iPrison

Frankly speaking, I don’t really understand the passion for the new Apple iPad (an "iPhone on steroids"?). It’s a beautiful-looking machine but it also jails its user in the "Apple ecosystem". It’s just consumerism.

Apple has a record of launching beautiful-looking devices and shiny products. In the beginning of the years 1980s, they popularized the computer mouse and the graphical user interfaces as we know them today. In the beginning, one would love the simplicity of use of Apple computers and software, especially compared to the MS-Windows or GNU/Linux versions at that time (I’m speaking of the years 1990s). The end-user was then at the center of the "computer experience". But now, it seems the end-user becomes a (paying) consumer, nothing else.

Since a few years, Apple developed its own, closed ecosystem and is now cleverly taking advantage of the miniaturization of electronic devices to sell content via this ecosystem. Indeed, Apple first developed the iTunes Store that was initially only a music store but later offered other multimedia content and applications (most of them for a fee). Legally selling music via the internet was disruptive at that time when most music available on the internet was only personal copies from some individuals. With the miniaturization of electronic devices, phones became "personal digital assistant" with the ability to play music, play games, run office application, take photos and videos, surf the web, exchange e-mails and instant messages, etc. Computers also became miniaturized, giving birth to netbooks.

The great thing about these small devices is that they are usually forced to save data in common formats in order for their clients to be able to use these photos (jpeg), videos (3gp) and music (mp3) on other devices than their phone or netbook. However, nearly all manufacturers also created their own "Store", websites selling multimedia content and applications (not only music anymore) specifically created for a platform but also specifically locked to a platform. One may argue that Apple iTunes Store is easier to use and provides more content than any other platform (which is probably true) but nevertheless, Apple is locking its customers to its platform.

The advent of the iPhone and now the iPad further locks its users to use Apple Store thus to use Apple-approved content, Apple-approved music, Apple-approved applications, Apple-approved books, etc. Of course, there is a way to open some of your own documents previously saved in a more usual format. But there is no way to share the content you bought from a Store with your child, spouse, parents and friends. Apple owns the content you bought, you are just leasing it from Apple for your own personal use.

So, technically, the iPad may be a nice looking device but it’s also an iPrison for your data and what you can/can’t do. I agree computers and electronic devices needs to be user-friendly and shouldn’t annoy users with technical details. But I also would like that the same computers and electronic devices give the freedom to modify, share content, look at details if that’s the user wants.

Finally, I like this citation from Laurian Gridinoc, before Apple annoucement:

HAL-9000: What is going to happen?
Dave: Something wonderful.
HAL-9000: I’m afraid.
Dave: Don’t be. We’ll be together

Don’t be afraid, indeed: Apple will know what you want, dictate what you’ll like but won’t disable any life support systems as it needs your money!

3DSecure not secure

You may have seen in various places that “3-D Secure” (aka “Verified by Visa” or “Mastercard Securecode”) is not as secure as it says. The original paper is here (PDF).

Unfortunately, having implemented the 3-D Secure system via a third-party somewhere in Europe, I have to agree with the authors. I will insist here on one aspect – the inline frame – but the authors are giving more aspects and some solutions worth considering in their paper.

The first issue is that most merchants or banks embed the 3-D Secure page in an inline frame: the 3-D Secure page appears as if it was served by the merchant website although it comes from another website. This is similar to the hypothetical case where that image in your newspaper comes from another newspaper. You wouldn’t notice the difference (unless/until the image is completely different from your newspaper content). And, back to our topic, if a fake 3-D Secure page is given inside the inline frame, it’s difficult to notice it, the most common way of noticing it (a different URL in the address bar) is indeed hidden by the inline frame. During the development and testing, I put in place an internal, fake but similar-looking payment page and we sometimes have to think twice before knowing if we were on the fake page or in the test environment. Webpages at a merchant or a bank website are of course supposed to be kept far from crackers and villains 😉 But a man-in-the-middle attack (replacing on the fly the real payment page by a fake one allowing to collect card details) is rather easy to implement (considering actual villains know-how) and wouldn’t be noticed until they collected a certain number of card details …

To illustrate the above, please insert your card details below.

Card number:
Expiry date:
Secure code:

Fake 3D Secure

Apart from the fact this form was done in 30 seconds and doesn’t really look like a real a real payment form (and does nothing), how can you tell the difference? So, be careful when using 3D secure (with Firefox you can always right-click to see the security information about the form you are about to fill in). And always try to check the URL if it’s possible.

Happy new year 2010!

Happy New Year 2010!

Evolution of H1N1

I needed some data to test the pChart charting library so I decided to use WHO data about swine flu (in its weekly updates). The only issue I had was that the WHO started to collect data by country and changed to gather data by regional offices from July 27th, 2009 onwards. So graphs below are only by regional offices.

Evolution of A/H1N1 cases - jepoirrier.net

Evolution of A/H1N1 deaths - jepoirrier.net

For your information:

AFRO: WHO Regional Office for Africa
AMRO: WHO Regional Office for the Americas
EMRO: WHO Regional Office for the Eastern Mediterranean
EURO: WHO Regional Office for Europe
SEARO: WHO Regional Office for South-East Asia
WPRO: WHO Regional Office for the Western Pacific

I didn’t really see such graph on the web but there is the excellent FluTracker by Dr. Niman and a lot of information about the swine flu on Wikipedia. If you want to start interpreting these curves, you might be interested in reading squareCircleZ’s post about the H1N1 and the Logistic Equation.

Powerplant screensaver

Do you know your local powerplant chimney can be a screensaver? (movie taken in October 2009 in the South of Brussels, Belgium)

Waiting for PDF comments in Evince

Evince defines itself as “simply a document viewer” (for Linux/Gnome and now for Windows too). However it can already read a lot of formats: PDF, TIFF, PS, DVI, DJvu and plans to support a lot more in the future.

But for me there is one important feature missing: the ability to read comments in PDF files. I sent PDF versions of draft documents to my PhD thesis promoters and they send them back with their comments. Open them in Evince: you’ll only get the balloons but no possibility to click on them (see Figure 1 below). Open them in Acrobat Reader and not only you can see that there are comments but you can also see their content (see Figure 2 below).

Figure 1: reading a PDF with comments in Evince

Reading a PDF with comments in Acrobat Reader
Figure 2: reading the same PDF with comments in Adobe Acrobat

It’s in the roadmap and Carlos García Campos already has an unstable release that includes annotations. So I’ll keep Acrobat Reader for the moment. As soon as Fedora packages Evince with annotations, I’ll not see any reasons to keep Acrobat Reader on my laptop 🙂

Btw, both Okular and KPDF also seem to miss this feature.

2.54

2.54 It’s the impact factor of the Open Access journal Proteome Science where I published my last article, last year.

I didn’t see that before but came to know when I downloaded the 453 remaining e-mails from an old account (3 months without fetching them). The announcement of this new impact factor was in one of the three interesting e-mails.

Redesigned Pubmed

I often wrote about Pubmed here. Briefly, it’s a search engine for publications in the biomedical domain. They recently redesigned their user interface and, although there are a lot of new things to save time that came with the new design, there is still a problem with their interface: the new search box takes too much space …

Redesigned Pubmed homepage (bigger image)

Redesigned Pubmed result page: search box is hiding the logo, the display settings and the first result (bigger image)

To be fair, I must say these screenshots were taken with Firefox 3.5.3 on Fedora Linux but I didn’t see this problem with other operating systems nor other browser (not even Firefox on MS-Windows). Seems they tested their design with everything except Linux 😦 (A search with Pubmed redesigned doesn’t work with text-only browsers although the previous one perfectly worked)

postr, simply puts your pictures on Flickr

I really like gthumb to have a look at my photos, quickly perform some basic modifications or effects and display all the photos to people around me. But there is one thing that is annoying me: it seems impossible for my gthumb version (2.10.11) to upload to Flickr, where I put some of my pictures. There is an “issue 73” in the GNOME’s GHOP Contest page from 2007 and the development seems to be done ; it’s just not yet in the main branch.

Now enters Ross Burton’s postr, a Flickr uploading tool for the GNOME desktop. It’s simple. It has all the functionalities you need when posting pictures: title, description, tag, sets, groups (and privacy) fields and settings. Voilà! And if you need more advanced features (like geotagging – which isn’t anyway in the Flash-based Flickr upload tool), the Organise tool from Flickr is still there.

Don’t be afraid by the fact it’s still in version 0.12.3 nor by the fact it wasn’t updated since December 2008: it’s fully working, already in your favourite Linux distribution (at least in Fedora), I adopt it 🙂

Postr 0.12.3 screenshot
postr screenshot. The picture that will be uploaded is here.

Revision control software migration question

In software development (as in many other fields, like paper or thesis writing ;-)), you often need a revision control software to effectively manage all the changes made to your source code (or sections and chapters). It’s even more important if you work with other people on the same files, on different versions of the same sources, with people in different locations and with different systems.

The problem I currently try to solve (or, at least, try to bring a solution to) is the following … The system doesn’t initially use any revision control software. People are able to edit any file they want, one at a time (file locking which is very annoying). Basically, there is only one version of a file per project: the current one. If another project tries to merge the same file from another project, someone has to manually review all the lines in order to see what should remain and what should be left. In order to reach a previous version of a file, you have to manually remove lines marked with the patch reference at a specific location on some lines (it does work in some programming languages and not at all in all others). In fact, a rudimentary revision control system exists but it’s completely outside the development environment. When a file is modified, it’s name is entered in a “patch system” with the reason why it was modified (when you are lucky). If you forget to enter its name, the system can’t do anything for you (since it’s not aware of anything).

Now, on top of that independent patch system, people started to use a real (closed source) revision control software (that even appears in a Magic Quadrant from an advisory firm so it must be serious!). But instead of reviewing the way people work, they just added a layer on top … After a programmer did everything for the independent patch system, a new procedure states the same patch reference needs to be added in the revision control software as well as all the files contained (an automated procedure is actually doing that for you, fortunately). In summary, the current system is depicted in the middle of the figure below (along with a basic solution on the left and a classical implementation on the right).

version control comparison

My question is: how to modify the current system which work more or less in order to approach a more classical and more efficient way of working (the one on the right)? (hiring an external consultant is not an option ;-))