Alex's home on the web

Today Ciske and I launched our first Android app: Hit it!

Hit it! The free dumpad looper: it's a virtual drumpad that can also be used to loop a rhythm you recorded yourself. Recording can be done iteratively so you can grow a simple cool beat into a complex awesome beat.

After sticking to my N900 for far too long I finally got myself an Android device this summer like I should have 4 years ago (I was quite interested in it back in the day).

Although I've been toying around with Android apps ever since, I've been heavily using one app you probably haven't heard about: Listing It!, made by my good friend Ciske Boekelo.

The neat thing about this list app is that it lets you easily turn an item on your todo-list into a list, with items of its own.

This lets you subdivide your lists any way you see fit: You have your shopping list, but you might want to add an extra level with your groceries listed by which shop you want to by from, or split them up by recipe, or by day of the week. Your list becomes a tree, structured any way you like.

Personally I use it for lots of different subjects. My Aperte tree for example has all my projects per client, with high-level subjects that I need to work on. It also contains a simplified version of my administration, noting which projects need invoicing and which invoices have (or haven't) been paid. My other trees contain stuff I have to get for my car, the daily groceries and all those odd jobs around the home.

All in all, Listing It is a highly useful app in my (biased) opinion. Give it a try and if you find it as useful as I do you can buy the ad-free version for a single euro.

IT security is getting out of the basement and starting to infiltrate everyday life. If the recent Wikileaks, Anonymous, Stuxnet and Sony PSN debacles weren't enough, now it's finally in the open that the trust everyone takes for granted when using encrypted connections is mostly based on wishful thinking and a bit of hand-waving.

DigiNotar, by thinking that running a certificate authority we all trust is best run by a total lack of security, has likely put Iranians at severe risk. What it has exposed is one of the internet's dirty little secrets: SSL encryption, what we all depend on for banking, email and e-commerce, is mostly worthless without a viable model of trust. And our model of trust is severely lacking at the moment.

DigiNotar was a terrible offender and that they promptly got revoked will be the least of their worries, but it wasn't the first offender. Comodo and StartCom both had break-ins recently and it is likely that more certificate authorities are as terrible as DigiNotar. The difference is that DigiNotar didn't act directly: it took 2 months before an Iranian user noticed something was wrong with his Gmail-certificate. Bad security is one thing, but not doing anything after such a break-in is malice.

Your browser currently trusts 600+ of these certificate authorities, from which DigiNotar has hopefully been removed. None of these companies will mean anything to your average user except maybe VeriSign, and your typical user will trust a site with a VeriSign-logo without even looking at a certificate. Yet all of these CAs are trusted to provide certificates with which our connections are encrypted: they are the only line of defense when it comes to man-in-the-middle attacks. And the likes of TDC, XRamp and TurkTrust are trusted to not make the same mistakes as DigiNotar...

Rather than repeat his words, Moxie Marlinspike's talk on SSL and authenticity says it all.

What can your company do? Take security seriously. DigiNotar wouldn't be in this situation if they had given a thought about security, but the situation wouldn't be as desperate if they had acted right away. I have contacted a few companies regarding security lapses on their side (one unknowingly disclosed 200k accounts a few months ago, no I'm not naming them) and thankfully they have all quickly taken appropriate measures. This is all we ask.

Is there a silver lining? Naturally. The whole charade with certificate authorities has given us Ubuntu...

With the previous blog post noting that I've moved to Alphen aan den Rijn, I'm sad to say that 10 months later our new town has suffered a terrible loss: Two days ago a madman killed 6 and wounded 17 by firing an automatic rifle in our local shopping-mall. He then committed suicide.

It's a surreal situation. Alphen is a small town, and probably was most remarkable because it was so unremarkable. The shopping mall was as common as they get and we went there nearly daily. Our thoughts go out to the victims of this attack, but at the same time the realization that either of us or any of our neighbors only by sheer chance weren't in the Ridderhof at the time of the shooting is terrifying. Something that only happens in the US of Arms or in the movies suddenly comes much too close.

Tomorrow the Ridderhof opens again. Faces that were on the TV again behind the register. The doors you walked through every day that were sprayed with bullets boarded up. Surreal. I think it will take everyone a lot of time to come to terms with what happened. Alphen will unfortunately never be unremarkable again.

Wohoo, finally got a connection to the internet at my new place!

Over the weekend we hauled all our stuff from Amstelveen to Alphen a/d Rijn (40km further south), where we bought a very nice 3-story house last month.

Lots of photos to come, this post was just to verify that they even migrated my old IP address for me. <3 Telfort! :)

I finally got around to putting a version of Django Bingo online:

Django Bingo at Github

For an example dashboard, see my network monitor.

Note that it is very rough, I hope to improve the code over the next few
weeks. But at least you have something to play with!

Give it a try and let me know what you think (both good and bad).