cooking pot, then place, uncovered, in microwave for 5:00 mins on HIGH.
2. Remove and give a quick stir. Return to microwave for 3:00 mins on HIGH.
3. Rest porridge for 2:00 mins, then scoop out into two bowls.

Variations

• If you like, you can probably add a pinch of salt, and also an additional flavour like cinnamon or vanilla into the porridge.
• Our traditional toppings are 1/2 teaspoon of brown sugar or a drizzle of local honey. However, maple syrup, fruit jam, breakfast cereal, or yoghurt could also work if they are more to your taste.

Tags: breakfast, microwave, oats, porridge, recipe