technology – Page 20

Old Posts Recovered

This is probably going to go on for months, yet, but I’ve just recovered some more of the posts that were lost last summer, including:

The second half of Suz, And Naivety – which is both sweet and funny.
Photos From Malawi; the first of my Malawi trip photos.
The majority of How To Make Invisibility Paint, which is also funny.
Letters After My Name, an account of my graduation.

If you didn’t read any of those at the time, before they ‘disappeared’, you can do so now, as they’re ‘recovered’. There’s a few more ‘recovered’ posts here and there, too, but they’re mostly for my benefit and not so noteworthy.

I’ve also found a cache of old “Avatar Diary” posts (my original blog – 1998/1999 – some posts available here) and some other microblogs I ran along the way over the last six years, so hopefully I’ll be able to “fill in” some the the gaps over the next month or so. Which’ll be cool, because then I’ll have what’ll be the longest-running weblog I’ve ever seen.

Symantec Warranty

If only we could get away with clauses like this in our warranties:

Symantec does not warrant that the Appliance will meet your requirements or that the operation of the Appliance will be uninterrupted or that the Appliance will be error-free.

In other words: we don’t promise that this will do what you want it to, and even if it does, we can’t guarantee that it won’t fall over or even work at all.

And we pay money for this kind of hardware? It’s amazing what you can hide in the small print. I also notice that this Symantec device is Linux-powered. Perhaps I should write to Symantec and request a copy of the OS source code, in accordance with the GNU General Public Licence.

The Story Of Apple’s Graphing Calculator

There’s a fascinating story behind Apple’s “Graphing Calculator” application. Here’s an extract:

In August 1993, the project was canceled. A year of my work evaporated, my contract ended, and I was unemployed… …I was frustrated by all the wasted effort, so I decided to uncancel my small part of the project. I had been paid to do a job, and I wanted to finish it. My electronic badge still opened Apple’s doors, so I just kept showing up… …they asked, “Who do you report to? What group are you in? Why haven’t we seen this earlier?” I explained that I had been sneaking into the building and that the project didn’t exist. They laughed, until they realized I was serious.

Go read it. It’s a great story.

Conversation Of The Day With A Client

Fictional, of course. None of our clients are actually this stupid, and I wouldn’t be silly enough to publish a real event like this on my blog, ever.

A client phones up and asks to speak to me.

Client: “I’m using the ‘Data Export’ tool in… [part of application I wrote, new version recently deployed to him] …it was my understanding that it always used to export Excel files.”
Me: “Umm. Yes. Well, actually, it exports CSV files – that’s Comma Seperated Values. Excel will open them, and if you have it installed, it becomes the default application for opening such files.”
Client: “Mm-hmm. It seems to think they’re text files.”
Me: “Text files? You mean they’re opening in Notepad?”
Client: “Yup.”
Me: “Ah; okay – well, we just have to tell it to open them in Excel, then. Right-click on the file, and select ‘Open With…’: ‘Excel’.”
Client: “It’s not there.”
Me: “Oh. That’s odd. Okay then, just open Excel from the Start Menu.”
Client: “I can’t find it.”
Me: <thinks> “Which computer are you using?”
Client: “The server.”
Me: “Do you have Excel installed on the server?”
Client: “No.”

Thanks to Task Tracker, SmartData‘s funky in-house timesheeting tool, and it’s drill-down reports, I’m able to look back over the last year and work out exactly how much more work I’d have gotten done if our clients were even slightly computer-literate and didn’t need to keep calling up for help with trivial things every ten minutes. Ah well.

GMail Invites

I’ve got nine GMail invites. Does anybody want one? Check the comments to this post to see how many have gone, and leave a comment to this post if you want one.

Statto Plays With Blacklight

Statto has an article on his blog about using his digital camera to take infared pictures which is worth a look, if you’re even vaugely interested/bored/geeky/a physicist/all of the above. He’s taken some fascinating pictures of infared remote control beams and things through filters, and provided a little bit of an informative background as to why it all looks like it does, too. Go look.

Man And The Machines

There’s a fascinating article on LegalAffairs.org (the self-styled “magazine at the intersection of law and life” on artificial intelligence and legal/ethical/socialogical considerations relating to it. Despite disagreeing with a few of it’s points, it’s well-written and excellently-presented. Go read it.

In case the site stops publishing the article, I’ve made a copy, below. Click on the ‘next page‘ link to read it here.

Pages: 1 2

Bug In Internet Explorer… But How Do I Tell Anybody?

This morning, I found a bug in Internet Explorer. I wasn’t using it, of course, but I’d sent a Macromedia Flash file to a colleague by e-mail, who opened it in IE, but couldn’t.

It turns out that Internet Explorer can’t cope with opening Flash (.swf) files from the local file system, if the filename contains an apostrophe (e.g. “Dan’s Pictures.swf”). Crazy little bug, but I’ve tested it a little and it seems that this really is the case. But how do I report it?

Microsoft‘s web site, despite a redesign, is a sprawling mess. Eventually I gave up and submitted it as a ‘feature request’. I submitted PNG-support as a feature request, too, because it would be nice if sites like Abnib looked as good to the unwashed masses of IE users as it does to users of real web browsers.

Google Of The Future

Google Suggest is the newest crazy invention from the guys at Google Labs… and it’s actually pretty cool! Go give it a go…

ATOM Feed Of Your GMail Inbox?

Checking my GMail account this morning, I noticed an unusual icon in the lower-right corner of the browser window:

It turns out that Google‘s GMail service seems to be testing an ATOM feed – a kind of syndication feed (similar to those used by weblogs and news sites – see Scatmania’s ATOM feed) that can be ‘subscribed’ to from your desktop computer.

Right now, the GMail feed looks pretty bare:

Nonetheless, this is an interesting turn of events – didn’t Google recently say that no other automated mail checking tools were to be used except for their own GMail Notifier (sorry, can’t find a news story to link)? But now it looks like they’re working on developing a format by which anybody can ‘subscribe’ to their own inbox (although probably only using a web browser – the non-browser-based XML readers seem to have difficulty with cookies, which are likely to be required.

It’s all interesting.

Security Engineering

A secure password does not make a system secure. No password – in fact, no authentication system – is entirely bulletproof. The key when designing a password-based access system, and choosing passwords, is to balance an equation. You must make the effort required to crack the password more valuable than the data the password protects. This will force the attacker to attempt another approach – there is no value in them continuing to try to break the password.

When laying barbed wire, we do not attempt to completely block access to the defended area (the enemy will just stay put and bring in tanks), unless we want to bring in enemy tanks (to, for example, ensure that they aren’t elsewhere!). We lay out barbed wire in a pattern that requires infantry to take a longer route in order to get in, in order that we can shoot at them more on their way. When laying barbed wire, there is never any doubt that the enemy will penetrate it, given enough effort.

When I tell people that no password is completely secure, and describe all that is above to them, they sometimes don’t believe me, or see the relevance. So here’s another example I came up with this morning:

When people install burglar alarms in their houses, they think they are doing it to prevent burglars. But this doesn’t work, otherwise the number of burglars would be expected to go down as the ratio of houses with burglar alarms has increased. No; a burglar alarm does not prevent burglars – what a burglar alarm does is makes the effort (in this case, the chance of getting caught) not worth the data protected (your TV, VCR, computer, etc.). So the burglar goes elsewhere – perhaps to steal less valuable stuff, but from somewhere that the effort is substantially lower. Burglar alarms don’t stop burglars – they redirect them.

But if the value of the data you’re protecting increases, then the equation disbalances, and it becomes worth the effort. If you start keeping stacks of gold bars in your living room, our burglar will probably risk getting caught to try to nab them. Or they might spend time getting the experience and equipment needed to disarm your alarm first. Or they might watch your daily patterns; see if you sometimes forget to arm the alarm, or maybe they’ll bribe your ex- to share with them the code.

There’s the basics of security engineering. Now, here’s the bit I missed:

Hackers are a very complicated set of people, of all manner of ages, disciplines, experience levels, and motivations. An important factor with many hackers is that, regardless of the possible value of the data, the effort taken to break into the system is irrelevant as a deterrent! Many hackers see more challenging systems as a ‘challenge’, and try to break into these systems just to prove that they can. Imagine your suprise when you find that your house has been broken into and all the gold bars in your living room have been autographed by some greyhat.

Now go change your passwords.

TromaNightAdventure!

I’ve finished TromaNightAdventure, a WikiGame on RockMonkey. It’s at version 0.9, so far, because there’s still a few things I’d like to do with it (like add a “hints” page, for example!). But nonetheless, if you’re a Troma Night fan, you ought to go play it!

Windows XP SP1 Honeypot Breached In 200 Seconds

The internet is becoming a scarier and scarier place.

In a recent “honeypot” study, a Windows XP computer with Service Pack 1 was infiltrated in just 200 seconds, without even opening a web browser.

For the less techie-minded, a “honeypot” study involves setting up a new PC with a new operating system (in this case, a Windows XP SP1 machine) and connecting it directly to the internet to see how it is attacked and to what end. In this case, all they did was connect said computer to the internet… and less than four minutes later, it had been compromised by an attacker. Within half an hour, it was receiving instructions to act as a bridge to attack other computers.

Four minutes isn’t long enough to download and install ZoneAlarm. It certainly isn’t long enough to install Service Pack 2. And all across the globe, newbie PC users are buying off-the-shelf computers with no firewall, taking them home, and connecting them to the internet, basically ‘volunteering’ their computers and their bandwidth to be zombies and attack others around the world, relay spam, or share their files with anybody, anywhere.

If anybody needs help securing their system, just give me a shout.

Blogspam A Problem… No More

As I’ve mentioned in previous posts, I’ve been getting more than my fair share of blogspam of late. I’ve been spending about twenty minutes every three or so days clearing out the ‘moderation’ queue and updating my keyword lists. Worse still, some spam has been getting through nonetheless (hopefully I’ve always been quick to remove it, and so none of you – my readers – have had to see any of it).

So: I’ve implemented a new anti-blogspam solution: whenever you post a comment to my weblog from now on you’ll be asked a simple question. The answer is usually obvious… to a human… but very difficult to automate a computer to answer. I appreciate any feedback on this (why not leave a comment to this post), and I’ll let you know whether it fixes the problem. And, of course, if it does, I’ll offer my code snippet back to the WordPress development team in order to include it, perhaps, with a future version: or, at least, offer it to friends of mine who use similar blog engines and are troubled by spam.

I need sleep.

In other (almost equally geeky) news, I’ve been spending a good deal of time working on my new RockMonkey WikiGame – TromaNightAdventure. If I can keep up a reasonable development rate on it this weekend (which could be tough – I’ve lots to do, and Gareth is visiting and keeps distracting me with cool technology like GPS devices and VoIP telephones), it’ll be ready on Tuesday evening. Watch this space.

Popularity Of The Welsh Language

<ROFLMAO>

Want a giggle? Go to Google and type “old dead language” into the search box (with or without the quotes… either way), and hit “I’m Feeling Lucky!”.

This is the follow-up to my experimental googlebomb the other week. I’ve had my fun, now, and I actually believe it’s possible (I was skeptical when I first read about it, but it turns out that Google really is that easy to manipulate) to pull off a googlebomb of this scale with my limited resources.

In other (equally geeky) news, I’m starting to have trouble with blogspam, and my usual keyword/IP/link-count filters aren’t catching it all… might need a reprogram.