Slashdot can be prone to scaremongering as much as the tabloids. This article is about someone who has found a way to extract email addresses from MicroID hashes on some sites. The idea of Micro ID is that it allows you to associate a user account on a site with an email address without revealing that address. Then sites like ClaimID can verify that you own a given account, as I have done for several. The idea has been criticised, but I think it is useful in a limited way. It is vulnerable to people working out what the email address was if they know your name and can guess what domain it is on. Not too hard in my case as my email is hosted on my own site that I publish in my account profiles. I'm not too bothered about this account as my email address has been heavily spammed anyway for ages. I suspect it may have been harvested from a key server as those publish all email addresses without obfuscation. I would prefer to share my email address openly so that people can easily contact me, but it seems that is not advisable due to others abusing it. As they already do should I be worried?

It seems that others take this threat more seriously as last.fm and digg have stopped using MicroID. This is a shame. identi.ca have handled it better by giving you an option of whether to have a MicroID on your profile page. Perhaps someone can come up with a more secure protocol that does not reveal private information. This is a complex field in which I am not qualified to dabble. Security and encryption are very easy to get wrong.

Whilst looking into this I found that ClaimID was down. This could be a problem for me as I use them for OpenID on a few sites. I wouldn't use it for anything critical or financial, but it saves me having to come up with passwords for every site. As I let Firefox save my OpenID password I rarely have to enter it. This makes me slightly more secure if some site tries to redirect me to a clone of the log-in screen as that would not have my details.

I've had a GPG public key for years, but have not used it for much. Very few people I know will send me encrypted emails. I keep expecting spammers to start doing that as a way around spam filters. I'm not sure it is a big enough target for them. The only site that has used my public key to verify my identity is Biglumber that deals with that topic anyway.

I'm generally interested in ways that we can publish personal information so that people can use it to contact us, but still protect our privacy. Is there an answer? Perhaps email is too broken to be of use. Closed systems like Facebook allow messages to be sent with options to block those you don't know, but are not open enough for general usage.

I've just caught up on logging what I have been reading recently. I need to check if I have omitted any books. The list is here or you can see the latest ones in the sidebar. I'm using an add-on for Pyblosxom that requires entering the details in a slightly contrived style. It uses more comment and category fields than I really need, but I haven't tried to change that as yet.

I also added in some earlier books from the previous add-on that used a slightly different file format. I probably could have scripted something to do that, but it took less time to do it manually. I know I lose geek points for that.

In my quest to learn more about the art of programming I have been listening to the Stack Overflow podcast by Joel Spolsky and Jeff Atwood. These two seem to have a lot of experience between them and are applying it to developing a new Q&A site for developers. They are both entertaining talkers as well.

The Stack Overflow site is still in closed beta, but I managed to get in on it. It's simple, but impressive. It uses cool technology like OpenID, but can be used without registering. Users can allocate ratings to all questions and answers, so the good stuff should be easy to find. There is a complex reputation system, with badges, to encourage people to participate. So far I have submitted a couple of questions about use of wiki and email to manage information and received lots of good responses. It will be interesting to see how it evolves when opened up to the world.

I'll be interested in hearing about other good podcasts on programming and other technical subjects. I enjoy listening to them when driving to work. I still need to get myself a car radio that can play from flash media. I still have to burn an audio CD, which limits the duration of what I can listen to and sometimes plays up. I don't think I can bring myself to buy anything that does not support Ogg Vorbis. I'm not as principled as some people I know when it comes to only using open formats, but I still like to support them.

There are a number of reasons people go camping. A major one is cost, but a side effect is that it can have a lot less environmental impact than other sorts of holiday. We take a car full of stuff with us, but that should produce a lot less CO2 than flying. This year we only travelled about 100 miles to Kelling Heath in Norfolk. This was the biggest camp site we've been to, but also one of the best. Far better than the Haven site we visited. It consists of 250 acres of woodland and heath with spacious camping pitches and many static caravans and lodges. The facilities were pretty good. We used the outdoor pool. The indoor one meant paying a lot for use of the heath club and that was over the top for kids. We only ate in one restaurant once as we did a lot of cooking and ate out. We did use their cycle hire a couple of times to explore the area. This was the first time we had cycled with the kids and they coped well, even if the small hills could be tough on little legs. I really ought to do more cycling.

We also visited the beach and some of us swam in the sea. It's really not too bad once you are in. I was intrigued by the huge amount on flint on the beaches and elsewhere. No wonder they build their houses with it.

Some other UK sites I've been to do not offer much, if any, recycling facilities, but this one had plenty of bins. A few people need to learn what you should put in them. I was also impressed to see solar water heating for the showers. That seems a perfect application of the technology. I'm considering it for our house as gas prices shoot up.

I made sure I turned off as much as possible at home whilst we were away, including the water heating and even the Wii, but that only uses a few Watts. I don't think it made a huge saving, but there is no reason to not do it. I think it will barely show up in my logs at The Carbon Account.

We didn't drive much whilst we were there and so did no more miles than I do in a normal working week. Economy on that tank was pretty good at around 50mpg. It's been slightly worse this week, but that's probably down to London stop-start driving.

Last Saturday I attended a singing workshop with Dafna Dori from Jerusalem organised by my friend Malcolm. I don't really consider myself a singer, but with what I've been doing with the drumming group I am getting a feel for it and would like to explore the possibilities. There were about 16 of us there including my daughter and another young girl. The rest ranged widely in age. We did some fun warm-ups and then proceeded to learn three Jewish songs. There were the challenges of unfamiliar pronunciation and scales, but we seemed to do quite well. For the last song we also learnt the circle dance that goes with it. I'm not sure what people would think of us all dancing around in the wood outside the studio singing in Hebrew, but I enjoyed it.

The fact is that these songs are religious, but I didn't feel too uncomfortable singing them. That may have had something to do with them being in another language, but they were fun to sing. I don't particularly enjoy singing hymns on the rare occasions that I'm in church, but then a lot of those are pretty boring. There is plenty of spiritual classical music that I enjoy, but the words, if any, are often in other languages. Ultimately it is the quality of the music rather than the message that tends to move me. I can be moved by lyrics, but generally because they reflect my mood or inclinations.

I recorded the session on my Zoom H4. It was not ideally placed on the floor with a small tripod, but worked pretty well. I then had the challenge of editing over an hour of material to extract the songs for people to listen back to. I've done some previous editing with Sweep, but that was very slow and took up most of my memory. Ardour would not even load the MP3 file, but that may be due to a lack of add-on. I didn't try Audacity at first as I have been having issues with getting sound on play-back, but this time it worked and was very easy to use. I noticed that it used a minimal amount of memory. I just did the basics of cutting out the songs and saving each as a file without playing around with effects, but that is something I need to experiment with. It's not something I have ever done much with. I need to find time to check out some of the tutorials out there, but I expect there is no substitute for experience. There is an interesting set of screencasts on using Ardour.

Whilst writing this up I have been listening to free tracks from the new Byrne/Eno album and bassist Kev Cooke. All good stuff.

Back in November I clocked up one million giganodes on the OGR-25 project at Distributed.net. That took me about 7 years. As predicted (roughly) I have doubled that in just over 8 months thanks to a speedy dual-core processor in my main PC. It would have happened sooner if I had realised that my PC was not running at full speed and had implemented a proper shut-down script so that I did not lose work units each day. I was a little optimistic in how long the project had to run. Current projections give it almost another year, but I think that does not take faster computers into account. I wonder how many people will upgrade in that time. I certainly do not intend to do so unless I suddenly find myself with enough spare cash for a faster CPU. I could get something 25% faster for well under £100, but I doubt I would notice the difference for normal usage. If I were building another PC I would probably look for something that used less power rather than ultimate clock speed. I've not bothered keeping up with what's new in the processor world for a while, so I don't even know what the state of the art is. These days software is more interesting than hardware.

For reference, the earlier slowdown may only have affected apps like dnet with a high nice value as the PowerNow daemon would ignore them and assume that nothing important was running. By setting the '-n' flag in its defaults file I got back to full speed. I used a script from here to make sure the client shuts down cleanly. I could have been losing several hours of work in the past. I've at least learnt some more about the workings of Linux through all this.