User stupidity v. design stupidity

There’s a lot of linkage to this initially entertaining account of how one user thought CentOS, a Linux distribution, was responsible for “hacking” into his site, when all that had gone wrong was that he was seeing the default Apache page. But while the geek crowd crack in-jokes and snigger at this fool (and make no mistake, he is a fool, being paranoid to think he was hacked in first place, incredibly slow on the uptake, and willing to threaten them with a visit from the FBI), they are missing the point. The real reason why the guy wasted all their time with this was not because he was an idiot, but because their Apache test page is so shittily designed. Don’t believe me? Then take a look at it.

For starters, there is no good reason why the OS should be mentioned in such big letters at the top of the page, or the logo shown. I can’t think of many actual production websites that say which OS they run on, with good reason – it is totally irrelevant to the average end user. If they see it, they’re not going to understand. On the other hand, if you are actually the person who’s administrator on the box, then you already know what the OS and server are – you’re the one who installed them. All you need to know when installing Apache is whether you’ve got it to work; a simple success message with the current time is what you need.

Granted, OS and HTTP server information are useful for collecting statistics about usage, but for this purpose they can (and indeed should) be included in the headers so they can be collated automatically. Speaking of HTTP headers, total aside – I might have linked to Fun with HTTP headers before, but it’s worth linking again.

Right back to my point. Of course, whoever came up with this design were vaguely aware of this, as after inserting the CentOS logo they have had to insert a long tedious explanation about what CentOS actually is, and “please don’t complain to us, we just provide the OS for this, we do not host this site” explanation that continues long down the page. Any self-respecting hacker would pause to think that if your 20-line code works OK but needs a 200-line patch to avoid problems when it comes to implementation, perhaps it’s best to reconsider your approach and see if there is a better way. But with text, they don’t seem to be willing to do the same. In this case, they could have avoided all the kerfuffle by having a very boring logo-less, Times New Roman-rendered message with a default colour background; making your default test page look pants makes it very clear that it is intended to be a default test page.

And while they were at it, they could have got rid of the instructions for the developer/installer – they should only be in the installation documentation, it’s easier that way and avoids the two sets of instructions getting out of sync and possibly contradicting. Get rid of that, and what you’re left with is little more than:

Default Test Page

This is the default test page for If you are not expecting this page to be here, then you should contact the webmaster at

Apache server at 12:00:00 (UTC) 01/01/2006

Just as you can’t legislate against stupidity, you can’t code against stupidity: nothing you write is ever going to stop people being stupid. But you can certainly code (and legislate) to prevent them from going down the stupid and protect everyone else from its worst excesses.

On surnames

The other day I linklogged the biography of the wonderfully-named Cowasi Jehangir Readymoney, the descendant of a wealthy Indian merchant’s family who adopted a nickname as a surname. Since then, I’ve been pondering on how rare such an occurrence is; that is, how rare it is that in the modern era, people adopt a new surname based on what they have done or how others call them. While there are host of surnames for professions (Smith, Baker, Cooper, Chapman, Cartwright), they all have medieval or earlier origins; there aren’t many names originating from the Industrial Age, (very few people have the surname Miner, Docker or Labourer) and virtually none at all from the Information Age (how many people do you know are called Accountant, Lawyer, Estate Agent or Programmer?)

I suppose it’s because just as the Industrial Revolution was taking place, it was also the dawn of widespread literacy and the database state (the first national census was in 1801, though it wasn’t until 1841 that it fully noted individuals’ names). Having gone through some old genealogical records I’ve noticed that spellings varied enormously through much of the 19th century, and even in areas with thoroughly complete records, you could sometimes draw complete blanks once you got back to a particular point in time. In an age before names were written down regularly and montonously, identities would be more ambiguous and local, which could be chosen and changed. Now they were framed and laid out as definite in black and white; a move from descriptiveness to prescriptiveness. Throw in Victorian values that promoted the nuclear family and monogamy, and a growing middle class seeking to emulate the one stratum of society that have always had surnames, the nobility, and you have a hardening of surname identities.

(Feel free to flame away at my historical theories, btw)

Of course, I’m not the first to point out the hardening of identity, and some writers have tried turning it on its head. Max Barry tries a “what if this applied in the globalised age?” slant in Jennifer Government, where everybody takes on the name of their employer as their surname (meaning that one of the biggest social shames is to be surnameless and thus jobless). Meanwhile Neal Stephenson, either being ridiculous or sublime, goes all self-referential in Snow Crash by giving his main character the name Hiro Protagonist. And there are probably plenty of other examples where authors have deliberately given their characters surnames indicative of their personality or their destiny, which is all the more ridiculous given that one’s surname has no real bearing at all on such things.

So, given we are entering the era of the individual (according to every political philsopher you consult) why don’t we ditch our surnames, change them, adopt new ones, or mix them up? Of course, there is still the whole connection to family (which itself has implication for ethnic self-identity), but surnames nearly always neglect one half of your family tree by default (unless it’s double-barrelled, or your parents were both born with the same surname). And in any case, you could be lumbered with a really ugly or unsuitable surname (I always feel slightly sorry for people in the news called Raper, and as for Segar Bastard, I bet he’s glad he isn’t a football referee today) that even the staunchest of family ties might not be enough to make enjoyable (though of course, you could well still be proud of it, it’s your choice after all, shouldn’t impugn or make assumptions, etc. etc.).

No, I’m not thinking of changing my name, by the way (Christopher Geek doesn’t sound all that nice, and in any case it is probably unfair on my descendants…. having said that, they could always change their names as well). But it strikes me as weird at how rare picking a new name is, and when people who do change their names (for reasons other than marriage) appear in the papers, they’re often described derisively (although some of them arguably deserve it). It’s doubly strange in a society which is more than willing to inflict ridiculous forenames on innocent children who have no say at all (particularly this utter tool). Not the best of standards; while of course it’s perfectly fine to stick with the name you’re given, we should be more supportive to people who want to give themselves the surname Accountant or Programmer or Call-Centre-Operative.

Concorde: rubbish

So, the #1 design icon is Concorde. Even though it isn’t actually very well designed at all. Based upon a nuclear bomber, with wings from the 1950s, an engine from the 1960s, it was designed for a 1970s worldview of air travel. The insides were cramped and could only carry 100 passengers. It was as noisy as hell. It was by far the least efficient aircraft in the sky. It cost over ?1bn to make (at 1970s prices), and it cost nearly as much to travel on it. Oh yeah, and one of them blew up; the explosion was caused by it hitting a stray piece of metal, which caused a tyre to explode, in turn punching a hole in the fuel tanks, which were not sufficiently protected. Putting fragile fuel tanks directly above one of the components most likely to fail catastrophically is not exactly a classic example of good design. As further explained here:

Most accidents are caused by the irresponsible common practice of hanging engines and landing gear onto fuel tank supporting structure in combination with excessively high take-off and landing speeds on overstressed tires. Add a fragile, tubular fuselage and there is a perfect recipe for a fiery disaster.

Alright, it looked nice and pointy, and possibly graceful (though it’s hard to be graceful when you have dirty black smoke continually billowing out of your arse). But then so do those Alessi lemon juicers, and have you ever tried using them? They’re rubbish – they’re fiddly, easily go skidding across the table and hardly get any juice out – you always end up bringing out the trusty plastic one that cost you a quid to finish the job off. The whole point of good design is that its quality also lies in its use and how it is enjoyed, not just its aesthetic; the Concorde was used by barely anyone. While the other two contenders, the Tube map and the Spitfire*, have been thoroughly put through their paces, during its entire lifetime the Concorde flew less passenger miles than the entire Boeing 737 fleet does in a week. Just like the Space Shuttle, despite all the hard work and phenomenal amounts of money put it into it, Concorde was dated by the time it made its debut and was almost entirely useless outside of the artificial niche created specially for it. To call it an icon is giving undue venerating: Concorde was rubbish, and that’s why blessedly, it is no longer with us.

* I’m not sure whether the Spitfire is really a design “icon” either; innovative as it was, only a few of us can recognise it amongst other aircraft of the era. Maybe it was just because we used it to kill Germans, and there’s not much the Great British public like more than that. Even then, the Hurricane and Mosquito were actually more effective and manoevurable fighters than the Spitfire.

Seeing red

Having just looked at an old postage certificate I had got a couple of weeks ago and no longer needed, I was shocked to find that the Royal Mail asserts that:

Royal Mail, the Cruciform and the colour red are registered Trade Marks of Royal Mail Group plc.

The colour red? Like, any colour red? Or just the red that pillarboxes come in? Is that why Arsenal changed their strip this season? What about yellow or magenta – can I use them, even though they contain the colour red? What if I were colourblind and inadvertently used it? Would that be wrong?

Incidentally, the parcel the certificate was for, which I sent first thing the morning took two working days to travel just 60 miles, despite being first class – I even paid for the next weight grade up, just in case. Next day delivery my arse. I’ll start respecting their trademark when the dozy bastards work out how to stick to their promises.

Go West

Pumping on every radio station around the past two weeks is Kanye West’s “Touch The Sky” – y’know, the one that samples Curtis Mayfield’s “Move On Up”. I say “sample”, because it really doesn’t do the word justice – it’s just such a lazy choice of tune, and a totally pedestrian use of it too, slowing down the tempo a little and then singing his own lyrics on top. I mean, most of the best sampling takes a (relatively) obscure loop or riff; if you’re going to use a famous song, then you should really fuck about with it a lot; add other sounds, mash it up with another track (or two, or three), such as The Avalanches’ masterful remix of (amongst many other sounds) Madonna’s Holiday on their album Since I Left You.

Ah, Madonna. She’s partly to blame too; that song that came out last year, whose title I’ve already forgotten that was basically her singing over ABBA’s Gimme! Gimme! Gimme! – that was even worse. At points in that song, she sounds like someone in the pub who’d started singing along to whatever’s on the jukebox, only they’re too pissed to remember the words and are singing something else. Perhaps in this respect, West’s song is even worse, as when he runs out of slightly banal lyrics, he actually starts singing along to his own sample. Which is a shame in his case, as I quite liked his other recent releases.

Of course, when any sort of music goes mainstream you expect a bit of vim to go, but what’s coming out as new right now is truly anodyne. If you’re only going to take an established well-known hit, and fiddle about slowing it down a bit, or enhancing the bass, you might as well just re-release the original and be done with it – actually, I’ve just remembered it has been done before with no mean success. And they say filesharing is responsible for killing new music…


Apparently, national identity cards are going to be equipped with PINs. Unlike Justin, I don’t think this is as bad an idea as he makes out; in fact it serves one very useful purpose, namely that it correctly sets apart the separate concepts of identitifcation and verification – the former being who you are, the latter how you prove it. With a purely biometric system, relying on your fingerprint, iris scan, face scan etc., if something goes wrong and the system starts getting false positives – i.e. someone else is being mistaken for you, either by accident or by malice, you can’t get a new eyeball or set of fingers. But if you or the card issuer think your PIN has been compromised, then you can change it or have a new one reissued (This seem familiar? It’s because I have gone on about this before).

Of course, Justin points out the many problems of PINs which I’m sure we all know or love – they can be forgotten, snooped upon – either via a hacked device or from an insider, or even the good old-fashioned “look over your shoulder while you enter your PIN, then nick your wallet” approach. What really matters is what the mechanism is when fraudulent or mistaken transactions are made, and who is liable for the error; it isn’t just the PIN that matters, but it combined with all the supporting systems around it. With credit cards (at least for purchases, though not for ATM transactions), liability lies with the issuer for not correctly verifying your identity (I bet they really hate that). With identity cards, the liability as the Bill currently lays out is with… you. The Bill puts all liability for possible errors or mistakes with the cardholder*, not the government nor the technology provider, assuming that the system will be perfect and any error is entirely down to the individual concerned.

Still, I keep on reminding myself that the cards themselves are only a small part of the matter; while the technical problems with them are important, particularly as many citizens’ own experience of the system (and any problems) will be from direct use of the card; possibly more pernicious is the possibility of errors in and malicious use of the National Identity Register itself. Which leads me onto a vaguely related note, which is that the police have cottoned on to using Oystercard data in their investigations; which is fine if used for criminal investigations and requests are made and judged on a case-by-case basis. Give it a few years and some function creep, and it could be quite possible it will be used for pre-surveillance as well. All the other components for an automated Big Brother system are in place – your name and address are held by TfL (as most Oystercards are registered), and they have access to 1,400 or so CCTV cameras; hook them up together (with some route prediction software too, maybe) and you’ve got a way of tracking people in a near-real time basis. Maybe. I could just be paranoid.

Right, enough about ID cards. Next up: Kanye West. No, really.

* Actually, the Bill is mainly concerned with mistakes on the register, rather than mistakes with the biometric stored on the card; but given the government’s reluctance to accept responsibility for the former I doubt it will take much responsibility for the latter either.