I’ve been try­ing out Google App Engine, for which I signed up with the Google account where I just enabled 2FA. Of course, that means chan­ging the way I update the uploaded tri­al applic­a­tion; the stand­ard Google pass­word has to give way to either a spe­cific application-based pass­word, or OAu­th 2. OAu­th 2 is obvi­ously (to me) the bet­ter way to go.

The doc­u­ment­a­tion is reas­on­ably straight-forward. It even works as doc­u­mented, assum­ing you’re signed in with the right Google account on your default browser. My work­flow is a little dif­fer­ent — my main browser (Fire­fox) is signed into my main Google account, and I sign into my oth­er Google account (which I’m using for this devel­op­ment pro­ject) on Chrome. Copy­ing the URL from Fire­fox to Chrome to allow the appcfg applic­a­tion access to that Google account worked; it’s refresh­ing to see. I get tired of web applic­a­tions that use some hid­den JavaS­cript magic and give you non­sensic­al res­ults if you copy a URL from one browser to another.

There’s some­thing appeal­ing about OAu­th 2, even if it appears a little too magic­al at times (a bit like git; when it works it’s magic­al, when it doesn’t, good luck!)

Two-factor authen­tic­a­tion is gen­er­ally seen as a good idea; there’s a cer­tain amount of hand-wringing over the fact that more people don’t turn it on. The prob­lem is, it’s one of those things where you sign up for dis­rup­tion over the next few days, for uncer­tain reward. The reward is uncer­tain because you can nev­er tell wheth­er turn­ing on two-factor authen­tic­a­tion stopped someone hack­ing your account or not, just like you can’t tell wheth­er hav­ing an alarm com­pany sign out­side your house dis­suades someone from break­ing into it. My main email account has been on 2FA for ages, but I decided to add it to one of my sec­ond­ary accounts as well, given that lots of people seem to mis­takenly use that email instead of their own.

Tim sug­ges­ted I used the authen­tic­at­or app for my Google account 2FA, instead of using the SMS sys­tem. Just a hint: set it up while you still have access to your text mes­sages since SMS is used for the boot­strap­ping authen­tic­a­tion. You need to sign up for Google 2FA in the first place ‘on a com­puter’ (not spe­cified wheth­er a tab­let is suf­fi­cient? I used the desktop). You are sent an SMS to authen­tic­ate your­self, and then you get another one when you want to authen­tic­ate the Authen­tic­at­or app. After that, you don’t need your SMS sys­tem, as long as you have the device with the Authen­tic­at­or app on it.

But then there are the oth­er apps, which now need application-specific gen­er­ated pass­words. Adi­um for Google Talk, for example, or email with Thun­der­bird. Set­ting each one up doesn’t take long, but I’m sure some time in the future I will have for­got­ten and be won­der­ing why I can’t log in with a val­id pass­word.

And I under­stand what’s going on, more or less, and think the short-term hassles are worth it. There are lots of people who don’t have a men­tal mod­el of pass­words or authen­tic­a­tion, who see only the pain and not the gain (since the gain is only in the absence of a poten­tial future pain). Busi­nesses are sup­posedly imple­ment­ing 2FA fairly rap­idly, but I’d be sur­prised if people in gen­er­al were out­fit­ting their per­son­al accounts with 2FA at any­thing like the same rate. Mind you, I also sus­pect those sur­veys apply mostly to big­ger com­pan­ies in par­tic­u­lar indus­tries; anec­dot­al evid­ence I’ve heard points to a lower real adop­tion rate.

August ended up busy, busier than I inten­ded. Bal­is­age was as usu­al full of inter­est­ing dis­cus­sions although some of the people I’d hoped to see weren’t able to make it this year. I took part in a pan­el on Math­ML, figured out (finally) there is an over­lap between the over­lap­ping markup dis­cus­sions and the DOM Level 2 Range spe­cific­a­tion, and gen­er­ally enjoyed myself.

Not long after that I left Design Sci­ence; I was dis­ap­poin­ted it didn’t work out the way I’d hoped, but I did learn a lot about Math­ML and type­set­ting math­em­at­ics that I didn’t know before.

I’ve spent the last couple of weeks talk­ing to people about dif­fer­ent pro­jects in health­care and pub­lish­ing, wheth­er it’s some­thing for me to work at or not. It’s good to be able to take time occa­sion­ally to see what’s out there, what people are work­ing on. I’ve also been get­ting ready for the XML Sum­mer School (there are still a couple of spots left in some of the courses if you’re inter­ested in attend­ing). And I’ve been work­ing on learn­ing plans for my chil­dren since their teach­ers are on strike. Khan Academy, Codec­ademy, and vari­ous work­books to refresh last year’s skills to start with. I hope the strike is resolved before I have to do too much more plan­ning.

At least we man­aged to spend a few week­ends at the cab­in for relax­a­tion among­st all of that.

I’ve been work­ing at Design Sci­ence for a couple of months now, as Seni­or Pro­duct Man­ager con­cen­trat­ing on the Math­Flow products. So I figured I should enable Math­ML sup­port on my blog. It’s not hard, but like everything in tech there are a few nig­gly details. Many of those issues are caused by WordPress’s over-eager help­ful­ness, which has to be reined in on a reg­u­lar basis if you’re doing any­thing at all out of the ordin­ary. Like edit­ing your posts dir­ectly in HTML rather than using some pseudo-WYSIWYG edit­or.

The­or­et­ic­ally, show­ing Math­ML in a browser is easy, at least for the sort of equa­tions that most people put in blog posts, even though not all browsers sup­port Math­ML dir­ectly. You just use the Math­Jax JavaS­cript lib­rary. On Word­Press there is even a plu­gin that adds the right script ele­ment, the MathJax-Latex plu­gin. You can make every page load Math­Jax, or use the [math­jax] short­code to tell it when to load.

The wrinkle comes with Word­Press’ tend­ency to “cor­rect” the markup. When you add the Math­ML, Word­Press sprinkles it with <br/> tags. Math­Jax chokes on those and shows noth­ing. Since the tags don’t show up in the edit­or view, you need some way of stop­ping Word­Press from adding them. The best way I’ve found is with the Raw HTML plu­gin.

But there’s a wrinkle with that too. For some reas­on if you use the short­code ver­sion of the begin and end mark­ers ([raw]) the edit­or decides that the XML char­ac­ters between those mark­ers has to be turned into the char­ac­ter entit­ies, so for example the < char­ac­ters are turned into &lt;. To stop that, you need to a) check all the check­boxes in the Raw HTML set­tings on the post, and b) use the com­ment ver­sion (<– raw –> and <– /raw –>) to mark the begin­ning and end of the sec­tion instead of the short­code ver­sion.

Once it’s done it’s easy to add equa­tions to your pages, so it’s worth the extra few minutes to set it all up.

A couple of examples taken from the Math­Jax samples page

Curl of a Vec­tor Field
$∇→×F→=(∂Fz∂y−∂Fy∂z)i+(∂Fx∂z−∂Fz∂x)j+(∂Fy∂x−∂Fx∂y)k$
Stand­ard Devi­ation
$σ=1N∑i=1N(xi−μ)2$

and one from my thes­is from way back when

$fλ=n!⁢∏i

Langara is a loc­al col­lege offer­ing degrees in a num­ber of sub­jects, includ­ing Com­puter Stud­ies. I know one of the instruct­ors there, and he asked me to give a talk at their monthly Com­puter Tech meetup. As a top­ic, I picked Sim­ple Prin­ciples for Web­site Secur­ity, a short­er ver­sion of talks I’ve given at the XML Sum­mer School.

Apart from the fact that I was recov­er­ing from a bout with the vir­u­lent stom­ach bug that seemed to be going round Van­couver at the time, it was fun. A good bunch of people, decent ques­tions, and the stu­dent news­pa­per took advant­age of the oppor­tun­ity to write a column and make a video about basic inter­net secur­ity. One of my aims in this talk is to make the audi­ence para­noid, point­ing out some­times the bad guys really are out to get you, and talk­ing a bit about risk ana­lys­is and the trade-offs involved in writ­ing down strong pass­words (using a pass­word man­ager is bet­ter, of course). And the door prizes for Langara stu­dents were quite impress­ive!

Thanks to Ray­mond for invit­ing me, and Gail and Holly for organ­ising everything. I put the slides up at slide­share if you’re inter­ested.

If you’ve ever browsed through, or read, one of those self-help books that prom­ises life will be per­fect if only you think good thoughts, or that suc­cess in a busi­ness comes from set­ting goals and striv­ing to meet them, you may have had the nig­gling thought that there might be some­thing miss­ing in the rosy pic­tures these books paint. If so, The Anti­dote: Hap­pi­ness for People Who Can’t Stand Pos­it­ive Think­ing might be the right book for you. I haven’t reviewed many of the books I’ve read recently, but this struck me as import­ant enough to do so.

The book talks about how always try­ing to be happy, think­ing only pos­it­ive thoughts, and try­ing to pre­tend bad things nev­er hap­pen to people doesn’t work to make us happy; there is real value in con­front­ing our fears and wor­ries and work­ing through the worst-case scen­ari­os as well as the best-case dreams. The author points out that fear of fail­ure makes busi­nesses blind to the real­ity that set­ting goals and doing things in the same way as a suc­cess­ful com­pany doesn’t bring suc­cess in and of itself.

The chapter called ‘Goal Crazy’ got me adding book­marks: it’s about how goals often don’t work, and it’s not just because com­pan­ies and people set the wrong ones, but because set­ting goals at all often means neg­lect­ing oth­er import­ant aspects. Examples include people determ­ined to suc­ceed in busi­ness who end up divorced and with health prob­lems, or com­pan­ies who focus on sales and starve the research depart­ment of neces­sary funds. Inter­est­ing stuff indeed, and lots to think about.

The author dis­cusses vari­ous philo­sophies and meth­ods to accept life without the ‘think pos­it­ive at all times’ man­tra, includ­ing stoicism, med­it­a­tion, Eck­hart Tolle’s teach­ings, and the Mex­ic­an tra­di­tion of memento mori, and teases out the sim­il­ar­it­ies between these. In the final chapter, entitled ‘Neg­at­ive Cap­ab­il­ity’, he comes to the con­clu­sion that hap­pi­ness includes neg­at­ive thoughts and emo­tions as well as pos­it­ive ones. This is a groun­ded hap­pi­ness, rather than some­thing fleet­ing that depends on one’s mood. This, to me, sounds like some­thing worth­while (and achiev­able).