Everything, Everything

I've replaced my Beta 2 with Pre-RC1, and this is what I get (it appears to happen when I try to restart or shutdown Windows when VMWare Server presents a USB device).



I think I liked Beta 2 more; I think they've polished off a few things though in this new version, it looks a shade prettier.

It looks like Microsoft are letting 100,000 public beta testers grab this new version of Vista. It seems they've been developing RC1 and RTM builds at the same time - that could mean a lot of fun and games for them in the final few weeks. Whenever it's launched. Prices were leaked the other day, it looks like it's fairly similar pricing to XP, but the top versions (i.e. Ultimate Edition) are a lot more expensive. Not that anyone really buys Windows, it's usually bundled with a new system or bought as an OEM copy.

I think I finally understand why people complain so much about WGATray.exe making their PC slow. I booted into Windows on my laptop and connected a new network cable. I had set it to use DHCP for use at home, but when I connected it directly to the internet there was no DHCP server to give me an IP. I tried to open Windows Explorer and a couple other things as my system crawled, I brought Task Manager up, and I was only using about 4% of the CPU power, so I wasn't sure why everything was hanging. I killed WGATray.exe as I have a legitimate copy of Windows and didn't think it'd be a problem, and up came all those windows that I'd started. My guess is that when the application tries - and fails - to connect to Microsoft to do its thing it also forces Windows to grind to a halt. At least until it times out. We had a similar problem trying to play BF2 at the LAN party over the weekend, as the screen would go black and sit there for aaaaages and then suddenly up would come the EA video and then we could play the game. Presumably because having 6 of us on dialup (when it was on, most of the time it was off) meant it couldn't connect and do its thing either. Silly programs.

Listening to Girls Aloud on my mobile to drown out the snoring from the other two I'm sharing the room with. Also thinking about Amy, as I still haven't heard from her since something like Tuesday evening. Even though she said she would. Then again, my mobile was off most of today and the reception here is terrible.

Fab: Jesus, how many buttons are on this kettle?
Rob: One

I was a little bit worried that I kept seeing WINWORD.EXE running as a process on my computer when Word wasn't open. I started looking into it the other day with Process Explorer, and noticed I couldn't bring the window to the front, which wasn't surprising as I noticed it had been started as a service. But I don't have any services that run Word. Without thinking, I tried killing the parent, but that was the process for the DCOM Server Process Launcher as well as Terminal Services, so I got the lovely message telling me my computer was going to restart in 60 seconds. After a restart, which was actually quite useful as I'd been doing stuff with AviSynth and using up nearly half my RAM, I noticed WINWORD.EXE had gone. Success! But I knew it had come back before, when I killed it through Task Manager, so I started Process Explorer again. Then, when the system had settled, I started up Outlook. And up came WINWORD.EXE. It seems that Outlook launches Word in the background, presumably using an RPC call through the DCOM Server Process Launcher. I closed Outlook and away went Word. I started Outlook, and I went into Tools -> Options -> Mail Format and looked for the check boxes that I knew mentioned Word. There it was, "Use Microsoft Office Word 2003 to edit e-mail messages" was still checked. I'd been meaning to go back to creating plain text emails by default for a while, so I changed it to that and made sure both checkboxes to do with Word were gone, and now that weird WINWORD.EXE process doesn't appear. I'm less concerned about it using up my CPU, but now knowing why it had started or kept reappearing was bugging me, as it could have been something other than Word (that's why I started Process Explorer in the first place, to check it was the real WINWORD.EXE that was running). So it looks like my system is still clean, which is good, as my system's been clean for years, so my record still stands.

There's been a bit of fuss over an alleged 0-day in Microsoft PowerPoint, but it turns out that this is not 0-day vulnerability, it is related to patched MS06-012. That patch came out in March, 5 months ago. Isn't it amazing what a fuss "researchers" can make over a vulnerability that was patched so long ago. How did none of them notice it'd been patched?

Talking of researchers, Microsoft aren't very happy with eEye for disclosing problems with the (now postponed) hotfix that was due out yesterday. You can try and read between the lines in the MSRC blog:

Unfortunately, one of the security researchers who reported this to us disagreed with our decision to hold communications and has publicly pointed out the exploitability of the specific crash and the affected platform. Up until now, we have not seen any attacks using this vulnerability, nor have we seen broad awareness of this vulnerability. Since the exploitability of this is public now however, there is certainly increased risk of attack.

Or read the less subtle post on the IEBlog:

You may have read reports of a new, irresponsibly disclosed vulnerability that affects IE 6.0 SP1. We are aware of this issue and are actively working on an update that addresses the problem, which was introduced with our last security update (MS06-042).

It sounds like the issue is because Microsoft changed some buffer sizes in XP SP2; the code was first fixed in XP SP2 and then ported down to XP SP1 without taking this change into consideration. With XP SP1 support ending in less than 60 days, it's probably easier/safer/better to upgrade to SP2. Plus SP2 is great.

A 19-year-old allegedly attacked by rapper Busta Rhymes claims the star kicked him in the face. Roberto Lebron said the trouble started after he accidentally spat on Rhymes' luxury car in Manhattan at 4am last weekend.

That'll teach him to spit. Hehe. I'm not feeling very sympathetic today for some reason.

I bet Scott had no idea (and still has no idea) how topical today's Dilbert cartoon strip would be in the UK.

Police arrested over web selling

Police said two officers had been suspended from duty. Two South Wales Police officers have been arrested for allegedly selling police property on the internet. The pair - a man, 31, and a woman, 27, who are both constables - are accused of selling clothing and equipment. A spokesman said the force was investigating "the misappropriation of police property and possession of controlled drugs".

Not safe for work, unless you're alone in the office like me.

I woke up to the sound of this. I'm not sure who was playing it, but it was pretty loud. I've had it stuck in my head all morning. Damn that cool bass line.

I've just made myself a coffee, using whole milk (a bit of a risk at work, as sometimes it's off), but I didn't make it strong enough - the spoon I grabbed was a bit big, and it seems I didn't grab enough instant coffee powder. Still, it should be fine for dunking my bourbon biscuits. I miss real coffee. Fab might be bringing some "proper coffee" to the LAN party this weekend.

I don't need these, but they look nice.

Samung 70" LCD TV (1920x1080)
Shuttle XPC Barebone SD37P2 (and I'd stick a nice Conroe CPU inside it)

What I definitely don't want is a pink PS2 (but some people might like them, like 14 year old girls). It's a limited edition, I suspect that's because they know they won't sell very many.

I also noticed that ATI have released its Catalyst 6.8 driver package for both Windows and Linux. For Windows, it yields OpenGL application-specific framerate gains of 6.5-16 per cent, largely thanks to shader compiler and transform engine optimisations. Speed-ups of 22-30 per cent under Direct3D arise from tweaks to the code's memory management routines that benefit cards with 256MB of video RAM. Linux users will probably be more interested in the ability to support two monitors running at different resolutions and retains such settings even when the hosts system is shut down. ATI said it had also added support for its Radeon Xpress 1200, 1250 and 1300 chipsets. No wonder most Linux users go with NVIDIA for their graphics cards, if it's taken them this long to sort out two monitors and saving settings.

I'm not entirely sure why this got picked up by The Register, it's essentially someone having a go at Microsoft. There's probably one or two valid points, but the vast majority of the issues are caused by the user.

During the night, Microsoft took it upon itself to update my computer. I arrived at work to find a message stating: "Windows recently downloaded and installed an important security update to help protect your computer. This update required an automatic restart of your computer."

I have gone to some trouble to ensure that this doesn't happen. I have set Windows Update to "custom" - meaning that I will decide which updates I need to install, and how the update will be handled. And when an update says "this requires a restart" I have always specified that I will restart the machine at a time of my own choosing.

Basically that shouldn't ever happen. It sounds to me like a) he hasn't set it up right or b) group policy overrides his settings c) someone on the network uses WSUS or similar to force the system to apply updates and restart (I believe you can do that?). I've never had any trouble with Windows Update, with similar settings of "notify me but do not download" (or whatever it's called). Plus why did the user not save his work? He says he didn't have the ten minutes it required to close everything down, but it only takes a quick Ctrl-S, type in some characters, hit return to save what's in Notepad. I can understand why Notepad didn't save his work either, but if he'd used Word (or similar) it would have at least auto saved his work.

And yet, if I move the mouse, the software which now runs on this machine cannot keep up with it! The pointer starts to move, then hits a patch on the screen. "Hang on a moment! I have no idea where to move the pointer," says Windows. "I'll have to go and search my disk for the data which creates the images on the screen - I may be some time..."

Sounds like his system is screwed. Is it a mouse driver problem? Graphics driver problem? Has he got full acceleration on? Using onboard graphics on his slow computer? Latest drivers? USB or PS/2 mouse? Tried another mouse? No, we'll just blame MS.

And yes, IE's download manager is crap, the IE7 team have publicly stated that they will improve this in the subsequent release of IE (they can't do it in time for IE7).

Dave Massy [MSFT] (Moderator):
Q: Will there be a download manager in IE7 like the one in Firefox?
A: Hi, there will not be a download manager included in IE7 but there are many available as extensions see http://ieaddons.com/default.aspx?cid=2&scid=66 with some good free ones there.

Max Stevens [MSFT] (Expert):
Q: IE7 still downloads all files to the "temporary Internet Files" folder, and then copies the file to the actual location. Why is this, and wil it be changed? (quitte anoying with large files)?
A: It will remain this way for IE7 (I believe Eric Lawerence posted on this on the ieblog some time ago). For future releases, we are considering changing how our downloading mechanism works, and this issue has come up. So it's on our radar for potential changes in future releases.

The IEBlog can be found here, and the RSS feed is here.

Of course, the file may be corrupted even if it does get downloaded. I can tell Internet Explorer to download it again. "File exists - replace?" it asks. "Yes." Does it replace it? No! - it checks to see if the file appears to be on the disk, and it then pretends to download it. But in fact, the "download" takes place in a fraction of a second, and the same, corrupt file is left on the disk. The only way of getting the correct file is to go to the disk directly, delete the corrupt file, and then go back and download.

Sounds to me (although it's a complete guess) like some sort of cache issue, perhaps his browser doesn't check automatically/every time, or perhaps it talks to a proxy that also has the incomplete file? Or a combination of both? Again, a third party download manager would probably alleviate that problem.

Microsoft aren't perfect, I agree with some of the issues he's raised (although the mouse thing really sounds like his fault), but that's usually why there are 3rd party programs to help.

The first rule of Fight Club... know which window you are on. I think us geeks have all had this problem at one point or another, you forget which Windows is which system.

I had an issue on my beta test box that I had to fix before installing the WSUS 3.0 beta and I was comparing the settings in IIS to my home server. Well stupid me was RDPing into both boxes and stupidly changed the settings that worked on the home server to the ones that broke things on the beta server.

Yup now I had two broken boxes instead of one.

Yeah that was a blonde moment...so then I had to remote into the Server at the office being EXTREMELY careful not to screw anything up in the REAL server and had to compare the settings and permissions in IIS. Some folks have said that they make the background color of each server a different color so they know exactly which server they are working on.

I've done the background trick before now, my old fileserver and my Shuttle at my last job had white backgrounds. It also hurts your eyes after a while, which might be why the new fileserver still uses the default blue. Talking of fileservers, or places to hold lots of data, Susan also ranted about the 500GB external hard disk she bought.

So why is a 500 gig external harddrive I just bought (to be added into the rotation of backups) ...firstly.. not 500 gigs but more like 480 (truth in advertising does not extend to harddrives?) and secondly ... why does it come shipped as a FAT32 with not a lot of documentation regarding how it should be flipped or converted to NTFS?

If you have a FAT32 harddrive it flat out will not work with ntbackup. Well.. it will...but your backup will stop after 4 gigs which is the logical chunk that the FAT32 can do.

I guess it's because the manufacturers don't know what is going to be backed up.... one Windows 98 that can't support NTFS or a nice server.

...somehow I don't think someone running win9x would be buying a 500 gig harddrive... but I could be wrong.

I think anyone still using Windows 98 should be shot, or at least maimed.

Not that using the latest software is always the best. It seems that to perform a "Find" in Excel 2007 you have to click on:

Home
Editing
Find&Select
Find

versus the old method in 2003

Edit
Find

And they think the ribbon will make things easier? I'll probably hate it at first, but eventually get used to it. That doesn't mean it's any good though. At least you could turn "personalized menus" off in old versions of Office.

PS I really can't help push ieSpell enough, it's great!

Sometimes it can be hard to remain positive:

But that's what friends and family are for. And chocolate :)

I got bored the other day and compiled the xvidcore.dll from the latest CVS off the XviD website. It was a bit fiddly but I managed to install NASM, install Visual Studio.NET, I also installed something else (something like pthreads? I'm not even sure it was necessary) and went to compile it. I'd put nasm into the path, but Visual Studio.NET gave me lots of errors, it seemed to be happier once I'd moved nasm to C:\\nasm and changed the path. But it still wasn't happy enough to compile, so I tried recreating the command that was failing and it worked fine when the output file was saved in the same location as nasm (i.e. I provided the filename, no folder), so I compiled each one by hand, something like two dozen files, and moved them to the debug folder and then Visual Studio was very happy, and out popped my xvidcore.dll. I replaced the version that was already in my system32 folder with my version, and it seems to work fine. I've only done a couple of short tests and two long tests (the last one was a 100 minute video that took 89 minutes to complete both passes on my dual core computer - it was onlyusing about 90% of my CPU, no matter if I had 0 threads or 2 threads). After adding the audio I ended up with a pretty decent looking conversion. I tested it on a single core CPU (2.2GHz Pentium M) and it was pretty quick. I'm quite happy with XviD now, but DivX is still easier and I think it uses my CPU better, but it does seem to take longer and doesn't seem to look any better in terms of quality. If anything XviD is slightly sharper.

But funny (PDF).

I don't normally mention these, but the latest one was pretty good (some are very hit and miss, but I think this one will even be mildly funny for non-geeks). I think I've read every single episode, partly from catching up on a lot of missed episodes during my "revision" for my second year exams - in between watching every episode of Angel and Buffy.

Well, it might do. It sounds like waist circumference or waist-to-hip ratio, which indicate levels of abdominal fat, are more accurate guides.

Taken from an article on the Sky News website.

West Virginia airport terminal has been evacuated after two bottles tested positive for possible liquid explosives.

A bomb-sniffing dog reacted to the containers in a woman's carry-on luggage.

A screener noticed the bottle as the passenger, of Pakistani origin, prepared to board a flight to Charlotte, North Carolina.

Airport director Larry Salyers said security screeners detected material in the containers indicating "it very well could be a bomb".

I wonder if America will start to take things a little more seriously now, as it looked like they didn't really believe there was an imminent threat. Even if it's not a very plausible one.

I've just installed it on IE7 and it seems to work okay (odd, it didn't have okay in the dictionary). I've just set the language to UK instead of US. And made it ignore uppercase words like IE7. It's only free for personal use, but that's fine for me.

Seen in an article on the Sky News website, a drug addict mother who gave her son with heroin and crack cocaine from the age of nine was has been jailed for nine years.

Kelly showed no emotion at the sentencing

That'd be the drugs ;)

I don't think they'd make very good pets, if this is what they do when left home alone. I know, I know, it looks like it fell down a chimney and couldn't get out. Poor thing.

I think I'm in love. Look at all the pretty pictures. Shame it requires Vista, and possibly a new graphics card (even though my current one is great).

And when I get bored I do silly things.

Who remembers Justin Timberlake's video for Rock Your Body? I did a quick search with Google and found some images, and one low quality (but pretty useful) animated GIF that had a frame that was perfect for what I was looking for. Hopefully I'm not going to run into any copyright issues by showing it here:



And here's a link to the 3GP file taken off my mobile. I'm going to convert it into something useful later so you can watch it more easily.

EDIT: you can watch an animated GIF version here (no sound, obviously), it's a bit bigger though (800KB), sorry!

Bet I'll have you naked by the end of this song ;)

I was looking at an item on Aria's website and spotted an odd looking banner. You can see it in the bottom left corner of this screenshot, or at the product page itself.

If this works, you can also see it here:



Since when has configurated been a real word? I'll give you a clue: it's not. Google, once again, helpfully suggests "Did you mean: configuration" although it should suggest "Did you mean: configured" - but it proves my point.

I found out today that Roelof J. Engelbrecht, a long-time SETI@home supporter and author of the SETI Spy utility, passed away on November 16 2004 at the age of 38. I loved that utility and used it on all my PCs that ran SETI@home, and he always gave the impression he was a friendly upbeat guy. He'd been diagnosed with a rare, untreatable liver disease called Primary Sclerosing Colangitis, for which the only cure is a liver transplant. Having successfully raised 50,000 dollars for his transplant (thanks to donations from many SETI@home users) he discovered that the old organ was infected with bile duct cancer cells, as well as PSC. Some of these cells were left behind after the operation, so he underwent chemotherapy, but it wasn't successful in preventing the aggressive spread of the disease. He seemed like a really nice guy, and he worked so hard to make that wonderful free utility available.

I wasn't too happy that I had to register in order to use a trial version of some software, but I was rather pissed off when it told me that the license key had expired. Yes, the key I had copied and pasted directly from the email they had just sent me. I registered again (technically Mr X X from X did using my email address, as I CBA to complete the form properly), got a second key, and it had also expired. It then asked me if I wanted to try the more basic version, so I said yes, then it told me that my license was invalid and gave me the option to buy it, change my registration or quit. So I decided to quit. Stupid software.

There's been an interesting chat on Dave's forum, after Dave posted some holiday photos.

Initially his sister told him off, saying: Oh and by the way, it's Algaiarens.

So I Googled it (sorry, I did a search for it using Google) and Google says: Did you mean: Algeriens

I replied saying: I suspect both are generally considered to be "right", just like Majorca or Mallorca, or Minorca or Menorca (English usage of the latter is increasing). At least it's closer than when we call Koln (i.e. in Germany) Cologne.

But then one of the other guys on the forum added: Oooh, I saw a really interesting piece about that somewhere... Can't find it now, but it was basically arguing that our pronounciation is actually closer to the original than the german.

Scarily, I found it interesting too and Googled it.. I mean did a search for it using Google. Many of the surrounding countries refer to it as Cologne/Colonia, and if it does come from the latin (Colonia) then it strongly suggests that the Germans may have changed/corrupted it in recent times (and some of the neighbours, like Hungary, also use the new form). You learn something new every day.

Another silly animation. I hate it when people put together topical items, whether it's mixing two songs or name dropping two popular people to make yourself look cool, but this one caught my eye. I think it's because of how cruedly it was put together, yet it works and is somehow entertaining. Perhaps it's the crazy music that goes with it.

At first I thought this was a hoax, but it looks like it might be completely true. Scary.

Pretty funny, especially if you're a geek, or have ever worked on an IT helpdesk.

The following is allegedly (but is probably one of those joke emails) an actual question given on a University of Washington chemistry mid-term. The answer by one student was so "profound" that the professor shared it with colleagues, via the Internet, which is, of course, why we now have the pleasure of enjoying it as well.

Bonus Question: Is Hell exothermic (gives off heat) or endothermic (absorbs heat)?

Most of the students wrote proofs of their beliefs using Boyle's Law (gas cools when it expands and heats when it is compressed) or some variant. One student, however, wrote the following:

First, we need to know how the mass of Hell is changing in time. So we need
to know the rate at which souls are moving into Hell and the rate at which
they are leaving. I think that we can safely assume that once a soul gets
to Hell, it will not leave. Therefore, no souls are leaving.
As for how many souls are entering Hell, let's look at the different
religions that exist in the world today. Most of these religions state that
if you are not a member of their religion, you will go to Hell.
Since there is more than one of these religions and since people do not
belong to more than one religion, we can project that all souls go to Hell.
With birth and death rates as they are, we can expect the number of souls
in Hell to increase exponentially. Now, we look at the rate of change of
the volume in Hell because Boyle's Law states that in order for the
temperature and pressure in Hell to stay the same, the
volume of Hell has to expand proportionately as souls are added.

This gives two possibilities:

1. If Hell is expanding at a slower rate than the rate at which souls enter
Hell, then the temperature and pressure in Hell will increase until all
Hell breaks loose.

2. If Hell is expanding at a rate faster than the increase of souls in
Hell, then the temperature and pressure will drop until Hell freezes over.

So which is it?

If we accept the postulate given to me by Teresa during my Freshman year
that, "It will be a cold day in Hell before I sleep with you," and take
into account the fact that I slept with her last night, then number two
must be true, and thus I am sure that Hell is exothermic and has already
frozen over. The corollary of this theory is that since Hell has frozen
over, it follows that it is not accepting any more souls and is therefore,
extinct......leaving only Heaven, thereby proving the existence of a divine
being which explains why, last night, Teresa kept shouting "Oh my God."

This student was apparently the only one that was awarded an A.

BBC News website reader Matthew Robinson was on a British Airways flight from Heathrow to New York which was turned back after a mobile phone was heard ringing on the plane. I was sitting at the front of the plane - we'd probably been in the air for around an hour, maybe two, somewhere over Ireland.

A mobile phone started ringing at the back of the plane. No one claimed the phone as their own so people nearby started to panic and covered it up with pillows.

Yes, that's right, they covered the mobile phone with pillows, because a pillow is really going to stop any kind of blast! Mobiles were/are banned on flights because it was thought they could be used to trigger another device. If it were designed to blow something up when it was called, it would be too late once you hear it ring. If it's designed to broadcast a signal to another device, a pillow is hardly going to generate enough interference.

What they really needed was some kind of pouch that an electrical device can be placed inside, which would block a wide variety of signals. Or better yet, if you're feeling brave, take the battery out of the mobile. Covering it with a pillow won't do anything.

Perhaps I can sell the airlines some expensive boxes with shielding, and (optionally) some form of thick, airtight, bomb resistant material.

I was reading Scott Adams' blog again today, this made me chuckle:

When I fly, I have to pay extra if my suitcase weighs 51 pounds instead of 49. Then I take my seat next to Godzilla. He's got me beat by about 100 pounds. My ticket is subsidizing the fuel to fly his huge cheeseburger filled torso around.
...

Big people have their uses. There's no other way to get a couch to the second floor. And when a psycho pulls out a gun at the 7-Eleven, I appreciate having someone to leap behind.

I must stop reading blogs from MS people, but this one caught my eye: HSBC online banking security vulnerability? Or not? I say not, if a machine were compromised by a key logger, it'd be far easier to detect your credit card details (you know, the one you type all in one go at every online store) than take 9 attempts to hack into your online banking account.

I was reading one of the IE7 developers' blog and spotted this post about the City Inn Westminster: "the network tap on the desk in my hotel room was marked simply with an IE logo". I love that hotel, their internet access is good, and included with the room - you can even use it down in the lobby (they do wireless) while killing time to catch a taxi.

His blog also links to this cool quiz, how evil are you?



And, finally, I spotted a nice article in a MS developer's blog about the new WIndows kernel:

Impacts on Application Compatibility
Kernel Patch Protection may impact compatibility of some legitimate software, on x64 systems, which were built using unsupported kernel patching techniques. Microsoft is sensitive to how application compatibility changes impact our customers and our partners. That is the reason that we have implemented this technology on x64 systems only. As customers adopt the x64 platform, and new native 64-bit software, we have the opportunity to build a more secure and reliable next generation platform that does not facilitate unsupported and unreliable practices such as kernel patching.

We have also been asked to provide a supported way for 'known good' vendors to continue hooking the kernel but prevent others from doing so. Unfortunately, there is no reliable mechanism for us to distinguish between 'known good' software and malicious software. Moreover, we cannot prevent a malicious software author from "bundling" purportedly good software in an attempt to thwart the system. Even if we could include such a mechanism, it's unclear if we could use this mechanism to selectively allow kernel hooking in a manner that provides an acceptable trade off between performance and reliability and security. Furthermore, creating such an exception would greatly hamper the ability to utilize hardware assisted security technology, such as a virtual machine hypervisor, to further improve the integrity of the operating system.

Alternatives to Kernel Patching
Clearly, customers demand effective security solutions, and they can be developed without relying on kernel patching techniques. Some of the alternatives to kernel patching are:

1) Windows Vista includes the "Windows Filtering Platform", which enables software to perform network oriented activities such as packet inspection and other activities necessary to support firewall products.

2) The file system mini filter model allows software to participate in file system activities, which can be used by Anti-Virus software.

3) Registry notification hooks, introduced in Windows 2000, and recently enhanced in Windows Vista, allow software to participate in registry related activities in the system.

Some famous (and not so famous) ones all put together.

And a pretty good short movie, Call Center.

Most of you might not get that Futurama reference, but I don't care. I have new shoes! I had to try on over a dozen pairs, most ruled out within a few seconds, and my hands hurt from doing up so many laces, but I finally decided on one pair that didn't feel too bad. I love my old pair of Kickers, but I think I've had them about 6 years, and I need a pair that doesn't look worn/frayed/dying. I'll get used to the new pair eventually.

Hehehe.

The Ohio State University has announced that eating what you want when you want may be the key to staying slim. A study found that women who listen to their body and eat only for physical, not emotional, reasons are healthier and happier with their bodies than those who use strict diets. The study of 200 women found that "inuititive eaters" had a lower Body Mass Index that those who did not.

Eeeek.

Wow, there were a lot of them recently from Microsoft. I'm quite "pro" Microsoft, as someone called me recently, but I can admit when they do something wrong, and there are a lot of problems this month. Perhaps this is partly why Vista features a new SMB protocol (SMB2, the Samba people are apparently doing a good job at keeping on top of things for Linux users) and IP stack, as it can be easier to start again from scratch than try and audit and/or fix bad legacy code.

Anyway, I've stolen this from Alun's blog, but it's a pretty good summary.

06-040 - install this sucker unless you block the usual RPC ports internally and externally.
06-041 - install this unless you never use DNS to external servers, or can apply the workarounds.
06-042 - install this on any machine that runs Internet Explorer. Then install it on the ones that don't yet.
06-043 - if you use OE6, install it. What the heck, it doesn't cause a restart, so (make sure you're not running OE6 right now, and then) install it anyway.
06-044 - install on any machine that runs Internet Explorer - see 06-042.
06-045 - install on any machine - don't be fooled by the "Important" rating, derived from the requirement that a user must click on an email or attachment or web page - users click on anything.
06-046 - install this. HTML Help is everywhere (thanks, Microsoft!)
06-047 - install this if you use Office, or anything that runs VBA.
06-048 - install this if you use Powerpoint.
06-049 - install this if your users are really sneaky and horrible. Do you trust your users?
06-050 - install this - it's all about protecting against users clicking on hyperlinks. see 06-049.
06-051 - install this.

I see that US-CERT have made a bit thing about applying MS06-040, and Susan has mentioned it in her blog, but Microsoft's blog says:

While we were aware of very, very limited exploitation of the vulnerability addressed by MS06-040 at the time of bulletin release yesterday we have not seen signs widespread malicious activity so far. But, be assured that, like we always do, we've got our Emergency Response process teams watching for any possible malicious activity along with our partners in the MSRA. If we see anything, we'll respond as quickly as possible and work to provide customers with guidance and assistance. And of course, like we did with Sasser and Zotob, should a malicious attack occur, our teams are ready to assist our partners in law enforcement with their investigations.

Did you see that? They said "very, very limited exploitation". Apply it quickly, but try not to be paranoid. Until a patch can be applied, the following actions may reduce the chances of exploitation:

Block access to SMB services (139/tcp, 445/tcp) from untrusted networks such as the Internet. Most people will block these ports from the internet, especially as Microsoft have been saying for years that these ports should be blocked, but that won't stop an internal attack.

Disable anonymous SMB access. This will not prevent authenticated users from exploiting this vulnerability, and may have adverse affects in mixed-mode domains. Again, if someone attacks you internally (either on purpose or via a naive user running a virus), it won't stop the attack.

Other workarounds are available in Microsoft Security Bulletin MS06-040.

I've not tried them (yet), but they sound cool.

ieSpell - a free Internet Explorer browser extension that spell checks text input boxes on a webpage

Mouse Gestures for Internet Explorer - similar to what you can do in Opera

I wonder how well they work with IE7 Beta 3.

It seems that the credit/results thing is still a bit odd, but at least I'm getting more credit for doing more units. Nick Johnson's done 33 results recently and has a recent average credit of 390.48. I've done 152 results and I've got a recent average credit of 810.87. Considering I've completed nearly 5x the number of results, I'm surprised I only have 2x the recent average credit. Perhaps it'll keep fluctuating. It's all very odd.

Must remember that I borrowed £2 off Mark today. I have something like �100 in my wallet, but I only had 5p change, and I wanted to use the vending machine. Mmmm, smoky bacon crisps.

I got a text message recently from Vodafone warning me that I was going to lose MMS from my contract (it includes some free text/wap/MMS stuff), but an article on The Register suggests that I might be able to call them and arrange some kind of deal. Mind you, my contract is so cheap, I'm sure they won't be that keen to help me. Perhaps I can ask for the new K800i phone at the same time and see what they say.

I remember why I love this film so much. Feeling a lot better now. I really want to play Zoo Station by U2 though.

My milk smells a bit off, so I decided not to add it to the coffee I made. Shame, I'm not a huge fan of black coffee, and this one would have been nice.

Jessica sent me a photo message earlier of Hannah in a pirate themed outfit, thinking it'd cheer me up (it did :)). She said she was wearing a matching outfit (hopefully a bit bigger).

I'm watching About A Boy. I was going to watch Mallrats, but decided against it in the end.

Shamelessly stolen from the MS RSS Blog:

Script in Feeds
You might have read the c|net article "Blog feeds may carry security risk" which summarizes the presentation given by Robert Auger and Caleb Sima of SPI Dynamics. The presentation points to potential dangers of malicious script embedded in feeds. This has sparked some discussion in the community.

We think it's good for the RSS community and users that the potential dangers of malicious script in feeds are pointed out and thereby can be addressed by application developers before any attacks materialize.

In IE7 and the Windows RSS Platform we've implemented several mitigations that specifically address potentially malicious scripts in feeds:

Sanitization

When downloading feeds, the RSS Platform passes the feed through a sanitization process which among other things removes script from HTML fields like the description element. Also, text fields, like the title element, are treated as text and not as HTML, so HTML tags are entity encoded. These steps are performed before the feed content is accessible by application including IE7's Feed View. Further, the feed content is persisted in the Feed Store in the sanitized form, so that applications accessing the feed data benefit from the sanitization.

Feed View in Restricted zone

The IE7 Feed View displays feeds in the Restricted security zone, no matter where the feed originated, even if for example the feed came from a site in the Trusted Sites zone. By default script is disabled in the Restricted zone. In addition, the Feed View disallows URL Actions including script and active content.

We designed and implemented the RSS features using the principles of the Secure Development Lifecycle as embraced by Microsoft. One of the principles is defense in depth. The idea being, even if script somehow were to sneak by the first layer of defense, the impact that the script could have is restricted, if not entirely negated.

So there you have it, Microsoft's RSS Feed Reader is great, even though the browser is still only a beta. Okay, so I'm also a little biased.

I should live in the SW.

"if your VCR is still blinking 12:00, you don't want Linux"

"excuse my english. my bulgarian is better"

Mind you, his name is Nikolay.

I decided to download Steam so I could pay and install some of Valve's games. I decided I'd buy Valve's pack so I could get Half Life 2, CounterStrike and all the other bits and bobs, as it was only about £50 after tax and converting from dollars. But it wouldn't let me! I'm sure I filled in all the details correctly, and I tried again with a tiny variation, and I was going to try a third time, but the software warned me that the details were nearly identical and that repeated attempts might lock my credit card. So I've given up on the idea of buying it on that card. I only have debit cards, and it doesn't take that. So it looks like, for now, they've lost out on £50.

I was 99% sure I needed one before, but I was eating a Starburst a minute ago when I could feel something kind of crunchy inside it. So I spat it onto my finger and felt around until I saw this little tooth coloured chunk. Then I walked to the bathroom and took a look in the mirror, and where I said the corner of a tooth looked a little dodgy, I can now see a big hole in the corner. So now I'm 100% sure I need a filling. I might see if I can change my appointment on Friday to be a longer one so I won't have to wait too long to get it filled. I wanted to text Amy and let her know, and I want to know how her tooth is as she said she might need a filling, but I won't.

I've nearly finished watching it tonight, and I loved this quote.

Coroner: My only question is how did she come to have sex with the dead guy?
Dante Hicks: She thought it was me.
Coroner: What kind of convenience store do you run here?

It's funnier if you've seen the rest of the movie leading up to that point.

I think we have a new wave of lesbianism here. The country seems to think (or at the very least ancourage the idea) that male homosexuality is taboo, but encourages female homosexuality and bisexuality. It seems like a large number of young girls are lesbians or bisexual (no, I don't hang out with young girls, but I am friends with Holly, I see profiles on social networking sites, and I sometimes go into chat rooms for 20 somethings which are usually half full of teenagers). Some may just be experimenting, but instead of experimenting quietly, they state publically that they're bisexual, which may encourage more girls. Experimentation isn't entirely a bad thing (although I don't plan on experimenting with guys), but some girls are too busy "experimenting" (yet they don't want to "experiment" with men?) and enjoying being with a woman to even think about having sex with a man. Perhaps this s because they find it harder to be with men than women, although many 20 somethings I know seem to have the opposite problem and are friends with too many of the opposite sex; or perhaps because they don't like the idea of penetration; or perhaps because men are generally sensible enough not to have sex with underage girls, so girls spend the first few teenage years having sex with each other? They realise they can still have pleasure with a woman, with the current media coverage it's clear that civil unions can give them the same rights as a marriage. So are men redundant? Men can't give sperm anonymously anymore (sperm donations are at their lowest point, the reserves are low), so perhaps this is man's way of getting their own back, the only way they possibly can? At least for now.

She went with HG Wells! :( She put more money into the fund than the others, and the answer's Aldous Huxley.

Mark's nuts. It's good that he's about to get the answer wrong and get nothing. It's Labour.

How come they find the easy questions so difficult? That Mark guy is mad.

Their DNS servers appear to be playing up yet again. Doing an nslookup for all the domains I can think of timeout, except for bbc.co.uk.

It's back up and running again now.

Very funny, although there were a couple weak bits. The ending was great. Ch-ch-ch-ch-changes.

After watching "Malice In Wonderland" (a video a friend made of his best CounterStrike moments), I feel the need to play some games (like BF2 with my fancy graphics card) and blow the crap out of people!

I got an email at 8:06 this morning from "Antony" with the subject line "Can you satisfy your girlfriend?".

Well I'm sure I would, if only I had one.

I hate spam.

On today's letters page of The Register:

Counting the true cost of nuclear waste:

"The cost to the taxpayer of storing the waste, both short and long-term, is likely to be around £70bn over the next 40 years."

I wonder if they have factored in the cost of instituting and running a monitoring system for the next 100,000 years or so that it will take the radioactive waste to become safe. We wouldn't want it leaking into groundwater after 10,000 years because the gradual depredations of water corroded the containers and no-one noticed.

Tricky to cost though, I suppose. To get a sense of the time spans we're talking about, consider that 100,000 years ago Britain was buried beneath an ice sheet during (if memory serves) the last but one glacial period and modern human beings hadn't evolved yet.

Devising a storage facility that will be safe for that time period poses one or two technical challenges. Have we considered the geological changes that will be wrought by the next ice age and the implications for any post-glacial civilisation that will colonise Britain. Can we make warning signs that will last that long, or that will be intelligible to whatever intelligent species is around then?

Richard

I must admit, I hadn't looked into it before, but I was fairly certain that 100,000 years was a bit extreme. A quick Google later (so this may be slightly out?) and it looks like:

Final disposal of high-level waste is delayed to allow its radioactivity to decay. Forty years after removal from the reactor less than one thousandth of its initial radioactivity remains, and it is much easier to handle. Hence canisters of vitrified waste, or spent fuel assemblies, are stored under water in special ponds, or in dry concrete structures or casks for at least this length of time.

After being buried for about 1,000 years most of the radioactivity will have decayed. The amount of radioactivity then remaining would be similar to that of the naturally-occurring uranium ore from which the fuel originated, though it would be more concentrated.

To ensure that no significant environmental releases occur over periods of tens of thousands of years after disposal, a 'multiple barrier' disposal concept is used to immobilise the radioactive elements in high-level (and some intermediate-level) wastes and to isolate them from the biosphere.

I'm not a mathematician, but 1,000 years is a lot less than the 100,000 that Richard mentions in his letter. Scaremongerer.

PS There's meant to be an example in nature to suggest that final disposal of high-level wastes underground is safe. Two billion years ago at Oklo in Gabon, West Africa, chain reactions started spontaneously in concentrated deposits of uranium ore. The reactions continued for hundreds of thousands of years forming plutonium and all the highly radioactive waste products created today in a nuclear power reactor. Despite the existence at the time of large quantities of water in the area, these materials stayed where they were formed and eventually decayed into non-radioactive elements.

After doing some searched in Google, I've discovered that Aria are one of the cheapest places online to buy the K800i, which is great news for me as I love them. It's very tempting to order it so it'll arrive the weekend I'm back in Cheltenham (using their Saturday delivery option). Someone talk me out of it (or into it)!

I decided to ignore this call while I was at work as the number looked very similar to this one from a few months back. I did a quick Google search, and the first item said "Have just googled this post re 02920 368705. This IS communications Direct-thats what they say when they ring me 6 times in last week". There might be a valid reason for them calling me, perhaps they've read my blog and know I'm thinking of getting a K800i and want to offer me an upgrade? ;) Or perhaps it's some cold calling exercise. I registered my mobile number with the TPS a while back, so unless they've got my number from marketing information directly from my network operator (although I normally tick/untick such boxes), I'm pretty sure I shouldn't have received that call.

On one of the pages someone said "The Cardiff number is probably the telesales agency my mate used to work for cold calling people to sell them mobiles. He quit as being told to f**k off 50 times a day was starting to depress him". I can understand why.

I told you it was good.

Remixed - so funny. It kind of reminds me of Underworld's stuff (and some of the weebl toons and something else that I can\'t put a name to right now).

Talking of YouTube etc. you may have read this article about this video clip. My comment on Dave's forum, where someone posted it, was "That one proves that English kids are dumb :)"

I was looking at my position in my SETI@home team, which is still exeter university as I\'ve been a part of it since I started back around the beginning of 2001, and noticed that I\'m in second place. If you look at the number of results returned recently, I\'ve returned 65, 25 and 16 (a total of 106). Nick Johnson has returned 72. That's only 68% the number of results I\'ve returned. In theory, I should expect to see about 2/3rds the amount of recent average credit that I have. My recent average credit is 535.79, Nick's recent average is 615.65. Yes, that's more than mine. So can anyone explain why someone is returning fewer units and getting a lot higher average credit? I decided to dig a little deeper in search of answers.

My Three PCs
silentbob2 Intel Xeon 2.40GHz - 4 CPUs, floating point speed 1034.91 million ops/sec, integer speed 804.58 million ops/sec
silentbobx Intel Pentium D 2.66GHz - 2 CPUs, floating point speed 1748.72 million ops/sec, integer speed 1495.74 million ops/sec*
silentbob3 AMD Athlon XP 2800+ - 1 CPU, floating point speed 1968.45 million ops/sec integer speed 3305.22 million ops/sec

Nick Johnson's PC
Intel Xeon CPU 3.20GHz - 4 CPUs, floating point speed 667.82 million ops/sec, integer speed 1228.54 million ops/sec

In terms of raw clockspeed, if we assume that the Athlon rating is fairly accurate compared to the P4 (and it typically has been over the years) we get:

4 x 2.4GHz
2 x 2.66GHz
1 x 2.8GHz
= 17.72GHz

4 x 3.2GHz
= 12.8GHz

So why aren\'t I ahead? Well the most obvious reason might be because my main machine (2.66GHz) isn\'t on all the time. In fact it's not on very often at all. However, I do have it overclocked, so instead of being the 2.66GHz it claims to be, it's actually running at a very impressive 3.6GHz. That makes it difficult to compare raw clockspeed.

It\'d probably be more accurate to compare floating point operations, as I believe that's pretty much what you need for crunching SETI workunits, and those figures should be there based on the CPU benchmarks or the work returned or something useful, consistent and accurate. I don\'t think integers really affect SETI, but they normally go hand in hand. Note: the Xeon processors that Nick and I have use HyperThreading so it's really two CPUs each with with two integer units and a shared floating point unit, rather than being two dual core CPUs (the Pentium D I have is a dual core CPU). Assuming my main machine is never on (even though it is) and the ops/sec are overall and not per CPU, that's 3003 and 4110 versus 668 and 1229. What happens if we just compare his one machine against just one of mine (the fileserver)?

silentbob2:
Measured floating point speed 1034.91 million ops/sec
Measured integer speed 804.58 million ops/sec
Average turnaround time 3.27 days
Results 65

Nick's PC:
Measured floating point speed 667.82 million ops/sec
Measured integer speed 1228.54 million ops/sec
Average turnaround time 0.57 days
Results 71

So the number of floating point operations is about 2/3rds of mine (my CPU is 3/4 the speed of his), his integer speed is 50% faster (more than I expected). Comparing the two hosts, he's only done slighty more results (1.09x the number of mine). The big differences? His turnaround time is a lot faster - perhaps because I queue a lot of workunits up as I don\'t trust my ISP, router or the SETI@home servers; he runs Linux. I\'m not switching to Linux just to get more credit, but I could see if fiddling with the queue makes any difference (even though it shouldn\'t).

Other possible differences? I don\'t think he's overclocking his machine, otherwise I\'d expect to see faster ops/sec. Perhaps he uses an optimized client? I thought I\'d switched to an optimized client a few days ago (P4-SSE2 for the Xeons, P4-SSE3 for my Pentium D) but I hadn\'t restarted the services for it to take effect (I hibernate my main machine). That means I could crunch even more workunits and get more credit, but probably still not get as much credit. Time will tell, now that I\'ve just started crunching with the optimized clients.

I wouldn\'t accuse Nick Johnson of cheating, especially as SETI are meant to be good at spotting that kind of thing, but something must be up. I know they plan/planned on switching to credit based on the number of floating point operations, but based on the evidence above I have 50% more floating point operations per second so that should be in my favour. So WTF is going on? All I want are answers.

My headphones are dying. Okay, they\'re not too bad, but the plastic/rubber sheath has started to perish at the point where they bend around the top of my ears. It's not uncomfortable, but I\'m a little concerned that the copper wire is visible. Perhaps it's a good excuse to think about buying the next model up. They\'re meant to sound ever so slightly better, as well as being more comfortable.

Justin Long is in talks to join Bruce Willis in the Len Wiseman-directed Die Hard: Reset, the fourth film in the 20th Century Fox franchise.

Production Weekly says "Reset" finds hero John McClane (Willis) coming out of retirement to battle an internet terrorist organization intending to systematically demolish or seize our technological infrastructure via a three-day plan. These guys will gradually step up malfunctions starting with traffic control systems, working towards economic markets, and finally shutting down key utilities like power and water, to send the U.S. essentially into a modern Dark Ages.

Is it just me, or have they simply mashed some old movie scripts together? Willis coming back out of retirement sounds a bit like when they brought Sylvester Stallone back in Demolition Man. And I\'m sure a few other movies have shut down key utilities and stuff. Perhaps it\'ll be good. I hope it is. Even if it isn\'t, I\'ll definitely watch it.

I can\'t seem to connect to my fileserver via Remote Desktop. This usually means my fileserver is dead or the router is dead (or dropped the connection) or my ISP has gone down again. All are probably equally likely, but I suspect (and hope) it's the router. I tried scanning it with nmap, and all I can get back is "filtered" even on the ports that were being portforwarded to the fileserver that I think should come back as closed if the server is dead. I hope I just need to reset the router to sort it out.

Okay, so it's not that early, but I\'ve run out of things to do and I don\'t even have Amy to look forward to tonight on MSN, so I think I\'ll head to bed now. If I\'m lucky, I might even fall asleep fairly quckly, but somehow I doubt it.

I have a song stuck in my head, but I don\'t know what it is, and I\'ve flicked through so much of my music collection that I\'m starting to forget what it was, and it's bugging me.

An 11-year-old boy badly burnt when a mini-motorcycle collided with a car in Kent has died in hospital, and his 12-year-old friend is seriously ill in hospital. The two boys, who lived locally, suffered burns when the mini-motorbike caught fire after the collision.

The mother later urged parents whose children had mini-motorcycles to "think twice about letting them ride it or even be a passenger on it". Think twice? Should parents "think twice" before giving kids the keys to cars? Perhaps they shouldn\'t be allowed to ride them at all! An amnesty is currently under way in the Shepway area of Kent to encourage people to hand in off-road vehicles such as mini motorbikes which are illegal to use on public land or roads without insurance, road tax, registration documents or number plates.

I came across a somewhat controversial piece while reading The Register.

Firing artillery shells into the stratosphere to release sulphur particles could defeat global warming, climate researcher Paul Crutzen says. Crutzen reckons that the effect would last about two years. He bases this on observations of the Mount Pinatubo eruption in 1991, which released significant quantities of sulphur into the atmosphere and may have lowered the Earth's average temperature by 0.5 degrees Celsius. Or not. What could possibly go wrong? Oh, heaps of things. Very little is known about how sunlight affects weather patterns, so fiddling with it could result in anything from minor changes to catastrophic droughts throughout the world's most fertile regions.

On the other hand, we might already have come to depend on "global dimming" from air pollution to keep global warming at bay, so this artificial volcano idea might be the way back from disaster. There is evidence suggesting that recent efforts to reduce greenhouse gas emissions has caused a spike in global temperatures over the past decade. Without our protective layer of industrial pollutants, the Earth's atmosphere is now reflecting less solar radiation, and temperatures are rising. We could be rendering the planet uninhabitable just because we\'re afraid of a little shmutz in the air.

I do like clean air though.

I was reading an item on Securiteam's blog today and loved the term they came up with.

You gotta love the term Zero-day Wednesdays. It explains in a sentence everything that is wrong with Microsoft's Patch Tuesday

I must admit, I can see the reasons for and against a schedule: it allows (IT support) people to schedule patch installations, and possibly make it coincide with other patches to limit downtime, but it also means you may have to wait 4 weeks for a patch to appear for something malicious that appears immediately afterwards.

The good news? If the situation is fairly critical, Microsoft will rush out a patch, as seen with the WMF vulnerability as the start of the year. Also, people may moan that it takes up to a month for Microsoft to fix, but that's only a month from when people notice. The big bad things to worry about are the targetted attacks using vulnerabilities that haven\'t even been reported! So the term is nice and cute, but I wouldn\'t worry about it. As ever, don\'t trust unsolicited attachments, keep your AV software up to date, and try not to run Windows as an Administrator.

Or bad user? I received this email on a mailing list:

That is some got finding I would hope the did\'nt make this a faeture cause that is more of a flaw if any. Have you tried dearching to net to see if anyone has. The same finding if not try to contact them
Sent via BlackBerry from T-Mobile

Is it really that hard to type on one? Having said that, I tried sending a text message yesterday with a Nokia a phone and it took me ages as I\'m not used to writing with it anymore.