Everything, Everything

The Month of Apple Bugs is nearly over (I presume there will be one more later today), and today's was a bumper size:

Multiple developers of Apple based software including Apples own developers seem to have a misunderstanding of how to properly use NSBeginAlertSheet, NSBeginCriticalAlertSheet, NSBeginInformationalAlertSheet, NSGetAlertPanel, NSGetCriticalAlertPanel, NSGetInformationalAlertPanel, NSReleaseAlertPanel, NSRunAlertPanel, NSRunCriticalAlertPanel, NSRunInformationalAlertPanel, and NSLog. For the sake of lulz alone a montage must ensue...

And if you visit the page with more details you'll hear the montage song from Team America.

I'm still not sure how happy I am with some of the full disclosure tactics with these Month of X Bugs projects. I'm okay with full disclosure if other people are exploiting that vulnerability in the wild and there's therefore nothing to hide, or if the developer is known to consistently ignore/take forever to fix vulnerabilities in their products. Apple falls into an odd category, they've never been too horrendous at patching software, but they tend to do it a bad way. They've only recently formed a decent process, and a lot of the communication is still done via their PR section (who often don't have a clue what is going on). Apple also seem to push how flash and funky and secure OSX is compared to Windows, yet throughout the MoKB there were far more problems with Apple and Linux than there were for Windows (IIRC the Windows one didn't even apply to 2003 or Vista). AFAIK Apple have only fixed one of the bugs from the MoAB project (a simple fix, but it still took them more than 3 weeks), but Windows users cannot download that version - you have to download a vulnerable version and then use the software updater to get the secure version. I tried it on my machine the other day and - perhaps because I wasn't paying attention - inadvertently installed iTunes!

Whenever I download software I make sure I don't install things like Google Toolbar, Google Desktop Search, iTunes, MSN Toolbar. This generally means looking out for those checkboxes (especially Google ones), and in the case of QuickTime I choose the version that doesn't install iTunes* - I gave away my 10GB iPod to my brother, I don't plan on buying anything from iTunes if I can't play it back on other devices.



So when I used Apple's software update program I (apparently foolishly) expected it to update the software that I had installed. I did not expect iTunes to magically appear in my Start Menu and my QuickLaunch toolbar. Perhaps it got confused because I was using Windows XP and it "accidentally" installed the "with iTunes" version. Just like how Apple accidentally wrote all the other bugs in their software.

* more specifically, last time I checked, the "QuickTime with iTunes" software is actually just the iTunes setup file that happens to include QuickTime

Up until today I've been saying "they suck" to most of my friends, but today I came across an official beta driver for Vista x64. And it actually works well. The CS:S Video Stress Test wth some fairly high settings (2560x1600, 4xAA, 8xAF, everything else on High) would kill my card, the BFG 7800GT OC - we're talking 4.9fps (I ran it twice to be sure)! I installed the new drivers, gave Vista a restart, went back into CSS and ended up with... 72.55fps. That's nearly 15x faster just from using a newer driver (again, I ran it twice to be sure)! I've also seen a 50% improvement for 1280x1024 with AA off and Trilinear filtering. If you've installed Vista and you own an NVIDIA card, I would highly recommend this beta driver.

http://www.nvidia.com/object/winvista_x86_100.54.html
http://www.nvidia.com/object/winvista_x64_100.54.html

It feels like almost every time that I go away (I worked from home yesterday) I come back to discover another machine that provides hot water. This is machine number 4 since I started here, and it sounds like there have been quite a few in the past. This one is very similar to the one I originally used when I started here, before it was replaced with the completely sub-standard one and the one that copes pretty well unless you're trying to make more than 4 cups of coffee (so when everyone goes to make coffee between 9 and 10, it tends to keel over and beg for forgiveness). I think I'm going to get on well with this new one, it doesn't have fancy microswitch buttons, it doesn't try and pretend to be clever with fancy UV filtering technology, it's just a good old fashioned mechanical device, which makes it easier to obtain the perfect amount of water for my coffee. I wish we had more blue milk as it's run out, it's not even 4PM and we're almost out of green too, which only leaves a couple pints of the icky red stuff that Ian seems to like.

Tick... tock... tick... tock... it's in its sixth season, but sometimes I ask myself why I watch it.

The honest answer is because I watched it from the beginning and because everyone else is talking about it (plus I have no life and TV helps fill the void). I've put up with the stupid amnesia storyline in the first season, I put up with the "let's write the show on the fly" and the "s**t he told everyone he's going to live so we'd better kill him off" and the "s**t he told everyone he's going to die, we'd better make him live" and the occasional "let's kill off some of the favourite characters at the start of the season". But how much more can I put up with? The format hasn't really changed since the first season and it feels stale, every time Jack's in trouble you know he'll get out of it (and will continue to do so for a few more seasons and a movie), and worst of all the timing doesn't always feel right. I remember near the end of the fifth season there's a bit that displays the time with about 90 seconds to go before the end of the hour, and then after two minutes we see the end of that hour ticking away. There weren't any commercial breaks, it was simply badly edited.

I hope that 24 picks up, maybe even tries something a bit different. I'm losing patience.

The flaw is the fourth vulnerability in Microsoft Word that remains to be patched. In December, targeted attacks used a flaw in Word 2000 to install software onto a victim's PC, and neither that flaw nor two previously discovered, and yet unpatched, flaws were fixed by Microsoft in January.

The company's Office productivity suite came under attack in 2006, with more than 10 times more flaws discovered last year than in 2005, mostly because reearchers can't find problems with "low hanging fruit" Windows anymore and are now looking for the stuff just above it (Office and AV software). Many targets of these attacks are big companies that still use older versions of Office.

I still can't believe that people are surprised that Word 2000 is occasionally vulnerable. This is an Office product that was originally released in 1999, over 7 years ago! It's only in the last few years that the secure development lifecycle was introduced into Microsoft, and why even Office 2003 has a few holes - most of these were found from "fuzzing", which tend to depend on how well the tool was written in the first place, and have many advantages and disadvantages.

Office 2007, especially when paired with Windows Vista, should eliminate the danger from most attacks in the future.

I should point out that IANAL, and this is going to be a rant, but hopefully I won't say anything that's actually wrong. It seems that BT are getting a bit pissed off with the GPL.

BT said: "The BT Home Hub is developed by Thomson on the basis of a Linux kernel (version 2.6.8.1) which is released under the General Public License v.2 in connection with proprietary binary kernel module and proprietary user space application. The binary module is based on proprietary software of Thomson (or of its licensors) and is subject to proprietary license terms. Thomson's use of the Linux kernel and kernel modules is in conformity with the terms of the GPL and complies with any of its obligations as a user and distributor of GPL code."

So a product that was developed by another company appears to be made up of the Linux kernel along with some closed source binaries. Firstly, it looks like Thomson are really to blame for any legal problems, and secondly how is it any different to someone like NVIDIA or ATI that only release closed source proprietary drivers, an issue that's been raised a long time ago?

Linux founder and leader Linus Torvalds has argued that some proprietary modules are permissible because they're not derived from the Linux kernel, but were originally designed to work with other operating systems. If they had originated from the kernel, that would require them to be covered by the GPL.

"Historically, there's been things like the original Andrew file system module: a standard file system that really wasn't written for Linux in the first place," Torvalds wrote in a 2003 mailing list posting. "Personally, I think that case wasn't a derived work, and I was willing to tell the AFS guys so."

The FSF sharply disagreed with what he said. "If the kernel were pure GPL in its license terms... you couldn't link proprietary video drivers into it, whether dynamically or statically," FSF attorney Eben Moglen said in an interview. So it's unsurprising that FSF Europe is unimpressed with BT:

Armijn Hemel of gpl-violations.org analysed the source code and said that some of the necessary code is missing. For example, a top level Makefile and the scripts that would be used to properly generate a firmware image have not been included. A script or file with the uClibc configuration is also mandatory.

The GNU GPL is not negotiable and is thus not subject to any third party's 'best and final offer.' Failure to comply with the terms of the licence terminates it.

Our job is to help maintain a fair and healthy Free Software eco-system and make it as easy as possible for companies like BT to use Free Software for their projects and products in a sustainable way. That is why - after we had first learned about the problems from inquiries by the media - we contacted BT, offering our help and advice to come into compliance with the GNU GPL. We uphold that offer and hope that BT will talk to us or another party knowledgeable in the issue to come into compliance with copyright law.

What would I do if I were BT? I would ignore the FSF (or tell them to go f**k themselves), wait for the gpl-violations.org project to eventually sue BT, which will probably result in something like this similar case against D-Link in Germany (PDF), which worked out as 2,871.44 EUR, plus interest. Assuming BT get hit by a similiar fine (in what I think would be the first GPL case in the UK?), that's not much for BT to make the whole issue go away. And then they can probably sue Thomson as they developed it for BT in the first place.

So why is this all an issue? Why are there so many problems with 3D cards and networking kit that use the Linux kernel? It's partly the big companies like NVIDIA not wanting to give away source code, but it's partly because there isn't a stable interface to the Linux kernel. A stable interface provides a fixed and documented way for a driver to communicate with the kernel. Even if the kernel interior changed, the method of communication would remain the same, and drivers wouldn't have to change with kernel updates, for example.

Doing so would inhibit the freedom to innovate, but would make the lives of companies and end users a lot easier. With the existing fluid interface in Linux, programmers must provide drivers for numerous kernel variations, and old drivers - open or proprietary - sometimes simply stop working. ATI is willing to accommodate Linux's fluid style, but because their drivers (and NVIDIA, and some USB drivers etc.) are closed course, some distributions (typically the less "user friendly" ones) won't even allow them to be installed.

With Windows there is a stable interface for drivers in the kernel. A driver developed against NT 4 can often still work fine on XP, and it's why so many of us are used to installing Windows 2000 drivers in XP - and some of us will even try installing XP drivers to get stuff running in Vista (the new WDDM for graphics cards will require new drivers, which are currently quite immature, but the old ones will still work to provide legacy support). The new quirk is Vista x64 won't allow unsigned binary drivers to be installed, which has broken a few things, but it's easy to fix if manufacturers were to sign their code (something that's been possible since Windows 2000 appeared 7 years ago, so it's not exactly a new thing).

Some worry that a stable interface in Linux could also lead to more proprietary drivers, as manufacturers and developers are no longer 'forced' to give away code. But if the interface is stable and no one's touching the kernel, who really cares? No one in the Linux community is really losing out. The alternative is that you stop NVIDIA and ATI from providing drivers for people, so people will stop using Linux to play games and do clever graphics. Manufacturers of networking kit will move to something else, which will reduce innovation and support and user feedback. It's only going to harm Linux if idealistic squabbles are going to get in the way of all commercial innovation.

Sometimes you need a grey area.

Yamahito pointed me towards a couple of websites late last night, his first question was whether I thought one of the average faces he'd made was male or female, and then how hot I thought "she" looked. The eyebrows made me think the image was of a girl, but it was a bit of a close call. I think I then surprised him by saying that the average face was actually quite hot, as the face was uniform and the skin was flawless. I think the reasoning helped clear up the surprise, as the image was a composite of one man and one woman (EDIT: as mentioned below, it was an equal number of men and women, and he's kindly supplied the image for me so you can see what I mean). I had a play and if you had 3 men and 2 women then the image looked male, if you had 3 women and 2 men the person looked female, it was only the 50:50 ones that looked so average that it was basically impossible to tell. We also agreed it was interesting that you could put together several okay faces and end up with someone that looked a lot hotter, and that it's a shame that doesn't work that way in real life: when two ugly people have a baby, it's rare to see beautiful offspring. We then looked at the Face of Tomorrow site, to see what people looked like in various cities across the world.

We then had a play with the average face site, picking the girls we thought were hot, to see what it came up with. In my opinion, it created the perfect looking girl. It's a shame she's not real:



And this is what Yamahito came up with:

You probably noticed that the site has moved server. It was fairly obvious because it took a number of days to move the contents of the database across to the new server, so the site looked pretty bare. Well it should all be up and running again now (aside from two tiny issues, most people will only spot the one - the SETI@home stats won't be updating anytime soon. I'm back, and if you've seen the number of posts I've just made, you'll see I'm back with a vengeance. And I can finally delete this temporary blog file I'd been keeping on my computer.

On the way home I was listening to the radio and IIRC I heard "Kaiser Chiefs - I Predict A Riot" so I turned the volume up. This was followed by "Kelly Clarkson - Since You've Been Gone", so I left the volume up really loud, and I thought to myself that people will think I'm mad for liking both tracks, but a couple tracks later a guy sent a text into the show to say he'd loved the last 10 tracks! I don't feel quite so bad now.

This was surprisingly accurate ;)



You drew the pig:
Toward the top of the paper, you are positive and optimistic.
Toward the middle, you are a realist.
Toward the bottom, you are pessimistic, and have a tendency to behave negatively.

Facing left, you believe in tradition, are friendly, and remember dates (birthdays, etc.)
Facing right, you are innovative and active, but don't have a strong sense of family, nor do you remember dates
Facing front, you are direct, enjoy playing devil's advocate and neither fear nor avoid discussions.

With many details, you are analytical, cautious, and distrustful.
With few details, you are emotional and naive, they care little for details and are a risk-taker.

With less than 4 legs, they are insecure or are living through a period of major change.
With 4 legs showing, they are secure, stubborn, and stick to their ideals.

The size of the ears indicates how good a listener you are.
The bigger the better. You drew small ears, you are an OK listener

The length of the tail indicates the quality of your sex life.
And again more is better! You did not draw a tail :)

What does your pig say about you? Now that you've seen the reasoning, it's probably less fun for you lot.

As I walked out of the office, I passed a couple of brunettes, one was particularly stunning, the other one was very pretty. As I turned the corner, I passed a blonde girl that was crossing the road: she was also very pretty, although perhaps a little brave to have her coat undone (and that thin tight top didn't look too warm either). And then I walked past a woman that can be best described as a gnome: she was short, unattractive, wore 'colourful' clothes - including a pointy hat! The shop has a couple of new people working there (at least I haven't seen them before) and the girl that served me seemed quite nice too - although not nice enough to ask out, but she was friendly and appreciated when I passed back the first pack of Wotsits when she had trouble scanning the second pack.

I'm not a fan* of MySpace (unencrypted logins, XSS problems, lack of proper control over adverts, paedophiles and minors doing lots of dodgy stuff), and I've heard bad press about GoDaddy in the past, but it's never really directly affected me. I don't have a MySpace account, and even if I did I doubt I'd fall any of the many phishing attacks. But it seems a lot of people did, as it was discussed on a few mailing lists (complete with links to the files) as well as covered by a few websites (one in particular, I'm sure used to link to the files, but later ont hat day removed the links without saying the post had been edited). It seems MySpace weren't happy, and with GoDaddy willing to roll over at the first sign of trouble (as usual), this led Fyodor (a really nice guy) to send out an email:

Hi everyone,

Many of you reported that our SecLists.Org security mailing list archive was down most of yesterday (Wed), and all you really need to know is that we're back up and running! But I'm going into rant mode anyway in case you care for the details.

I woke up yesterday morning to find a voice message from my domain registrar (GoDaddy) saying they were suspending the domain SecLists.org. One minute later I received an email saying that SecLists.org has "been suspended for violation of the GoDaddy.com Abuse Policy". And also "if the domain name(s) listed above are private, your Domains By Proxy(R) account has also been suspended." WTF??! Neither the email nor voicemail gave a phone number to reach them at, nor did they feel it was worth the effort to explain what the supposed violation was. They changed my domain nameserver to "NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM". Cute, eh?

I called GoDaddy several times, and all three support people I spoke with (Craig, Ricky, then Wael) said that the abuse department doesn't take calls. They said I had email abuse@godaddy.com (which I had already done 3 times) and that I could then expect a response "within 1 or two business days". Given that tens of thousands of people use SecLists.Org every day, I didn't take that well. When they realized I was going to just keep calling until they did something, they finally persuaded the abuse department to explain why they cut me off: Myspace.Com asked them to.

Apparently Myspace is still reeling from all the news reports more than a week ago about a list of 56,000 myspace usernames+passwords making the rounds. It was all over the news, and reminded people of a completely different list of 34,000 MySpace passwords which was floating around last year. MySpace users fall for a LOT of phishing scams. They are basically the new AOL. Anyway, everyone has this latest password list now, and it was even posted (several times) to the thousands of members of the fulldisclosure mailing list more than a week ago. So it was archived by all the sites which archive full-disclosure, including SecLists.Org.

Instead of simply writing me (or abuse@seclists.org) asking to have the password list removed, MySpace decided to contact (only) GoDaddy and try to have the whole site of 250,000 pages removed because they don't like one of them. And GoDaddy cowardly and lazily decided to simply shut down the site rather than actually investigating or giving me a chance to contest or comply with the complaint. Needless to say,I'm in the market for a new registrar. One who doesn't immediately bend over for any large corporation who asks. One who considers it their job just to refer people to the SecLists.Org nameserver at 205.217.153.50, not to police the content of the services hosted at the domains. The GoDaddy ToS forbids hosting what they call "morally objectionable activities".

It is way too late for MySpace to put the cat back in the bag anyway. The bad guys already have the file, and anyone else who wants it need only Google for "myspace1.txt.bz2" or "duckqueen1". Is MySpace going to try and shut down Google next?

For some reason, this is only one of a spate of bogus Seclists removal requests. I do remove material that is clearly illegal or inappropriate for SecLists.org (like the bonehead who keeps posting furry porn to fulldisclosure). But one company sent a legal threat demanding[1] that I remove a 7-year old Bugtraq posting which was a complaint about previous bogus legal threats they had sent. Another guy[2] last week sent a complaint to my ISP saying that an image was child porn and declaring that he would notify the FBI. When asked why he thought the picture was of a child, he tried a different tack: sending a DMCA complaint declaring under penalty of perjury that he is the copyright holder of the photo! Michael Crook told me on the phone that he sent the DMCA request, but when I forwarded the info to the EFF (who is already suing this guy for sending other bogus DMCA complaints), he changed his mind and wrote that "after further review, I can find no record" or mailing the complaint.

Most of the censorship attempts are for the full-disclosure list. It would be easiest just to cease archiving that list, but I do think it serves an important purpose in keeping the industry honest. And many good postings do make it through if you can filter out all the junk. So I'm keeping it, no matter how "morally objectionable" GoDaddy and MySpace may think it to be!

I've snipped the end, as it's mostly a plug for Nmap. Sorry that it's such a long email, but it's well written and puts everything into context. I shall continue to steer clear of GoDaddy and MySpace. I'd advise others to do the same.

* Okay, so when bands host music that I can preview, it can be quite useful

Apparently, the option "Do not eject the disc after the burn is complete" is considered an expert feature in Nero 7. Thankfully it wasn't too hard to find, but it was more difficult that I expected. All I want to do is stop it from ejecting the DVD-R afterwards, as the server is currently on its side (so the DVD-R I quickly placed into the drive this morning may fall out) and I'm in the office and unable to do anything hands-on. Just like with Vista, I'm having to burn my copy of Longhorn Server IDx to a DVD-R (I couldn't find a DVD-RW to hand, and was in a bit of a rush to leave) in order to install it under VMWare Server. It was interesting to see when it asked for my product key during setup that there was a reference to Vista.

Okay, so it was a very bad word that Isaiah Washington used regarding a colleague on the show, and I can see how calling someone (who has admitted he is gay) a "faggot" can be very offensive, and I don't know if it was meant in an accusatory way or as a lighthearted offhand remark that's been completely blown out of proportion, but I suspect it's perhaps a bit of both.

One of the options the higher-ups at ABC/Disney had been considering was to release Washington from the cast of Grey's Anatomy without giving him a farewell episode. However, Washington has agreed to do "whatever it takes" to keep his position at Grey's and to make amends with the gay and lesbian community. He also vowed to seek help for his "psychological issues" - hence, his entry into a treatment facility this morning.

Grey's Anatomy boss Shonda Rhimes said: "We applaud and encourage Isaiah's realization that he needs help and his subsequent choice to seek immediate treatment for his behavioral issues."

I suppose they're treating it like it's a drug or alcohol addiction, something that's out of his control. Is calling someone one bad word really that bad? It was a mistake, it was offensive, it's unlikely he'll repeat it. He's already apologised, that's good enough for me. When will everyone else move on?

I like this first one:



And the last one (a Flash animation) is pretty good too.

Need A Operating System

Budget: $1000-3000
Status: Open for Bidding (32 days left)
Project Creator: Maxi02

Required Skills: C++ / C, Computer Platforms, Database Development, Graphics / Multimedia, Programming

Description
Hi,

So I'm posting for a rather large project. I need someone to program me a new OS (Operasting System) that looks different than Ms Windows XP etc. but has the same style. It does not need to run on a mac but all the other PCs. It's supposed to have a stylish look with clear edges etc. And ITS NOT SUPPOSED TO BE JUST A REDESIGNED WINDOWS as I'm going to sell that operating system later on. It's going to be called BlueOrb.

These are some important points :

It should have ALL THE FEATURES that Windows Xp Professional has.
ALL the files that run on Windows XP ust also run on the BlueOrb OS.
It must have a very user-friendly interface (like MS WINDOWS XP)
When it gets Installed, the user needs to insert a serial number.
It HAS to be HACKER SAFE!
It must be quick and good looking.


Note that I only accept quality work and do not want any quickly done BS.

greetz,

M.Reinhardt

All that for no more than 3000 US dollars? Some people were actually willing to bid (some seemed serious, but requested a lot more money), including this one that I couldn't stop laughing at:

allencolmes
bid amount: $1,111
delivery time: 7 day(s)

Hi. I can do this for you next week, when I plan on taking a break from a nonotech based / atomic fission driven search engine thats going to make larry page wet his pants. 6 days to code, 1 to rest. It will be written from scratch and completely original in design, so don't worry about copyright bs. I plan to write the entire OS in C, and blindfolded, if its all the same to you. 100% secure will not be a problem either...In fact the OS will be designed to leverage jedi mind tricks to kill anyone that even thinks about breaking in. (i was thinking maybe make them chop off their feet and jump up and down until their empty would be fair). Anyways, I'm gonna smoke some more crack, maybe you should do the same. Thanks!

A woman who stopped to help a driver whose car had overturned died after another vehicle skidded and crushed her against the man's car. A very similar accident happened to my uncle's father, he used to be a vehicle recovery driver and was helping move a car that had skidded off the road. As he was halfway in the car, another car came off at the same place and skidded into the car door, resulting in the loss of his leg. As a silver lining, the fact it was freezing cold helped reduce the rate of blood loss and helped saved his life. So the moral I can find from both stories is this: don't help people (especially when it's cold outside). Okay, the real moral is that if an accident happens once, if the conditions are unchanged, a similar accident will probably occur. This means if someone loses control on an icy patch of road, if the icy patch remains then someone else is quite likely to lose control there too. It's like the lie that lightning never strikes the same place twice. If it were true, why would churches and tall buildings have lightning conductors? Anything that provides a less resistant path (typically metal) is going to be a more attractive option and is more likely to be struck by lightning. If the structure is a permanent feature it is quite likely to be struck by lightning again. And you might think that none of this really matters to you, but next time you see an accident and go to help someone, be aware of your surroundings. It'd be prudent to mitigate the risk of a re-occurrence. Learn from your mistakes, and learn from other people's mistakes. And sometimes people are just very unlucky.

When Barbara Haddrill was invited to her friend's wedding in Australia in October, she had a dilemma. She had promised not to fly any more for environmental reasons but as bridesmaid, she felt obliged to attend. So instead of a departure hall at Heathrow and a possible stopover in Kuala Lumpur, Barbara went via Moscow, Beijing, Hanoi, Bangkok, Singapore and Darwin in an epic journey taking nearly two months and taking in train, boat and bus. The decision reflected changes Barbara had made to her everyday life during the last five or six years, due to her concern about the effect humans were having on the environment, especially in carbon emissions.

She no longer drives, buys organic, locally-sourced food and uses a wood-burner to heat her home, which is a caravan near Machynlleth, in a forest in mid-Wales. And while the 51 days Barbara spent getting to Oz would be longer than many tourists' holidays, as a part-time worker at the Centre for Alternative Technology, she has the flexibility to build such a journey into her life.

To travel from the UK to Australia, it cost Barbara £2,000 to travel 14,004 miles in 51 days, which produced carbon emissions of 1.65 tonnes. To travel by plane it costs £450 to travel 10,273 miles in around 25 hrs (transit time, security, customs) and produces 2.7 tonnes.

So yes, it's a less harmful way to travel. But it takes a lot longer, and most of us don't have the luxury of taking 2 months off work (or 4 months if you want to get home). Also, most people tend to have mortgages to pay on houses, rather than living in a caravan, and can't afford to spend over 4x the amount - especially if we're taking so much time off work! And, more importantly, Barbara didn't actually reduce the carbon emissions, as I'm sure the plane she could have taken would have flown that route anyway! So all she did was inconvenience herself and spend a lot more money. Perhaps she enjoyed the travelling and treated it as a holiday, at least I hope she did otherwise the entire long journey was pretty pointless.

The West family, in the second half of the article, clearly had a better idea. They were better to the environment (although it did cost them more than double), and the increase in time wouldn't have impacted too much on their other commitments. I bet that the plane they'd have otherwise taken still flew to Tuscany anyway. One person can't make a difference. Of course, if they lead by example perhaps they will encourage others to find alternate means, and perhaps if enough people stop flying everywhere then fewer planes will fly.

But fewer flights also makes it less convenient for those of us that need to fly (e.g. a day of training in Scotland could cost a company a lot more in petrol than taking an easyJet flight, the travel time would wipe out most of any margin, and would force the employee to be away from home for 3 days).

http://tatham.wordpress.com/2006/06/18/vista-media-center-is-severely-lacking/

and

Transcode 360 for Vista 1.6.1

The latter is crap, even when it's installed with a service account that has network access, it complains bitterly about being a local system account that cannot access content from drives that are mapped.

I've just been catching up on the last couple weeks, and a couple of them made me smile.

Hair Ballz - as manic as a badger on acid, and as cute as a puppy wrapped in loo roll before being dyed a really stupid colour.

Mad as a bag of ferrets, Hair Ballz are a bizarre and utterly absurd family of psychotic hairy creatures. A cross between Gizmo of Gremlins fame and (if you're old enough and sad enough to remember, which we are) the Tribbles who invaded the Enterprise back in the hazy mists of the 60's, Hair Ballz are the latest daft alien invasion of singing and dancing madness to hit the U.K. Aside from their endearingly comical expressions, this harebrained bunch of psychos go off on a completely crazed bender when dropped. They skip, jump and roll about like a manic badger on acid, while emitting a random cacophony of yelps, squeals and blasts of utterly nonsensical musical gibberish. Watching them go off on one is simply hysterical (as indeed they seem to be), and when you get a load together it's an absolute scream.These things are simply irresistible, and be warned, one is never enough!

http://www.aria.co.uk/productinfocomm.asp?ID=22232

Okay, so it'd probably only entertain me for 5 minutes and then I'd not know where to put it, but they look cool.

I'm going to be moving server sometime in the next month (probably next weekend, to be honest). I was already in discussion with a friend about moving this site over (my other domain is currently hosted on his server) when my other friend that's currently hosting the site (for free, not sure how I've gotten away with that for 5 years hehe) said that this server is going to be shut down in the next month. I suspect he'd have let me move across to one of his other servers, like he has in the past, but this way I'll be moving across just the once - hopefully with minimal downtime (if any). Well that means I have an incentive and a deadline, and this should occur without any (noticeable) issues, but I thought I'd warn everyone just in case.

EDIT: The old server will be shut down on January 30th, so the move will happen very soon. Once I've moved across, I shall move the site to use HTTPS where applicable, as I really should know better than to allow unencrypted logons.

I know it's a story around a mobile phone, but it involves a fire and maybe spontaneous combustion, so I don't think it's too geeky to mention.

59-year-old Vallejo resident Luis Picaso had been sleeping in his house on a white plastic lawn chair, when he was rudely awoken by a fire which melted the plastic chair, ignited his "polyester-blend slacks" and nylon soccer jersey and caused "second and third-degree burns across at least half his body".

I have to stop now to ask: "who has white plastic lawn chairs in their house?" and point out that I should be a bit safer in my cotton shirt and denim jeans, sat at a wooden desk, which I believe are a lot less flammable than polyester and nylon (although I do have an old Dell laptop, the battery doesn't last long and the CPU gets very hot, but at least it hasn't gone up in flames).

Following the fire, Nokia engineers flew to Vallejo to test the device. They found that the phone's circuitry was undamaged and the battery still in working order: "When we reinstalled the battery, the phone still booted up. If the battery had malfunctioned or the phone had short-circuited, it wouldn't have worked anymore. And it did, so we could rule out the phone as an ignition source."

Thus leaving spontaneous combustion :) (or perhaps something else, which we'll probably never know about).

I was attacked by a killer leaf! As I walked out the main door at work I could see a big leaf blowing in the air, heading straight towards me, and for a moment I thought "it's only a leaf, I'll look stupid if I try and dodge it" so I kept walking, hoping that its random and drunken like movement would shift it away from my direction. And then, with the deftness of a highly trained ninja, it hit me square in the forehead.

These winds are terrible, on the way back I was literally blown off my feet (but only for a split second, the weight of my shopping probably helped keep me down). Roll on summer.

I'll expand on this entry later, but for now I just have one quick question. How did the protesters that have been burning effigies in the streets of India get to watch the show? Perhaps they've been watching it online - via a UK web proxy. I'm surprised that anyones noticed any racial comments on the show, I didn't realise anyone had been watching it this year.

EDIT: I heard this quote from Gordon Brown: "I want Britain to be seen as a country of fairness and tolerance. Anything detracting from this I condemn". Notice how he said tolerance and not acceptance. So you can think racist thoughts, just as long as you don't say them on live TV. It's funny how no one complained when other contestants took the piss out of Wales or the Welsh accent when Glyn Wise, the runner up in the last Big Brother, or his Big Brother housemate ex-Miss Wales Imogen Thomas were there.

Apparently, Indian TV news was dominated by images of Shilpa Shetty in tears after arguments with flatmates, during which she was allegedly called a "Paki" and a "cunt". Since when has cunt been a racist term? It's very offensive, I very rarely say it myself, but it's not racist.

In one recent argument on the show, Goody told Shetty: "Go back to the slums and find out what real life is like, lady. You are not some princess in fucking Neverland. You're not some princess here... you need a day in the slums... fucking go in your community."

Again, is that racist? It sounds more like a class divide to me, I'm fairly sure if any rich actress were in that house they'd get the same treatment from Jade. To be fair, any middle class person would probably get it from her too. Shetty lives on the entire seventh floor of an apartment building in one of Bombay's most exclusive neighbourhoods, where rents are as high as they are in London. She was born into a wealthy family, and is constantly attended by a retinue of servants, including a full-time hairdresser.

Channel 4 and Endemol, makers of Big Brother, are facing a lawsuit from viewers who say they were distressed by what they saw. Clearly these people never leave the house, or are wrapped up in cotton wool, or just want to claim some money. Cunts.

Okay, this isn't all of the results from last night, just the ones I thought were interesting.

BEST SUPPORTING ACTRESS IN A SERIES, MINISERIES, OR TV MOVIE
Emily Blunt, Gideon's Daughter (she was soooo hot in The Devil Wears Prada)

BEST ACTOR IN A DRAMA SERIES
Hugh Laurie, House (I love House, absolutely love it)

BEST ACTOR IN A MUSICAL OR COMEDY TV SERIES
Alec Baldwin, 30 Rock (he's such a funny guy and a great actor)

BEST MUSICAL OR COMEDY TV SERIES
Ugly Betty (very entertaining show)

BEST ACTRESS IN A MUSICAL OR COMEDY TV SERIES
America Ferrera, Ugly Betty (perfect casting)

Work have paid for me to stay overnight, and the place I'm staying at thhas wireless internet access, but IE displays their welcome page when you try and visit any site. You're then supposed to supply a username and password, presumably to allow external access, but out of curiosity I decided to see what would happen if I pinged a website. It worked. So i tried another, which also worked. So I launched mstsc and tried to connect via Remote Desktop to my fileserver at home. It worked! It seems all they're stopping is, presumably, web access. So there's no reason why I can't get things up and running over RDP, or perhaps even run a proxy on my fileserver to get web access on the work laptop in the hotel room. Or, even better, I could run a proxy on the PC at work (2MB upload rate, nice and quick) and tell the others they can use that too. Sometimes I love being a geek.

I was reading an article from The Register, written by Dan Clarke, which blamed software developers for some of the problems we see in Windows, and moaning that new code from software developers continues to be vulnerable. He does point out how you can mitigate problems, and where to look for guidance on writing applications that are more secure. In the article he says:

Insecure applications are such a problem that Microsoft has spent the last five years and many millions of dollars re-engineering its operating system and much of its other software in order to improve the situation [and can one ever really overcome the temptation to bolt-on security to a fundamentally insecure design, in pursuit of "backwards compatibility", in such circumstances - Ed].

Notice that rather cynical addition from the editor of The Register. Vista is based on older versions of Windows, but it's a major rewrite based on the 2003 code (which is based on the 2000 code, which is based on the NT4 code from the '90s, which was a multi-user platform with groups, privileges and file system permissions with NTFS). It's not like the old 9x FAT platform with FAT partitions, which really did have multi-user support bolted on (who remembers Profiles?) and was inherently insecure. The 2003 code has proven to be pretty secure and resilient over the years, and has gained a lot of respect running as a webserver with IIS6, although few people can afford to use it as a desktop OS (although that's exactly what Windows XP Pro x64 is!). I suspect the editor's main complaint is that the new UAC stuff is a way of keeping Administrators running other things at a lower privilege, and is more of a mitigation feature that allows users to log in with full privileges on a daily basis, rather than forcing users to only use the Administrator account when they absolutely have to. But in many ways Microsoft should be praised for their approach, as it's not their fault that people like to log in with an Administrator account. I know this rant is going to sound very pro-Microsoft, but here goes...

On Linux/Unix you are a low level user that needs to "sudo" or log out and back in as "root" in order perform certain administrative tasks. Once you're running as root, anything you launch also runs as root. Any commands or programs you execute will do exactly what they want. It's bad practice to run as root, but people do it anyway and usually get away with it (I only really do it on Virtual Machines with snapshots, like my install of Slackware 11 or my BackTrack LiveCD)..

On Windows you are typically presented with an Administrator account that can do anything and everything. Anything you launch will run with Admin privileges and that process can do anything it wants. But with Vista, applications are launched as low level processes (and certain, well written, applications that run as Administrator will also be able to spawn low level processes). This means they can't do anything dodgy/whatever they want (this is especially true when you run IE7 in Protected Mode!). If you try to, you'll get a prompt asking you to continue (or it'll fail rather silently, like batch files that try to start services *cough* FileZilla Server *cough*). This means that Administrators will usually be prompted before they do anything particularly stupid - unlike Linux, which will simply get on with it. If you log on a a low level user, you can't do anything dodgy, just like logging in as a low level user on Linux. On Windows, you had to rely on "Runas" (similar to sudo) to launch anything as another user, such as Administrator. With Vista, you now get a pretty prompt asking for an Administrator username and password in order to do certain things, rather than things failing or behaving very oddly in Linux. Microsoft have even tried to be nice, so fewer things require prompts for Admin privileges. I typically use the clock in the corner to quickly bring up a calendar, but this window also lets you change the date and time (which would require Admin privileges). In Vista you can now click on it to bring up the time and calendar as a low level user - no need for an unnecessary UAC prompt! If you click the option to change the date or time, then you'll get a prompt.

So perhaps it isn't quite as straightforward as the Linux design, but it's more user friendly, and if you do choose to run as an Administrator it's better at stopping you from doing anything stupid. Sadly, many people will still run Windows Vista with an Administrator account, but that's a user education problem more than anything else. And at least Microsoft have made an effort to mitigate things. Yes, an Administrator can disable UAC (which is enabled by default) and all the old complaints about Windows will come hurtling back, but it's no different to the default behaviour when you log in as root. Except most Linux users know better. User education.

The security model for (NT based) Windows isn't dissimilar to Linux (both have users, groups, privileges, permissions), the main complaint is that most people prefer to use an Administrator account on a daily basis, but that's not a fault of Windows. By placing certain restrictions on what the Administrator can do without further approval, I might almost go as far as claiming that Windows Vista is now a more secure design than Linux. A bold and controversial claim, I know.

Well, most of the time. In psychological research published in Current Biology, University College London found that making subconscious snap decisions is more reliable in certain situations than using rational thought processes. Admittedly, it didn't use a large set, as only ten volunteers were used, but the results sound interesting. Each person was shown a computer screen covered in over 650 identical symbols, including one rotated version of the symbol. They were then asked to state which side of the screen the rotated image was on. Given a fraction of a second to look at the screen, the subjects were 95% accurate. When they were allowed to scrutinize the image for over second, they were only 70% accurate.

The researchers said that in their test, the instinctive decisions were more likely to be correct because the subconscious brain recognised a rotated version of the same object as different from the original, whereas the conscious brain could identify the two objects as identical, albeit in different orientations. Kim Stephenson, a psychologist researching some aspects of decision-making, said subconscious reactions could be an advantage in some situations. He said people and animals were designed subconsciously to recognise and fixate on anything out of the ordinary as it could help to identify and escape from predators quickly, and so has an ecological advantage.

Dr Zhaoping agreed: "The trick is knowing when this applicable or not. Trusting your instincts is only useful in some situations."

I've just read that House co-stars Jennifer Morrison and Jesse Spencer are getting engaged. How can she fancy Billy from Neighbours?! I suppose they're only engaged, they're not married yet, so I still have a chance.

According to the Sky News website: "Major medical breakthrough may end ethical debate over stem cells. Scientists claim to have found cells in fluid which protects babies in the womb". Wouldn't it have been easier to write the second sentence as "Scientists claim to have found cells in amniotic fluid"? Perhaps they're worried that their audience might not understand what amniotic fluid is, but presumably they assume the audience knows what a stem cell is, and why there's been an ethical debate.

I was reading earlier an article by a BBC Technology Correspondent that was complaining about how he was struggling to understand all the technical jargon at the Consumer Electronics Show in Las Vegas. He said: "there's a simple message to the thousands of companies hawking their wares here - if you want to get into my reports, you'd better speak English, not geek". Well forgive me for having little sympathy, but surely a) you're meant to be a technology correspondent, so you should understand the language and b) it's your job to dumb down... I mean make the information available and understandable to a wider audience. I also think the last place you should bitch about it is online, as the people that don't understand the term "broadband" are unlikely to reading a blog entry about a consumer tradeshow. Even if they are online (on dialup*... eek!), they're probably too busy checking out what's on Eastenders tonight than browsing the BBC News website.

For those that are wondering, he didn't make up the phrase "simultaneous Gigabit ethernet and IEEE 1394 connections over Coax" as there is a product called CWave that will apparently do it.

Perhaps instead of dumbing down all media content to "appeal to the masses", we could use the proper words instead? If people don't understand them then perhaps it'll be an incentive for them to find out for themselves, to educate themselves. If they don't know what amniotic fluid is then perhaps they don't care or simply aren't intelligent enough to deserve to have a say in the matter. To a certain extent, democracy (as much as I like it) is somewhat flawed, because the voters don't know how to run a country, yet they're allowed to vote for the people that will run the country for them (or typically the person that lies the most and has the best "executive style" hair. It's like asking a tone deaf person to audition singers for a West End musical: you're only going to get the best person for the job if the right people are making the selections. Thankfully, like all the old women that turn up to sing at church on a Sunday, if you get enough people together you'll usually end up with a close enough approximation of what you're after. You won't get the best, but if you're lucky there'll be enough people singing the right note to drown out those that are flat or sharp (or just plain wrong).

The sad thing is that many of the most intelligent members of society are often the ones that don't produce any offspring, but pay the most in taxes; the lower end are the ones that seem to reproduce like the energizer bunny, are a drain on society, typically unattractive, and (ultimately) appear to reduce the quality of the gene pool. I'm not saying we should slaughter anyone with a low IQ, dodgy personalities, or chavs (hmm, maybe I'll rethink chavscum...), but perhaps we should do something to discourage them from reproducing. We can't ban them from having kids, but we could perhaps choose not to support them if they choose to have more than, say, 2 kids. The alternative form of support would be to offer free hysterectomies and vasectomies to anyone that already has 2 kids and doesn't want any more. I'm not saying they can't have more kids, but they'll have to rely on someone else other than the government.

Perhaps I should stay well away from politics.

* I tried connecting to the net with my mobile the other night, it worked fine, although it was only 9.6kbps, which takes me back to my days in the Now Media office back in 1996.

New Scientist magazine reports that Stuart Brody, a psychologist at the University of Paisley, found having sex can help keep stress at bay. However, only penetrative intercourse did the trick - other forms of sex had no impact on stress levels at all.

Volunteers who had had penetrative intercourse were found to be the least stressed, and their blood pressure returned to normal faster than those who had engaged in other forms of sexual activity such as masturbation. Those who abstained from any form of sexual activity at all had the highest blood pressure response to stress.

He told the BBC News website it was possible the calming effect was linked to the stimulation of a wide variety of nerves which takes place during heterosexual intercourse, but not other forms of sex. He said: "A growing body of research shows that it is specifically intercourse, and not other sexual behaviours, whether alone or with a partner, that is associated with a broad range of psychological and physiological benefits."

But Dr Peter Bull, a social and political psychologist at the University of York, said : "You are probably better off thinking about what you are going to say, and preparing thoroughly, rather than having sex the previous night."

After a few people on Dave's forum started talking about which versions of Vista support domains (and "media center" features), I came across references to Quattro, which it seems is the codename for Windows Home Server, which was recently announced and has been (mostly) unveiled today. It's a lot more limited than a proper Windows Server 2003 domain controller, as it limits you to 10 user accounts, and it doesn't do all the cool things you get with Small Business Server, but it will handle backups, let you know when anything is wrong on other PCs, lets you add data to a storage pool that any device can access (and place restrictions based on the user). It's meant to be headless, and HP are meant to release a 1TB version at some point (WHS is meant to go RTM on June 22nd), but I'll probably build myself another PC and give it a try. I've got less than 500GB left on my fileserver, so I'll probably build another Core 2 Duo based system and try out Windows Home Server - although I am a little concerned by its apparent lack of redundancy (at least Windows Server 2003 lets you do software RAID 5), although if I stick with hardware RAID it should be fairly painless to add one or two RAID 5 arrays to the storage pool. I want to get away from hardware RAID though, if possible, due to the problems I've had. My disks have been fairly resilient over the last few years, I may just risk it and stick with Windows Home Server.

Anyway, for a cheesy doctor talking about digital amnesia, check out Microsoft's little micro site: http://www.stopdigitalamnesia.com/

I promise that's my first and last geeky post of the day.

BabyLa posted this on Dave's forum and it made me smile:

My Canon IXUS is very good, not that I know much about cameras but the guys in Jessops recommended getting an IXUS as they upscale the pixels or something like that. Plus, my camera is purple :D

I'm guessing by upscale he means the silly interpolation rubbish that cameras do nowadays to provide an effective resolution that's far greater than the resolution the CCD in the camera can provide. Most cameras do seem to use decent algorithms, but there's no reason why you couldn't use a graphics package on the RAW image to get exactly the same effect. I'd much prefer to take photos at a native resolution (or perhaps lower, interpolation to create a lower resolution image doesn't typically look bad, as it's not trying to create additional information out of nowehere).

I'm a big fan of native resolutions (I hate that my dad runs the 1280x1024 monitor at 1024x768), so it annoys me that most HDTV screens are a weird 1366x768 resolution. Considering that computers monitors tend to run at certain resolutions (e.g. 800x600, 1024x768, 1280x1024, 1280x720, 1280x800, 1600x1200, 1680x1050 - a bit weird I know - 1920x1200, 2560x1600), and that HDTV comes in two resolutions (1920x1080 and 1280x720), it seems strange to pick a fairly random resolution. If/when I buy a new HDTV screen, I'll probably go for one of the 1080p models, with a native 1920x1080 display.

Anyway, I love how BabyLa likes her camera because it's purple. I'm still not sure if she's intentionally playing up to the stereotype, but she's a nice girl so I'll let her off.

As the power's just failed in the whole building. I can probably get an hour or so out of my laptop, but it seems the networking kit isn't kept running by UPS. Perhaps I'll work from home this afternoon if it doesn't come back up soon.

One of the good things about Open Source is you know exactly what's in the code you're using and you can often compile it for your specific processor so it runs much faster. One of the down sides is you can't guarantee that everyone is using the same - i.e. your - code, as seen in this email about OpenOffice:

Pete Connolly (pete connolly btinternet com)
On Thursday 04 January 2007 21:00, David Litchfield wrote:
> Hi Florian,
>
> >* NGSSoftware Insight Security Research:
> >> The vulnerabilities, three heap overflows, affect OpenOffice 2.1.0 and
> >>
> >> http://download.openoffice.org/2.1.0/index.html
> >
> > As far as I can tell, there is no version newer than 2.1.0 available
> > at the web site. According to uncorroborated, version 2.1.0 is not
> > affected.
> >
> > Would anyone please clarify the situation? Thanks.
>
> It's version's prior to 2.1.0. Thanks for pointing this out. I'll send a
> follow up note.
> Cheers,
> David Litchfield
>

According to Marcus Meissner from SuSE security, opensuse 10.2 contains an OOo
2.0.4 with the security fix backported from 2.1.

Just to add to the fun.

Cheers

Pete

You'd never get a mix-and-match version of Microsoft Office ;)

I'm sure Sara Cox just played the track twice. Or maybe I'm just imagining it.

I just came across some interesting statistics about road casualties in Britain (from BBC News on 28 September 2006). The Department for Transport released contributory factors for the first time, showing drivers' failure to look properly featured in 32% of accidents. But in fatal crashes, loss of control was most common (35%). Safe Speed said the suggestion that speeding or excessive speed for the conditions was a factor in only 15% of all accidents showed the "entire road safety policy has been based on dodgy data".

But Kevin Clinton, head of road safety at the Royal Society for the Prevention of Accidents, disagreed, saying the report showed a need to re-emphasise the overall campaign against speed. The contributory factors suggested eight times more male than female drivers in road accidents were speeding. Older drivers were less likely to speed (they're presumably quite happy to sit in the middle lane of a motorway at 70mph :S). Use of a mobile phone did not even feature in 1% of accidents. Of the six most stated factors, five were some form of mistake by the motorist.

The DfT emphasised that contributory factors were based on the reporting officers initial assessment and were not subjected to a strong standard of proof.

I submitted it to the Windows Live Gallery yesterday, and it's now been approved:

For Detroit. So catchy, listening to it on BBC Radio 1 now. Dance music appears to be making a come back, as new people are trying new things with new sounds.

Toyota is developing a system which will, in the event of excess consumption on the part of the driver, stop the vehicle. According to Japanese daily Asahi Shimbun, the system won't start if sweat sensors incorporated into the steering wheel detect an over-the-limit level of blood alcohol. It may also slow the car to a halt if sensors pick up erratic steering, or even if a camera spies unfocused pupils.

I'm guessing those sweat sensors in the steering wheel and the camera are fooled by the driver wearing gloves and a pair of sunglasses (assuming it can even see the unfocused pupil in the dark). Will the UK models have the level set accordingly? What happens if/when the law changes? What happens if you've not been drinking, but you accidentally spilled beer over your hand on the way out and didn't dry it properly? Wouldn't this system simply stop people with new cars from drink driving? What's to stop someone drink driving using an old car, one that doesn't have ABS, traction control, airbags or other measures that actually protect people and can help prevent crashes?

I'm also guessing Japan doesn't have traffic calming measures that occasionally force you to weave around the road/steer erratically. Perhaps UK models will also be restricted to 70mph too, seeing as that's the law (although they appear to be more concerned with the level of alcohol in your sweat, and presumably won't stop your Toyota from reaching 120mph on the M1). Perhaps the new system could automatically contact the police and inform them that the driver was speeding, passing on your number plate at the same time, to make sure you get a fine.

Knowing Fab's reputation as a bad driver, perhaps he should avoid buying a Toyota, unless he's happy to drive everywhere at walking speed.

I am now the highest poster on Dave's forum (by nearly 300 posts)!

At the start of the year Dave posted on his forum:

I intend to [archive old threads] asap, and retain the threads that have been replied to in the last 2 years, which will more than half the size of the forum. This will change your post counts, so your rank may change as well.

Well Dave finally did it, so I am the highest poster (with 2644 posts), beating Swedish. Clearly I have no life :)

I know I was thinking of ordering something fairly small, but I can't remember what I had in mind this morning.

I was reading about TV adverts on the BBC News website, and they talked about how one of the most well-known sayings about advertising is that 50% of it is wasted. Someone from Glasgow left a comment at the bottom that said:

We went to buy a sofa from DFS because we liked the adverts with "the nice one from East Enders who used to be in that band". The 50% of advertising that didn't work in his case was the 50% that tells you he's advertising SFS not DFS.

The government is to raise the legal minimum age at which tobacco can be bought from 16 to 18 years from October. The government argues that raising the legal age to 18 will make it easier for retailers to spot under-age smokers (although I suspect they must know, but sell it to the kids anyway), and that bringing the legal age for the purchase of tobacco into line with that of alcohol will reinforce the dangers of smoking to young people (presumably because kids don't drink until they're 18, and they drink responsibly, as they're well aware of the dangers of alcohol :S).

A recent survey suggested that only 23% of children aged under 16 who tried to buy tobacco found it difficult to do so. Evidence shows that nearly 70% of 11 to 15-year-old smokers say they buy their cigarettes from small shops such as newsagents and corner shops. Dr Vivienne Nathanson, head of science and ethics at the British Medical Association, said "the new limit is only going to be effective if it is properly enforced and part of a broad set of actions designed to discourage young people from starting to smoke."

I suspect the police will even do test purchasing exercises against retailers, and then the retailer will pay a small fine and blame it on an employee that wasn't following store policy and has subsequently been sacked. Seen to be doing.

I'm sure the 16 and 17 year old chain smokers are going to love being told that they can no longer legally buy the cigarettes that they've become addicted to.

I knew I'd find it hard to adjust, especially after staying up late last night to celebrate the New Year, but why can't I sleep?!? I have to get up in two hours. At least I don't feel shattered now, hopefully I can make it until the end of the day.

Guess what I've just discovered.

Can I use Windows Live OneCare with Windows XP or Vista x64 versions?
Not at this time.

Of course, the setup program didn't tell me that (at least not clearly, not that the above FAQ makes it particularly clear that OneCare works fine on 32-bit Windows XP SP2 machines either). Instead, it told me that I need to use Windows Vista or XP SP2 (32-bit). I guess I was meant to work out that Windows Vista meant Windows Vista (32-bit) too.



So I take it all back, I have finally come across a Microsoft product that doesn't work on Vista! I tell you, no one appears to be ready for Vista x64, at least not properly. I think I'll try Trend's beta now, as I've just uninstalled Sophos, and "Windows Vista ready" AVG Free 7.5 won't install because "64-bit Windows are not supported in this edition". It seems that under "Limitations", when they say:

No 64-bit and server support ? AVG Anti-Virus Free Edition cannot be installed on server operating systems (such as Windows Server 2003), nor can it be used for the scanning of network drives. Also Windows XP Pro x64 edition is not supported.

They literally mean no 64-bit support at all, even on Vista x64. Gee, thanks, I'm sure thousands of Vista Home Premium x64 users will love to hear that next month.

I had a very weird dream last night, about being chased/attacked by a dinosaur... that was a fish. It was some hideous hybrid that looked like a T-rex, but had the head of a fish, and was the size of a fish, and it was having trouble standing up and flopped about whenever it fell over (as it didn't have any arms). Which doesn't sound very scary, but I was trying to run away, but I'd tripped over and I was on my hands and feet on the floor, lying backwards facing it, unable to get up quickly enough, and I was very worried it'd somehow get inside the end of my trousers (for some reason they were really baggy). I have no idea why my mind came up with this madness. I wonder what Freud would make of it.

I still can't believe another year has gone by, and such a lot has happened. And some things remain the same.