Everything, Everything

They appear to be getting smaller. Has anyone else noticed this?

Seeing as the TV's been in my bedroom for the last few weeks, I finally decided to wire it up. Unfortunately, I only had two co-axial cables, and once I'd plugged them into the TV and into the wall, I was left with a couple of female connectors in the middle. I'm sure I used to have an adaptor somewhere that'd neatly let me connect the two together, but I couldn't find it, so after a few minutes of hunting around I decided to unbend a paperclip.



You might be wondering how well this works? It works perfectly. Okay, so it's only used on an analogue TV, rather than digital in the lounge, but the picture quality is perfect. I need a more permanent solution, but I was impressed at my short term fix. I'm pretty sure we did something similar back around 1999/2000, extending another composite connection to hook up a projector to a computer's TV-out (it was doing animations to the sound of the music), but that time we used a professional microphone cable and some gaffer tape. MacGyver would be proud.

It's just been approved, which is a lot quicker than last time, so I'm quite pleased. Hopefully this version won't cause any problems, and resolves the 2 custom streams issues (and possibly another small quirk related to custom streams). The plan is to re-write the gadget almost from scratch over December, partly to bring in support for other formats (i.e. Real Audio) and partly to simplify some of the code. If I do it properly, no one will be able to tell the difference, as it should look almost identical (I've changed the custom streams in 1.3.6 so you can't edit the setting once you've assigned it to a preset, but I'd still like to have a separate window for managing custom streams).

Has anyone else noticed that IE7 seems to treat the space as a non-breaking space when you use the forward slash character to type something /like /this /sentence /here? /try /resizing /your /browser /window /to /see /what /i /mean. How odd. If you view the source you can see plenty of line breaks too. This quirk appears to cause a single pixel scrolling issue in my new design too.

I'm starting to find their articles quite annoying. Their most recent article is this one: Sophos advises online shoppers to use caution this holiday season. Because it's okay to throw caution to the wind the rest of the time? Even worse, check out the final bits of advice:

Sophos offers the following online shopping security recommendations:

Precautions for consumers

• Read website privacy policies and procedures to ensure appropriate measures are in place
• Only buy from reputed sites
• Do not follow links from unsolicited email
• Never enter sensitive information from an internet cafe or machine that you do not know to have a fully up-to-date security policy
• Ensure you have a firewall, patches and anti-virus up to date and running
• Protect your password

Precautions for online shopping sites

• Use HTML encryption technology
• Enlist a firewall
• Limit access to your server to only those who absolutely need it
• Check your system and weblogs for suspicious activity regularly, especially when traffic is high

Where to start? Policies mean nothing unless the website sticks to them. Anyone can say they won't sell off your details and then sell or abuse them anyway - cybercriminals are hardly likely to tell the truth. I think they mean only buy from reputable sites (ones with a good reputation, which is still a bit too generic for my liking), as reputed means "commonly put forth or accepted as true on inconclusive grounds" (e.g. a fake website that looks legitimate?). It's probably a good idea not to follow links from emails, but what if you signed up to the mailing list and received a unique link that gives you a £5 discount on your purchase? I'll skip the AV issue, but a well configured firewall and up to date software is good advice - as is running as a standard or low level user. A large number of problems are caused by users that run as Administrator. And, perhaps it'd be more useful if they told you how to protect your password.

And then it gets worse. What the f**K is HTML encryption? I think they've confused it with a secure HTTP server (where the URLs begin with https://) that uses an additional encryption/authentication layer between the HTTP and TCP. And just because a site has a padlock in the corner or in the address bar, it doesn't mean that consumers can assume it's a legitimate site, and it's possible (although unlikely) that the site is using weaker protocols/ciphers, such as SSLv2 and/or 56-bit ciphers. A firewall is a good idea, again assuming it's configured properly. The "limit access to your server" advice is a bit silly if you're running a web server that's meant to be accessible to consumers across the world, and trying to geolocate users by their IP address to restrict access, for example, to UK shoppers is a bit messy. Checking server logs would be a good idea, but an automated solution might be more useful, you don't want to take a look at your logs on Monday morning if you were hacked the previous Tuesday, or perhaps throughout the weekend when they think there's less chance their activity will be quickly blocked.

I was listening to Radio 1 last night and Scott Mills played a track that reminded me of the ending of Denmark by The Chemical Brother. I can't remember the new song, but it's probably one of "those" bands, and I'm sure I'll hear it again in the next few days. I'd forgotten how good the album Come With Us is, it's fairly mainstream (but less so than a couple of their other albums) and very catchy. I have a couple of their tracks stuck in my head, such as Hoops (I'm going to have to listen to it now, just to get it out of my head). It also brings back fond memories of university. That second year was hard work, but I loved living with Fay and Rhiannon, and it was the last time I spent a lot of time with Steve. I miss Beth Orton too, her solo work, her vocals on The Chemical Brothers tracks, and her work with William Orbit. I bought the last album, of hers, but I don't listen to it much. I like the older tracks, especially the stuff she played live on Radio 1 that originally got me into her (might have been 17th March, 1997, Mary Anne Hobbs Session, when she almost choked to death on some garlic?). I had no idea until just now that she was offered to audition for the role of John Cusack's girlfriend in the film High Fidelity.

Does anyone else find it a bit odd that Lily Allen (22) is dating Chemical Ed (37)? I think we all know that the "half your age plus seven" rule doesn't allow that, Ed should be dating someone that's at least 25 and a half.

You've probably seen the real adverts and the many parodies. Some are good, some are bad, and most of them have made mistakes. I've grabbed Scott Olson's version of the music, and after seeing the South Park parody, I'm thinking of creating my own parodies based on the following dialogue:

Mac: Hello. I'm a Mac.
PC: And I'm a PC.
Mac: I can run Mac OS X and Windows.
PC: I can run almost any operating system. Aside from OS X.
Mac: We run a lot of the same programs, like Microsoft Office.
PC: So when's Apple going to let me run iLife? Or OS X?
Mac: *looks down at his shoes, shuffles feet*
PC: Oh look, the new Office for Mac got delayed.

Mac: Hello. I'm a Mac.
PC: And I'm a PC.
Mac: I'm safe to use on the internet, Windows viruses don't affect me.
PC: I thought you could run Windows now?
Mac: Oh yeah, I can... *cough*
PC: What was that? It sounded like a cough.
Mac: You'd better stay back, I think my copy of Windows has an infection.
PC: That's okay. I'm running Slackware Linux.

I like the last one because it highlights the frequent assumption that PC is running a version of Windows (and that Mac is running OS X).

For the second time in recent months, my DNS settings for my two domains haven't been working too well (the nameservers respond to ping, have port 53 open, but requests timeout). So I've bitten the bullet and setup my own server as the DNS server (TCP only, no recursion, I'm pretty sure I know what I'm doing) to make sure that www.everythingeverything.co.uk will resolve properly - otherwise my Vista gadget* will break. I figure my own server is far more reliable than the old ones, and now it's marginally easier to update settings. I might setup a second DNS server on Monday in a second geographical location.

* In other news, I think I've finally sorted out the bug in my gadget. I've also made it so you can't update (individual) custom stream settings if you've assigned it to at least one preset, which should make things less confusing. I'll do some more testing to make sure there aren't any other bugs, and possibly bring some of my error checking back in, and then make sure that you can upgrade from older versions without any trouble.

I've recently been working somewhere that has a prominent sign on one of the doors that states:

(Audible click will be heard)

Hopefully you all understand why I thought this was amusing.

I've heard bad coughs that have sounded healthier.

I've been catching up with my brother, it seems that women keep trying to chat him up and offer to have sex with him, even though he often treats them badly and acts like an arsehole (whether he's doing it deliberately to try and get rid of them or deliberately to attract them, I'm not always sure).

But when I try and be nice to women, chat with them, get to know them, and (like earlier this week) offer to buy them dinner, I get turned down. Perhaps I should go back to uni, like my brother, before it's too late.

My incredibly tall plant had been living in my parents' kitchen, but she's not there anymore (only the big yucca is there). I shall have to ask my parents what happened to her, I have a nasty feeling my mum's going to say she got rid of my plant without telling me!

No longer required, as of April 2008 (or earlier if you can get hold of the Internet Explorer Automatic Component Activation Preview). Microsoft has now licensed the technologies from Eolas (damn them and their stupid patent).

I just spotted that Sarah's status on Facebook says "is chair dancing again, just less obviously this time..." - there's nothing wrong with chair dancing, I often catch myself doing that (although usually when no one's around... like yesterday when I was sat in a cold and noisy server room, so I put my noise insulating inner ear headphones on and listened to Chemical Brothers, Radiohead and then I spotted I was dancing around in my chair to Avril Lavigne).

In other news (i.e. other friend's status thingies), Lara's finally had her baby and the whole family are doing well, including new arrival Jonah. They already have a photo up on their website, and I have to admit that he looks okay (for a baby), as in I wouldn't have to fake sincerity if they asked me something like "doesn't he look so cute?". Not that I'd ever fake that sort of thing, but I can't imagine many proud parents liking it if I said "I've seen better" or "they all look the same" (you have to get the balance right, too much enthusiasm might look insincere - or worse...).

Ade's wondering where this global warming is. I've been thinking the same thing for the last couple of years, but I think I've been sheltered from it by cold air conditioned rooms and the aircon in my car. The advantage of working from home is you can keep the place as warm as you like, and if it gets too cold you can wear the thick padded shirt you wouldn't be caught dead in and/or climb into bed with the electric blanket to warm up. I suspect he's allowed to be cold, seeing as his previous status pondered "why minus 10 feels warmer than minus 2" - my guess is hypothermia. Ooh, Wikipedia agrees with me, "often, a person will experience a warm sensation, as if they have recovered, but they are in fact heading into Stage 2" (of the 3 stages of hypothermia). The scary thing is Stage 3 is apparently when body temperature drops below approximately 32 degrees C. In the field, a mildly hypothermic person can be effectively rewarmed through close body contact from a companion and by drinking warm, sweet liquids. Maybe that's why I like to drink coffee (with two sugars). I'd happily swap it for close body contact with a hot girl hehe.

It's amazing how many of my friends have put that they're tired. Or should I say "have also put" that they're tired? The weekend's nearly here.

Oh, and Happy Birthday to Katie.

This looks evil. Must look into how easy it is to abuse this. So much for Firefox being the safer browser ;)

As you know, I'm not an artist, so I thought I'd look on the web for some help creating comic strips.

QuickToons isn't great, but it's pretty quick and extremely simple. You are also extremely limited with what you can do, but I spotted a Lindsay Lohan character and had to make this joke (sorry Lindsay, you used to be gorgeous, but you don't look or behave like you did in the past):

EDIT: QuickToons seems to have gone down, if I get the strip again I'll put it up on my server!

Stripgenerator.com looks more promising, but you have to sign up to get more characters/objects. Most of the blog strips are written in foreign languages, but give you an idea of what you can create. Looks promising, but you're stuck with the single style that they offer.

I've never played Sam and Max, but there's a comic strip generator that looks pretty good if you want to make jokes based around the game:

Anyone know any others? I had a thought about creating 3D characters and an online world, positioning everything, taking a shot of the rendered image, changing it into a 2D cartoon strip, and adding dialogue (somewhat inspired by how the new Simpsons computer game is meant to render the graphics). But it sounded like a lot of work.

The McAfee Avert Labs Blog mentioned MySpace yesterday, and provided a decent overview of why SSL is a good thing if you'd like any sort of privacy or protection. According to MySpace:

MySpace.com member accounts are secured by member-created passwords. MySpace.com takes precautions to insure that member account information is kept private. We use reasonable measures to protect member information that is stored within our database, and we restrict access to member information to those employees who need access to perform their job functions, such as our customer service personnel and technical staff. Please note that we cannot guarantee the security of member account information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of member information at any time.

Is it reasonable that usernames and passwords (data that's stored in their database) are sent over an unencrypted connection?

> nmap -P0 -p 80,443 www.myspace.com

Starting Nmap 4.22SOC8 ( http://insecure.org ) at 2007-11-01 09:32 GMT Standard Time
Warning: Hostname www.myspace.com resolves to 6 IPs. Using 216.178.38.129.
Interesting ports on 216.178.38.129:
PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

It's not even a case of trying to find the link to login and browse the site over SSL, as they don't even have port 443 open, so you're forced to send everything over an unencrypted connection as there's no other option. That doesn't sound very reasonable to me!

The scary thing is a lot of users will be using the same usernames and passwords on other sites that do use SSL. As mentioned on McAfee's blog:

Don't get me wrong, a malicious user doesn't care about your myspace.com page. I'm sure it "teh sucks" and your profile is "teh fail" (to quote a buddy at Foundstone, Brad Antoniewicz). They're after your credentials & betting big on password reuse. Stop for a moment and think about your own work, Ebay, email, bank, etc accounts. Are you reusing your credentials anywhere?