Month: November 2016

Cheating at Words with Friends

I have been playing ‘Word with friends’ for several years. I have played something over 1600 games so far, mostly against family and friends. I win more than I lose, this is mostly because I have a fairly large vocabulary, I am pretty good at pattern recognition and also I try words that I think might be legal.

Sometimes I will play a random player, just to see how I stack up against others. Again, I am usually pretty good.

So imagine my surprise when a random person, with whom I have been very closely matched over many, many games for a couple of years, suddenly ups their game. The scores went from 320ish each and a very close parity in won/lost stats, to an absolute demolition. In the last game we played they scored 617 to my 341, the previous game to that was 558 to my 337. Prior to that it was something like 500/350.

Words with friends is a game where improvements come gradually, my average score has increased by a small number of points per game over the years, because I have learnt how to avoid giving others big score chances and how to leverage the multipliers.

So, how has this person suddenly got a whole lot better – and, I may add, a whole lot faster so quickly ? 

Read More

Irreconcilable Differences

To my American friends.

During the run-up to the recent election, my Facebook newsfeed was filled with political stuff, posting after posting ‘informing’ your friends how evil the other side is and how stupid you would have to be to vote for them.

I think that is it highly unlikely that you had any effect on the election.

Subsequently, my Facebook feed is filled with spite, anger, disappointment and gloating.

That you are aggrieved that  ‘your side’ won/lost makes absolutely no difference to the result.

I’ve stepped away from Facebook.

2023 Edit: I am still not checking on Facebook – Thanks for the time back !

Bike review – On-One 45650B

If you are not aware of PlanetX bikes, then you are probably not into bicycles and you should probably skip this blog entry entirely. If on the other hand you are aware of them, then I probably do not need to tell you much about the company, because you probably already know.

I’ve been riding mountain bikes for a long time, probably 15 years or so, the last mountain bike I had was a home-brew bike that was literally made out of discounted parts from local bike shops and the internet. It had a 2×10 Shimano XT drivetrain and very high end, but previous year components. It was fast and fun to ride. It was also a 26’er, which in modern terms means that it was archaic and not worth bothering with. I disagreed.

Earlier in the year PlanetX had a sale – again if you know them, this is absolutely nothing new, they are always selling something cheaply. I took advantage of the cycle-to-work scheme and snagged a 45650B with pretty much every option maxed-out within the limits of the scheme. The pre-sale price was something over £2000, talking off the VAT and making the payments pre-tax I will end up paying way under £1000.

The name 45650B comes from the bikes ability to run 4, 5 or 6 inches of front travel and 650B wheels 4-5-650B, get-it ?

http://www.planetx.co.uk/c/q/bikes/mountain-bikes/45650b

Configuring it was hilarious, ‘would sir like a dropper seat-post’, oh, yes please.  Would Sir like the upgraded brakes ? Obviously, and the ? check, check, check, check, double-check. The only things I did not upgrade were the saddle and the handlebars. Honestly I probably should have done, but I wanted to ride it before I committed to changing the touch points.

In hindsight, the saddle is terrible and the bars are a tad wide for me. The bars are an easy fix, the saddle less so.

So, what did I get for my money then ?

A steel framed, hard-core trail monster !

Read More

The best gig ever…

Ask anyone what the best gig they have ever been to is, and you will get a multitude of answers.

Some may say that it was a mega stadium hair-band thing, others a small intimate performance is way better. For me though, it was neither, it was simply a very unexpected gig that made me smile.

Back in October 2004 we went to the El-Ray theatre in Los Angeles, a small venue with seating capacity of apparently just seven hundred and seventy one people. I would have guessed lower than that, but irregardless it was packed out. Sure there were ticket touts selling outside the door, but they seemed to be running low while we queued to get in.

Ben Folds was playing a gig. He has never really done the ‘big stadium’ thing, his style and music does not really translate to big audiences. I had seen him play at a small venue in Solana Beach called the Belly Up Club (capacity 450 ish) a couple of years prior and really wanted to see him again. Our seats were on the right, up close to the stage.

There was a buzz, there was chat that there was a special guest, that that guest might be William Shatner. That you could buy a copy of the (rather good) William Shatner CD called ‘Has Been’ from the merchandise stand seemed to confirm this, but there was no official word.

Read More

The (Tesco) Bank Job

Open DoorThe news is full of the US elections today, but yesterday there was a different headline.

‘Thousands of Tesco Bank Customers lose money’

Or similar to that.

Immediately the security world started to look into the reports. Within minutes links to previous issues were being pointed out, within hours a big old game of ‘join the dots’ was mostly complete.

So, what happened ?

Well quite a few things it would appear. Mostly, from guess work and taking the odd peak at the defences that Tesco put up is looks like this.

  • The main web site – tescobank.com still supports TLS v1.0 – this is utterly stupid. TLS 1.0 is long deprecated due to the ease with with a malicious actor can perform a ‘Man in the Middle’ attack.
  • There are literally hundreds of phishing sites that appear to be aimed at tesco. A simply search using a database of domains logged 214 domains added within the last six months that contain ‘tesco’, of which 12 of them appear to refer to bank or other financial products. None of these are owned by Tesco.
  • The password requirements appear to be rather dumb – 6-10 characters, mix of letters and numbers, no special characters and upper/lower case treated the same.
  • Getting the password wrong many times does not appear to lock out the account.
  • There does not seem to be any place for multi-factor authentication (MFA)

Actually figuring out which of these vectors a malicious actor actually took is quite difficult.

Read More

The iPhone 7

I am not going to get an iPhone 7.

This is weird for me, because almost every year since the very first iPhone came out, I have caved in and bought one within a few weeks/days/hours of its release. Worse still my entire personal computing infrastructure is built around Apple products. I have a MacBook Air, an iPad, iPhone and even an Apple watch.

So, I hear you ask, why not an iPhone 7 if you have had near all of the predecessors ?

Read More