Referral links

Unlike other ads on this page, the two links below are to services I use - if you're looking for a new SIM or broadband connection I can personally recommend them, and these are specific referral links that I can get bonuses from if you sign up, so please use them :-)

Get a free giffgaff Sim Broadband from £5.99 a month with an included wireless router when you sign up to Plusnet - terms apply

Wednesday, 29 February 2012

Raspberry Pi - a botched release?

[Short link to this article if you need it - - or retweet me]

Let me start by saying I'm a big supporter of the Raspberry Pi project and have been following it with a lot of anticipation for a while, and I love the goals of this project and what they've done so far. Technically I think it's brilliant. However I'm afraid to say that the release of the first batch of devices to the public hasn't really gone as expected. It's also worth pointing you at the OSNews article which is very positive to the company, and less so to the two distributors.

They had said earlier in the week that they were going to make an announcement at 0600 GMT today (29th February 2012) and indeed they did - they changed to a static page (which stayed up - yay!) telling people that two distributors, the well known RS Components (Current Pi link is here) and Farnell Electronics (link here) were going to be shipping the first batch of 10,000 model B boards between them. The message said:

"We have ensured that both RS Components and Premier farnell will be taking preorders from the start"

Possibly not too surprisingly, despite Raspberry Pi taking steps to use other people for the ordering, and pre-ordering both servers were horribly unresponsive at 0601. RS was better, but when you got through it only showed a "Register your interest" page, no way to place an order (or pre-order). Despite this, there was a claim that "If you're only seeing "register an interest" on RS's site, you're on the wrong page" Now the instructions given (because Raspberry Pi seemingly weren't given the site's product' codes) were to "search for raspberry pi" ... something that appears not to have been tested before the message went out. For that reason I can't completely exhonerate Raspberry Pi for the ... well ... fiasco seems the best word.

Now I'm sure the conflicting messages were unintentional rather than intentionally to deceive, but it does point to a bit of a discrepancy between what they have publicised and what the message is from RS. I have no idea if it was a lack of communication, or a mistake on RS's part. I can only assume the former since it didn't get rectified. It did seem that Raspberry Pi weren't happy about it though. And at least one person who got hold of RS on the phone was explicitly told they wouldn't be taking pre-orders, and others were told by the suppliers that they wouldn't ship to individuals - again contrary to what Raspberry Pi were expecting.

What really concerns me is that many of the first batch of units won't go to the expected recipients (developers, and those who understand what it is) and with all the hype and interest today it's going to be less likely to determine who is a "developer" as opposed to and end-user person, but some of the publicity coming out to those who didn't know the history was along the lines of "Here it is running quake3 and acting as a media centre for £22" without the appropriate disclaimers:
  • Quake3 was specifically ported to ARM, other games won't work in the same way out of the box
  • The XBMC distribution shown as a Raspberry Pi Media Centre isn't yet available and the hardware only has the H.264 codec. Granted it's very widely used, but you can't consider it as something that can replace a normal media centre PC at present, especially given the fact that the CPU is relatively slow.
The Daily Mail referred to it as a "credir-card sized Wi-Fi gizmo" (it doesn't have wifi) It ended up on the HotUKdeals site (this thread, which has been flagged as spam and removed a couple of times now) with a load of people who clearly didn't understand what it was. Plus the site's generally supposed to be for special offers, not a device being sold at it's retail price... I just hope that those sorts of people aren't ones who were trying to buy them. I tried posting a comment on the HotUKdeals thread to clarify things since there was clearly a lot of unreasonable hype:

Please, everyone, bear in mind that unless you're a developer or have a proper use for it, then it's almost certainly NOT worth getting one of the first batch. Expecting this to suddenly be an answer to all your media center prayers is likely also naive - it's not going to do that straight away, and for one thing there will be very limited codecs available for it's hardware acceleration ( will include H.264). Also, other than the video decoding, it won't make for an especially fast "PC" - you're looking at the level of something from possibly about 10 years ago.

It's also, to make this clear to people who don't get it, NOT AN x86 SYSTEM, so it will not run x86 software. You will need ARM specific software. Unless you're interested in getting your hands dirty, it would be better to wait until there is more software available for it.

As per a previous post, I'm saying this to stop people expecting a fully functional boxed system from buying the damn thing and realising they can't do anything, and dumping it in a drawer. Let the people who will write the software get the first batch, then see if it's worthwhile getting one later.

It's also NOT a limited deal - there's just a limit on the first batch, so what the heck it's doing on here in the first place is a bit of a mystery.

And later on I posted again:

Please folks - if you haven't read my post on page 3 of this thread ... it's not an x86 PC. It's not going to run your windows games (Quake3 was ported to ARM), you can't stick a PC video card into it, XBMC has been shown working but there isn't an AVAILABLE distribution for it yet AFAIK, the video codec support is limited to H.264, and the original description on here says it has built-in wifi, which it doesn't. Also the price is the STANDARD price which you'll be able to buy from later as well, this is not a limited deal other than the first batch being 10K units. And it's JUST a circuit board with no power cable/case etc.

Don't order from the first batch unless you have a clue what you're getting yourself into. You're not going to suddenly get an amazing media centre by the weekend if you order this. Let the developers take them, and be able to use them.

I want the first batch in the hands of real developers who will play and make this do the stuff that everyone else wants. I suspect we have more than just developers trying to get the first batch, some of whom quite possibly either just want to make some quick money by reselling - which I feel is disgusting behavior towards a company registered as a charity (there's still no word when the first batch will actually ship, or when the next batch will be, which means anyone who hasn't ordered doesn't know if they should pre-order with Farnell, or wait for RS's allocation from the first batch) or they soon will realise, due to the things I've mentioned, that it's useless to them and stick it in a drawer when a real developer could have had it. I see one person, who I can only consider to be a waste of human molecules, has put up a batch of 10 they don't yet have for £95 each on ebay.

In fairness, there's no question that this launch has generated a lot of publicity for the device, which is great, although it means that when RS do start shipping it will probably have even more interest than this morning. Whether that's a good thing is probably still up for debate (who will be buying them?) but I still believe that the initial intention of getting the first units into the hands of technical developers is absolutely right, to get it ready when more of the end users get hold of it.

I still love Raspberry Pi - the device, the philosophy, and the goals, but this release has been a bit of a mess in terms of expectations, so I hope they'll learn appropriate lessons and get the distribution/publicity sorted out from now on, otherwise it won't do the company's reputation a lot of good. I wish Pi the best of luck. Maybe the warm-up to the release announcement was too much (which is how it ended up with the wider publicity beyond the technical community) but that's easy to say with hindsight. Then again, if you take the approach that "all publicity is good publicity" then it's far from a botched release, and being able to say they brought down two large electric component supplier's web sites sounds impressive.

I'll now get off my soapbox, and wait until I can get my Raspberry Pi :-)

Tuesday, 7 February 2012

Should there be a license for online credit card use?

[Short link to this article if you need it - - or retweet me]

Since this is "Safer internet day", one thing that always surprises me is how many people use their cards online without properly understanding and appreciating the implications of security and encryption online. I've mentioned issues with SecureCode/VerifiedByVisa before and a lot of people don't even do security well enough to get to the issues I mention.

Let's take one example of SSL certificates. What would most people do when they see things like this dialog?

I suspect most end users would just try and find the most effective way to dismiss the dialog i.e. accept the invalid certificate - and firefox doesn't help by having the "always accept this certificate" checkbox selected by default.. Which is exaclty the sort of thing that leaves you open to talking to a different server from the one you think you are. How many people would actually know enough to even tell whether that meant he certificate had expired yesterday as opposed to just being a self-signed certificate, or not for the server it claims to be? What would your friends do if they hit this?

I'd almost like to see a "license" for online credit card use. Something that would cover things like these:
  1. Making sure that when you do type your card numbers online, it is to a secure site.
  2. Proper use of 3D-Secure (SecureCode/VbV) including checking your pass phrase and checking the oft-used IFRAME's certificate (Needs browser support - have you tried this on anything other than Chrome?) and verifying that the challenge is coming from a known server.
  3. Understanding the importance of NOT accepting invalid SSL certificates, especially for financial transactions
It will be the subject of a future blog, but HMV's web site in particular really annoyed me by having the VerifiedByVisa and SecureCode logos on their web site, but I was able to check out without being challenged by SecureCode. That to me is under the category of "not taking security seriously". If I can't trust you to tell me what security measures you have, why would I trust you with my details?

Perhaps such an "online security competence test" could be administered by a combined Visa/Mastercard partnership, as they are the ones who could block transactions from unapproved buyers using their cards. Granted, it could be seen that this would be a way of reducing liability on their part if it was used to shift blame for any violations onto the end user, but I do believe it is important for people to understand the risks of shopping online.

I would almost go as far as to say that online security of the form listed above, including basic SSL understanding, should be part of what children are taught in school. If they're given the proper grounding, then perhaps have the schools help people take the tests described in the previous paragraph, then online security would actually be more than just lip service. The tools are mostly there to stop you doing stupid stuff, it just needs a bit of education to avoid problems.