Two years ago I boggled about Microsoft Photosynth but have not had opportunity to play with generating a synth before now.

This weekend I decided to give it a go at the more unusual BarCampBrighton4 venue. I followed the Photosynth tutorial with a few alterations to cope with dividers. The resulting synths are…

• Ground Floor
• First Floor
• Basement
• Yard
• Out Front

They may not be perfect, and I have learned a few things from the exercise, but I remain impressed with the technology. Please let me know what you think and think about having a go yourself.

Thank you to Martin for lending me his machines to do the uploads at the venue as the Photosynth software will not run on my Netbook.

In the past I found Plaxo very useful. It started life as a contact manager where you stored the contact details for business and personal use. It’s unique selling point was that your contacts could update there own details once for all Plaxo users, so to update your list you just need to click a button to accept the changes.

This was fairly useful, and it became more so and more of my contacts started using it. It took me a while to trust the site, as it does with all sites that hold personal data, but I do trust it as much as I do any other online service.

It also had the advantage of syncing contacts and calenders between Outlook, GMail and many other online services. While friends were using many services to sync there contacts and calenders I was using just Plaxo with one plugin. I did start to write a blog post about how great this was, but like so many I never got round to finishing it. Sorry.

Then at some point Plaxo realised that they had the backbone of a Social Network, and created “Plaxo Pulse” that brings all your content in to the Plaxo interface. In some ways this is nice, and optional, but not something that was useful to me or the Plaxo user base at the time.

Sadly with next to no notice the syncing with Outlook has been made a premium service, so will need playing for. There is nothing for nothing and the site does need to make money to continue, so I will not complain about this, but I have decided to move away from Plaxo as it is no longer of use to me. I have decided to use the contact management in GMail for now that can be synced to Outlook using a free app.

I will continue to use Plaxo to sync with other “backup” online services (Yahoo and Live mail for example) for the moment as there is no reason to stop. I will let Pulse continue consolidate the rest of my feeds for the same reason, and one friend prefers to consume it that way. Sadly though I do feel that today is the day I regrettably stopped using Plaxo.

Last week we all turned up at the Guardian offices for Music Hack Day not quite knowing what to expect but prepared for most eventualities. I still did not know what to hack together and no one I knew had any real ideas yet.

There was not really an opportunity to find anyone else to do something with so I decided to do something with my old WaveFinder DAB radio, possibly doing something with RadioDNS and linking it to some of the sponsoring online services. Unforchantly a couple of hours later I still could not get the hardware working on my laptop so decided to play with the Arduino and make some kind of music machine as a learning exercise.

After a lot of fiddling, scavenging, stripping wires, battling with wifi, messing around with hardware, lots of chatting, a late night visit to Avenue Q, some Geocaching, three hours sleep, and drinking lost of tea the percussion machine was born.

At the end of the event I had the device using a couple of servos to play some bottles, a cup, a bottle-top maracas-tamborine-like-thing, and a can. The creation was not a practical hack, but something to learn from while I was creating it, and an excuse to be a little silly. I think the Guardian article sums it up well. I quote…

Come 2pm on Sunday, we gathered to see what people had come up with. Now, some of the presentations were a little – how can I put this – impenetrable for a non-techie like me. Others, however, seemed happy to admit they’d spent the night messing around on a project for no other benefit than their (and our) own amusement (step forward the Percussion Machine, a hardware hack using an Arduino microcontroller that involved turning some empty beer bottles into a drumkit).

I did not take the presentation overly seriously but everyone appeared to enjoy the stupidity of the creation. There were also a lot of great hacks that I enjoyed and are worth a look though. In the end I was awarded a prize by tinker.it for being so creative in using things around us to build the machine with, that was nice. :-)

This weekend is Music Hack Day in London, an overnight hacking event help in the Guardian offices, London. If you are wanting to take part I believe there are still places remaining.

I must confess that I am not really feeling the event yet, probably because of the lack of communication and no real online buzz, but hopefully I will spring in to gear when I am surrounded by fellow coders and geeks.

What I do not have at the moment is any idea of what to develop. Do you have any ideas or have you gut a team that would benefit from my skills? If so please let me know. Remember it needs to have a music element to the idea and use an API from one of the sponsors.

Ps. If you are an organiser then I have been trying to get in contact. (please please can you get in touch).

I thought I would mention the “Soldering iron incident” and the Open Hack Day London power cut that I kind of accidentally caused.

Stupidly I thought it would be one of those things that would just get forgotten about, but I was wrong, so I might as well say what happened.

So, there was less than two hours of hacking time remaining at Open Hack and we had a working prototype. We just needed to tidy some things up and prepare the presentation. Our hardware hack was using an Arduino with a borrowed LCD display shield, but this was being powered by a laptop. Rather than plug the device in to a laptop, that would not look impressive, we decided to knock up a battery adapter for it.

While Nigel went to practice with the iphone orchestra for there upcoming performance I nipped down to Maplin and purchased a few components and a battery. I borrowed a soldering iron and went back to our base to plug it in.

When I plugged in the soldering iron the plug lit up white, there was a poof like sound, and everyone’s power went off. Most people did not notice straight away as they were using laptops with batteries. It turned out that everyone who was plugged in to this distribution point, that was most people, were affected. Fortunately the wifi was unaffected so I was not killed dead by fellow hackers.

I still maintain that this was not really my fault. Soldering irons use around 40W and most are none inductive loads, while the average laptop uses 75W and is an inductive load. After further investigation the fuse in the soldering iron was dust and we suspect there was a short in the device it’s self.

Anyway, I am now getting presents from fictional ducks and competition rules are being amended for me. In short I don’t think it matters if it was my fault or nit, it is a fun memory to have a laugh at and I see the funny side.

Photograph above was taken by James Broad and kindly licensed under creative commons.

At BarCampLeeds2009 I decided to chat about multi factor authentication and what we can do ourselves now. I will summarise my waffling here.

Multi factor authentication combines multiple factors to be more certain the person trying to log in is the person who should log in. Traditionally one factor of authentication is use, that being “something you know”, otherwise known as a password. Other factors include “something you have” such as a key, or “something you are” such as a fingerprint.

A multi factor solution that is being used by many organisations is a “something you know” and “something you have” combination. This is a really good combination in my opinion. Although I question the neutrality of many of the surveys I agree the biggest threats to accounts being compromised at the moment is malware capturing passwords, or social engineering where a user is persuaded to revel there password to a person or a fake web site. Using a physical “key” means that even if the user’s password is known it can not be used without the key.

So, how do you use a key on the Internet? There are a number of ways of doing this, but they all revolve around the concept of having a dynamic password that is used once. The device shows a pseudo random code that is unpredictable by anyone without a secret know by the key and the server, this is entered in to the web site by the user, and the server compares the code with what it was expecting.

The code has to change and each code should only be used once, but this can be changed in several ways. One solution is to have a timer in the key and change the code every 30 second or so. Another solution is to have a button that changes the number each time it is pressed and the server remembers how many times it has been pressed. The latter solution can be easily implemented on paper.

As part of Open Hack Day London 2009 we developed a open source security key.

One thing you can do at the moment is pay only £3 and buy a Pay Pal security key and I do recommend you do this. This generates a new number every 30 seconds and you enter this in addition to your password when logging in. The key is automatically linked to your PayPal account and you just need to activate it, and you can also attach the key to your ebay account so you can use it on that as well.

If you have a modern smart phone then you may be able to install the software version of the security key for free, but I am willing to pay £3 for the convenience of just pressing one button on my key ring rather than faffing around with the mobile. You can associate a phone and several keys with your PayPal account so you can use both, but only one device can be used with your ebay account at any one time.

The same security key can be used on any VeriSign VIP Network member web site in addition to PayPal and ebay. One of these members if VeriSign Labs. This is usfull because VeriSign Labs have a product in beta called Personal Identity Portal (PIP). This is an OpenID server and a service that stores you passwords and will log you in to a service without you having to enter your password. Although the latter requires a browser plugin to be instilled, and I believe the password may still be discoverable by some malware, it does remove the need for you to type in a password.

All these solution have a backup path to log in, so it you loose your token you can still log in. This is useful if you loose, forget or break your key, but it does lower the security to the security the lowest link.

Finally some people who arrived late to the discussion wanted to know what the relevance of the model train was. There was no link, I just wanted to play with the train. :-)

If you are a twitter user you will know the convention of starting a tweet with a @username to reply to another tweet. More recently Twitter has included a form of threading so you know exactly which tweet you were replying to.

Things were going well until Twitter introduced a now little tweak.

As things stand now Twitter is kind of broken for the way that many people use it. Users, and a lot of users, have made it clear that they are not happy by tweeting about it and tagging those complains with #fixreplies.

I have a suggestion though that will get us thought the problem now. Instead of using a “@” symbol we use another one. After a small discussion (that we might not have seen all of because of the small Twitter tweak) we decided on a “/@” symbol. So if you are annoyed by the change please start your tweets with a “/@” instead of a “@”. Remember NOT to use the reply button.

Yes it is a step backwards, but hopefully it will be temporary. The new threading will obviously be broken by this. Also many client apps will not work as intended either. Sorry.

If you like the idea then please tweet about it.

Update: Following Twitter noticing the unhappiness they have tweaked the system again so that starting a tweet with an @ will not cause a tweet to be masked from others. So we have the choice of many followers missing our replies, or loose the threading.

I think the interesting comment in Twitters response was that the original functionality did not scale. This fits in with the way I presumed Twitter was functioning under the bonnet.

Despite suggesting many projects for Open Hack Day, and mulling over many more, I had a brainwave while driving down south last night. I was listening to pod casts thinking about logging in more securely on public computers, and then the ideal project sprung in to my head. Why don’t we create a hardware security key based around a simple micro controller that adds another variable authentication factor. This way even if a key logger gets your password they can not log in.

We have technology like the PayPal security key, and you can use this with Verisign Labs Personal Identity Portal and OpenID to log in to your serice. There is also a decent open paper based solutions with Perfect Paper Passcards.

I can see several potential deliverables in this project.

* The hardware

A device that gives the user a set of letters to type in to log in. The number needs to change (obviously) but this can be done using time, a sequence (by pressing a button), or some feedback from the computer. I am keen to look at visually transmitting data to this device from the PC screen using just light. The hardware will have a shared secret with the server.

* The mobile app

Same as the hardware, but implemented in code on a mobile phone.

* The client libraries

The code that indirectly interacts with the hardware.

* The example implementation

An OpenID server that uses the client libraries allowing users to log in to any service using the hardware.

So that is it. Do you want to help?

In June 2007 I attended the BBC/Yahoo London Hack Day at Alexandra Palace where I teamed with this Thom and others to create a socially controlled blimp. In 2008 I attended the BBCs Mashed (sort of like Hack Day, but because of the unique way it is funded and all that) where Ewan somehow persuaded me to code a flight simulator in PHP. Regardless of the name, all these events are a chance for us geeks to get together and build something in 24 hours.

In 2009 it is Yahoo’s turn again with Open Hack London in Covent Garden, London. I have a place and I understand there are still some places available. The question is how can I surpass the awesomeness (or is that shear stupidity) of past events. I have a few ideas.

1) The most useless idea is inspired by Is it Christmas, but instead of looking out the window you can go to “Is It Wet”, have your location predicted, the weather forecast consulted, and you informed about any rain outside.

2) Slightly more serious is to produce a hardware navigation system for web sites to increase accessibility, and to simplify the user experience.

3) Finally a profile system for BarCamp attendees to put us in contact with each other.

Are any of these any good? Have you got any better ideas? I really want to do something with hardware but am struggling to think of a good idea that can be done in a day. Help!

Ps. Ewan, the answer is no. I don’t care what you say or how you say it, this time I am not going to be fooled in to doing the imposable. Just no. ;-)

Pps. If you don’t fancy a full 24 hour hack Moo are holding a one day event (at the same time, Doh!)

Ppps. Ewan, I have not changed my mind. The answer is still no!