Just hit a weird problem on my iPad: trying to install an app or upgrade existing apps resulted in a mysterious "Error 1004". Apple's official help is useless and the user forums are full of amusing cargo cultism ("reset your time zone!")

The solution seems to have been flushing Safari's cookies. Or maybe its cache or history. One way or the other, the iPad App Store had the wrong idea about my login. And now I have to log in to everything again.

The Internet is at a dangerous inflection point. Facebook Connect is quickly creating a monopoly on identity. Sites are increasingly requiring Facebook logins now: Techcrunch comments and turntable.fm early access are two examples. And many more sites like TripAdvisor now promote Facebook over their own logins.

As a user the Facebook Connect experience is great. I see a familiar blue button, I click it, and I'm done. No creating an account, no coming up with a new username and password, no entering specific data. And it's not just a login, many Facebook integrated sites give me a better experience with access to my Facebook social network. For site owners the advantage of Facebook connect is clear: good user experience, less code to manage, and access to Facebook data.

The problem is that Facebook is creating a monopoly. That's a huge risk to every other company on the Internet. It's bad for users too, we're losing the ability to use pseudonyms online. And while Facebook's technical execution is excellent the company has demonstrated over and over again its willigness to act unethically towards their users. We don't want them controlling user identity.

There is a terrific technical alternative to Facebook Connect: OpenID. The tech works well and it's open, letting users and companies choose their identity provider. But despite some four years' headstart it's never succeeded in being adopted widely like Facebook Connect has. And while I like competing login systems like Sign in with Twitter, identity is too important on the Internet to let any proprietary solution dominate. Our ecosystem needs a productive open standard. I still think OpenID is sufficient, but I'm in a dwindling minority.

Apparently it's news to almost every web developer out there, but in the real world people's names have spaces in them. My name is "Nelson Minar". It is not "Nelson_Minar" or "NelsonMinar" or "NelsonM" or "Nelson397" or any of the other nonsense I have to use to work with some website who's decided to constrain names to some 1980s software-friendly character subset.

The hardest part of signing up for a new site these days is picking a unique user name. It's annoying to have to remember different names. And it's really obnoxious when my janked up UserName is also used as my display name. The right way to do logins right now on the Web is use email address as the login name and let the user choose their own display name which does not need to be unique. That's not ideal (email addresses can change) but it works pretty well. If you absolutely have to not use email as the login name, please at least let my login name have a space in it.

While I'm delivering the news, here's something for you ignorant American backwoods motherfuckers. Some people's names have "special characters" in them. Like François Rabelais or Björk Guðmundsdóttir or 艾未未. It's 2011; the only software that can't handle Unicode properly is Perl. (As if you needed another reason not to use Perl.) Stop limiting your code; there are only two languages that can even be written in ASCII.

Another Sony hack yielded a database of 1,000,000 plaintext passwords. Why does Sony have plaintext passwords? Because they're idiots and deserve to suffer a civil lawsuit. But Sony's negligence is security researchers' gain: check out this analysis of the password haul. The most astonishing result:

Two thirds of people with accounts at both Sony and Gawker reused their passwords.

Passwords are a broken mechanism of authentication. They are weak, dangerous, and difficult for naïve users to use correctly. It's time to end passwords.

The US military is on the Internet march. Obama said of two new military appointments "Between them they bring deep experience in virtually every domain ... Land, air, space, sea and cyber." Also today the WSJ reports "The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force."

I used to think "cyberwarfare" was an inflated threat. But in the past couple of years my thinking has reversed. Stuxnet was a big deal, presumably a deliberate act of cyberwarfare by the US and Israel against Iran. China's hacking of Google was also a big deal; aimed at individual activists, not nations, but still important. The recent attacks against RSA SecurID and now Lockheed Martin are troubling. We're beyond script kiddies stealing some Warcraft accounts, this is focussed espionage against the US military.

One of the problems with cyberwarfare is it's not clear how to apply international law. What is "proportionate response" to a network break-in that disables a radar installation? How do you even identify an attacker when the attack was a virus that was planted six months ago on USB sticks? These statements says the Pentagon is moving to take these questions seriously. It's about time.

There's a scary trend happening in computer hacking; it looks like the bad guys are escalating from attacking random weak sites to targeted attacks against companies that provide security infrastructure.

Back in March RSA disclosed that they had been compromised and their SecurID system had been targeted. SecurID is a product that's widely used by companies for login security. RSA never came clean on exactly what happened, but they did admit that the incident could "reduce the effectiveness" of SecurID. Now the other shoe has dropped with the NYT reporting that the recent Lockheed Martin compromise appears to be related to the RSA breach.

In May LastPass warned users they had a "network traffic anomaly" that they could not explain. LastPass is a password management tool that stores their customers' passwords. The company's disclosure was quite comprehensive but vague because they don't really know what was taken. I still trust them, but it makes me nervous.

There's been a lot of other recent high profile security incidents: the Gawker fiasco, the Google incident with China, the Sony outage. But the attacks on RSA and LastPass feel different. Those companies are not easy targets, they are sophisticated security companies. And they make security systems, a very valuable asset if you're in the business of attacking protected targets.

The buzzword for this kind of attack is Advanced Persistent Threat. The reassuring thing is these attacks are focussed and purposeful, not random vandalism. Personally I fear random Eastern European password hackers much more than I fear the Chinese government or a US / Israel cooperative. But it's a bad thing if our industry's most sophisticated security companies are no more effective at protecting their customers than a crappy PHP site.

Any language compiler or runtime that requires me to manually optimize out the length of an array when iterating said array is not worth my time to program in.

I'm looking at you, ancient C compilers. And you, Javascript. Particularly you, shame on you for not having a humane syntax for iterating over collections.

I'm assuming V8 and any other modern fast Javascript runtime can handle figuring out that the array length isn't changing inside the loop. Boy, I sure hope so. I've got better things to do than program in assembly language.

I keep seeing this icon in software: Wunderground, Google Docs, random Mac and PC apps. I can tell from context it must mean "save". But how does a line drawing of a house with a giant window above the garage mean "save"? Is that blue square my files, stored in a box in the garage? And why is a corner of the house missing?

For that matter, why am I manually saving data anyway? Maybe this icon really means "publish" and the blue square is the printing press in my garage.

Minecraft has been a huge indie game success, some $12M in sales. There's an enormous modding community for the game: new creatures, a complete magic system, better lighting, server management frameworks, etc. All sorts of creative mods. Here's the crazy thing: all these fans are studying and modifying obfuscated code.

Minecraft is Java, obfuscated with ProGuard. In response the Minecraft developer community has created the Minecraft Coder Pack. MCP decompiles the code, maps symbol names to something meaningful, and spits out editable source. It even has a handy re-obfuscator so your compiled code is symbol compatible with the official release. It's a remarkable piece of work to enable fans to modify a game they love.

The mod community is clearly good for Minecraft. The game is notoriously buggy and the development team is small, so the community fills in gaps. For example, server management: hMod and its successor Bukkit are essential for public servers to protect from griefers. The various game enhancement mods serve as a testbed for new gameplay ideas. The developer team is even taking patches from modders, for instance fixing a ridiculous variable swap bug. I can't think of another example of obfuscated software being so heavily and publically modified.

So what benefit does the obfuscation give? It clearly doesn't keep the code secret and I doubt it helps stop people from avoiding paying the 15€. What obfuscation does do is set a very clear legal barrier to anyone legitimately modifying the code. The mod community is kept off balance, in a sort of unstable detente where they're officially discouraged but also productive and vital.