Articles – Page 95

Bryn’s “Un-Supersize-Me” Challenge

Claire and I have decided to take on Bryn’s Fast-Food Challenge, in order to try to reduce the amount of fast food and other excessively unhealthy and pre-processed foods we eat (and in order to save a little money). I’ve no lack of confidence about this – until I was living with Claire, I was pretty much fulfilling this ‘challenge’ most of the time… I’ve just become lazy of late. And hey, it can’t be any more challenging than my year without alcohol a few years back (hmm, must dig up some old diary entries and fill them in, there – looking a bit sparse on my blog).

Build Your Own Tin Foil Hat

StopAbductions.com has a guide to building your own “Thought Screen Helmet”. From the website:

The thought screen helmet blocks telepathic communication between aliens and humans. Aliens cannot immobilize people wearing thought screens nor can they control their minds or communicate with them using their telepathy. When aliens can’t communicate or control humans, they do not take them.

The thought screen helmet has effectively stopped several types of aliens from abducting or controlling humans. Only two failures were reported since 1998.

Go read it. It’s funny.

Happy Birthday To Me

Thanks to everybody who came to Troma Night to celebrate my birthday on Saturday: that was fab. And special thanks to Hayley for baking a cake, and Jon for suggesting the decoration.

Troma Night was fun, and so was Geek Night (despite being just Andy, Claire and I) – a three-player game of Munchkin is actually sensible and bearable, without too much endgame backstabbing! The rest of the weekend I’ve spent playing with pyDance – a free, open source dance machine game (I’ve been trying to get the hang of composing steps in it), playing Paper Mario: The Thousand Year Door (which is pretty cool) and reading Half-Life 2: Raising The Bar (a birthday gift from Claire).

Speaking of which, have any of you usual folks not seen Claire’s blog-post about the concert in Cardiff yet? Who’s coming? Tickets are reasonabley-priced but selling fast.

More Geeky Fun – Hack Security Cameras

This was one of my most-popular articles in 2005. If you enjoyed it, you might also enjoy:

The Ten Weirdest Sex Toys I’ve ever seen (2009)!
A dirty-looking calendar I found at work (2011).
My beliefs about why it’s wrong to lie to children about Santa (2009), complete with pictures of naughty elves.
An argument I had (2011) with the Office of National Statistics about nonmonogamy and the census.
Open Source Shaving (2009).

Here’s a giggle – somebody’s found a cleverly crafted Google search string that will reveal the (unprotected) web interfaces of a particular kind of Panasonic web-capable security camera. Just point a web browser at http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22, then select one of the cameras (you might have to try a few before you get a working one). If you get a motorised one, you can even remotely control it! Here’s some I found earlier:

Update 17th August 2011: fixed broken link to Panasonic website!

First Look At Microsoft Ani-Spyware

Microsoft have released a beta-test version of their new Anti-Spyware program (based on technology they gained during their recent acquisition of Giant Company Software). As a happy little curious bunny, I decided to download it and give it a go on one of the computers laying about at work.

Installation of Anti-Spyware is the typical InstallShield-driven wizard interface.

Interesting to see that this product comes “with SpyNet technology”. Sounds like a buzzword if ever I heard one.

Having finished the installation, the “Setup Assistant” launches.

The setup will be divided into four stages – although, in actual fact, the first three stages consist each of answering one question and the fourth can take a long, long time (scanning the computer for spyware).

Questions first:

With inspiring titles like “Keep Your Computer In The Know”, “Meet Your Computer’s New Bodyguards”, and “SpyNet: The Anti-Spyware Community”, one can’t fail to feel safer almost immediately, hmm? I leave everything as the defaults – turned on. Reading it’s description, I’m left wondering what ‘SpyNet’ actually does. Sounds a little like spyware to me. I can only hope it’s not as innefectual as the “submit a bug report” feature already common in Windows.

The setup wizard (which, it turns out, has no presence in the taskbar and can not be alt-tabbed to, which means that I have to minimize my other windows to dig my way back to it) suggests that I run a “SpyWare Scan” now. I don’t have all day, so I select to run “an intelligent quick scan”. It estimates that this will take “less than 2 minutes”. Okay, that sounds fair.

After a quick check of the running processes on the PC, the scan begins looking at the files on the computer. There’s no progress bar, so the only indicator of how far it’s gone is based on which file it’s currently scanning, and my knowledge of the layout and content of this hard disk. 2 minutes later, it’s broken it’s promised, as it doesn’t seem to have made great progress – but it does claim to have detected two pieces of spyware: TightVNC, a piece of computer remote control software I installed a few days back – not spyware – and WinPCap, a set of drivers for capturing network traffic, used by most Windows-based packet sniffers (a network protocol analysis tool) – also not spyware. Hmm.

Confusingly, the scanner at this point claims to have detected 2 infected registry keys, despite also claiming to have not yet scanned any registry keys.

After about 8 minutes, the second part of the scan begins – scanning the system registry. The flickery little animation is changed from little yellow folders to little green building bricks, and the list of infections increases. See below for the complete list of “spyware” that it found.

Finally, after about 13 minutes, the scan is complete (a little longer than the estimated 2 minutes for a ‘quick scan’), and I’m presented with the results:

The report detects the following:

TightVNC and RealVNC – two remote control programs that “allows full control of the machine it is installed on”. The spyware report kind-of makes it clear that these two “moderate threats” are legitimate remote control software, but that they could be exploited to take control of the computer remotely, by an unseen attacker! Interestingly, it doesn’t detect that I have Remote Desktop, Microsoft’s remote control software, activated. Nor does it detect pcAnywhere, another remote control program I’d put on for the purpose of this scan.
WinPCap – this, as mentioned above, is a network capture driver. The spyware scanner lists it as a “low threat”, and points out that while not dangerous in itself, it could be used by a spyware program to capture my network traffic, which is correct. I’m not aware of any spyware that takes advantage of WinPCap, but it’s at least a theoretical possibility, and it’s fair to warn me about it.
eDonkey 2000 and Grokster – the program incorrectly detects an installation of eDonkey and Grokster – two file-sharing programs. These are listed as “low” and “medium” threats, respectively, not because they are spyware… but because they are often bundled with spyware (in the latter case, nasty stuff like Cydoor). In actual fact, this computer has Shareaza installed – a free, open-source, spyware-free file-sharing program that is capable of connecting to the eDonkey and Grokster networks.
EasySearchBar, a known piece of spyware that sits in Internet Explorer and feeds information about browsing habits back to the makers, and allows pop-up ads to appear. I’m not even sure how that got onto this computer (people shouldn’t be using Internet Explorer here at SmartData at all), but it can be removed using the tool, so I let it go ahead and do so.

Conclusion
Microsoft Anti-Spyware is currently in a very early release and buggy stage. It successfully detected all the spyware that Ad-Aware did (although it doesn’t also pick up on tracking cookies and data miners harboured by IE, as Ad-Aware does). However, it also detected several completely safe pieces of software, which – had I been an amateur user – could have alarmed me into accidentally deleting them. The time estimates given by the program are way-out.

I haven’t tried (to any great level) any of the other tools provided by the program – such as the cache cleaners and the live protectors – however, the live protector that was supposed to “prevent unauthorised programs from editing the hosts file” (a common way for adware programs to take over your internet connection) didn’t work. When I wrote a program to (in a very suspicious manner) add entries to the hosts file, it didn’t even notice, prevent it, or even log that it had occurred.

I am concerned that, if Microsoft do start charging for this product or for updates to it, this could be an opportunity for Microsoft to make money out of a problem that they helped to create. And if they give it away for free, I’m concerned that it will be ineffectual and lull users into a false sense of security (like Microsoft Anti-Virus before it). However, on the up-side, at least Microsoft are beginning to take spyware and adware seriously.

Links

Microsoft AntiSpyware First Impression, by Nathan Weinberg
Microsoft Anti-Spyware?, by The Register

Internet Explorer Inferiority… Again

I’ve had a major gripe with Microsoft Internet Explorer for some years now, in it’s inability to handle PNG files correctly. Being able to use PNG files gives web developers some serious benefits in being able to make overlaid, semitransparent (non-binary transparency) images, compress files smaller, etc.

So, yeh – pretty much every web browser on the market has had near-perfect PNG support since 1998, and Internet Explorer has always been lagging behind (that’s why the ‘mugshots’ on abnib look ‘wrong’ in IE). But here’s the worst of it: I’ve just discovered that the MacOS version of Internet Explorer (yes; also by Microsoft) 5 – which was released almost five years ago – has excellent support for PNG graphics! That’s crazy!

It’s not that I’m affected directly – I don’t touch IE with a barge pole: my issue is that, as a web developer, I can’t take advantage of any of the shiny features of a decade-old technology, simply because the so-called ‘market leader’ hasn’t been bothered to finish writing a few hundred lines of code yet!

Okay. I’m breathing normally again now.

LiveJournal Sells

Following up yesterday’s rumours, it can now be seen that, officially, LiveJournal has been sold to SixApart. The details look pretty good – the service will remain much as-it-is, nobody will be ‘migrated’ to TypePad or MoveableType, and – better yet – LiveJournal might actually (finally) get some much-needed new features, such as trackback (which can be seen in effect right here, on my post yesterday – this post will be linked as a ‘trackback’ comment, because this post follows it up – with trackback, this kind of thing can be posted cross-journal, too).

LiveJournal May Be Sold

I hear that LiveJournal – one of the world’s biggest blogging communities (and home to most of the blogs syndicated by Abnib) – is to be sold to SixApart, a TypePad/MoveableType-based blog-host.

What effect this will have on holders of existing LiveJournal accounts – particularly paid accounts – is as yet unknown. Nonetheless, I think this could be a very interesting year for LJ bloggers.

Which “Secret Of Monkey Island” Character Are You?

Golly, I’m Herman Toothrot. I’m unique, pleasent, er… unique. Oh, let’s face it, I’m an old pantless weirdo. I trained a bunch of monkeys to sail a ship back from a deserted island but didn’t go myself, I think my dead friend has never looked better, and I talk to people who aren’t there… kind of. But I don’t worry: that’s why everyone loves me.
*~What “Secret of Monkey Island” character are you?~*

Well; I saw that coming. The bigger question is: if a tree falls in the forest, and no one is around to hear it, what color is the tree?

Completed Half-Life 2

(don’t worry – no spoilers) Well – I’ve finished Half-Life 2. I must say, it just got more and more stunning. The weapon you’re left using for the last two chapters is simply wonderful (think: gravity gun v2.0). The finish is… simply stunning, and suddenly the G-Man seems even more mysterious than ever… it’s just… wow.

There’s this empty space I need to fill with Half-Life 3.

The downside: it was too short – I was hoping for about another three hours of ‘gametime’ from it. Plus, there are things I’d have liked to have seen but didn’t (monsters I saw but never got to fight, mysteries left unanswered [including most of the ones from the prequel], etc.), and I found the final fights a little too easy (although I have the option to just replay any chapter at any difficulty level, so I can crank it up to Hard and try again). That, and, I feel a major lack of closure – despite a very deliberate ‘build-up’, that game ended in a way that felt quite abrupt and ‘unfinished’ (perhaps the last challenge was a little obvious to me, or something).

In any case – it’s well worth playing, and pretty much anyone I know is welcome to play through it on Duality, if they so wish. Now I’m going to go browse the forums for easter eggs and tips about what’s coming in Half-Life 3.

Half-Life 2

Half-Life 2. The most immersive first-person shooter I’ve ever played. From it’s “throw you in at the deep end” beginning – chased around the streets of the overpowering City 17 by Combine agents, rushing through apartments as raids go on all around you – to it’s immensely clever, multi-faceted puzzles – how do I get past that guard? I could creep by him: I wonder if he’s paying attention… or throw that can to make a noise… maybe I could knock him in the back of the head before the security camera sees me… can he swim? – it’s a thrilling game. In the Half-Life tradition, very little is given away, and the player is left to make many of their own assumptions about the way the world around them works; I find this a little frustrating (I’d like to hear more back-story), but this is soon taken away when I’m drawn into another firefight. The game is gorgeously detailed – the characters around you frown, smile, wink, raise an eyebrow… and genuinely look relieved, scared, upset, etc. Meanwhile, explosions outside are rendered beautifully, water reacts like it should, and the ‘Havok’ physics engine means that if you can imagine it, you really can build it out of the myriad small items around you.

Despite Paul and my complaints about the Steam distribution system, it’s all seemed very good – owing to it’s modular design, I was able to start playing the game when it was just 69% downloaded (and when I ‘caught up’ with it, I only had to wait a few seconds for more content to be downloaded). Paul may be relieved to hear that once the game is downloaded (or activated, if it’s store-bought) it can be played in “offline mode”, and never accesses the internet without permission, it won’t auto-update unless you let it, and there is an option to back up the version you currently have installed – to CDs, for example – so that you could, if you wished, reformat and reinstall Windows and re-install the game without having to download it again. In addition, the modular design meant that my download was ready sooner than it might otherwise be, as it took advantage of the files I’d already downloaded as part of the demo version. I’m still not sure of any way to install to a different drive, which I’d particularly like to be able to do, but nonetheless I’m more impressed with Steam than I expected to be.

I managed to play Half-Life 2 for four hours… before I began to feel motion sick (I’d recently had a plasma cannon installed on my hovercraft, and driving it [with my left hand] while aiming and firing the weapon [with my right] left my poor eyes sufficiently confused that I’m now taking a quick break). I’ll probably go in again and blast some more Combine scum before I go to Sian and Andy‘s New Year’s Party. Yeah!

Update: Fixed link to Paul’s new blog after he moved it, breaking a universe of links. Old content was at http://www.livejournal.com/users/thepacifist/202607.html

Internet Explorer Exploit Of The Day

There’s yet another killer Internet Explorer bug out there, which is manifesting itself in the form of a new trojan, Phel.A. This one only affects Windows PCs updated with SP2 (the supposedly ‘safe’ people) and works by confusing the ‘trusted’ and ‘untrusted’ zones.

I always find reports like this interesting, so I’ve written an exploit of my own. If you’re still using Microsoft Internet Explorer, and you’d like to see why you shouldn’t be:

Click here to look at a web page I’ve set up [update: link long-dead]. It looks kinda boring, I know, but – if you’re using Internet Explorer, it will slyly put a tiny application in your Startup group.
Next time you log into Windows, the tiny application will download and install a bigger application.
Next time after this that you log into Windows, the bigger application will run, and tell you why you shouldn’t be using Internet Explorer.

The information on how to use this exploit is easily available on the web. Before long, we’ll be seeing another wave of web sites that can install software on ant Internet Explorer users’ computer.

If you’re still using Internet Explorer, take a look at BrowseHappy.

Old Posts Recovered

This is probably going to go on for months, yet, but I’ve just recovered some more of the posts that were lost last summer, including:

The second half of Suz, And Naivety – which is both sweet and funny.
Photos From Malawi; the first of my Malawi trip photos.
The majority of How To Make Invisibility Paint, which is also funny.
Letters After My Name, an account of my graduation.

If you didn’t read any of those at the time, before they ‘disappeared’, you can do so now, as they’re ‘recovered’. There’s a few more ‘recovered’ posts here and there, too, but they’re mostly for my benefit and not so noteworthy.

I’ve also found a cache of old “Avatar Diary” posts (my original blog – 1998/1999 – some posts available here) and some other microblogs I ran along the way over the last six years, so hopefully I’ll be able to “fill in” some the the gaps over the next month or so. Which’ll be cool, because then I’ll have what’ll be the longest-running weblog I’ve ever seen.

Symantec Warranty

If only we could get away with clauses like this in our warranties:

Symantec does not warrant that the Appliance will meet your requirements or that the operation of the Appliance will be uninterrupted or that the Appliance will be error-free.

In other words: we don’t promise that this will do what you want it to, and even if it does, we can’t guarantee that it won’t fall over or even work at all.

And we pay money for this kind of hardware? It’s amazing what you can hide in the small print. I also notice that this Symantec device is Linux-powered. Perhaps I should write to Symantec and request a copy of the OS source code, in accordance with the GNU General Public Licence.

Lottery Winners Counter

Did you know that 94% of lottery tickets get no balls, one ball, or two balls – and therefore don’t win a prize… the odds of getting three balls (1 in 57) [source: National Lottery: Prize Allocation] is less likely than the odds that recently-reported asteroid 2004-MN4 was going to hit us (widely reported as 1-in-37, now disproven: we will not be hit by 2004-MN4 in 2029)?

Yes; let’s face it – we all know these figures. But numbers like these aren’t a great way to reflect quite how hideously unlikely you are to win anything. So….

Recently, a colleague of mine showed me a little JavaScript application that counts real-time deaths from various causes. Basically, the author took statistics from the WHO about averages deaths by cause per year, and wrote this application to illustrate the death rates. Go watch it for awhile and then you’ll understand.

In any case; Claire suggested that a really good idea would be a similar application based on National Lottery statistics – one that showed the rate of ticket purchases versus the ‘win rate’ in a “live”, graphical, display. Of course, this model would make some assumptions – that tickets were bought evenly throughout the week (and not in a ‘rush’ on Saturday afternoons), for example, and that every ticket was pre-determined to be a ‘winner’ or not. In any case: she did the maths, and I wrote the code, and here it is

(if you’re viewing this page through Abnib this won’t appear as it should – view the calculator here)…

If you want to put this application on your own weblog, or your own web site, or wherever, the code to do so is:

<script language="JavaScript" type="text/javascript" src="/q23-content/lottery.js"></script>

If your weblog is hosted with somebody else (e.g. LiveJournal) you might not be able to put scripts on your ‘blog. Just so you can’t say I didn’t warn you.