Everything, Everything - July 2007

2021: January
2020: J F M A M J J A S O N D
2019: J F M A M J J A S O N D
2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Tuesday 31st July, 2007 19:39
The hotel information folder gives me the WEP key, I can establish a connection, but it won't give me an IP address. I did some sniffing and I did appear to see an IP address being offered at one point, but even after manually specififying some settings, I was still unable to do anything. So I'm back to the trusty mobile phone for a few minutes. Got here much later than expected, going to dinner in a bit, not entirely sure when I'm going to find time to do my practice run of the work tomorrow. It could be a late night.
Monday 30th July, 2007 16:12
There's no easy way to discretely open your bag of crisps in a fairly quiet room. Although I have just realised I could have cut the top of the packet off with the pair of scissors next to me, but then I'd look odd. I'd rather be noisy than have people think I'm odd.
Tuesday 24th July, 2007 09:17
I'm not really a dog person, especially little ones, but this story made me warm to them a little. A pet Chihuahua has saved a baby from a deadly rattlesnake. One-year-old Booker West was splashing his hands in a birdbath at his grandparents' home in Colorado when the rattlesnake slithered up to the infant. When the snake lunged at terrified Booker, brave Zoey the Chihuahua jumped between the rattlesnake and the baby, getting bitten in the process, allowing Booker to escape. Zoey was rushed to the vet in Masonville and is now back up and running around. Zoey's proud owner Denise Long said: "These little bitty dogs, they just don't really get credit"
Sunday 22nd July, 2007 22:31
I've been watching old episodes of South Park, and I stumbled across "Hooked on Monkey Phonics" (season 3, episode 13), which I don't remember watching the first time around. It's not the best episode I've seen, but it's got one of the catchiest songs I've ever heard on South Park, when Kyle is trying to serenade Rebecca:

Everywhere I go, I'm thinking of you, Rebecca.
I don't know what to do, Rebecca.
You're so nice, I'd like to get to know you better.
So what do you say we get together?
You really are quite good-looking, Rebecca!
You really are quite good-looking, Rebecca!
Rebecca, you're really quite good-looking!
You're a fox.

You probably have to hear it to understand why it's so good. Go listen to it now. On YouTube.

Also, this episode starts off with a spelling bee, and recently I've been thinking about how poor my spelling is getting. I'm having to rely upon the spellchecker and/or Google to make sure I'm spelling certain words correctly, words that never used to cause me problems. Like serenade.
Saturday 21st July, 2007 19:32
Should I be worried that my wireless connection gets really sluggish whenever I'm cooking stuff in the microwave? At least I know when my food's ready.
Sing It Back
Saturday 21st July, 2007 18:54
I decided to see what the show's like, and find out what JK and Joel look like, after hearing them so often on BBC Radio 1. They should stick to the radio ;)
Honour Killing
Friday 20th July, 2007 11:16
It's a crazy idea. There's no honour in killing someone, even if they do perhaps deserve to die (I still have mixed feelings over capital punishment). But what makes this "honour killing" even more disturbing is that Banaz Mahmod had been raped and tortured before succumbing to an agonising death. I can almost comprehend the warped idea of "honour killing", even though I disagree with it, but I can't see how rape and torture fits in unless you're just a really sick bastard. Last month, Mahmod Mahmod and Ari Mahmod were found guilty of murder. Mohamad Hama pleaded guilty to murder before the trial. They all face life sentences. Banaz was garrotted for five minutes but took half an hour to die as Hama stamped on her neck to "let her soul out".
Fire Alarm
Wednesday 18th July, 2007 23:55
It's nearly midnight and the fire alarm has gone off. It's probably a false alarm, it has been every time it's gone off over the last 15 months. As you can see, I'm in no hurry to throw on some clothes and leave the flat, not until I see some smoke or flames. Or hear people scream. Aaah, it's stopped.
Good Deeds
Wednesday 18th July, 2007 09:59
In the last 24 hours, I have given good advice to people. Sometimes I wonder why I do it, but it can be nice to help others. Yesterday I left a comment on Sandi's blog with a suggestion and explanation for the strange behaviour that someone had seen on their site (and claimed was a bug with IE7). It wasn't so much a bug in IE7 (although the Auto-Select behaviour in IE could be better), but a mistake on the website (the meta tag said to use a different character set to the HTTP header). I noticed my suggestion had been taken up, and it does appear to be working fine now.

I also replied to a message sent to the nmap-dev mailing list with suggestions on how to resolve the issue that the person was encountering on Vista. Gianluca replied to that with a nice way of testing if it is a privilege problem. And then Clement replied with an email that made me smile. It was unwise of the OP to throw in the phrase "Does anyone have any idea on how to get around this issue until the developers of nmap create a bugless version?".
Monday 16th July, 2007 11:38
I never noticed until I started living by myself just how quickly milk goes off. And when it goes off, it gets really disgusting. I almost expect it to happen at my flat, as it's just me, and I don't always want a coffee in the evening after spending all day drinking it at work. But I do expect it to be okay at work, where there are lots of people. I went to make myself a (styrofoam) cup of coffee this morning, and as I poured the milk in, I noticed it was clear, followed by a small lump. Resisting the urge to be sick, I poured the entire drink down the sink and made myself a hot chocolate instead. I guess the milk had been there all weekend, just like the rest of the milk in the frige. Most appeared to already be open, and I didn't want to try the other milk. I'm about to make my third cup of hot chocolate now, my body desperately craves some caffeine right now, especially as I woke up early in order to drive here (the M4, somewhat comfortingly, was its usual busy self again). I can't wait to get back to my office, and make myself some real coffee (and not Gold Blend) with fresh milk.
Monday 16th July, 2007 10:08
I saw this on the mailing list and it made me smile:

On Tuesday 10 July 2007 08:53, Gadi Evron wrote:
> To paraphrase Guninski, this is still not a 0day. It is a vulnerability
> being disclosed.

You're being pedantic Gadi. :-)

We have to accept the term "0day" has passed into
the realm of meaningless nebulousness along with
"hacker" and other misused terms.
Whose Fault?
Wednesday 11th July, 2007 13:51
I saw this when it first appeared on the SecurityFocus mailing list. A vulnerability has been discovered (complete with PoC), which (ab)uses the relationship between IE and Firefox. The exploit is quite effective, but there's just as much controversy over who is actually at fault. Instinctively, I say Mozilla. There are two reasons for this:
  • Firefox does not validate external input
  • Firefox registers the "firefoxurl" URI
Microsoft had a very similar problem three years ago where people used IE as an attack vector to exploit problems with Outlook Express (The vulnerability is caused due to a weakness in the way MHTML URLs are handled. This can be exploited to execute arbitrary code in the "Local Machine" security zone with the privileges of the current user), which was classified as an Outlook Express vulnerability.

Jesper Johansson, a former senior security strategist for Microsoft, said in a blog entry: "This exploit is actually for Firefox, but Thor exploited it by making IE launch Firefox" and "Firefox fails to properly validate the parameters, and any fix will have to come from Mozilla, not Microsoft".

The Register said: Roger Thompson, CTO of Exploit Prevention Labs, says Microsoft shares culpability because IE fails to properly validate the input before passing it along. "I think it's an IE issue mostly, because if you access the exploit directly with Firefox, FF warns you that something bad is happening and advises you to not do it," he said in an instant message.

But I think that's wrong. It would be nice if IE validated the input, but I don't think it should necessarily be expected to validate everything. The third party application should be the one validating all input.

Most importantly, if you try and run the PoC under a default installation of Vista (with UAC and Protected Mode enabled), just like Firefox, it warns you that something bad might be about to happen (unless you previously told IE that it could trust the third party application "Firefox"), so Vista users have ways to mitigate bad things from happening.


EDIT: It seems that Firefox is the current attack vector but IE is to blame for not escaping quote characters when passing on the input to the command line. Firefox could have registered its URL handler with pure DDE instead and avoided the possibility of a command line argument injection, but it would be best if IE made it safe to launch external applications. The exploitability on those depend on what arguments each application accepts. If Firefox is already running then IE doesn't instantiate it through the command line, but through DDE instead, so the exploit doesn't work.
Obsession Hobby
Wednesday 11th July, 2007 11:56
Is it wrong that I have a choice of ground coffee and a choice of biscuits to nibble on with my excellent cup of coffee?
I Have Coffee
Tuesday 10th July, 2007 15:29
Real coffee, and the world is starting to feel right again.
Sunday 8th July, 2007 23:07
Why did they play static lines across the video of "Pauline" to the Big Brother housemates? In this modern world, I'm surprised they went with that sort of interference. I would have expected to see digital artefacts, like you often see during sporting events.
Big Brother - Double Standards Redux
Sunday 8th July, 2007 15:32
Laura used the word "poof" a second time and was finally reprimanded by Big Brother. It would have been nice if they'd said something the first time.

But now Charley has recently had a conversation where she used the word n****r. A Channel 4 spokeswoman told the Sunday Mirror: "Charley used the N-word as a black woman to refer to another black person. We judged her use of the term different from Emily's. But Big Brother called her to the Diary Room to remind her that this word could cause offence." - this apparently won't be broadcast. I can't be bothered to go into it in too much detail, but this all screams of double standards. Channel 4 said (when they evicted Emily) that it's a racially offensive term which could seriously offend housemates or members of the public, and the context did not matter. Charley has now used the word several times. She's still in the house.

But they like Charley, that was obvious when her and Billi's nominations were discounted for discussing nominations, which saved Charley from being up for eviction. In previous years, discussing nominations would stop you from being able to vote the following week.

So why do they want to keep Charley in the house? She's "entertaining", because she shouts and irritates people, which can make good TV viewing. But you can only watch an annoying person for so long. My opinion of the housemates has changed over time, and although I don't want any of them to win, the person I dislike the least is probably Gerry. In fact, it turns out the list is somewhat similar to their IQs:

Gerry, Seany, Chanelle 114
Carole 112
Amanda 95
Ziggy 94
Nicky 90
Sam, Tracey 89
Laura 79
Charley 70
Shabnam 55

Gerry was expected to do higher, but the tests do involve language, and Gerry is Greek. It has been suggested that Charley and Shabnam weren't concentrating on the test, but I can't see it affecting the result by that much. I'll also point out that it is considered easier to raise your IQ score above the 100 average, than drop it below, and the median reference score is apparently 95-110. To score an IQ of 115-125 is much more within the "average" adult human capability, than to score below 85. 70 and below is considered significantly below-normal global intellectual capacity as an adult.

It was quite funny to hear that Ricky Gervais had Chris Rock saying "Get Charley Out" when he had no idea what for. He also apparently said "I think Live Earth is going to stop global warming, just like Live 8 stopped poverty" and (fitting with the theme of this post) "People are getting so tanned in America white people are calling each other n*****s".
Big Brother - Double Standards?
Thursday 5th July, 2007 02:01
Nine days into the current series of Big Brother contestant Emily was removed from the house in the early hours of the morning after using unacceptable language. At the time Angela Jain, head of the Big Brother commissioning team at Channel 4, said "such behaviour won't be tolerated", but on last Sunday's episode of the show, Laura called Lian a "poof".

A spokeswoman said: "During a chat in the bedroom Laura was tickling Liam's feet as he tried not to laugh. When he did laugh, Laura called him "you poof" in an affectionate and flirting way. The words were not said in anger nor were they intended to be derogatory or demeaning. Neither Liam, nor any other housemate, took offence to this term. The use of the word was carefully considered in the context in which it was said and consideration given to the fact that no offence was intended or caused to any other housemate," the spokeswoman said. However we understand how this word could cause offence to some viewers and we have taken on board these concerns. All housemates are and will be continually monitored regarding any language or behaviour that Big Brother deems unacceptable."

The statement also said that Big Brother "absolutely does not regard homophobia as any less serious than racism".
LG To Build Youtube Phone
Wednesday 4th July, 2007 17:10
The B Word
Wednesday 4th July, 2007 14:26
European Justice Commissioner Franco Frattini is set to put forward proposals that include the banning of websites that explain how to make bombs. Mr Frattini said that in the wake of the foiled London and Glasgow terror plots, and a spate of terrorist arrests in Spain and France, it was clear Europe had to pool more resources in the fight for justice. It sounds a lot like a knee-jerk reaction to me. It also sounds incredibly stupid, as banning such websites in the EU will not stop terrorists from finding instructions hosted on webservers that are outside of the EU. If it was that easy to ban such information from being published on the internet, we wouldn't have so many high profile "torrent sites" and "trackers" to help share files that contain copyrighted material (copyright infringement in the US is a criminal action too).

Mr Frattini also wants an EU explosives database and a "rapid alert system" to track lost or stolen explosives. Which sounds a little silly, as how do you track lost explosives? Or is it a case of "we lost it here" followed by "it was blown up there"?

EDIT: According to the Telegraph's Brussels correspondent, "internet service providers would face charges if they failed to block websites with bomb-making instructions". Presumably this will only apply to bomb-making instructions, and it'll still be okay for ISPs to allow child porn, Hollywood movies, or anything else that people shouldn't be allowed to view, without the ISP getting into any legal trouble?

There doesn't appear to be any mention of instructions sent via email, browsed over encrypted relays such as Tor (if your requests go - encrypted - from one PC to another to another to another and eventually out of an exit node in America, that should be okay), sent by post (good old Royal Mail), or physically transported. Nor did Frattini's plan offer any serious chance of websites being blocked at hundreds of ISPs in time to prevent full details being obtained by anyone who wanted them. Nor did it take account of the speed with which controversial information can be - and usually is - mirrored (for example, the AACS key).
Women Are The New Men
Wednesday 4th July, 2007 11:15
Why are so many women fuckwits? And on the flip side, why do some other women try and be polite and non-committal, giving the impression that they might be interested in you once they get to know you, only to discover that they don't have and will never have any feelings towards you. Men have gained a bad reputation over time for many reasons, but modern women are just as bad, if not worse. Women are the new men. I hope it shall be their downfall. Maybe we should raise awareness and have a "Monday Man Day" or something, where men refuse to go on dates, refuse to have sex with women, refuse to do "manly" tasks such as DIY, eat "manly" food (Yorkie bars - I think we've found our sponsor hehe - and curries?). Any one else have any suggestions for a "Monday Man Day"?
Made Me Laugh
Tuesday 3rd July, 2007 14:40
Charley said something in the Big Brother Diary room the other day that made me laugh: "I've only had about 3 arguments since I've been on this program".
The Weekend
Monday 2nd July, 2007 10:14
I've spent the last few weekends travelling around the country, catching up with friends from uni and friends from where I used to work. On Sunday I finally caught up with a friend that started work on the same day as me way back in 2003, we're both working at other places now, and we try to keep in touch over MSN, but it's not the same as actually seeing each other face to face. I headed in to Waterloo and we grabbed a coffee and chatted for well over an hour, sitting in the sun next to the London Eye. It was a nice moment.
© Robert Nicholls 2002-2021
The views and opinions expressed on this site do not represent the views of my employer.