Category Archives: technology

A weekend amongst hackers

Posted on by
Reply

Blackhat, whitehat, rootkit, cyber security, and bugs are just some of the terms that flew around my head the past weekend because I went to Kiwicon V. Having gone already last year, I kind of knew what to expect and was very much looking forward to 2 days of technical bombardment interspersed with demos of how the talented hack into the system of their choice.

Mind you: hacking is not just the bad, bad guys. There is also a lot of good coming out of hacking: software / web site producers are made aware of security holes in their systems that could be exploited by not so kind people.

It was amazing that some companies don’t care at all: vt for example took down 5 software packages frequently used in Hollywood and only 1 company really talked to him. Others were not as willing and still haven’t fixed their bugs.

I learned:

  • how insecure the iPhone is and how easily you could read the RFID information stored on an EFPOS card by using a mobile device.
  • that poop has an ASCII sign UTF8 character Unicode code point but in contrast to the snowman sign, it cannot be used in a URL. Go figure.
Poop can't be used as URL

Poop can't be used as URL

  • not to say CyberWar if I didn’t want to start on a drinking binge.
  • that I didn’t understand Erlang and couldn’t defile MacOSX on my own.
  • how to go rogue.
  • how to hide images in images.
  • about the National Cyber Security Center.
  • how not to go about your first hacking job and that if you do you better know some people in high hacker circles.
  • and was reminded of the security fails of the last year.
  • and much more

This year’s Kiwicon was the largest so far. There were over 600 participants, and we were in Wellington’s Opera House as the previous venue would not hold as many people. Just imagine 600 people mostly clad in black in the middle of Wellington on a sunny weekend.

Kiwicon is not just a conference, but it is an experience. The pre-conference emails are the funniest ever, the registration process produced random quotes as comments that made you laugh, name tags were not your typical plastic around paper, but laser engraved leather and VIP had hand-made ones. Participants can also learn how to pick locks and handcuffs, and how to work in a team to hack a big organization who does evil.

I am already looking forward to Kiwicon VI to learn even more and be awed by the things that some people find when they look more closely.

While listening to talks on exploiting RFID technology and hiding information in pictures via steganography, I was wondering how secure EyeFi cards were. Could somebody put malicious code on them which would alter images put on the card so that when they are transferred they would not just include the image taken by the photographer but also some hidden information, possibly code that could endanger the computer / server where these images can be uploaded immediately wirelessly?

Response to the e-portfolio debate

Posted on by
2

As this is a longish comment on “The ePortfolio Debate” by Mike Bogle, I post it on my own blog.

Hello Mike,

Thank you for bringing the Twitter conversation onto your blog. That’s how I realized that there was more going on than just the 2 tweets I had seen earlier. :-)

You are correct when you say that e-portfolio solutions (no matter what they may look like) be available beyond educational institutions to ensure that (former) students continue to use them. In contrast to LMSs, e-portfolios center around the student.

I have not yet met anybody from the efolio provider in Minnesota, but from what I can gather from the web site, Minnesota provides space for all its residents to create an e-portfolio at eFolio Minnesota for free (to a certain data allowance).

For Mahara, there are services around that offer free hosting (again, up to a certain data allowance). I do not know how many there are, as there is not yet a list of them, but I have seen FolioSpaces (hosted in Australia primarily). Ian writes a bit about FolioSpaces outside of their web site here. If anybody knows of others, I’d like to hear from them.

In New Zealand, the MyPortfolio services for schools and tertiary education are hosted Mahara solutions that do not sit on an institution server. Thus it is easy for students to take along their portfolio when they switch schools. On myportfolio.school.nz they only have to be put into a different institution. There is not even the need to export and import a portfolio. If they go on to study at university, they export their Mahara portfolio and have it imported into myportfolio.ac.nz. Later on they can export it again and use on another hosted solution or even a different portfolio system (that follows the LEAP2A portfolio standard).

It will be interesting to see how far we can take “lifelong” in the electronic world. Will it actually be feasible to work with one (dedicated) portfolio software for more than 5 or 10 years or will we have to find other solutions and try to archive a certain phase instead of having to upgrade everything to the current software?

Kristina

Exploring my Desire

Posted on by
Reply

The HTC Desire is my latest toy. Instead of an iPhone 4 I wanted to explore an Android phone, especially after having seen a Nexus One of a colleague.

I started transferring all my contacts, installed a few apps and set up my friend streams. Currently, I am in the clean-up phase and have to stop trying to locate the power button on the right-hand side and hitting the home button to turn on the phone.

The HTC Desire and me

My HTC Desire and me; CC shared by Kristina D.C. Hoeppner

What I like best

The flashing notification light which alerts me to anything that I asked to be notified about. As I am not attached to my phone like a Siamese twin, it could happen that I went an entire day without turning my iPhone once. A flashing light would have allowed me to respond to messages more quickly.

What I like least

I have to go through my address book and add the birthdays and anniversaries as Google contacts does not interpret the fields from my Mac address book correctly. Let’s see how the sync works out in the future. But at least now I don’t have to run a script to create a birthday and anniversary calendar, but I can subscribe to my contact’s birthdays and anniversaries in Google calendar through my Google contacts.

EYC unConference (Part 3)

Posted on by
Reply

After a wonderful lunch and small talk at the lunch buffet, we had two more sessions at the EYC unConference today. You can read part 1 and part 2 before continuing if you haven’t already done so.

Low budget user testing

Courtney Johnston offered to facilitate a session on user testing and how to do that on a shoe-string budget.

A lot of user testing can be done by using paper and web site mockups. You also do not need hundreds of users, but can often already get an idea when you ask about 6 people to participate in a card-sorting activity or give them a task to complete on a web site. Some professional usability testers may bury their head in the sand when they read these lines, but here were are talking about testing web site for communities that operate on a very low till non-existent budget who cannot afford to have sessions in a usability lab and use awesome, but expensive software and setups to conduct their testing.

Often, even only with a few number of people, you can get an idea of whether a certain navigation works, whether menu items are named logically etc. However, when you only have access to a small number of people, you should be acutely aware of their ICT background to interpret their answers correctly and not make false assumptions and objectifying these.

Getting started with user testing

Courtney Johnston provides tips of how to do low-budget user testing; CC shared by Kristina D.C. Hoeppner

Feeding back to software developers

Tim McNamara offered the last session that I went to for this day of learning more about community involvement online. It was on how to give useful feedback to software developers. That was a dear topic to me as I get frustrated sometimes when people write forum entries or send me emails from which I cannot really make out the problem and try to solve it. It always takes a lot of effort to figure out what the issue might be and how to solve it.

The Google Project Hosting issue tracker is a good example of how to guide users in providing constructive and useful bug reports. When you open a new issue, you don’t just get an empty text box, but depending on your bug report, you can choose a template which then gives a few suggestions of what to include in your bug report. The template for a “user defect report” has the following items:

What steps will reproduce the problem?
Step 1.
Step 2.
Step 3.

What is the expected output? What do you see instead?

What browser (or hg/svn client) are you using? On what operating system?

As these questions are written directly in the text box, people can’t overlook them. ;-)

I will have to check if we could also add such pre-populated text in Launchpad for people filing Mahara bugs. That would be very useful.

Now what?

Currently, I am still in the processing phase because there was a lot of information today, a number of web sites to check out, things to try out for myself and wrapping my head around. It was great to meet people who create web sites for non-profits and a lot of times use open source. Joomla was talked about quite a bit as a person ran two sessions on it whereas other CMS were hardly mentioned (we should remedy that next time). However, as was pointed out when the Wordle was shown: Drupal sits on top of Joomla and has “brain” right next to it. ;-)

Words shouted out during the closing session of EYC unConference to say what was important

EYC unConference in a Wordle; created by Wellington ICT

A big Thank You to the organizers and volunteers as well as the participants of the unConference who made that day a great learning experience.

EYC unConference (Part 2)

Posted on by
Reply

As written in the previous post on the EYC unConference, everybody could propose a topic for a session and gather people to discuss it. After my initiated session on how to actually get people to use a community web site in which the attendees greatly participated and did not need a lot of facilitating, I went to a similar session. There the focus was on the use of social media, in particular Twitter and Facebook.

Online communities and social media

People saw the purpose of Twitter and Facebook differently and it always came down to finding where the people you want to reach hang out and picking them up from there.

Another important point that was raised was that not everybody is using social media and should not be forced to do so in order to join a community, but they should have alternative means for engagement. though that does not mean that the lowest common denominator should be chosen. It is worthwhile to educate community members about the possibilities of social media and offer them training so that they can become literate in its use.

Despite that, especially established community members should not be forced to go out of their way to continue engaging. Somebody came up with an analogy to a restaurant that was picked up by Joanna McCleod. When regular patrons come to a restaurant, they should not be made to go out again to find a flyer that is being distributed on Lambton Quay in order to be able to dine at that restaurant. They should still be able to just go inside without any detours.

The session attendees agreed that it is about the way of communicating and not necessarily the tool. Twitter and Facebook can change rather quickly in this day and age. So you may have to switch to another service. However, the idea of the social networking will persist. And you should not be afraid to pull the plug and discontinue using a tool when you realize that your community does not take to it. Your efforts can be used elsewhere more productively.

group discussion about using social media with communities

Never mind the nice weather outside. Community's social media use is as good. CC shared by Kristina D.C. Hoeppner

Web accessibility

Robyn Hunt talked about what everybody could do to improve their web sites to embrace accessibility. That does not only mean that people with disabilities can get more out of a web site, but it also means that the web site is improved for everybody as accessible web sites often also include looking at usability issues that might frustrate “regular” users as well.

I know that I have to improve the accessibility of my blog here, e.g. give meaningful alternative text and not just my picture caption and probably improve a whole bunch of other things that are normally hidden to the eye, but help people greatly who use screen readers.

Learning more about accessibility is a project on my ToDo list for which I will have to set aside a time and either participate in a workshop or read relevant texts.

One thing that particularly stuck in my head was that Facebook is not a good page in terms of accessibility because it is quite busy among things. However, when viewed on a smartphone, people with disabilities can participate as the content presented in the smartphone apps is basically clutterfree making it easier to use. Thus, though the service was not changed, a change of device suddenly enables a number of users to finally participate. And the internet offers independence and freedom to a great many people with disabilities as they can now get information that they had previously no access to and they can also engage in online conversations.

I cover the rest of the day in part 3 on the EYC Conference.