In 1992, a ship carrying 29,000 plastic yellow ducks from Hong Kong to Seattle lost some of its containers in a storm; the containers were damaged, so the toys escaped, and 29,000 little yellow ducks started a voyage around the world's seas.
Fuller story here: http://www.agu.org/sci_soc/ducks.html
And - for the next week, if they go with the normal schedule, you can listen to a 30-minute Clive Anderson programme from BBC Radio 4 here (RealPlayer required)
Meant to add this ages ago, but last weekend was my old mate Ed's stag night.
We had a really good night, without any of the old-fashioned silliness, just a good lads' night out.
What we have here, is to the right, a picture of the Stag with everything he needs short of a "wife and kids to support" sign, but then again, he doesn't (yet) have a wife, let alone kids, to support, so I guess that's fair enough.
The other picture is just something I noticed whilst we went around Manchester (no, I've not been into town for ages)... GMPTE is the Greater Manchester Passenger Transport Executive - the guys responsible for public transport in Manchester, in other words. A little bit of googling suggests that I've found GMPTE Online online - they're at #1 Piccdilly, apparently.
What part of "online" is wrong here? The fact that it's a bricks-and-mortar place, or that googling for it simply finds the press release which promotes the bricks-and-mortar place?
There's something seriously wrong here, I'm sure.
Anyway, good on you Ed, and best man Ben... See you next month and all the best.
I never realised ... Syd Barrett died earlier this month.
RIP, you crazy diamond.
Because I was bored, there's now a graphical image on most pages (well, /wishlist, /urandom, /forum and /sh as well as / itself).
I'm sure I've broken stuff for your browser; I have to admit that I've only tested with FireFox and IE6 (which threw up some strange errors to start with). The w3c HTML validator only comes up with 4 errors on the homepage, which is pretty good by my standards.
The text effect was created by the Gimp, which I am determined to learn to use properly; many thanks to linuxchix for the essential hint I needed for a previous attempt (using the clone tool, which was moderately succesful but rather unpredictable with the samples of crayon scribbles I was using).
I think I've come across this site before, but I've now added it to the /links page of this site. Cambridge University's Computer Lab have a Security Research blog called Light Blue Touchpaper.
A couple of interesting articles:
Strange behaviour by the Bank of England (and an interesting way of dealing with it)
Destroying chip-and-pin credit cards not as easy as you might think
So ... the new flappy-paper-thingy at the bottom right of each item. Useful delimiter, or trite web 0.3 geocities n00b?
FWIW, I stole the idea from cv-library.co.uk, where they take it a little bit further.
I was thinking it might be useful for the wishlist, but it didn't really seem to work out at all for that. As that's for grandma, any fuzzing of the edges between items could be confusing :-)
HMRC have a page which starts with the text "If you are unable to clarify Pension details on CES you may want to telephone the pension centres." (I don't know what CES is) and it provides a list of pension centres, with - naturally - a column labelled "Telephone Number".
The introductory text also has a comment stating that "If the appropriate area or office is not listed below or if the office states they don’t cover that area, operators will need to ring the central Pension Credit number"
All very well and good - useful information, albeit from a slightly strange source. Oh, and also not quite as useful as it might be, as every number, including the central number, have been replaced with the text "(This text has been withheld because of exemptions in the Freedom of Information Act 2000)"
Netcraft are reporting that apparently Russian phishers are getting around Citibank's security - whereby the account holder holds a physical token which displays a new number every few seconds, and that number is valid for that specific user to log on to Citibank's website for about a minute, by taking the number the customer supplies to the phishing site, and simply passing that on to the Citibank website.
Whilst obvious as a theoretical attack, it would take a certain amount of scraping and rewriting to succesfully work in practise. I have no idea what the success rate would be; it may even be that it's easier to have somebody monitoring what data is entered, and have them re-enter that into the Citibank website and manually do whatever nastiness they feel inclined to do, than to script it.
That would be far less sexy from a coding point of view, but much harder for Citibank to defend against, also.
Hey, I'm really getting into this "blogosphere" thing now... here's some random guy's blog notablog on Israel -complete with its link to should Christians swear?
I can't really say that I disagree with either of those sentiments.
Lots of people are pointing at a news.com article saying that Symantec are pointing out that Vista could have new security flaws. Shock horror!
Apparently they've totally rewritten the network stack (what? BSD's wasn't good enough?!) and introduced a bunch of new flaws in the process.
Unfortunately for the newsworthiness, as arstechnica put it most succinctly:
Microsoft has been given a copy of Symantec's report, which was based on Build 5270 of Vista. The company notes that the flaws it found were addressed in Build 5384, and Build 5472 was released to testers yesterday.
Other fun facts: According to Symantec, Linux has had a networking stack for "more than five years". I'd have to agree; 15 years is certainly "more than five years."
Another one I wasn't aware of - apparently Vista will be the first version of Windows with IPv6 support. WTF? *nix has had IPv6 for years.
So - the news in brief: Build 5270 had some flaws, which were fixed in 5384, and 5472 is the current public build, in which Symantec have presumably found no flaws; they're certainly not talking about any. IPv6 is new, along with the rest of the "networking stack" - presumably just the TCP/IP stack, and it will all be fine (but presumably it may be best to get some Symantec software just to be on the safe side)
According to some ex-MSFTies, phpBB is worth $1.5m, phpmyadmin is worth $2.655m
GIMP, along with OpenOffice.org has no price guess whatsoever. The Linux kernel is apparently worth 1,434 Man Years, totalling nearly $79m.
All these figures seem to assume the same base rate of $55k/developer/year, which seems somewhat unlikely, at best.
It's fascinating to see how money and software get combined; for management types, I can see how there is an obvious 1:1 correlation between quality and cost. I completely fail to map that to the real world, though.
Still, for those who like a $x price on everything, here's a random source for random figures applied to random projects.
How this fits in with koders.com, freshmeat.net, and other longstanding projects, I do not understand.
But that's okay, because nor does anybody else, not even the ohloh.net guys.
Guitar George (aka George Berowski) played the Baker's Vaults last night. It was an awesome gig, sorry the photo is such low quality.
His (unofficial?) website is http://www.georgeborowski.co.uk/index1.html - some dodgy (broken) frames stuff abound, but that's about all that I can find online about him.
Dire Straits had a song called Sultans of Swing, which included the stanza:
You check out Guitar George, he knows all the chords
Mind he's strictly rhythm he doesn't want to make it cry or sing
But then an old guitar is all he can afford
When he gets up under the lights to play his thing
Apparenlty George Borowski and Mark Knopfler were students together.
There's a forum here.
I can't now find where I got these MP3s from, but they are as a promo for the upcoming CD; about a minute long apiece; still, I've mirrored them here.
George's control of the guitar's dynamics are just awesome. The recordings do not do him justice.
As far as I know, no rally event has included a young child strapped into the car. That doesn't stop Graco from calling their childseat the RallySport. Should the NSPCC be informed?
Brace yourself for new bugs.
The new feed URL is http://steve-parker.org/urandom/rss.php
Should have been obvious from the start, really; the RSS should be fed from the database when it's requested, not (as I had done it) created when posts are added.
It looks like I've lost Andy B's cracking deal-with-a-browser-stumbling-across-a-feed stuff, and I'm sure that tons is going to break, but I have been testing it, honest!
It also limits the size of the feed to the last 9 entries, to avoid clogging up with lots of ancient stuff.
According to The Register, fish4.co.uk was down earlier today. As is normal in the circumstances, they posted a holding message on the website, saying that the service was temporarily unavailable.
They weren't too subtle about it, though; I can't see them getting a very good deal next time they want some Sun hardware.
MetaSploit are having a Month of Browser Fun (more details here). I meant to mention this a few days ago, but I think I forgot. MetaSploit's main page is here - they provide a framework for targetting a wide variety of security exploits (hence the name, duh).
It's a pretty sad comment on the state of the whole industry, that such a project (the month-of-bugs, that is, not MetaSploit) could even exist. Security bugs go reported, but unfixed, for months, even years, leaving users vulnerable.
The splots posted so far:
1: IE6 on XP SP2
2: IE6 on XP SP2
3: IE6 on Win2K SP4 (appears fixed in XP SP2)
4: FireFox 126.96.36.199 on Gentoo Linux (Fixed in FireFox 188.8.131.52)
5: Safari 2.0.4 on MacOSX 10.4.7 8J135
6: IE6 on XP SP2
7: IE6 on XP SP2
8: IE6 on Win2K SP4
9: IE6 on XP SP2
From what I've seen from MetaSploit in the past, they do take a rather pragmatic view of security, so they would probably be more naturally interested in IE6/WinXP exploits than other, possibly more severe but more obscure exploits in other configurations. Still, it may be worth keeping an eye on what else they disclose over the course of the month.
Just a few small updates to the WishList - first, for usability, the input box at http://steve-parker.org/wishlist/search.php gets selected when you click in it (you don't really want to look for somebody called "name", do you?)
Secondly, as passwords are encrypted, no "email me my password" feature is available, so you can now (if you are logged in) add a password hint on the Settings page
Since this urandom stuff uses the same account settings as the WishList, this seems kind-of-relevant to post here. I do plan to make the entire "account" stuff global to the website sometime, honest; it's a bit disjointed at the moment, the accounts are rather wishlist-centric still, because I'm just too much of a slacker to set it up properly.
I also hope to fix up some CSS stuff sometime, it's been an awfully long time since I made any changes to the look of the site. I don't think I'll depart too far from the blue/grey theme, but maybe it's time for the yellow border to go, and maybe get some white backgrounds in the main text areas.
BBC2 are currently showing Nine Days that Shook London, with the tag:
Across nine days last summer, the capital played host to an unforgettable series of events.
Through powerful personal testimony from those who were there, this film tells the story of the unforgettable highs of Live 8 and the Olympic bid, through to the tragic low of the London bombings.
This was a week when the eyes of the world were on London.
Forgive me if I'm wrong, but G8 and Live 8 were in Edinburgh, not London. I'm not sure if the above link is particularly permanent, but this should be a better link which mentions it.
I am sick of the UK media's attitude that whatever interesting happens in England or Britain, happens in London, and that whatever happens in (say) Northern England or Scotland, happens in that specific place.
I'm not a follower of football, but I can totally agree with the Scottish First Minister who said that he'd support $TEAM_X because $TEAM_X were playing against England (sorry, I don't remember who $TEAM_X were, I have no interest in football!).
When the BBC is so biased, I do feel the need to complain.
The programme was followed with a number to call if you were affected by the London bus/tube bombings, but no number to call about G8 and/or Live8
Users who are not logged in now have to identify the text in a "captcha" image, because I have had to delete about half a dozen cialis / viagra / etc spams since enabling anonymous posts.
Please let me know if you have any problems with it,
Ubuntu's Bug #1 is Confirmed and Critical.
Title: Microsoft has a majority market share
Microsoft has a majority market share in the new desktop PC marketplace. This is a bug, which Ubuntu is designed to fix.
Microsoft has a majority market share | Non-free software is holding back innovation in the IT industry, restricting access to IT to a small part of the world's population and limiting the ability of software developers to reach their full potential, globally. This bug is widely evident in the PC industry.
Steps to repeat:
1. Visit a local PC store.
2. Observe that a majority of PC's for sale have non-free software pre-installed
3. Observe very few PC's with Ubuntu and free software pre-installed
What should happen:
1. A majority of the PC's for sale should include only free software like Ubuntu
2. Ubuntu should be marketed in a way such that its amazing features and benefits would be apparent and known by all.
3. The system shall become more and more user friendly as time passes.
Last year's F1 Indy race was an embarrassment; out of 22 cars, only six made it to the start line, and all six made it to the finish in exactly the same order, with no action at all during the race.
After Ralf Schmacher smashed his car at Turn 13, and other Michelin rear-left tyres were inspected, Michelin had no option but to tell the FIA "...the tyres on which we have qualified we are not able to sufficiently guarantee the total safety of the drivers.... we will not compete with these tyres in the current configuration of the circuit. We therefore reiterate our request to have a significant reduction of vehicle speed in turn 12/13."
Basically, the idea was to turn the final section from a flat-out NASCAR-style corner, into a much slower chicane, to ensure that the Michelin drivers would be able to race without taking the high risk of going home in a coffin.
The FIA responded this FIA response tactfully: "Your teams have a choice of running more slowly in Turn 12/13, running a tyre not used in qualifying (which would attract a penalty) or repeatedly changing a tyre (subject to valid safety reasons). It is for them to decide. We have nothing to add."
As a resut, the eight Michelin teams (the vast majority of the field) refused to run, leaving only six Bridgestone cars to participate in the "race"; F1 lost a lot of face in the USA and internationally.
Happily, this year was a much more productive affair, with - instead of last year's result of 6 out of 22 cars (27.3%) starting (and finishing) the race, we saw a >10% improvement this year, with 9 out of 24 cars (37.5%) reaching the finishing line. Only Nico Rosberg finished the race without scoring any points.
Who has the most trigger-happy authorities? You'd have thought the answer was obvious...
UK: "If he lived in the UK we'd have already accidentily shot him. You americans have such slack security."
USA: "We "accidentally shot" a guy 41 times for reaching for his wallet. I've yet to see that kind of dedication out of you Brits."
USA: "It's that combination of persistance, psychotic violence, and incomprehensible incompetance that really seems to define America."
UK: "We shot a man for carrying a table leg. I think we're about even."