Safari woes: which bit of "Reset" didn't you understand?

As someone who works in software development, from time to time I have to use a clean browser to explore a technical problem. It's a pain to use my everyday browser for this because it means wiping all the identities on all my favourite websites so, like most developers, I keep one of my browsers for just this type of purpose.

In my case, the browser I choose to test with is Safari, partly because it has a neat "Reset Safari..." menu item that makes it easy to go back to a clean browser state at the start of the test.

Today, my world is upside down. The confidence I had in my ability to control access to my private information is shaken.

It started with iGoogle. Safari opened on my iGoogle home page as usual, I selected "Reset Safari..." with all the settings and was left staring at a plain iGoogle window inviting me to sign in. So far so good.

My next action was to open a new tab: my iGoogle page appeared again. Interestingly the Gmail, bookmarks, Google Reader gadgets and so on were all logged out but that new black strip at the top of the screen clearly said "Steve Lay" and clicking on Google plus revealed my latest posting including my private automatic check-ins. Somehow my identity had come back from the dead.

Perhaps this is a memory bug in Safari I thought, I saw some advice on the internet suggesting I should quit Safari just after reseting. This time my name was missing from the black strip on iGoogle, but clicking "+You" took me back to my Google+ home page again. My identity was back.

I had strange visions of the old Roger Moore movie, The Man Who Haunted Himself. Perhaps this is my other identity, may be this Steve Lay has checked into different places, posted different things?

The answer seems to be more mundane, though I'm a bit hazy on the technical details. It seems that the other identity that keeps breaking through into Safari is probably the Steve Lay that is logged in to Google with Chrome. You see, both Safari and Chrome use the WebKit framework to handle basic web protocols. In turn, Apple's implementation directs all WebKit based HTTP traffic through a low-level part of the system that handles Cookies for you. The upshot is, if I'm understanding the documentation correctly, that Cookies are shared between all WebKit applications.

That means that "Reset Safari..." probably doesn't do what you want. But, when you think about, it isn't just the reset function that is acting strangely here. I'm used to the idea that a Browser can't get a cookie until I've been to the originating website, and it can't identify me until I've logged in to the originating website. But none of this is true. Safari can find cookies and identities provided you have a logged in with any WebKit browser, which is quite different.

It is common these days for social networking sites to store badges on almost every web page which enable the network's owners to marry up your identity with that of the page you visited and hence get a better picture of your browsing habits. One way to reduce the amount of personal information you leak this way is to ensure you've logged out of services like Google and Facebook before you go reading up on that embarrassing medical condition or searching online for a divorce lawyer. When (or if) identities are going to routinely leak between browsers it is going to be much harder to prevent this type of information getting in to the wrong hands.


Standards: now even more to choose from?

Two years ago, in my first post to Questionmark's blog (please note that I work for Questionmark) I wrote about licensing for open standards, speculating that the standards community might benefit by modelling itself on the open source community where standard licenses have emerged to simplify the legal landscape for developers.

Selecting a license isn't the only legal problem that faces an open source development community. How do I know that the code contributed to an open source project is really open? This is the software development world's version of dealing in stolen goods. If the true copyright holder doesn't consent to having their code contributed to the project then there will be trouble ahead.

This well known problem in the world of open source software has parallels in the world of open standards too. In fact, the use of the term submarine patent implies a more deliberate process of hiding IPR for the purpose of suing people later and submarine patents are certainly feared by people developing and implementing standards. [1]

If I want to start an open source project there is a wide range of hosting sites that I can use to help with the basic tools: source code repository, discussion group, wiki, download/distribution service, etc. In most cases, these tools provide a very fast way to get going with very little oversight. Contrast these basic services with the Apache Software Foundation. It is a bit slower to get going but in addition to the collaboration tools it also provides a basic legal framework within which the project will work.

Now imagine what this might look like for standards organizations and you'll have something very similar to Community Groups as launched last month by the W3C: W3C Launches Agile Track to Speed Web Innovation

It is early days for this type of service but a few things are clear from the press release. Firstly, if your community is international (and perhaps even if it isn't) this process may provide a better standards track than working with a national body (e.g., ANSI in the US or BSI in the UK). W3C claim that they can provide a clear path towards full standardization by ISO/IEC.

Secondly, W3C appears open to providing this part of their process as a service to specialist industry players. I've worked with a number of consortia in the Learning, Education and Training space and I've seen the amount of time that has been spent creating IPR frameworks. Being able to outsource this part of a consortium's work to W3C would undoubtedly have saved time (and in some cases significantly increased credibility). I'd encourage any specialist body to look seriously at this as an opportunity.

This type of specialization of function lowers the barriers to entry for new projects too. It would be naive to think that this initiative will not make it easier to create new specialist consortia to rival existing players. As a result, consumers of technical standards will probably have even more to choose from in future.

'via Blog this'


Google+, Twitter and Facebook: all in one post

I'm not a prolific tweeter, my Google+ stream is more of a trickle (no age jokes please!) and I seem to have hit the wall on updating my Facebook status.

But each to their own: different people like consuming network updates through different tools.  So when I do feel like sharing something publicly it seems to make sense to update all three at the same time.

And now I can.

I've been using the Twitter application for Facebook for a while now but until the recent round of privacy updates in Facebook twitter posts were treated the same as wall posts from other friends, even though I had specifically linked my twitter account.  Now there's a new privacy option for integrations like this:

I've started a bit cautiously so if you really want to see my tweets in Facebook you'll have to be my friend first.  However, I have worked hard at setting up friend lists and associated permissions to simulate something a bit more like the circles that are so easy to set up on Google+ so you won't have to read about what my family and (other) friends are having for breakfast.

Which brings me to the second piece in the puzzle.  How to get public posts from my Google+ stream into twitter (and onwards into Facebook as above).

For this I'm using ManageFlitter.  This tool promises to take my public posts from Google+ (and only my public posts!) and repost them to twitter.  They say it might be a bit slow but that isn't going to be a problem for me I don't think and, anyway, when I tested it it seemed to update within the margin of error on a typical twitter refresh.

The icing on the cake is a Chrome extension (also available for Firefox I believe) which allows you to view your twitter streams right inside the Google+ interface.

The extension is called Google+Tweet.  I discovered this through the power of +1, for me this was the first time I'd done a Google search and found that one of the results was tagged with the face of someone I recognised (which I think means someone who is also in one of my Google+ circles).  A nice reminder that the way we use the web is still changing rapidly.


HP Photosmart: nice screen, shame about the firmware

In an earlier post to this blog I talked about my use of dd-wrt to help me get my home wifi signal to span my house.  See Open Source Routers to the Rescue.  Well, I have finally got fed up with some of the flakey behaviour from my Virgin router.  Periodically it crashes and I have to cycle the power on both my new HP Photosmart B110 and the old HP Officejet 6310 to re-enable printing.
To recap, dd-wrt is open source router firmware with a host of well-documented options to allow you control your router hardware.  In the end I found wireless repeating (extending the range of my virgin hub) too unreliable and so I used it to configure my second router as a "Client Bridge" instead.  This allowed me to connect devices without wireless support by plugging them into the LAN ports on the back of the second router.  Client bridge mode is not compatible with the use of DHCP to automatically assign IP addresses.  According to the dd-wrt site this is actually a restriction of the Wifi protocol itself so I configured my home network with manually assigned IP addresses for most devices.

This was easy to do on my the old Officejet printer which has a low-res calculator style LCD screen and a fax-style numeric key pad.  But on my new HP Photosmart B110 printer, which comes with a flashy colour LCD panel and an icon-based interface (no touch screen though) the network settings can only be set through the built in web browser, so it must already be connected to a network.  This seems a bit dumb but I guess most wifi networks will support DHCP so less of a problem in practice.

I now own a third router, I have been planning to take advantage of something called WDS which is the proper way of joining two wireless networks.  With WDS you can extend wifi coverage and bridge the physical LAN ports in a way that fully supports DHCP.  (It is a pity that my Virginmedia router does not support WDS on its own, but given that WDS is not a proper standard yet mixing and matching suppliers is probably unwise anyway.)

I had been putting off the chore of reconfiguring the network but what better way to spend a wet Sunday afternoon?  I now have a normal DHCP-based home network again.  The two connected routers mean I have coverage throughout the whole house and some of the garden.  At last, I've been able to turn off the wifi beacon on the Virgin router and relegated it to little more than the cable modem it replaced.

Reconnecting all the devices to the new network was simple, until I got to the Photomart printer.  The network transformation involved a change of subnet so the static IP was now useless.  I went back through the wireless wizard to join the printer to the new network but the old IP settings persisted.  I then hit the 'reset to factory defaults' option in the menus - restarted the printer and then ran through the wizard again.  The printer still remembered the old static IP.  I even plugged the printer into my Mac via a USB cable and ran the printer utility but there was no way to affect the network settings that I could find.  In the end, I went back to my box of old routers and dug out an old Netgear wireless access point which I was finally able to use to contact the printer and change its IP settings back to automatic.

An option to reset to factory defaults should surely do what it says for all settings?  Now all I need is something like dd-wrt for my Photosmart printer...