Everything, Everything - February 2007

2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Staying Healthy
Wednesday 28th February, 2007 14:18
I'm doing my bit, trying to stay healthy by avoiding vitamin pills. It seems that vitamin pills taken to fight disease may actually increase the risk of death! It has previously been alleged they helped protect against heart disease and cancer, but scientists in Copenhagen said the antioxidants "significantly increase mortality".

Critics said the finding was based largely on studies of people who were already chronically ill before they were treated with supplements. The study related only to synthetic supplements and not to fruits and vegetables, which are natural and contain less concentrated levels of antioxidants. Researchers did not pinpoint any biochemical mechanism that may be behind the increased death risk. But it may be that "by eliminating free radicals from our organism, we interfere with some essential defensive mechanisms," the study concluded.

Antioxidants are believed to fight free radicals - atoms or groups of atoms formed in such a way that they can cause cell damage. The report said people taking Beta carotene and vitamins A and E had a 5% higher death risk than those not using them. It also found no evidence that vitamin C increases longevity. Although selenium tended to reduce mortality, more research is needed on that topic.
Still Awake
Wednesday 28th February, 2007 01:29
I was randomly perusing blogs from other people, and sometimes I really can't tell why some are popular. My best guess is they have a theme. Either the posts are depressed random musings, or a collection of funny doodles (I must get a tablet sometime), or they're all about sex, or they're about TV shows. Perhaps my diversity is what's making my blog boring and hard to follow? Should I classify all my recent entries and allow users to choose which type of entries should appear on their private RSS feed? Should I have separate RSS feeds (and pages?) for each category? Should I simply stop posting certain types of entries (I am painfully aware that my posts are predominantly geeky and technical)?

After reading Emily's last entry, I'm tempted to do a more creative entry tomorrow night. I'm thinking of posting a series of photos with short descriptions, depicting a day in the life of me. I often take random photos of things that I never get around to showing anyone else. I might throw some of the more random ones onto this post later.

I might post some more random musings too. I often have weird thoughts that I'm not entirely sure I want to commit to paper (or a big magnetic hard disk on a server).
Annual Leave
Tuesday 27th February, 2007 11:04
I just got my payslip for February. I need to check my last one, as I've just spotted that I've allegedly used 13 days of annual leave. I'd used up all my leave last year, and I got a brand new allowance this year. I have not taken any days off work in 2007. I have no idea where they pulled "13" from.
Golden Brown
Tuesday 27th February, 2007 09:36
Has anyone else heard the new Jamelia song that samples the great track by The Stranglers? I normally quite like Jamelia's tracks (they tend to be very catchy), but she's really murdered the original this time. I might be wrong, but it felt like it was missing something (a key change?) at the end of the sample, and it really doesn't feel like the sample is part of the song, almost as if the sample was added afterwards to give it an air of credibility. I think I'll have to find the original track to listen to later.
Mr Hudson & The Library - Too Late, Too Late
Monday 26th February, 2007 12:34
I've got this track stuck in my head. It's the piano part that gets me the most.
Radiation
Monday 26th February, 2007 04:15
I was going to post this on Friday, but never quite got around to it. I mentioned to Ian that the United Nations want to rebrand a well known symbol for a new sign that's a bit less abstract.

New Radiation Symbol

Now I know what you're thinking. It's a warning that helicopters are going to shoot their heat seaking missiles in some kind of ("friendly fire"?) incident at people on the ground, and unless they run away, they'll end up dying. But then you remembered there isn't an existing sign for that (unless you consider that the American flag counts?), so perhaps you're now thinking it's going to replace the current radiation symbol? You'd be right. The International Atomic Energy Authority said its new sign, developed in collaboration with the International Organization for Standardization should be taken up worldwide ASAP. This bold new logo for ionizing radiation is the result of just five years of research and testing on 1,650 individuals in 11 countries. This new sign will be introduced to supplement the traditional international symbol for radiation.
Damn
Sunday 25th February, 2007 23:50
I was hoping I had enough spare parts to build a new computer. And I did. But I think I might have accidentally broken the motherboard at some point (either when taking it apart to salvage bits for the new system, or when building this one out of spare parts). It powers up when I press the power switch, but it doesn't go off if I hold the button down, and it doesn't power up the hard disk. Or beep when the graphics card isn't in place. Or beep at all. Well I suppose it would have been too good to be true. I'll have to see if I can find another motherboard that'll accept this rather nice Pentum D chip (as I'm pretty sure it's the motherboard at fault, I'm good at these sort of diagnostic things). The plan is to build a server, so I can eventually copy my RAID array across when I buy some new disks (and before then, perhaps set it up as a Windows Home Server box?), and then pass the system down to my dad. Maybe he'll buy the motherboard in exchange for the finished system. It's worth a try. Although he did already pay for the "spare" power supply I'm using.
Niki And Jessica
Sunday 25th February, 2007 00:39
Have you all seen Heroes yet? And why not? Well if you have, you'll know what I mean when I talk about Niki Sanders (played by Ali Larter) and her special power/evil alter ego Jessica (the name of her dead sister, by the way). Well I was flicking through my year book and came across Jessica's (somewhat) coincidental entry:

Weirdly wonderful advice about purple peas, having more shoes than feet and just being a nutty little tart. You won't forget me, luv Nikki xxx

I never quite understood why she signed off with Nikki, although if I did I've since forgotten. But she's right, I've never forgotten her. I still haven't heard anything from her since she stopped going online and using her mobile, and I don't know if I should write to her or wait until she gets back in touch. I really miss her though.
Britney Spears
Thursday 22nd February, 2007 14:09
I wasn't going to mention her strange head shaving stunt, or the fact she's in and out of rehab (I said no, no, no), but it seems like her life really is falling apart in full view of the public. If only she'd stuck with that nice Justin Timberlake lad, it all seemed to go downhill after they broke up (except for Toxic, what a great single!).
Wimbledon
Thursday 22nd February, 2007 13:27
The Wimbledon Championships will hand women and men equal prize money for the first time at this year's tournament. The announcement by the All England Club brings the tournament into line with other Grand Slams following criticism from officials and players. They had previously defended the difference by saying that women had best-of-three-set matches while the men had best-of-five contests.

I''m all for equality, and I'm glad to see that the women can win as much money as the men. However, I don't think it's fair that men should have to play best-of-five when women only have to play best-of-three. Surely this means that men have to work harder in order to win as much money as the women? If I was a professional tennis player, I'd start a campaign for a reduction in the number of sets for men.

One way to balance things out would be to make both the number of sets and the prize money equal. If the number of sets were the same, you could even merge the Men's and Ladies' singles, assuming that the sexes really are equal, but it's probably best to change one thing at a time, otherwise it might ruin the game. If the Ladies' singles were increased to five sets, that might stop the technical female players from beating the powerful women with plenty of stamina (typically the butch looking ones). And if we reduced the men's to three, all our British players would be out, instead of keeping us on the edge of our seats as we watch a determined and gritty comeback before they inevitably lose the match. So that leaves me with two other suggestions:

1) Pay players by the hour. Longer matches (e.g. 6-4, 4-6, 7-5, 4-6, 6-4) tend to be far more exciting to watch than the short ones (6-0, 6-0, 6-0) and require more effort from the players that should be rewarded. The downside is that players might somehow drag things out, but football (or soccer, if you're not from around here) will book you for timewasting, so I'm sure you could award faults instead, at the umpire's discretion. It also means that everyone gets paid something for turning up. The further you progress the longer you play. If you want to give the top performer a bonus then that's also possible. It also means that second place could potentially earn more money than the winner, depending on who they meet along the way and how big that "bonus" is at the end. Besides, we all know the real money comes from advertising and the occasional book deal.

2) Don't call things "professional sport" anymore. If people can't earn a living from playing a sport then they should choose another way to make money. If the organisers or sponsors want to pay more or less money to men or women, let them do so.
SETI@home
Thursday 22nd February, 2007 11:00
It seems there is at least one good reason why people should run SETI@home on their computers. My recently upgraded computer runs cooler and quieter, so I'm back running SETI@home again on my main machine, so if it ever gets stolen (and I really hope it doesn't), there's a chance that it'll check in with SETI's servers* and be recovered by the police (no, not the reformed music group, although it'd be cool if Sting appeared on my doorstep). In the case of the laptop mentioned in the article, it was returned safe and sound, with the addition of "20 tracks of rap music with unintelligible lyrics" (some people might argue that all rap music is unintelligible, but it's not all bad). What a nice ending.

* obviously not on a Wednesday, when they have their scheduled downtime
Vista Security Overview
Wednesday 21st February, 2007 11:17
Well I did warn the Editor of The Register the other day, but it seems he still published Thomas C Greene's article on his security and privacy concerns in Vista. As I predicted, it was the same poor quality as Greene's last articles.

In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today.

I think that's a bit harsh. The majority of problems are caused by users. Users choose to run as Admin, install malware-infested software, but don't bother installing security patches. Windows XP SP2 introduced an improved firewall that was on by default, and since then the number of large remote attacks have basically dropped to 0. You still get the odd remote attack coming in via things like email, but they typically require user interaction (with the notable exception of a recent Outlook one).

This doesn't perhaps sound like a huge improvement, but when you look at data from McAfee Avert Labs it's clear that the number of days for a worm to appear after a patch was available has dropped from a staggering 335 day (Nimda, one of the most annoying viruses, which would have been stopped if users installed updates on more than a yearly basis) to just 4 days (Mocbot). The malware authors are getting quicker and their malware is often harder to detect, yet the internet still works. Estimates seem to suggest that 10-25% of machines on the internet are infected. In some cases (especially recent ones) that means that malware is installed, but some malware has been known to patch the vulnerability and even install a pirated version of Kaspersky in order to protect itself from being removed by another piece of malware! For the record, don't blame pirate users either, they could still get security updates for Windows XP. In fact, during 2006, over 50% of viruses reported to Sophos were either W32/Mytob or W32/Netsky, which date back to March 2005 and March 2004 respectively! Mytob, at a fraction under 30%, is spread via email attachments, so you have to blame the user!

That's not going to change any time soon, no matter how good Vista's security might be

Although many people criticise Vista for forcing many users to perform a clean install, this is usually good for several reasons. Your system won't bring any problems across (i.e. malware), and begins with a clean slate with all the correct default settings. As more people adopt Vista, the harder it'll be to infect users, especially with an improved firewall. The only reason why things might not change soon is because of the FUD (fear, uncertainty and doubt) surrounding Vista. Articles such as Greene's clearly don't encourage users to jump.

However, IE7 on Vista does still write to parts of the registry in protected mode. And it appears to write to parts that MS says is won't. The company says that "a low integrity process, such as Internet Explorer in Protected Mode, can create and modify files in low integrity folders". We are assured that such low integrity processes "cannot gain write access to objects at higher integrity levels". And again, MS emphasises that a low integrity process "can only write to low integrity locations, such as the Temporary Internet Files\\Low folder or the HKEY_CURRENT_USER\\Software\\LowRegistry key".

So I tested this assurance. I ran IE in protected mode, typed a URL into the location bar and went there. Then I opened regedit, and searched for a string of text from that URL.

Sadly, IE7 is still stashing typed URLs in the registry, and not in the ...\\LowRegistry location, either. I found them in HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\TypedURLs


Guess what, there are other things like the "Default HTML Editor" and "Main" (which covers settings such as Display Inline Images and Friendly http errors). These are all settings that are held by the browser. If you use Process Explorer you can see that iexplore.exe and ieuser.exe are both running. If you use Google you can discover fairly quickly (the same article that Greene linked to, but obviously didn't bother reading), which says: "Two higher privilege broker processes allow Internet Explorer and extensions to perform elevated operations given user consent. For example, the user privilege broker (IEUser.exe) process provides a set of functions that let the user saves files to areas outside of low integrity areas. In addition, an administrator privilege broker (IEInstal.exe) process allows Internet Explorer to install ActiveX controls."

That means that a certain subset of functions (such as settings in IE, typed URLs) that pose no security risk are allowed access to other areas. That page also lists other useful info, such as how "extensions can not write to system locations such as the Program Files folder or the HKEY_CLASSES_ROOT or HKEY_LOCAL_MACHINE subtrees" and that Access Denied is returned when extensions try and access certain files used by IE and Vista.

Next, there is IE7's anti-phishing filter gimmick. I disabled it almost immediately. It's very showy and it says, "Message: We Care", but I found it more irritating than actually helpful. I think a lot of users will disable it, and trust their instincts instead.

Just because you disabled it doesn't meant that everyone else will. First he tries to disable the Security Center in Vista, now he's trying to turn off the phishing filter, one which has performed very well (PDF) in independent (PDF) tests (PDF) and are clearly better than the small minority of users that use their instincts and fail to spot phishing sites. Sadly, that small minority that clearly can't be trusted to make the right decision still makes it cost effective to send phishing emails and construct phishing sites. The latter PDF I linked to suggested that Firefox performed better than IE7, but IE7 hasn't suffered from the same (numerous) vulnerabilities in the Firefox's filter (adding an additional forward slash at the end of the domain name, changing the query string at the end of the URL) or privacy concerns (when Google left a bunch of data on their server for anyone to see).

IE7 also has a handy menu for deleting your history, cookies, cache, and so on. This is similar to the Mickey Mouse privacy utility in Firefox. Remember that these data traces are not securely wiped, but merely deleted. They remain on your HDD until they happen to be overwritten. Firefox will let you delete all that stuff automatically each time you exit; IE won't

Vista also doesn't have a method of securely deleting files that have been deleted, so it's no surprise that it doesn't securely delete your data. And cookies are hardly the dangerous malware that many products like to claim. I don't particularly care about my history, cookies, cache and so on being visible to anyone that logs onto my computer as me. Possibly because I don't visit any dodgy sounding websites. His point about defaults like saving third party cookies is valid, but he also suggests "disabling MetaRefresh" - doing so can be more irritating than IE7's phishing filter! Many websites assume the meta tag will work and don't provide a link to the next page. I can't remember the last time I saw someone use a meta refresh tag to do something malicious. And there are other ways to redirect users (Location header, perhaps done using CRLF header injection), along with other methods of attack (DNS poisoning, APR spoofing, MITM attacks).

The privacy conscious are, as always, encouraged to use Mozilla for browsing instead

Yes, although Google's phishing filter has resulted in private data (passwords) being leaked. And the Firefox filter has been trivially bypassed in the past ("When Phishing Protection is used in default mode, no information about the sites you visit is sent to Mozilla or anti-phishing partners. Rather, sites are checked against a local list that is downloaded to your computer and updated on a regular basis" - although perhaps not regularly enough). Plus Firefox does have a few flaws too.

Now, with IE7, such links show up in the status bar as the full URL when you mouse over them, but in Windows Mail they don't. This should be fixed, because otherwise one is stuck relying solely on Microsoft's anti-phishing filter gimmick

When you hover over URLs in Windows Mail or Outlook 2007, the real URL appears as a tooltip. I don't use Windows Mail as my mail client, but if I save a draft email I can see the real URL stated in the status bar. I haven't tried any fancy JavaScript tricks to change the visible URL, but that doesn't work in IE7 as you can't write messages to the status bar anymore. I can't really see what needs to be "fixed".

Data Execution Prevention (DEP) is a feature from XP SP2 that shuts down programs that handle memory oddly, and it is now set to full on by default. It works with address space layout randomisation, a new feature in Vista that loads some system code in unpredictable memory locations to defend against buffer overflow attacks. Both are very good ideas, and should help reduce the impact of malware to some extent.

One of the biggest things in Vista is it's improved handling of programs that don't use memory properly. And he covers it in one pararaph. At least he mentioned the words ASLR, with a quick and dirty explanation.

However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.

The only programs that crashed when I had DEP enabled for everything on Vista x64 were:

wow.exe (World of Warcraft)
msfeedsync.exe (Microsoft RSS feed synchronization)

The latter DEP error was caused by NOD32, and uninstalling it and using alternate AV software made the problem go away. I never did double check whether new builds of wow.exe fixed the problem (there have been a lot of patches recently). Other than those issues, I've had no problems with DEP, and nor will other users. I doubt that the majority will disable it. If they do, it's probably because they're using legacy applications. Find an alternative, don't disable DEP!

User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.

You could always do that, using "runas", Vista simply makes it prettier and simpler. There are a few subtle differences, but not usually enough to affect users. Well written applications don't typically need privilege escalation. Even QuickBooks 2007 finally works as a standard user (much to the relief of many people I know)

MS still encourages the person who installs Vista (the owner presumably) to run their machine with admin privileges by default. I was delighted, when I set up Vista for the first time, to be presented with an opportunity to set up a "user" account. But moments later, when I saw that I was not invited also to create an admin account, I knew that the "user" account I had just set up was indeed an admin account. And so it was.

If only he'd tried creating a second account.

Until MS gets it through their thick skulls that a multi-user OS needs a separate admin account and a user account for the owner, and that the owner should be encouraged to work from a regular user account as much as possible, UAC will never work as intended.

Until Greene gets it through his thick skull that he's a poor journalist, we shall suffer an almost-endless amount of FUD. Here's what really happens when you create users in Vista:

The first user you create is an Admin user.
If there is an Admin user in addition to the default (500) Administrator account, Vista will disable the Administrator account. You cannot log on locally or remotely with this account until all other Admin accounts have been removed.
All additional users are created - by default - as "Standard user".

On this system I have my account, Guest (off) and here I am about to try and add a new user:

Create New Account

Doesn't sound so terrible to me, this is more secure than previous versions of Windows, and by disabling all the default accounts, attackers will need to try and brute force the username and password, not just the password for default accounts.

In fact, UAC is the most complained-about new feature of Vista, and most people are disabling it as soon as possible.

Where are the facts, statistics, surveys, studies, evidence to back this up? I don't see any. Maybe it was a straw poll of the office. Maybe he just made it up. Who knows.

One should definitely not hide file extensions, as the default file view has it, because it is possible to spoof icons and use bogus extensions that can make executables appear to be other than they are. Yes, UAC and DEP are supposed to help with this, but DEP will be set to its lower setting, and UAC will be turned off, on the vast majority of Vista boxes, for reasons we've already discussed.

I agree that file extensions should be visible (I turn them back on), but something needs to get a file onto your computer in the first place. If they can already do this then it's probably game over. Files that enter Vista are checked using the Attachment Execution Service API, which will block anything that can be executed. If my JPEG image asks if I want to unblock it before running it, the alarm bell in my head should already be ringing.

As usual, Windows enables far too many services by default

Such as? To be honest, I can't see many services I'd disable if I were trying to lock down Vista, and most of them I'd leave so that programs will play nicely (e.g. Portable Device Enumerator Service). This is coming from me, someone that sometimes performs server hardening as part of their job.

It would be a tremendous help if MS could somehow use its many wizards to enable only the services needed for each bit of hardware or software installed

Well I only see the Infrared monitor service on my laptop, I don't remember seeing it on my desktop.

But with this new gimmick, you've got an archive of all the files you've looked at, regardless of where you've buried them in the file system hierarchy in hopes of keeping prying eyes off them, and you can't empty it unless you want to say goodbye to the files themselves.

Guess what, you can only see that Recently Changed folder when you're logged on. I think all privacy concerns go out of the window when another user has access to your account. I used to find it very annoying when Windows' search would find the shortcuts in the Recent Documents folder, especially when I used TweakUI to remove the shortcut icon.

Now, for the Vista Security Centre. This has been controversial, involving MS in skirmishes with security software vendors who claim that Vista's built-in product is anti-competitive.

I'm not sure why anyone would worry


Wait a second, isn't that the same person that wrote a few days ago that it was something he tried to disable? He even called it a "craplet". For reference, you need to "Change the way Security Center alerts me" first before you turn off/disable the Security Center service, if you don't want the little red shield icon to bug you when Security Center is disabled. I do not personally condone this action, I would much rather see users keep Security Center enabled, notifying them and displaying an icon (the top option).

Windows Security Center

I noticed one exception in the default firewall configuration that I didn't care for, for allowing remote assistance. I don't think that should be allowed unless you're actually using remote assistance.

I do kind of agree with that, but normally you only use Remote Assistance with users that aren't clever enough to follow your instructions, which usually rules out asking them to modify their firewall so you can take over. In a corporate environment, you'd probably disable that firewall rule and use commercial software (with its own rules) instead to take control.

I certainly wouldn't recommend depending solely on Windows Defender. But it's nice that it's there.

I think that's why it was left in, as people would otherwise question why it's removed, even though it's not perfect, and there are so many reasons why Vista ought to stop something getting onto the user's system anyway. It's like the Malicious Software Removal Tool that Microsoft periodically updates and puts on Windows Update, it's not perfect, it's probably too late, but it makes people happy.

MS has, in a sense, shifted the responsibility onto users

Perhaps that's because they're the problem. Stick an IIS6 box on the web with just port 80 open, and assuming you're only serving static pages (ASP is off by default), that box will never have been compromised between then and now (unless someone knows of an 0-day that I'm not aware of?). Even if you didn't bother installing any patches. Even if you installed ASP, unless someone could upload files to the server and make IIS execute them, you're still not compromised (unless you do something really dodgy in your web application, which typically involves weakening lots of default settings). As a standalone system, Windows is perfectly fine. Once you start putting it on a network, allowing RPC ports to be opened up, exceptions for third party software, using a browser (any browser), that's when the problems start.

Correction I'm grateful to a Reg reader who pointed out an error in a previous edition of this story. I had stated incorrectly that IE7 doesn't allow blocking third-party cookies. It defaults to accepting them, but can be made to block them.

Greene's articles generally need a lot of correcting. Especially his recent ones.
Justin
Tuesday 20th February, 2007 16:00
No, I'm not singing the intro to Senorita (at least not right now), I'm listening to his new single. Except it was just finishing on BBC Radio 2, so I changed to Smashhits Radio and it's playing Justin. It's really overplayed. But I don't care, it's quite good. I might be biased, as it has really good strings. I'm a sucker for strings. I didn't like his new album the first time around, but I seem to like each single, perhaps I'll give the album another go sometime.
A Cure For Aids?
Tuesday 20th February, 2007 11:56
President Yahya Jammeh cures Aids on Thursdays and Asthma on Saturdays, the rest of the time he runs Gambia.

The President of The Gambia says his herbal remedy can kill HIV in his patients' blood. Health Minister Dr Tamsir Mbowe has also said, "One hundred per cent the President can cure everyone. It is absolutely medically proven". However, the only proof that's been shown so far has been photocopied laboratory results which appear to show that some of his patients now have "undetectable" levels of HIV in their blood. No evidence was provided to show they were HIV positive before the treatment. President Jammeh has reportedly said, "I can cure Aids and I will not explain it to those who don't want to understand", but his actions don't appear to match his words. When asked for independent tests, which were refused along with a request to take samples of the secret herbal medicines, he said: "Not in a million years".

Africa already has enough problems, the last thing it needs is a charlatan as one of their leaders.
Abortion
Tuesday 20th February, 2007 11:32
I don't generally talk about abortion (although I have had quite a few discussions with people), but this caught my eye. In England, Scotland and Wales it is legal for termination to be carried out up to 24 weeks of pregnancy, but a baby has stunned doctors by surviving being born at just 21 weeks and six days. Amillia Taylor is no longer than a fountain pen and weighs just ten ounces. She is thought to be the first baby known to survive after a gestation period of fewer than 23 weeks. Amillia has experienced respiratory problems, a very mild brain haemorrhage and some digestive problems, but none of the health concerns are expected to pose long-term problems. She was conceived by in vitro fertilisation and delivered (unsurprisingly) by Caesarean section. Although less than 2% of terminations occur after 20 weeks of pregnancy in England and Wales, if this baby really is healthy with no long-term problems, it could put even more pressure on the current 24 week time limit (the end of the "2nd Trimester").

According to an August 2005 YouGov/Daily Telegraph survey:
30% would back a measure to reduce the legal limit for abortion to 20 weeks
25% support maintaining the current limit of 24 weeks
19% support a limit of 12 weeks
9% support a limit of less than 12 weeks
6% responded that abortion should never be allowed
2% said it should be permitted throughout pregnancy

I suspect the choice of 12 weeks in the survey was because Jersey doesn't allow abortions after 12 weeks. You'd think that most people would notice they're pregnant and decide they want a baby within 3 months.
Top Gear
Tuesday 20th February, 2007 00:18
I finally got around to watching the episode from Sunday evening, and I was amazed how well the rocket went up into the sky. For a few seconds, I really thought they were going to manage it. As the rocket began to level I was still hoping it'd separate, I could feel the adrenaline inside of me. As it started to head towards the ground, I willed it to separate. And then I realised it wouldn't, and watched as the rocket drove itself into the ground with a huge (and satisfying) explosion. That was a pretty good silver lining.
TV Is Bad, Chocolate Is Good
Monday 19th February, 2007 15:38
Analysis of 35 scientific studies identified negative effects TV can have on youngsters. They ranged from short-sightedness and obesity to premature puberty and autism. It appears that the average six-year-old child in Britain will have spent one full year watching TV, which is pretty bad (4 hours a day?). But what is possibly more appalling is that more than half of three-year-olds have a TV set in their bedroom! I was never allowed a TV in my room when I was younger. I had to resort to occasionally watching TV under the covers with headphones on on my brother's Game Gear with the TV tuner. By the time I was preparing for uni, I finally managed to have a computer in my bedroom.

Watching TV suppresses the production of the hormone melatonin, which has important functions in the immune system, sleep cycle and the onset of puberty, it found. Girls are reaching puberty much earlier than in the 1950s, partly because their average weight has increased but possibly also because of lower melatonin levels (but don't tell the girls that or they might watch as much TV as possible in order to be the first girl in their class with boobs). Reduced levels of melatonin may also make it more likely that cell DNA will produce cancer-causing mutations, the study noted. Mind you, most things will give you cancer nowadays. Except masturbation.

The risk of developing Alzheimer's disease increases with each extra daily hour of television viewing among people aged 20 to 60 (although that still sounds quite vague to me). So I'm probably screwed. Although... the amount of chocolate I eat might help protect my brain (okay, so it needs to be "a specially formulated type of cocoa"). A small group of women was tasked with completing a series of mental challenges. The idea was that consuming the specially brainy chocolate drink, rich in flavonols, would improve their performance. Well, it didn't, but scans of the women's brains during the tests showed increased blood flow in the brain for two to three hours. An older test group also showed increased blood flow after consuming the drink. The researchers hypothesised that this increase in blood flow might benefit older adults afflicted by mini strokes or fatigue.

And on that note, I'm going to break into a big bar of chocolate.
Famous
Monday 19th February, 2007 11:06
Sadly, I wasn't famous on Friday. After writing a critique of the latest article by Thomas C Greene, my friends suggested I send it in to the The Register (without the swear words), so I did. In hindsight, I should have used a spell checker to catch the couple of typos, rather than do it in notepad and then paste it into the text area on their website. Anyway, seeing as none of it appeared in "Letters", I might as well place it here:

Hi Joe,

I know he's one of your associate editors, but I'd really appreciate if you'd stop publishing articles by Thomas C Greene.

He spent the first part of his most recent article (a "first look", two weeks after it was launched) complaining about the cost of Vista, and the fact he had to pay with his own money. Is he unaware that he can purchase a TechNet Plus Direct subscription for well under £300 to gain evaluation copies of almost all of Microsoft's products? Plus he could always think of it as an investment, seeing as he's (sadly) paid to write reviews of such software.

Despite the outrageous cost that he mentions - at length - he explains how he was caught out by the small print. I admit it might be helpful if the diagram seen on the webpage he linked to was also on the back of the product, but you'd think he'd research this expensive upgrade product, especially when he's ignoring the recommendation from the Upgrade Advisor. In his last article he was confident enough to write that he had to open the package to discover "Microsoft's blunder" but admits now that all he had to do was read the back of the box, or perhaps visit the Microsoft site to find the pages that he seems to have now discovered. He said that the "Upgrade Advisor did recommend the Vista Business edition" and that he was "hardly inclined to trust its software recommendations" due to his bad experience when it told him that third party manufacturer hadn't provided drivers for his hardware. I can understand why he might question the hardware support (clearly he is aware of the concept of "research"), buy you'd think he might believe the upgrade recommendation from Microsoft about their own software. Also, after purchasing the Home Premium upgrade, against Microsoft's recommendation, his attempt to upgrade didn't actually "fail", it just meant a clean reinstall.

Next, he complains about his graphics card, which he thinks might be down to the drivers. That statement makes it clear that he hasn't put a lot of effort into researching this issue before writing this detailed rant... I mean "review". Perhaps he didn't notice NVIDIA's new 100.xx beta drivers that came out on the last day of January?

He also complains about his soundcard, and the lack of sound from the centre speaker. That's expected behaviour with stereo music (or should be), and if it was coming out of the centre speaker before then I suggest he fix it there rather than complain about Vista doing things properly. Besides, stereo music tends to sound better if nothing is coming out of the centre speaker. It (again) sounds like a driver/configuration problem to me, as Vista is now very flexible with its audio support. You can stop applications from taking exclusive control, and you can configure the soundcard and Windows to have a default format of Dolby Digital Live, allowing you to mix 5.1 surround sound with stero music, as it all gets sent to the receiver as 5.1 surround sound. Perhaps he has already done this, which is why he's only getting stereo music out of two speakers. Perhaps he should invest in some better speakers, I'm not sure how "wonderful" his audio system can possibly be if the satellites aren't as good as his centre speaker.

He discusses the little row of pixels that are visible whenever the taskbar is hidden. He admits it's "probably a driver problem", but is clearly too lazy to try and fix it before writing a damning review. A lot of these new drivers aren't difficult to track down either, especially for someone who is probably quite familiar with how to use Google. Did he even connect the computer to an additional monitor?

Greene criticises the Vista Security Centre because he can't disable it. Why on earth would anyone want to disable it? It turned out to be useful to me when the Sophos service had stopped after I had brought my system out of hibernation (unsurprisingly, I am now using different anti virus software). All it does it tell you when something is wrong. If everything's fine then you'll never spot it's there. There really is no need to turn it off.

He complains that "Every time I boot, the craplet pops up and demands to be enabled. But if it really is disabled, then why am I seeing the bloody thing?" Erm, perhaps because he's not. He's presumably seeing a message from another program because the disabled progam has been... er... disabled. Does this other "immortal craplet" he speaks of have a name? Perhaps that's why he had trouble "killing it". So there is something "ridiculous" in Vista that appears to be immortal, and no one else has mentioned it, and he can't put a name to it. Quality reporting there.

He adds "how about a decent text editor, for God's sake? Would it be so difficult to give it a little of the magic that Kwrite has got?". How about we throw in a free browser or media player program while we're at it... Microsoft's been in lots of legal trouble for giving away functional programs that aren't essential parts of an operating system. Or has he forgotten about those expensive rulings? They couldn't even provide PDF support out of the box in Office 2007 due to legal objections from Adobe Systems, despite the fact that Adobe don't seem to mind OpenOffice exporting to PDF.

Seeing as most users don't understand, want or need encryption, I can see why Microsoft only includes BitLocker in the Ultimate edition. If the user is savvy enough to want to encrypt certain files, perhaps they're savvy enough to find one of the various freeware programs that offer such functionality.

Although I don't have it as the default browser on Vista (as I quite like IE7's Protected Mode), Firefox can be made the default browser. It's easily done via Control Panel -> Programs -> Default Programs -> Set Default Programs. In fact, if you bring up Control Panel, it's listed as "Set your default programs" once you click on Programs. It's not exactly hidden away. Firefox is right at the top of my "Set Default Programs" window too. I suspect he's having trouble because he's trying to set Firefox as the default browser through Firefox itself (it reports it's the default browser even when it's not, but this is hardly Microsoft's fault).

I'm not surprised that he had trouble installing security patches to Word 2000 (especially given his problem making Firefox the default browser), a program that is 7 years old, onto a brand new OS. An application that is so incredibly old that it has been replaced not only by Word XP, but also Word 2003 and Word 2007. Well, putting aside the question of why anyone would want to install such old software, the warning that he mentions clearly states that it requires elevation. So he probably has a choice of either turning off UAC until he's finished installing the update (preferably done offline), or he could try running the installer with Vista's compatability mode. I'd test it myself, but I forget where my copy of Office 2000 is. I suspect it's hiding under a thick layer of dust.

Vista's Sleep option brings the system up very quickly (literally straight away) and Microsoft appear to be encouraging people to leave their systems in that state unless they plan on being away from the computer for a long period of time (in which case they shoudl use the Hibernate option). Vista doesn't actually require many reboots. With so little stuff in the kernel, you typically only need to reboot if you're using badly written memory leaking applications from several years ago, or if you need to install kernel updates - which should be a maximum of once a month unless Microsoft decide to break their monthly schedule. And god forbid users are given options when they try and log out of Vista. Maybe we should offer "Shutdown" as the only option, so as not to confuse the poor soul?

As for the security and privacy issues in Vista, please, pretty please don't publish that article. If you do I'll probably cry. I suspect he might miss features like how Vista will encrypt (using AES) data that's stored on USB pen drives when you use them with ReadyBoost to improve system performance? Perhaps he'll fail to mention how Vista introduces several features that makes it competitive (and arguably superior - see David Maynor's blog at Errata Security - http://erratasec.blogspot.com/2007/02/bill-gates-fights-back-against-evil.html) against other operating systems. I suspect we'll end up seeing a poor re-hash of Robert Lemos' excellent article on Address Space Layout Randomization, which was already published on The Register a fortnight ago. Perhaps we'll be lucky and see a comparison similar to the one at http://www.matasano.com/log/611/gunar-petersons-os-security-features-chart/

Greene compains that Vista "simply doesn't work very well" - even though I've been using RTM on two systems (x64 on a desktop with DirectX 9 and x86 on a laptop with DirectX 8) for three months now. I initially found NVIDIA's drivers didn't offer great gaming performance on the x64 system, especially at 2560x1006 with 8xAA, but the latest beta drivers fixed that on the day that Vista was made available to the public.

Vista is ready, it's some of the third party manufacturers that aren't. Vista is better than XP, it's more secure than XP. There are some thrd party driver issues, but delaying Vista would not have made the manufacturers release drivers any sooner. The APIs have been locked for several months, and it still took ages for drivers to appear (it appears that some manufacturers didn't start any development until after the code went RTM in November). People like Apple don't have that trouble with OS X when they have such tight control over the hardware. The cost of Vista is quite high for retail, but most people will get it with their new PC or buy an OEM copy (£125 for Ultimate is a bargain). For those that pay retail prices, perhaps they should look at how much OSX has cost Apple users since XP was released: OS X 10.0 was £99, 10.1 was free, 10.2 was £84, 10.3 was £84, 10.4 was £89. So over 5 years that's a total of £356. More than twice the price of Windows XP back in October 2001.

I admit that Greene does have a few valid points, but they're mostly ones we've heard before. His previous articles are usually rants about "hot topics" (e.g. Firefox, Vista) that typically re-iterate details that everyone else has mentioned at least a week earlier.

He also has an entire article that promotes, and arguably advocates, installing a full version of Vista using an upgrade for a previous version of Windows that you don't necessarily have (many - including MVPs like Susan Bradley http://msmvps.com/blogs/bradley/archive/2007/02/05/you-can-t-get-there-from-here.aspx - have pointed out that "an upgrade by definition means you have a qualifying prior operating system and the 'upgrade only' media does not act as a qualifier of it's own upgrade license"). Using an upgrade without having a previous legal copy of Windows is against the licence agreement, and (I believe) therefore illegal. Is this really the sort of behaviour that you expect to see from an Associate Editor?

I know that I'll be lucky if you publish even one paragraph from this obscenely lengthy letter; but I'm not writing this for fame, I'm writing this in the hope I'll never have to read a poorly written article by Greene ever again.

Hope you're having a great week, and keep up the good work. I wouldn't get through Fridays if it weren't for The Register!

Rob


I think it was harsh, but fair. Perhaps unsurprisingly, my name didn't appear anywhere.

But I did spot Elle's name in a PC magazine over the weekend. She told me "that was super embarrassing, they aren't meant to quote my name".

EDIT: It seems a few people on SecurityFocus have spotted additional errors that I hadn't picked up on. Such as individual file encryption has been possible since Windows 2000, through the use of EFS. And that PNG support is available in MS Paint in Windows XP, although it does default to BMP.
Quiet
Monday 19th February, 2007 10:21
Too quiet. Yes, I went away this weekend, as it was my brother's birthday on Friday. We ended up seeing Hot Fuzz, which was really good and worth watching at the cinema, but I think Shaun of the Dead might have been a bit better. The scores at IMDb don't reflect that, but both are really high, so you can tell they're both worth watching. I can't really say too much about the movie as I don't want to ruin it.

I've also spent Sunday evening taking apart my old computer and building a new one using half of the parts. The good news is everything appears to work, which is a relief as I didn't want to have to put everything back together again. At some point I might even screw in the power supply and DVD-ReWriter. The bad news? Well there had to be some bad news. Despite getting it to work on Vista x64, I can't get my graphics card to support 2560x1600 on my clean installation of Vista x86. It's as if it's refusing to acknowledge that my card can cope with dual link, or that the monitor supports that resolution. But I have the Dell driver from Windows Update, and I've tried three different versions of the NVIDIA 100.xx beta drivers. I'm sure it'll be something trivial, I plan on hooking up my 20" at the same time and trying to move things about to try and confuse it and see what happens. I was also dissapointed to discover that I can't get the SPDIF connector working with my Creative soundcard. I'm not entirely sure, but it sounds like SPDIF support was brought in with earlier drivers that stopped working in January, and the current betas (I think) don't support SPDIF out anymore. Even though it gives the impression that the digital out is working. I'll try hooking it up with my old speaker cables and see what happens then, but I'm not very happy with Creative. Then again, I'm not surprised either. They've never had a good track record. They've already slipped to an official release date of March (probably the end of March). I'll try out my other hardware later tonight, hopefully now that I'm using x86 I can get my webcam, 1GB pen drive, bluetooth adaptor and USB cable for my mobile to work. I'm also hoping I can get all my emails etc. back from the Vista x64 installation if I plug in my old hard disk. And then copy across all the files for WoW and Steam.

I discovered a few quirks in my UK Radio Player gadget over the weekend. I've changed the URLs to point to my server, which then redirects the user to the location of the stream. This is great as I can update it whenever something changes without forcing users to download a new version. On the downside, one of the checks I used to do was compare the current URL against that of the selected value. With the redirect in place, these would never ever match, causing currently playing streams to restart even if you didn't select a different station. So I fudged it. It now compares the name of the radio station, and if they match it doesn't restart. If it's different and the previous stream was playing it will automatically start the new stream. I've also added an Autoplay feature, although I don't plan on using it myself, but I think that was what someone was requesting (otherwise they were requesting a feature that has always worked fine since the second version, and mostly worked since the first version - except it'd always say "BBC Radio 1"). I also re-wrote the code to check if something was playing. And moved the css, images and JavaScript files about, as I'm now switching the stylesheet based on the selected theme. Hopefully Microsoft will approve 1.2.2 at some point today.

Finally, it appears that Heroes is starting on the Sci Fi channel. Although my previous recommendations (e.g. House) have been ignored by most people, this show is also fantastic and you should watch it. if you don't have the Sci Fi channel, it will be on BBC Two once Sci Fi have finished showing it. Save the cheerleader, save the world.
Woo-Hoo Yee-Hoo
Friday 16th February, 2007 13:54
You've probably already guessed it, but I'm dancing around to "Gwen Stefani - The Sweet Escape". Or as much as you can while sat in a chair at my desk. I've been listening to Radio 1 far too much over the last few days.
UK Radio Player 1.2.0
Thursday 15th February, 2007 19:19
Hot on the heels of 1.1.9, I have finished 1.2.0. This adds several more stations and properly introduces themes. I still need to sort out the CSS side of things, if I'm to allow light text on dark themes, but at least the initial switching of images appears to work fine. Again, click the UK Radio Player image on the left to get the new version.

New stations (from memory):
Classic FM
Heat Radio
Kerrang! Radio 105.4
Kiss 101
Kiss 105-8
Mojo Radio
Ocean
Q Radio
Smashhits Radio
The Hits
XFM Manchester
XFM Scotland

I quite like the Rectangular theme, even if it did only take 60 seconds to create (it's very similar to the Default theme). I'll have to put some effort into creating new themes, but it might have to wait until after the weekend, although I might work on ideas as I re-install Vista (stick with x64 or switch to x86? I haven't decided yet) on my main machine once I upgrade it over the weekend.

Well, it's kind of an upgrade. I'm replacing the 2.66GHz (@3.6GHz) Pentium D CPU with a 1.86GHz Core2Duo CPU that I plan on running at stock - at least initially. It should run faster than the Pentium D at stock, but not as fast as I currently have it overclocked to. But I want this machine to run quieter and cooler, as I'm going to start running it more often, especially if/when I buy a TV card (and ditch the TV in my lounge). The good news is I may (and quite accidentally) have enough spare parts to build a new system, which could come in useful if I'm accepted as part of the Windows Home Server beta. It apparently doesn't like to play on a network with a domain controller, so I might have to remove Active Directory from my fileserver, and I read somewhere that it doesn't work with x64 versions of Windows, which is a reason why I might go x86 (like on my laptop) when I re-install Vista. Plus there's a wider choice of AV software and fewer hardware compatability issues with x86 (my webcam might work, my bluetooth adaptor might work, my 1GB USB pen drive might work, I'll have a wider choice of TV cards). Decisions, decisons.
The Feeling - Fill My Little World
Thursday 15th February, 2007 12:34
I was listening to this as I bought my lunch today, it eventually went to "All Change" by Cast (those were the days). I quite like The Feeling, I may have to buy their album sometime. On CD, of course, none of this DRM rubbish, assuming it's even on iTunes (or wherever).
UK Radio Player 1.1.9
Wednesday 14th February, 2007 20:25
It's now out. I've added Magic 105.4, fixed the "BBC Radio 1" restart bug and started work on the skins/themes! I hope to have the skins working for 1.2.0 (it seems to be going well so far, although I still have to create some alternate designs and look into changing the colour of the text), plus I have a list of another half dozen stations that I plan on adding. Click the icon on the left for more details.
Happy Valentine's Day
Wednesday 14th February, 2007 00:44
Bah, humbug. Or something like that.
BBC One
Tuesday 13th February, 2007 12:31
Lots of cool shows are returning, for the last few weeks we've had Waterloo Road (although I missed last week's episode), Life On Mars (tonight!!), and I heard on Radio 1 today that Hotel Babylon is finally back on our screens! I'm not sure how many people enjoyed the first season, but I liked it (perhaps because I was spending so much time in hotel rooms back then, if only ).
Afternoon Nap
Tuesday 13th February, 2007 09:29
Taking 40 winks in the middle of the day may reduce the risk of death from heart disease, particularly in young healthy men, say researchers. A six-year Greek study found that those who took a 30-minute siesta at least three times a week had a 37% lower risk of heart-related death. The researchers in the Greek study looked at 23,681 men and women aged between 20 and 86. The subjects did not have a history of heart disease or any other severe condition. The researchers found those who took naps of any frequency and duration had a 34% lower risk of dying from heart disease than those who did not take midday naps. Those who took naps of more than 30 minutes three or more times a week had a 37% lower risk. Among working men who took midday naps, there was a 64% reduced risk of death compared with a 36% reduced risk among non-working men. There were not enough female deaths to compare figures. The researchers said taking a siesta may reduce stress, hence the more notable finding in working men.

Lead researcher Dr Dimitrios Trichopoulos, from the Harvard School of Public Health, said: "In countries where mortality from coronary diseases is low, siesta is quite prevalent", adding that - if backed by other trials - taking a siesta would be an interesting way of reducing heart disease as it had no side effects. The only important factor was that people should not reduce the amount of physical activity they did in the rest of the day.
Solaris
Monday 12th February, 2007 10:39
It's so much more secure than Windows, right?

That is unless you're silly enough to allow telnet access. And I don't mean that just because it's unencrypted, I mean that because of the big and extremely trivial vulnerability in Solaris 10 and 11:

If you pass a "-fusername" as an argument to the –l option you get full access to the OS as the user specified. The example uses bin but it work for regular users, just not for root. This combined with a reliable local privilege escalation exploit would be devastating.

An example of the command line is:

telnet -l "-fbin" target_address


If you're running telnet, please disable it. Or at least check that your firewalls are blocking external access.
Sony Ericsson
Sunday 11th February, 2007 19:40
I love their website. I was trying to help a friend sort out their GPRS settings and accidentally ended up killing my own settings. I then tried following the settings from a couple places, but I recalled using the Sony Ericsson website to fix my settings ages ago (probably with my T610, possibly my K750i when I first got it?) so I went there again. I deleted all the old broken account information for good measure. I clicked on "Support", found the "Software and Setup" options in the top left, then filled in my details for both WAP and MMS, got the settings sent to my phone. And then it all worked fine. In fact, it looked like I'd originally set my phone to use GSM only for data, and it's now using GPRS and GSM. I can now browse the web and send photo messages again. Vodafone wanted me to call customer services (a free call) to get them to resend my settings. Sometimes, like late on a Sunday evening, you just want them to send stuff over the net.
BitTorrent 5.0.5
Saturday 10th February, 2007 12:14
After a very long time (almost a year?), I decided to check out what's happening with the official BitTorrent client, as I used to modify the source code and compile my own version with some extra cool bits.

It turns out that there was a 4.9.2 release several months back, and there appears to be a brand new 5.0.5 version that I'll take a look at sometime (knowing them, it probably isn't too different to 4.9.2). They haven't said what's different for 5.x on the versions page (other people have noticed the lack of updates to that page in the last 6 months), but they do list what's new for 4.9.2. I've made the features that I'd added - or had something similar to - in my client appear in bold:

Version Notes
2006-05-02: 4.9.2-beta released for Windows, Linux
Changes in this release:
completely new UI
smart download/queuing behavior
smart seeding behavior
torrent priority system
detailed progress bar and "piece bar" progress bar
better save location management ("incomplete" and "finished" locations)
automatic bandwidth management
download rate control
transfer rate graphs
choose which files to download first from a torrent
better error handling and reporting
fast extensions (see bittorrent.org)
torrent "title" support (see bittorrent.org)
multiple tracker support
encryption support
Zeroconf ("Rendezvous") local discovery
sparse files
threaded Disk IO
translation update system
now using wxWidgets instead of GTK on Windows, GUI is now native and should be a lot more stable
removed support for Python 2.2
lots of bug fixes


I believe I also used to complain about their use of GTK instead of wxWidgets, as it made it a lot harder to implement a reliable tray icon feature (I wanted to be able to hide the client to the tray, which I managed to do with GTK, but it was a bit flaky if the client was busy).

It looks like 5.0.5 looks a lot like uTorrent and Azureus. I wonder if 4.9.2 looked the same too. I'm sure the client works fine, but so does uTorrent (smaller, faster, better) and Azureus (platform independent, but uses a lot more memory). I think the update is too little too late. People have moved on. They did that a year ago.
Why Women Fall For Mr Average
Friday 9th February, 2007 11:40
High-flying men are not as attractive to women looking for love as those with an average job, scientists say. Unsurprisingly, the University of Central Lancashire research found the 186 female students asked preferred good-looking men. But within that group, those without top careers were deemed the most suitable, the Personal and Individual Differences journal reported. The researchers found that purely on looks, the best-looking men were assessed as the best partners. But within this group, when professions were taken into account, those good-looking men with medium status jobs came out top. So I guess ugly people with a top career don't stand much of a chance?
Wind Power
Friday 9th February, 2007 09:57
UK wind power reaches milestone, reports the BBC. But is it really a milestone? The UK is about to become only the seventh nation in the world to have more than two gigawatts of operational wind power capacity when the Braes O'Doune wind farm begins producing electricity. The 36-turbine wind farm has a generating capacity of 72 megawatts, enough to supply electricity to 45,000 homes in the area, according to the British Wind Energy Association.

The government has set a target for 10% of electricity to be generated from renewable sources by 2010. Trade and Industry Secretary Alistair Darling said renewable electricity played a central role in the government's efforts to curb greenhouse gas emissions: "We want 20% of our electricity to come from these green sources (by 2020) and we are working hard on removing any barriers to achieving that aim."

Plans to create England's largest wind farm in Cumbria were thrown out last March after campaigners said it would ruin the landscape of the Lake District. The £55m development would have seen 27 turbines (far less than the Braes O'Doune farm), each 115 metres high, erected at Whinash, near Kendal (mmmm, mint cake). If a 36-turbine farm generates 72 megawatts, that suggests that a 27-turbine farm would only produce enough power to supply 34,000 homes. Or, roughly a large town/small city.

Are we really expected to spend £50m on wind turbines with a finite lifespan for every large town and country acoss the UK? On something that affects wildlife, ruins the look of the countryside, and cannot produce any power unless it's windy?

Don't get me wrong, I like the idea of renewable electricity, I just don't think (and never have done) that wind is the way to go. More efficient products, better insulation in homes, and the strategic use of solar panels should be far more effective.
Lies, Damned Lies, And Statistics
Thursday 8th February, 2007 12:12
A new survey has revealed that women would rather have a wardrobe full of new clothes than sex. They would be willing to sacrifice 15 months of passion for the chance to wear nice outfits and look glamorous. The American study found that 61% would regard losing their favourite article of clothing as worse than abstaining from sex for a month. The only reason I believe this might be true is if the woman is still allowed to have pleasure in other ways. Don't ask me to list them, I'm sure you all know what I'm talking about (and how come it's acceptable for a woman to own multiple vibrators, but frowned upon if a man has any sex toys?).

The survey for Unilever also found that when it comes to long-term relationships, men are second best. The average love affair lasts 11 years, while a woman will keep her favourite frock or blouse for 12. Which is a bit odd, as the statistics above say that women like to look glamorous and are willing to give up things they like in order to get new clothes. Their favourite frock or blouse is unlikely to look just as nice and glamourous after 12 years, especially if it's 12 years of regular use. I suppose a man doesn't look quite so good 12 years later either.

The poll comes in the same week as another survey revealed that most adults would rather cuddle up with a good book than with their partner. I suppose if they're not too fussy about sex to begin with, maybe that's why they're so keen to give it up in order to have new clothes. Maybe they should have asked if women would give up something else in return for nice outfits, something important, something as dear to them as their favourite blouse.
Sorry
Thursday 8th February, 2007 11:21
Non-geeks, look away now! For those of you using the "comments" RSS feed, I've had to change the way I link to entries (name is bad in XHTML 1.1; I have to use id instead, and it can't start with a number, so it now begins with the character "c"). This means it might look like there have been 50 or so new comments made. Sorry. I've also removed the RSS 2.0 feeds as I never liked them anyway. And I've changed the paragraph tag for a div tag in the 2007 design onwards, to be consistent with the RSS feed, and this causes fewer issues when I post new entries that contain other elements. I've also remove the "target" from any posted URLs, as this is also invalid XHTML 1.1. At some point I'll try and sort out the database so old entries don't use it. Mind you, my really really old pages claim they're valid HTML 4 pages even though they're not.
Stupid Snow
Thursday 8th February, 2007 10:58
Commuters across the Thames Valley are battling rush-hour delays after heavy snowfalls across the area. Gritters were out overnight on major roads in Oxfordshire and Berkshire but motorists are warned to take extra care in the treacherous conditions.

Sadly, they appear to be listening to the warnings. As people crawl along at 30mph instead of 40. And just over 20mph in a 30. The main raods have been gritted, it's too warm for ice to form, as long as you don't do anything stupid you'll be fine. It's really only the snow covered areas and the small roads that haven't been gritted/cleared that people need to be careful.
Turnaround
Wednesday 7th February, 2007 14:44
The table below shows the time frame between the vulnerability being reported and how long it took for malware authors to incorporate it into a worm candidate for Microsoft Windows. This should demonstrate why updates need to be applied quickly. The fact that there hasn't been a big "Nimda" style virus in recent years, despite the much quicker turnaround by malware authors, should also demonstrate that Windows is a lot more secure than it used to be (although introducing a firewall in Windows XP SP2 was a big help). I wonder if we'll see anything in August 2007.

Patch Malware Patch Availability Worm Attack Date Turnaround
MS01-020 Nimda Oct 17th, 2000 Sep 18th, 2001 335 Days
MS02-061 Slammer Jul 24th, 2002 Jan 25th, 2003 185 Days
MS03-026 Blaster Jul 16th, 2003 Aug 11th, 2003 26 Days
MS04-011 Sasser Apr 13th, 2004 Apr 30th, 2004 17 Days
MS05-039 Zotob Aug 09th, 2005 Aug 14th, 2005 5 Days
MS06-040 Mocbot Aug 08th, 2006 Aug 12th 2006 4 Days

Source: McAfee Avert Labs
Steve Jobs
Wednesday 7th February, 2007 13:46
In his open letter, Thoughts on Music, Steve Jobs writes:

Some have argued that once a consumer purchases a body of music from one of the proprietary music stores, they are forever locked into only using music players from that one company. Or, if they buy a specific player, they are locked into buying music only from that company's music store. Is this true? Let's look at the data for iPods and the iTunes store - they are the industry's most popular products and we have accurate data for them. Through the end of 2006, customers purchased a total of 90 million iPods and 2 billion songs from the iTunes store. On average, that's 22 songs purchased from the iTunes store for each iPod ever sold.

Today's most popular iPod holds 1000 songs, and research tells us that the average iPod is nearly full. This means that only 22 out of 1000 songs, or under 3% of the music on the average iPod, is purchased from the iTunes store and protected with a DRM. The remaining 97% of the music is unprotected and playable on any player that can play the open formats. Its hard to believe that just 3% of the music on the average iPod is enough to lock users into buying only iPods in the future. And since 97% of the music on the average iPod was not purchased from the iTunes store, iPod users are clearly not locked into the iTunes store to acquire their music.


Perhaps he should give consumers a bit more credit. Perhaps one of the reasons why only 22 out of 1000 songs on an iPod contain DRM is because consumers don't pay for these tracks as they know it would lock them in. Perhaps another reason is they already have their MP3 collection on their computer and it's easier and cheaper to copy their existing collection across than buy and download versions that contain DRM. For such an accomplished businessman, he seems to present an odd interpretation of those statistics.

When Apple approached these companies to license their music to distribute legally over the Internet, they were extremely cautious and required Apple to protect their music from being illegally copied. The solution was to create a DRM system, which envelopes each song purchased from the iTunes store in special and secret software so that it cannot be played on unauthorized devices.

Apple was able to negotiate landmark usage rights at the time, which include allowing users to play their DRM protected music on up to 5 computers and on an unlimited number of iPods.


I suspect Apple did have to put up a fight in order to obtain these somewhat generous usage rights, but the rumour is there wasn't much of a "negotiation". As the launch date for the iTunes Music Store neared, negotiations between Apple and the big four dragged on. They'd already gone on for months - but with each label setting a different price, and attaching complicated clauses of its own to the deal. Jobs simply threw the paperwork in the bin, the story goes, and went ahead with the launch anyway. Contemplating an avalanche of publicity some days later, the labels decided it would be too embarrassing to withdraw. Maybe the story isn't true. Maybe he accidentally omitted it fom his story.

It is a cat-and-mouse game. Apple's DRM system is called FairPlay. While we have had a few breaches in FairPlay, we have been able to successfully repair them through updating the iTunes store software, the iTunes jukebox software and software in the iPods themselves. So far we have met our commitments to the music companies to protect their music, and we have given users the most liberal usage rights available in the industry for legally downloaded music.

It's amazing how quickly they can come up with an update to iTunes (and how often you have to upgrade the software and your iPod's firmware) when the big labels are on their back. When it comes to security, they're not quite as good. And it is a cat and mouse game, and they can dodge as much as they like, but ultimately it's flawed and offers limited protection. It's also a nuisance for legitimate consumers, those that want to pay for music once and play it anywhere.

I don't have a problem with paying for music, but I don't want to pay more than a token amount for a track that comes with restrictions. The cost of a track at iTunes is more than a token amount. Bandwidth is dirt cheap, especially in America, and it costs the same amount of money and effort to put a song on iTunes no matter how many people download it.

Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat. If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store. Every iPod ever made will play this DRM-free music.

Or... DRM is flawed, Europe are threatening us, and we don't sell enough tracks on iTunes to make any money, so we're going to stick with making trendy looking hardware that we can sell for a profit. Like the iPhone. But until then, we'll pass the buck onto the big four and try and make them look bad.

If Apple aren't making any music from iTunes, there's no reason to keep the "big four" on their side.
Refresh
Wednesday 7th February, 2007 12:37
We finally have the domain refresh.com! We've wanted that domain for 10 years (and it totally makes up for accidentally losing refreshmagazine.com last month). It fits in well with the substantial marketing campaign that will be running at the beginning of March (and I've suggested to Jonathan that we ought to do a big "Refresh is 10" celebration in November this year). Today is a good day!
Red Light
Tuesday 6th February, 2007 12:18
On the way to work this morning I noticed the little frost light on my car's dashboard was red. It's been almost permanently orange for the last week, I didn't even know it turns red (it's been a very mild winter). I haven't checked the manual yet, but seeing as it's lunchtime I did a search on Google and discovered that it looks like the light is orange when the outside temperature is 1-4 degrees C to warn of frost, and turns red when the outside temperature is 0 degrees C or below (to warn of ice). I knew it was cold this morning.
John Reid
Tuesday 6th February, 2007 10:47
Home Secretary John Reid said he was considering requiring sex offenders to register their email addresses and chat room handles. Anyone that knows anything about the internet knows that it only takes a couple minutes to get a new email address (that's how long it just took me to quickly register seehowlongittookme@hotmail.co.uk), and you can typically pick almost any chat room handle you like. A different one every time, if you wish. The Home Office said any concrete plan would mean penalties for registered sex offenders who did not keep authorities up to date with their online identity. What exactly would/could they do if someone submitted something like "Katie12" as an online identity? It's not a crime to have a name like that, even if it is creepy and suggests disturbing behaviour.

Perhaps they should work on a way of keeping track of sex offenders that change their name to avoid detection first. In 2002, the Home Office said it had undertaken to look at the issue of deed polls with a view to legislation as soon as possible. After criticism of inaction more than four years on, it says a comprehensive and thorough review of child sex offenders - commissioned last June - is continuing.

EDIT: I've just read that John Reid has also ordered work to be carried out on the feasibility of an online alarm system. This would notify police every time a convicted paedophile used registered details to log on to an internet chatroom, or any other site which could be used to "groom" victims. This sounds like a technical nightmare to me, impossible to implement, there are just too many chatrooms across the world (and too many proxies to hide behind). I can write the feasibility study for them: impractical and ultimately flawed, so don't bother.

EDIT 2: Regarding the recent convicton of 3 men that planned on raping two underage sisters, Detective Constable Dave Adams, of the Met's child abuse investigation command, said: "This case should act as a really stark warning that the internet is not a hiding place to plan and participate in criminal acts."

Can I point out that the police only confiscated the men's PCs and performed computer forensics on them after one of the convicted men told the police about the plot. If it hadn't been for the man with a guilty conscience, it sounds like they wouldn't have had a clue!
Y2K
Tuesday 6th February, 2007 10:25
We've been given a tender to complete and return, and there's a section on year 2000 compliance. Are they kidding?!
Love-Seeking Indians Head Online
Monday 5th February, 2007 16:54
Like many Indians, Sowmya's parents wanted her married to a groom of their choice - one drawn from the same community of high-caste southern Indian Brahmins. But while Sowmya was willing to accept a partner from the same community, she wanted to select the partner herself and choose him herself. So she went online and found Sandeep through an Indian matrimonial website.

With more and more young Indians deciding to emulate Sandeep and Sowmya, it is a boom time for India's online matrimonial services. One of them is Bharat Matrimony, which operates out of a network of offices across India and even overseas - in North America, the UK and the Middle East.

"At the end of the day, every Indian wants to marry someone from the same community - someone who speaks the same language, eats the same food and shares the same culture," says Murugavel Janakiraman, the founder of the portal.

Whatever happened to opposites attract?
A Pointless Rant
Monday 5th February, 2007 16:09
I need to buy a new computer to run Vista

Not if you bought your computer recently. And by recently, I mean in the last couple of years. Anything before that and it might be a bit slow. The problem stems from people that bought a PC back in 2001-2002 that just about coped with running Windows XP and for some reason expect that it should still be able to run Windows Vista 5-6 years later. Unsurprisingly, my original Pentium 75MHz system that ran Windows 95 okay would never have coped with Windows XP. It was upgraded to an AMD 333MHz machine using an Evergreen CPU upgrade kit, and even when we'd upgraded the RAM from (I think it came with) 8MB to a whopping 96MB, it still took ages to boot up and you couldn't have more than 3 copies of IE running without the system grinding to a halt.

Vista is expensive

Okay, so the retail route isn't exactly cheap, but you do get support from Microsoft. Linux is free, but you don't get that support (unless you pay for a distro). OS X isn't cheap either: XP Home launched in October 2001 for around £170, all updates (including SP2) have been free. Apple, on the other hand, charged for OS X updates, as they added features (mostly mirroring Windows - DVD playback, better CD/DVD writing, DPI control, fast user switching). OS X 10.0 was £99, 10.1 was free, 10.2 was £84, 10.3 was £84, 10.4 was £89. So over 5 years that's a total of £356. More than twice the price of Windows XP. There will not be another large gap between releases of Windows, but if OS X continues its charge for point updates (which it seems to think of as major releases), it might not be that much cheaper than Vista. Plus you still need expensive Mac hardware for OS X. Although I do admit they do tend to look nice. If your PC is a bit old, you'll almost inevitably get Home Basic or Home Premium if you buy a new one from PC World or Dell or wherever you plan on going.

OS X / Linux is more secure

Maybe. Maybe not. Vista has been looked at in depth by the security community for a couple years, with very few problems being uncovered. If you try and do something silly like run as the highest privilege account, Vista will still prompt you (I gather so will OS X if something needs root, even if you're in the same group; there seems to be a slightly short-sighted campaign to remove this feature - at least Vista gives you the option of disabling UAC). For a comparison of security features, this nice chart demonstrates that the "defence in depth" approach appears to be better in Vista. Whether that translates to better security is another matter, but it should mitigate a lot of things, and probably forces malicious people to write very clever code in the future. If you look at the MoKB project, you'll see that only one thing affected Windows, and (IIRC) it didn't affect 2003 or Vista. Last month's MoAB should force Mac users to think about how secure their OS really is, and perhaps the length of time it's taking Apple to provide simple fixes should ring some bells.

OS X applications work well together, it's easy to do repetive things

Microsoft applications work well together too, so well that they've been sued and criticised for abusing their monopoly (e.g. Office 2007 and Vista). In fact some of their older products worked so well and seamlessly that it was very easy to script applications and write exploits that would email everyone in your address book and help propogate a virus. That's why, for example, Microsoft now prompt users if a web page tries to use their mail client to submit a form on a webpage, or why it verifies that you really did request to do certain things. I suspect Apple's AppleScript could potentially be abused if people were to target it. You can take control of applications which don't directly support AppleScript. You can query and control the menus, windows and dialogs of these applications via AppleScript's Graphic User Interface scripting architecture. "Your Mac can now become your alarm clock with a script that wakes you by playing your favorite iTunes playlist" oh, and it can probably send an email to your entire address book too. Don't believe me? Using "help" and "disk", malicious users could use a Web page that will either download a small disk image onto a Mac or mount it remotely, then execute an AppleScript on the mounted image, which could contain any Unix command - including ones to remove any file in the user's Home directory. The flaw works with any browser, including Safari, Internet Explorer, and Firefox. The first genuine OS X malware was an AppleScript application disguised as a demo for Word 2004. The malware was a simple 108KB AppleScript that took advantage of AppleScript's ability to execute Unix applications, running a command to erase the user's Home folder when opened.

Microsoft are evil

No they're not. Honestly.
The Corrs - Radio
Monday 5th February, 2007 12:29
Guess what I just caught myself enjoying as I queued in the Co-op. Damn them for having such a cool string part.
Jo O'Meara
Monday 5th February, 2007 11:53
Former pop singer Jo O'Meara has denied being racist after her eviction from Channel 4's Celebrity Big Brother. She said, "Shilpa did aggravate me a lot - it's not because I'm racist". And then she gave some evidence, "I'm not a racist person at all. My cousin is married to an Indian man for one, and my cousins are half-Indian and their family is with me all the time."

The thing that surprised me is that people could believe she's racist. This is a girl that used to star in S Club 7. A group that had Tina Barrett and Bradley McIntosh, neither of which are particularly white. And I believe the cast got on really well together (although I think I heard things about people not liking Paul near the end, but he was still dating Hannah and remained a cast member for a while).
Monday Morning
Monday 5th February, 2007 09:48
Despite it being National Sickie Day, I am indeed at work (and despite police cars and a diversion, I still made it in before 9). Surveys suggest the first Monday in February is the worst day of the year for absenteeism. Post-Christmas blues, poor weather, credit card bills and a long wait for the next holiday have all been blamed for workers wanting to stay in bed.

In other news, Mandarin and Arabic would be taught alongside Shakespeare and slavery, under proposed changes to the school curriculum in England and Wales. Lessons in climate change and healthy cooking could be offered to make teenagers more aware of hazards facing the planet and their own health. And studies about the British slave trade and the reform movement that ended it could raise awareness of the need for integration.

I can perhaps understand why Mandarin is proposed, as Asia slowly becomes more important and relevant to business, but perhaps we should focus on improving English first. I can see how climate change could be an important issue to teach our children, but our efforts are futile unless the big offenders make an effort (*cough* America *cough*), and even though the IPCC claim that temperatures will increase and that the end of the world is night (okay, I don't think they quite say that), there are many opponents with sensible arguments that claim global warming isn't perhaps as serious an issue as the world seems to think. As for raising the awareness of integration, perhaps we should sort out our own issues first, such as whether muslim women can wear veils in official photographs and when teaching children, or whether christian women can openly wear crosses.

In more interesting news, the Cadbury's Flake girl is back! Blonde model Alyssa Sutherland will be seen gently nibbling the bar when a new commercial hits the UK's TV screens this week. In traditional style, Alyssa is shown peeling back the wrapper and enjoying the crumbly confectionery. Sexy!
Jay And Silent Bob
Sunday 4th February, 2007 20:08
I've just come across Kevin Smith's online diary, and back in March 2006 he wrote a 9 part series about Jason Mewes' addiction problems. In part 2 I came across this conversation they had, and it's funny and shows off Mewes' sense of humour when he's clean:

"What, like Ben?" Mewes asked.
"I said REAL actors," I corrected. "Like Alan Rickman."
"Who's that?"
"The guy from 'Die Hard'."
"Bruce Willis?"
"No, man the other guy."
"The 'Yippie-kay-ay Motherfucker' guy?"
"That's Alan Rickman."
"What's so special about him??
"He's British. And Brits invented acting. So he won't put up with any of your 'Snootchie Bootchies' bullshit. He'll tear you up if you're not excellent, because he's Alan fucking Rickman. So you've gotta know all your lines. We can't be asking people to leave the set because you're nervous, like we did on 'Clerks'. This shit's serious - because Rickman will go ballistic if he smells blood in the water. You've gotta come correct."

So naturally, I was pretty nervous when Jason and I sat down for our first, Pittsburgh-based, one-on-one "Dogma" rehearsal, and the boy was script-less.

"Where's your fucking script, asshole?" I sighed.
"I don't need it."
"You don't need your script for rehearsals. Right. Take mine and let's get going."
"I'm telling you, I don't need it. Go ahead. Try me."

So I turned to the first Jay and Silent Bob scene and fed him Bethany's lines, and without looking at my script, Mewes delivered Jay's lines in a letter-perfect fashion.

"Alright, so you've got the first scene down," I allowed. "Let's mix it up and try a scene from later in the flick."

So I fed him his lead-in lines from the church exterior scene, and Mewes spits out the Jay responses without hesitation.

"You memorized all your lines already?!" I demanded, shocked.
"Uh-huh."
"All of 'em?!"
"Yeah. Everyone else's, too."
"Yeah, right"
"Try me."

I read him Loki's lines from a Jay-less scene, and amazingly, he responded with Bartleby's lines. I was dumbfounded, to say the least.

"You memorized ALL the lines in the script?!?!"
"Even the girl parts."
"What're you, fucking 'Rain Man'?! Why'd you memorize the whole goddamn script?!"
"I don't wanna piss off that Rickman dude."
Controversial Statements
Saturday 3rd February, 2007 01:37
I made a very similar one myself the other day, and David Maynor has posted something similar on the Errata Security blog.

Take a seat, hold your hats because I am about to make a declaration: Windows Vista is more secure than OSX 10.4.8.
NASL
Friday 2nd February, 2007 18:39
I've been looking into Nessus' scripting language, as I wasn't very happy when I used it to scan my IIS6 server. It came back telling there was a web server on the port. Even nmap could tell me that, and in a matter of seconds too! So I wrote my own plugin (it took far longer than I expected, I quickly realised that moving all the other plugins out of the folder meant I could rebuild everything much faster between alterations to my script). It turns out that IIS6 doesn't always like to return a Server header, and most of the automated tools, like Nessus, are very dumb and will give up there. But IIS6's error messages are a little different to Apache's, and a very easy way to generate an error that returns that message is to "forget" to send the Host header when making an HTTP/1.1 request. According to the RFC the Host header must be present. Apache will return a 400 error warning you that some information was missing, but IIS6 comes back with a very simple <h1>Bad Request (Invalid Hostname)</h1>. So all my script does is make that invalid GET request, look for the Invalid Hostname bit of text, then tell Nessus that IIS6 is *possibly* running (I don't know if any other servers return the same info). IIS 5.1 will give a Server header for pretty much everything I briefly tested for, and I suspect IIS 5 will do the same (I'll test later tonight). Anyone still using IIS 4 probably needs to get their head checked out. I'll test IE7 on Vista too, and maybe see if Longhorn is consistent if I ever get around to burning t to a DVD-RW so I can install it under VMWare. Ideally my script will be useful to detect IIS 6 or 7, and if I'm really lucky maybe I can find a way to distinguish between the two. Once I'm done, I may even submit my plugin to the Nessus lot, so other people can benefit from my hard work. Or perhaps I'll keep it to myself as I'm feeling greedy.
Downtime
Friday 2nd February, 2007 18:21
Another month, another downtime. I could understand last time, as I was slow migrating to the new server and I think Jonathan hadn't realised that I hadn't changed the DNS settings when he shut the old server down. But the downtime today (nearly 2 hours?) was apparently because "some plonker cut through a whopping great lump of fibre outside the building". Still, no harm done. It's not like this is a commercial site, and if it were I'd make sure it had some sort of redundancy.
Windows Vista Voice Recognition Command Execution Vulnerability
Friday 2nd February, 2007 10:22
I was surprised to see that this even made BBC News. A lot of people are talking about how, for example, an MP3 file of voice instructions could potentially be used to tell the PC to delete documents. I suspect this is because they can't come up with any decent vulnerabilities (except perhaps a DRM bypass one discovered by Alex Ionescu).

In order for the attack to be successful, the targeted system would need to have the speech recognition feature (disabled by default) previously activated and configured. The system would also need to have speakers and a microphone (that can hear the speakers) installed and turned on. The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as "copy", "delete", "shutdown", etc. and acting on them. These commands would be coming from an audio file that is being played through the speakers, such as an MP3 embedded in a web page. Of course this would be heard by the user (unless they were deaf, but then you'd have to wonder why they'd have the speakers on) and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation. Unless you're silly enough to disable the UAC prompts, it is not possible through the use of voice commands to get the system to perform privileged functions such as creating a user without being prompted by UAC for Administrator credentials. The UAC prompt cannot be manipulated by voice commands by default. There are also additional barriers that would make an attack difficult, such as the clarity of the dictation.

Well it seems that this (fairly well mitigated) feature has now turned up on Security Focus as a vulnerability (Secunia haven't said anything... at least not yet, they currently only have one listed vulnerability - the Client Server Run-Time Subsystem, which is hopefully still a proof of concept). Well it's made me think about reporting another code execution vulnerability that I just thought of:

Windows Vista Keyboard Command Execution Vulnerability

Windows Vista is prone to a command-execution vulnerability because of its built-in keyboard capability.

An attacker can exploit this issue to execute commands on a victim user's computer.

Note: Due to the nature of the vulnerability, victim users will notice exactly what is occurring as it happens.

To exploit this issue, an attacker must entice an unsuspecting user to allow access to their home in order to type on the user's keyboard. Alternately, the attacker may choose to enter the home when no one else is around.
Jim Allchin
Friday 2nd February, 2007 09:51
I knew that he was leaving Microsoft once Vista had shipped, but I didn't realise that he had a blog and a great sense of humour. I especially enjoyed his last blog entry as a Microsoft employee: What Comes Next. For those of you that just want to read the funnies part, here's an excerpt:

While I don't know what I will be up to in the long term (although charity will be one key focus), I have a pretty good sense of what I will be doing in the near term, so I thought I would share what I think a typical day might look like.

It might go something like this:

7:00 AM: Breakfast with my sons. Ended up doing a product comparison review of the various cereals we had in our pantry. Sugar does beat the natural stuff and my suspicions about the impact of packaging on the post purchase experience were spot on. It turns out the box does matter.
7:40 AM: Kids off to school.
7:45 AM: Went to check email. Only two pieces.
7:46 AM: Checked network connection to see why I am not getting any email. Everything working perfectly.
8:00 AM: Went to clean up the playroom so that it's organized for when the kids get home. Ended up building an application to sort the Legos using a SQL Server backend and a Windows Presentation Foundation front-end on Windows Vista. Can't decide whether the primary index of the database should be color or size of the piece. While searching the web discovered that Lego means "I put together" in Latin.
9:30 AM: Spent 45 minutes looking around the house for the big refrigerator with the free soda just like Microsoft - was unable to find it.
10:15 AM: Worked on my Windows logo latch hook rug - another couple days and I'll finish the red.
11:00 AM: Watched Rachel Ray - god is she engaging. Maybe she should do the launch of the next version of Windows.
11:30 AM: Checked mail again. No messages.
11:31 AM: Turned off Spam filter.
12:00 PM: Went out to lunch with my wife. Was surprised to see so many other people out for lunch during the week. I wonder if they have been buzzing around for all of these years that I have been in building 26.
1:30 PM: Went to check out the Apple store at University Village to see what all of the hype was about. Ended up demoing Windows Vista for all of the employees (and a few customers). All they could say was "Wow." Ended up leading a group of them over to BestBuy to help them pick out new PCs with Windows Vista pre-loaded. Need to go to the Bellevue store tomorrow.
3:00 PM: Checked email. 150 unread messages. Unfortunately, 149 of them were spam.
3:10 PM: Turned Spam filter back on.
3:15 PM: Went to drive the afternoon carpool run. Spent 20 minutes waiting in line behind other parents whose kids weren't even outside yet. Need to write paper about Next Generation Carpool Queuing solution (NGCQ) that integrates Windows Live Presence with the driveway scheduler. Must get appointment with school principal when it's done.
4:00 PM: Home with the boys. Went to the playroom to help them build a train layout. Ended up doing interoperability test to study compatibility issues related to using Thomas trains on Brio track. Turns out while they work, the trains perform better on their native platform. Need to try Brio trains on Thomas track tomorrow.
4:30 PM: After a phone call with my Mom, I decided I needed to configure her account as a standard user for Windows Vista. This gives new meaning to "parental controls", but a son has to do what a son has to do.
5:00 PM: Dinner with the family. After they finished asking who was this strange man sitting at the dinner table, we had a great conversation about the kids' day. May have spent too much time asking them "how they would have done things better" and "what do they see as their key areas for growth."
6:45 PM: Read kids a bedtime story. They seem to be recently interested in "chapter books." I was amazed by how quickly they fell asleep when I read them one of my favorite classics, "The Theory of Recursive Functions and Effective Computability" by Rogers.
7:30 PM: Checked email. Again. No new email.
7:31 PM: Turned Spam filter off again.
8:00 PM: Went down to my music room to play my guitar. Dozed off on the couch.


Jim will certainly be missed at Microsoft.
Damn It
Thursday 1st February, 2007 14:09
Stupid f**king sandwich thingy, let me in so I can have my f**king sandwich!!!

*stabs the lid open with a pen*
Feeling Creative
Thursday 1st February, 2007 10:42
Design your own Nike trainers. Or at least select the colours of your choice. I had a play last night, I ended up with one colour scheme, but I still wasn't entirely sure about it. I may have another play later.

www.nikeid.com

It seems you can choose the Nike+ trainers or you can look back at their classic designs, such as the 90s design I chose. After a few minutes of playing around with colours, this was what I came up with:

NIKEiD Trainers

I'm still not happy, I suspect it'd take me hours to design something I'd be happy to wear constantly. But even if I designed something amazing, I'm not sure I could justify spending that much money.
Frustrated By Office 2007?
Thursday 1st February, 2007 10:21
Some things are now simple to find, you start to think "why didn't they do this sooner?" - and then five minutes later you're tearing your hair out because you know where the old command was, but you can't seem to find it on the new ribbon interface. These may come in handy:

Word 2003 to Word 2007 command reference guide
Excel 2003 to Excel 2007 command reference guide
PowerPoint 2003 to PowerPoint 2007 command reference guide
Updating QuickTime
Thursday 1st February, 2007 09:56
You might think that you could simply get the latest version of QuickTime straight from the Apple website. You'd be wrong.

After installing QuickTime, go to the Apple Software Update program and install an update for the updater (even though you just downloaded it from the website).

Apple Software Update

Once that's done, it will check for new updates and will find the new Security Update 2007-001 (again, even though you've just downloaded the latest version from the website). It will also inform you of an "iTunes + QuickTime" update, which it will helpfully select for you to install at the same time.

Apple Software Update: iTunes + QuickTime and Security Update 2007-001

For those of you that specifically installed the version of QuickTime without iTunes, you need to uncheck this box or iTunes will magically appear on your system. It appears that the software update program doesn't update the software you have installed, it will also try and install additional software. The thing is, if I wanted iTunes I would have installed the "QuickTime with iTunes" software.

Most people won't even realise that they're not running the latest version (unless, for example, you run Secunia's cool little Java applet), and will assume that the version they just grabbed from the website is secure.
© Robert Nicholls 2002-2018
The views and opinions expressed on this site do not represent the views of my employer.
HTML5 / CSS3