Category Archives: Retelling

Retelling, Secure things

Things which were not on my 2025 bingo card

The Club

This year I got a Community Star on the and for supporting your fellow community members with your positive Club of Ministry of Testing. “Thank you for creating a helpful community vibe contributions.”

A kind reminder

I also got a friendly reminder, that I was 20 years on LinkedIn.

Boat magic

For a special project, I made a steamboat from modelling balloons.

A guided tour

In Spring I took the first official Keukenhof guided tour for blind and visual impaired people. The most facts I remembered afterwards were about the trees in the park. Of course, there were flowers, but somehow the guide had some nice tree stories.

The tour was in Dutch and I bought the tickets using a special email address. Let me put it this way: it is not possible to get a private guided tour in English.

A thing to avoid

Kissing my wife while reading braille has its advantages, until she noticed it. My marriage advice to braille readers is not to move your fingers over braille, while kissing your partner.

Showing attention

During a conference, I was offered a program in braille. My first reaction was to leave it on the desk, but I took it any way.

During the last lecture, I got bored and looked at the rest of the program. I heard every word, which was spoken, and looked at the speaker.

Blogging along

This year I wrote some blog posts how to take over an account. The blog posts are based on my experiences. The first blog post starts with the basics. 

Thinking along

This year I tried to help my kid for a school assignment to hack a vulnerable website of a teacher. My contributions were not great despite some experience finding security issues.

The Club again

The Ministry og Testing also gave me a badge names Glossary Contributor. “Your insights are shaping the language of testing. Welcome to the Glossary Contributors”. I had written about accessing private documents using a browser.

The same dish

This summer I ate fish and chips in Volendam.  The previous year I ate it in London.

Another guided tour

The European Juggling Convention provided a special tour for blind and low vision people. The were several workshops, followed by the Gala Show. During this show, there was a commentator, who told what happened on stage.

How I stopped worrying about literature

In the summer, Time for stories started in my local library. The facilitators was the first couple. During the sessions small pieces of stories  and poems are discussed,

 Social media attention

The mayor of Gouda wanted to share a picture with me and other people on LinkedIn. We didn’t have to say cheese. So, I do not need to use a bad pun.

Changing the odds

For the first time in my life, my team won a pub quiz including a section about braille. This was my second pub quiz. Currently, I have a 50 %chance to win a pub quiz.

Teaching again

In November I became a language coach. It is challenging to teach people to speak Dutch.

Learning, Retelling

Things which were not on my 2023 bingo card

  • I got a badge for a popular link on the Club. This means that a link suggested by me, was clicked at least 50 times.
  • And a a second popular link.
  • The last years I gained a lot of experience with Exploratory Testing. The elements used were also applicable for maintaining my mailbox settings. I might call it Exploratory Maintaining.
  • This summer I was on a fishing ship where a dragnet was used for educational purposes. The catch was discussed and thrown back in the sea. During the same trip I saw a seal.
  • This year I started to listen to the spoken books of Ranger’s Apprentice. It gave me something to talk about with my kids. I could ask about honey in coffee.
  • This spring I started to read two books at the same time. This led to the following coincidence. In an audio book Maddy is exploring hostile grounds, while Will Treaty is distracting people. In a braille book Mary Russell is exploring hostile grounds, while Sherlock Holmes is distracting a group of people. Both ladies accomplished their mission.
  • One moment I was reading a braille book and the next moment I was using a bow and arrow. My kids paid attention in case I missed something. I mean the right target.
  • This year I received my first braille letter.
  • This autumn I was invited to talk about accessibility. It was for board game developers during a board game developer meeting.
  • The post delivered one of the biggest books I ever ordered. It was more than 40 centimetres thick. Braille tends to take up a lot of space.
  • This year I got an invitation for a birthday party for a foundation. I was addressed as one of the founders. This might be something for my LinkedIn profile.
  • That founder story made me thinking. If I was a member of the first board, then I was a founder. I remembered another foundation with a first-time board membership from my side. So, I could update my LinkedIn profile with a double founder title. As a Dutchman I declined to do this.
Privacy, Retelling, Secure things

Minimal Viable Authentication: usability versus security

Trigger warning: stalking.

For the following stories I am using the imaginary VIP Cinema again instead of the real app. This way I can freely write about my experiences without naming the actual app.

Usability is king

The VIP Cinema app offered his clients a discount for parking. This service appealed to me. So, I contacted the customer service and got a power of attorney number. On request I had to mention the number to get my promised discount of 50 percent on parking.

After a while I wanted to reserve my parking without calling the customer service. There was a simple solution: a parking app. I installed the app and had to register. The first thing I did, was to have my power of attorney number ready.

The next step was to enter my email address and a password. Then I had to verify it by clicking on a link in an email. A dialog asked for my membership number of the Cinema VIP App. Then I opened the app and found the number.

I received an email to verify my email address for the parking app. After clicking a link, I had to enter my VIP Cinema membership number. The next moment I could reserve a parking place for my car without entering my power of attorney number.

The registration was smoothless and it saved me an extra step of entering another number. I really liked this experience.

Security is pauper

”I want to show something to you.”, I told another computer software professional.
“Here is my mobile. The Cinema VIP app is open and shows my membership number.”
I got a nod.

“Now I am going to the website to register a new user id and password for the parking website.”
Another nod followed.

This looks familiar

Then I entered a new email address and password. After clicking the link in the mail to verify my email address I asked him for my membership number. While he was citing the number, I entered it in the requested text field in the dialog,

 “Let us see what kind of information we can get based on this single number.
You can see where I live. This information is needed for billing.“

Worth noting

“Let’s have a look at my parking history. This is the parking I used every other week. This is an interesting pattern. Last week I parked there. So next Friday I will probably park the car there at 7 pm.”

Let me guess

“There is a high chance, that I visit a cinema close to this parking. The discount is offered by the Cinema VIP app. Notice that no power of attorney number was asked. This would improve the security.”

All that being said

“Even worse: I did not get an email that another account was coupled to my parking account. I refreshed my inbox: no mail was found about the double registration.

Certain social media apps inform me directly, if my account is accessed from an unknown device. But this was not the case for this app.”

This time I did not get a nod, but an astonished face.

Signals of poverty

When I phoned the customer service of the parking service, no power of attorney number was requested.

During this phone call there was a check of my birthday, my zip code, and my house number. These can be obtained using social engineering or extracting private information without getting attention.

This I Learned

Authentication is about making sure that the right person gets access. Some shortcuts can have severe drawbacks.