Where Apple Went Wrong…

A useless piece of junk

People don’t give a shit about things like a “Touch Bar” with emojis and the ability to pay for stuff via ApplePay. People don’t care about ApplePay, or about “eliminating cash”. And, although governments want to eliminate cash for other reasons, Apple is not the entity which is going to do so.

You know what people want?

Good hardware and software that works well.

Honestly, I don’t even think anybody cares whether their laptop is 0.005 inches thinner or 4 ounces lighter, but the ability to have 32 or 64 GB RAM is fucking huge. HUGE, I say.

Also, people don’t really like the fact that new Macbooks aren’t upgradable at all because the RAM is soldiered to the fucking logic board. That really pissed people off, Tim. I have a feeling that you’ll be remember as the guy who ran Apple into the ground. Then again, you’re also gonna be remembered as the guy who took over after the legendary Steve Jobs passed, so that will probably over-shadow any of your other accomplishments anyway.

People want hardware they can upgrade. The ability to add and replace memory modules, the ability to remove and replace hard drives (such as when they inevitably fail).

Nobody wants a fucking touch bar over the ability to have, say, 32 GB ram on their laptop. Great going, Tim, you useless wanker.

The one thing Apple had going for them is that they made the absolute best fucking computers on the planet ldtbaow. And now you’ve gone a screwed that up with your expensive garbage that’s literally tainted hardware. I’d pay money to NOT have a Touch Bar and to be able to upgrade my fucking Macbook without having to… buy another new fucking Macbook.

Here’s another hint: people don’t like proprietary, because it takes away choice. Nobody wants your fucking useless touch bar, or ApplePay. Or your walled-garden of an App Store. In fact, why not let the people decide, via decentralised reputation system (this is coming in the future, BTW), how to rank/rate apps and let them decide whether or not an app is “allowed” on their own device? Oh yeah, because you can’t. It’s in your nature to want full control over everything everywhere, always.

Honestly, the only way to save Apple from its inevitable demise (timeline: about 10 years or so) is to start making solid fucking hardware that people can use and upgrade, and drop the proprietary bullshit (e.g. Touch Bar) that nobody outside of Cupertino even fucking wants. And for God’s sake, don’t soldier the memory modules to the fucking logic board.

What is Docker? (And good luck finding out.)

Here’s an example of how technical people still can’t explain things:

I search for “What is Docker”, and I even get to the “What is Docker?” page on the official website:


But as you can see, I still don’t get a straight answer.

This page tells me what Docker allows me to do … and what Docker containers are… (but I still need to know what Docker is first).

Hint: The correct answer will begin with “Docker is” and then give a simple, high-level statement of what Docker actually is.

Such as: Docker is a virtualization environment for Linux which allows … blah blah.

I’m not even sure if that’s correct, BTW, because the official website can’t even manage to explain to me what the hell Docker is on its “What is Docker?” page.

Oh, and yeah, they should really hire a designer to fix that site.

Update: Well, apparently the people at Amazon know how to communicate a little better than the Docker folks themselves. Here it is:


They even got the “Docker is … ” bit right. How about that.

WordPress 4.4+ — How to Fix the Disappearing Admin Panel in the Post Editor

Well, the geniuses behind WordPress did it again. Enabled a change that Automattic thinks is the latest thing since sliced bread, and forced it upon the entire rest of the WordPress world.

This time, it’s in the form of a disappearing admin panel when you write posts. Apparently everything else is a “distraction”, and when writing, the only thing you should see is your little text box and nothing else. Well, fuck that. It’s annoying, and most of all, distracting! The distraction-free feature is actually distracting the hell out of me and I just want to write my post with a standard static screen with all my buttons and checkboxes that I’m used to.

Here’s how to fix it:

Step 1: Click the “Screen Options” at the top-right of the admin panel.
Step 2: Uncheck the “Enable Full-Height Editor and Distraction-Free Functionality” checkbox.


Open Financial eXchange (OFX) is Broken (Online Banking Security is a Joke)

Hacker Rene

Am I the only person in the world who thinks that it’s utterly ludicrous that we have to give our passwords to sites like Mint.com so they can help us keep track of our spending habits? Surely I can’t be the only one. It’s like giving away the keys to the kingdom.

It kind of irks me a little that if I want to use a site like Mint.com to track my spending habits and help me keep my budget in line, I have to give my username and password over to them.

In fact, the way the underlying technology works, Mint.com must keep our passwords stored in their system. Not just a hash, but the passwords themselves, since that’s what they have to use in order to access our bank account info. They are stored encrypted, no doubt, but the have to be decrypted in order to be used (see below).

Mint.com has worker programs, “robots”, if you will, which log in to our bank accounts the same way we do (well, not really, but I’m simplifying for the general public), so they have to be able to authenticate as ‘us’. But the problem is, those username/password combos aren’t read-only. Mint.com may tell you that they have read-only access, but that’s just not true. Anybody who hacks Mint.com’s database, and is able to decrypt those passwords, has full access to the corresponding bank accounts.

The technology which enables this log-in that Mint.com and other financial websites use, is called OFX, which is short for Open Financial Exchange.

The part that requires the username and password for every transaction is described in the OFX ‘security’ page (emphasis mine, and BTW, what a fucking joke):

Authentication enables the recipient of a message to verify the identity of the sender. For example, a financial institution or third party processor authenticates a customer by requiring the use of a password and user ID with each transaction. A customer’s application authenticates a financial institution or third party processor by verifying the institution’s digital certificate.

That technology was developed about 10 years ago. (The website looks about 10 years old too — just take a look.) We’ve evolved since then. Technology has evolved. Why the hell has the banking system not caught up yet? (Hint: it’s not in their best interests to improve the security of your bank account. They would have to pay the cost of securing your account, while not seeing any reward for it.)

This should immediately set off red flags for any information security professional. An obvious way to mitigate this risk is to simply enable customers to generate a read-only API key on the bank end, then give out that read-only API key to any party that they wanted to share their info with, on a read-only basis. This would be true read-only access. But that is something that banks themselves would have to implement, and they’re too busy raping the general public with ridiculous fees for things like debit cards, and simply having a deposit account in the first place.

The Solution

The solution? A successor protocol to OFX which requires banks to implement read-only API key access, and which can be controlled by customers, e.g. by allowing depositors to generate their own unlimited number of API keys, read-only or not (depositor’s choice).

A standard has to first be put in place. It would specify that usernames/passwords are no longer allowed, period. All account access would be via API keys, which would be generated on the bank end, controlled by the clients (depositors), and either read-only, read-write, or other combinations. They could be extensible so as to plan for the future.

Then, make all the banks follow the standard. Fines of $XX,XXX,XXX per day after a X-year grace period which allows all banks ample time to convert from OFX to the new standard, NOFX (New OFX).

Hell, I don’t know. Just something. But please, do something to protect the people, instead of just considering the up-front cost of implementation. (There are hidden costs of not implementing something like what I’ve suggested, but most individuals and businesses won’t see them until it’s too late).

Note: This solution isn’t going to happen. This is just an ideal scenario. The banking system is going to be transformed, but not from the inside, not by anyone who had anything to do with this. Technologies like Bitcoin and other cryptocurrencies and trustless systems are going to render insecure protocols like OFX useless. The funny thing is, it’s because the current system will never change which is the reason why it’s going to be pre-empted and destroyed. The market will find a solution.

Facebook account deletion link

In case anyone is looking for it:


This is the official Facebook delete account link. You can permanently delete your account by visiting this & entering your password & a (Re-)Capcha.

Be aware that it will be gone forever — this doesn’t just de-activate it. For now, there is still a 14-day grace period, so if you log back in within 14 days, the account deletion request will be cancelled.

Why you should NOT use short tags in PHP

Where’s My Damn Emulator?

So I was trying to find a good SNES emulator for Mac. I read somewhere that Snes9x works for OSX, so I went to the site and then the downloads page to find one to… well, to download. The page started out “Here is a list of all the known available mirrors for Snes9x…”, but then it was an empty list.

I thought of two possibilities. Either the list contains exactly zero available mirrors, or something is wrong with the page. It struck me as rather odd that the site would put up an empty list of download mirrors for its own product, so I did some investigative research to check out possibility #2.

Note that the site is built in PHP. Here’s the non-hyperlinked URL for the downloads page: http://www.snes9x.com/downloads.php

Here’s a snippet from the page source:

Here is a list of all the known available mirrors for Snes9x. If a mirror is
not listed on this page, it either does not exist or the web peon doesn't know it exists.

Notice the foreach loop and the stuff? That’s the culprit.

PHP – A Short Word on Tags

PHP “tags” are opening and closing bits of code that let the machine know when text should be evaluated as PHP code, and when it’s not code (e.g. just “normal” text).

This is a standard opening PHP tag:

...and this is a closing tag:

The idea is that everything in between the opening & closing tags is evaluated as PHP code & executed (in this case by the web server).

Also, note that when viewing a site built on PHP, you will never be able to see the PHP code! The web server will execute that code, then spit out the results to your screen. The results are what you see, only after the code is executed. Enter short tags...

Short Tags Suck Ass and Should Die

Remember the standard opening tag in PHP? Well, one day some genius came along and decided that he could save a whole 3 fucking keystrokes by just removing the letters "php", so the optional "short tag" was invented. Now, "<?php" could be shortened to just "<?". Absolute genius.

Then he decided to improve upon that and add the "echo shortcut", which is just the short opening tag followed by an equals sign. It's used like the echo function.

Here's the standard opening PHP tag, echo statement, and closing tag:

... and for comparison, the echo shortcut:

The problem is, not all servers support PHP short tags. So code that's working fine on one server might break when moved or copied to another server. Or maybe the sysadmin decides to disable short tags for whatever reason. Or a new version of PHP is installed.

Then crap like the above happens, and Nathan doesn't get his list of download mirrors for Snes9x, and the world is a bit worse of a place in general. Don't be an asshole. Don't use short tags.

Also, I've written a script (in Perl) called php_fixxer.pl. If you have PHP code with short tags, please backup your code, then download this & run it on all your code. It's called "fixxer" because if it has short tags, then it's as good as broken.

Oh, by the way: I'm not responsible for anything you screw up with this script. I told you to back up your code anyway. I do, however, accept full responsibility for any and all productive enhancements made possible by use of it.


Oh yeah, back to the above site... the page pretty much works, just one part of it is broken. Unfortunately, it's the part that's the reason for the existence of the page. Since this is the only PHP code that I am able to see from my browser {see note above if that doesn't make sense}, that probably means:

1) The whole file doesn't make use of short tags, just some of it.
2) If they convert these to standard PHP tags (no shortcuts), then this page should start working again, and I will be able to see my download mirror URLs.

Greasemonkey script to remove ‘Who to follow’ box on twitter.

Note: It’s now April 2015. This is really old & probably won’t work anymore. But I don’t like removing old content, so I’ll keep this post up anyway

Here’s a Greasemonkey script to remove the “Who to follow” (aka “recommended users”) box on twitter.com.

It’s annoying as hell and way too facebookish.


// ==UserScript==
// @name No Recommended Twitter Users
// @namespace http://ngmarley.com/
// @description Remove 'who-to-follow' box on twitter.com.
// @include http://twitter.com/*
// ==/UserScript==

function disable() {
location.href="javascript:(function(){ $('#recommended_users').remove(); })()";
window.addEventListener("hashchange", disable, false);

Or just get it here.

If it doesn’t work, let me know & I’ll try & fix it or something.

photo credit