Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct
2007JanFebMarAprMayJunJulAugSepOctNovDec2007
2008JanFebMarAprMayJunJulAugSepOctNovDec2008
2009JanFebMarAprMayJunJulAugSepOctNovDec2009
2010JanFebMarAprMayJunJulAugSepOctNovDec2010
2011JanFebMarAprMayJunJulAugSepOctNovDec2011
2012JanFebMarAprMayJunJulAugSepOctNovDec2012
2013JanFebMarAprMayJunJulAugSepOctNovDec2013
2014JanFebMarAprMayJunJulAugSepOctNovDec2014

Sat 29th Jul 2006 @ 22:00 2006: Yellow Ducks

In 1992, a ship carrying 29,000 plastic yellow ducks from Hong Kong to Seattle lost some of its containers in a storm; the containers were damaged, so the toys escaped, and 29,000 little yellow ducks started a voyage around the world's seas.

Fuller story here: http://www.agu.org/sci_soc/ducks.html

And - for the next week, if they go with the normal schedule, you can listen to a 30-minute Clive Anderson programme from BBC Radio 4 here (RealPlayer required)

2 Comments               

Sat 29th Jul 2006 @ 00:52 2006: Ed's Stag Night



Meant to add this ages ago, but last weekend was my old mate Ed's stag night.

We had a really good night, without any of the old-fashioned silliness, just a good lads' night out.

What we have here, is to the right, a picture of the Stag with everything he needs short of a "wife and kids to support" sign, but then again, he doesn't (yet) have a wife, let alone kids, to support, so I guess that's fair enough.

The other picture is just something I noticed whilst we went around Manchester (no, I've not been into town for ages)... GMPTE is the Greater Manchester Passenger Transport Executive - the guys responsible for public transport in Manchester, in other words. A little bit of googling suggests that I've found GMPTE Online online - they're at #1 Piccdilly, apparently.

What part of "online" is wrong here? The fact that it's a bricks-and-mortar place, or that googling for it simply finds the press release which promotes the bricks-and-mortar place?

There's something seriously wrong here, I'm sure.

Anyway, good on you Ed, and best man Ben... See you next month and all the best.

Post a Comment               

Fri 28th Jul 2006 @ 00:49 2006: Syd Barrett

I never realised ... Syd Barrett died earlier this month.

http://en.wikipedia.org/wiki/Syd_Barrett

RIP, you crazy diamond.

2 Comments               

Thu 27th Jul 2006 @ 23:26 2006: Purty Picshures

Because I was bored, there's now a graphical image on most pages (well, /wishlist, /urandom, /forum and /sh as well as / itself).

I'm sure I've broken stuff for your browser; I have to admit that I've only tested with FireFox and IE6 (which threw up some strange errors to start with). The w3c HTML validator only comes up with 4 errors on the homepage, which is pretty good by my standards.

The text effect was created by the Gimp, which I am determined to learn to use properly; many thanks to linuxchix for the essential hint I needed for a previous attempt (using the clone tool, which was moderately succesful but rather unpredictable with the samples of crayon scribbles I was using).

2 Comments               

Mon 24th Jul 2006 @ 23:12 2006: Light Blue Touchpaper

I think I've come across this site before, but I've now added it to the /links page of this site. Cambridge University's Computer Lab have a Security Research blog called Light Blue Touchpaper.

A couple of interesting articles:
Strange behaviour by the Bank of England (and an interesting way of dealing with it)
Destroying chip-and-pin credit cards not as easy as you might think

1 Comment               

Fri 21st Jul 2006 @ 00:08 2006: Trite

So ... the new flappy-paper-thingy at the bottom right of each item. Useful delimiter, or trite web 0.3 geocities n00b?

FWIW, I stole the idea from cv-library.co.uk, where they take it a little bit further.

I was thinking it might be useful for the wishlist, but it didn't really seem to work out at all for that. As that's for grandma, any fuzzing of the edges between items could be confusing :-)

4 Comments               

Thu 20th Jul 2006 @ 15:57 2006: Helpful

HMRC have a page which starts with the text "If you are unable to clarify Pension details on CES you may want to telephone the pension centres." (I don't know what CES is) and it provides a list of pension centres, with - naturally - a column labelled "Telephone Number".

The introductory text also has a comment stating that "If the appropriate area or office is not listed below or if the office states they don’t cover that area, operators will need to ring the central Pension Credit number"

All very well and good - useful information, albeit from a slightly strange source. Oh, and also not quite as useful as it might be, as every number, including the central number, have been replaced with the text "(This text has been withheld because of exemptions in the Freedom of Information Act 2000)"

Post a Comment               

Wed 19th Jul 2006 @ 22:09 2006: Man-in-the-middle attacks on SecurID type tokens

Netcraft are reporting that apparently Russian phishers are getting around Citibank's security - whereby the account holder holds a physical token which displays a new number every few seconds, and that number is valid for that specific user to log on to Citibank's website for about a minute, by taking the number the customer supplies to the phishing site, and simply passing that on to the Citibank website.

Whilst obvious as a theoretical attack, it would take a certain amount of scraping and rewriting to succesfully work in practise. I have no idea what the success rate would be; it may even be that it's easier to have somebody monitoring what data is entered, and have them re-enter that into the Citibank website and manually do whatever nastiness they feel inclined to do, than to script it.

That would be far less sexy from a coding point of view, but much harder for Citibank to defend against, also.

Post a Comment               

Tue 18th Jul 2006 @ 23:56 2006: Israel

Hey, I'm really getting into this "blogosphere" thing now... here's some random guy's blog notablog on Israel -complete with its link to should Christians swear?

I can't really say that I disagree with either of those sentiments.

3 Comments               

Tue 18th Jul 2006 @ 22:39 2006: Windows Vista ... going to be insecure, allegedly ;-)

Lots of people are pointing at a news.com article saying that Symantec are pointing out that Vista could have new security flaws. Shock horror!

Apparently they've totally rewritten the network stack (what? BSD's wasn't good enough?!) and introduced a bunch of new flaws in the process.

Unfortunately for the newsworthiness, as arstechnica put it most succinctly:

Microsoft has been given a copy of Symantec's report, which was based on Build 5270 of Vista. The company notes that the flaws it found were addressed in Build 5384, and Build 5472 was released to testers yesterday.


Other fun facts: According to Symantec, Linux has had a networking stack for "more than five years". I'd have to agree; 15 years is certainly "more than five years."

Another one I wasn't aware of - apparently Vista will be the first version of Windows with IPv6 support. WTF? *nix has had IPv6 for years.

So - the news in brief: Build 5270 had some flaws, which were fixed in 5384, and 5472 is the current public build, in which Symantec have presumably found no flaws; they're certainly not talking about any. IPv6 is new, along with the rest of the "networking stack" - presumably just the TCP/IP stack, and it will all be fine (but presumably it may be best to get some Symantec software just to be on the safe side)

1 Comment               

Mon 17th Jul 2006 @ 23:53 2006: Phew

According to some ex-MSFTies, phpBB is worth $1.5m, phpmyadmin is worth $2.655m

GIMP, along with OpenOffice.org has no price guess whatsoever. The Linux kernel is apparently worth 1,434 Man Years, totalling nearly $79m.

All these figures seem to assume the same base rate of $55k/developer/year, which seems somewhat unlikely, at best.

It's fascinating to see how money and software get combined; for management types, I can see how there is an obvious 1:1 correlation between quality and cost. I completely fail to map that to the real world, though.

Still, for those who like a $x price on everything, here's a random source for random figures applied to random projects.

How this fits in with koders.com, freshmeat.net, and other longstanding projects, I do not understand.

But that's okay, because nor does anybody else, not even the ohloh.net guys.

Post a Comment               

Mon 17th Jul 2006 @ 00:12 2006: George Borowski

Guitar George (aka George Berowski) played the Baker's Vaults last night. It was an awesome gig, sorry the photo is such low quality.

His (unofficial?) website is http://www.georgeborowski.co.uk/index1.html - some dodgy (broken) frames stuff abound, but that's about all that I can find online about him.

Dire Straits had a song called Sultans of Swing, which included the stanza:


You check out Guitar George, he knows all the chords
Mind he's strictly rhythm he doesn't want to make it cry or sing
But then an old guitar is all he can afford
When he gets up under the lights to play his thing


Apparenlty George Borowski and Mark Knopfler were students together.

There's a forum here.

I can't now find where I got these MP3s from, but they are as a promo for the upcoming CD; about a minute long apiece; still, I've mirrored them here.

George's control of the guitar's dynamics are just awesome. The recordings do not do him justice.

3 Comments               

Sun 16th Jul 2006 @ 23:52 2006: Rallysport

As far as I know, no rally event has included a young child strapped into the car. That doesn't stop Graco from calling their childseat the RallySport. Should the NSPCC be informed?

1 Comment               

Fri 14th Jul 2006 @ 23:50 2006: Brace, brace, brace

Brace yourself for new bugs.

The new feed URL is http://steve-parker.org/urandom/rss.php

Should have been obvious from the start, really; the RSS should be fed from the database when it's requested, not (as I had done it) created when posts are added.

It looks like I've lost Andy B's cracking deal-with-a-browser-stumbling-across-a-feed stuff, and I'm sure that tons is going to break, but I have been testing it, honest!

It also limits the size of the feed to the last 9 entries, to avoid clogging up with lots of ancient stuff.

3 Comments               

Thu 13th Jul 2006 @ 16:07 2006: fish4 ... Sun ?

According to The Register, fish4.co.uk was down earlier today. As is normal in the circumstances, they posted a holding message on the website, saying that the service was temporarily unavailable.

They weren't too subtle about it, though; I can't see them getting a very good deal next time they want some Sun hardware.

2 Comments               

Mon 10th Jul 2006 @ 00:12 2006: Browser Fuzzing

MetaSploit are having a Month of Browser Fun (more details here). I meant to mention this a few days ago, but I think I forgot. MetaSploit's main page is here - they provide a framework for targetting a wide variety of security exploits (hence the name, duh).

It's a pretty sad comment on the state of the whole industry, that such a project (the month-of-bugs, that is, not MetaSploit) could even exist. Security bugs go reported, but unfixed, for months, even years, leaving users vulnerable.

The splots posted so far:

1: IE6 on XP SP2
2: IE6 on XP SP2
3: IE6 on Win2K SP4 (appears fixed in XP SP2)
4: FireFox 1.5.0.2 on Gentoo Linux (Fixed in FireFox 1.5.0.3)
5: Safari 2.0.4 on MacOSX 10.4.7 8J135
6: IE6 on XP SP2
7: IE6 on XP SP2
8: IE6 on Win2K SP4
9: IE6 on XP SP2

From what I've seen from MetaSploit in the past, they do take a rather pragmatic view of security, so they would probably be more naturally interested in IE6/WinXP exploits than other, possibly more severe but more obscure exploits in other configurations. Still, it may be worth keeping an eye on what else they disclose over the course of the month.

2 Comments               

Sat 8th Jul 2006 @ 23:22 2006: Minor WishList update

Just a few small updates to the WishList - first, for usability, the input box at http://steve-parker.org/wishlist/search.php gets selected when you click in it (you don't really want to look for somebody called "name", do you?)

Secondly, as passwords are encrypted, no "email me my password" feature is available, so you can now (if you are logged in) add a password hint on the Settings page

Since this urandom stuff uses the same account settings as the WishList, this seems kind-of-relevant to post here. I do plan to make the entire "account" stuff global to the website sometime, honest; it's a bit disjointed at the moment, the accounts are rather wishlist-centric still, because I'm just too much of a slacker to set it up properly.

I also hope to fix up some CSS stuff sometime, it's been an awfully long time since I made any changes to the look of the site. I don't think I'll depart too far from the blue/grey theme, but maybe it's time for the yellow border to go, and maybe get some white backgrounds in the main text areas.

15 Comments               

Thu 6th Jul 2006 @ 23:39 2006: London-centric media

BBC2 are currently showing Nine Days that Shook London, with the tag:


Across nine days last summer, the capital played host to an unforgettable series of events.

Through powerful personal testimony from those who were there, this film tells the story of the unforgettable highs of Live 8 and the Olympic bid, through to the tragic low of the London bombings.

This was a week when the eyes of the world were on London.


Forgive me if I'm wrong, but G8 and Live 8 were in Edinburgh, not London. I'm not sure if the above link is particularly permanent, but this should be a better link which mentions it.

I am sick of the UK media's attitude that whatever interesting happens in England or Britain, happens in London, and that whatever happens in (say) Northern England or Scotland, happens in that specific place.

I'm not a follower of football, but I can totally agree with the Scottish First Minister who said that he'd support $TEAM_X because $TEAM_X were playing against England (sorry, I don't remember who $TEAM_X were, I have no interest in football!).

When the BBC is so biased, I do feel the need to complain.

The programme was followed with a number to call if you were affected by the London bus/tube bombings, but no number to call about G8 and/or Live8

3 Comments               

Thu 6th Jul 2006 @ 22:33 2006: New Spam Filter

Users who are not logged in now have to identify the text in a "captcha" image, because I have had to delete about half a dozen cialis / viagra / etc spams since enabling anonymous posts.

Please let me know if you have any problems with it,

4 Comments               

Wed 5th Jul 2006 @ 23:06 2006: Bug #1 in Ubuntu

Ubuntu's Bug #1 is Confirmed and Critical.

Title: Microsoft has a majority market share
Description:
Microsoft has a majority market share in the new desktop PC marketplace. This is a bug, which Ubuntu is designed to fix.

Microsoft has a majority market share | Non-free software is holding back innovation in the IT industry, restricting access to IT to a small part of the world's population and limiting the ability of software developers to reach their full potential, globally. This bug is widely evident in the PC industry.
Steps to repeat:
1. Visit a local PC store.
What happens:
2. Observe that a majority of PC's for sale have non-free software pre-installed
3. Observe very few PC's with Ubuntu and free software pre-installed
What should happen:
1. A majority of the PC's for sale should include only free software like Ubuntu
2. Ubuntu should be marketed in a way such that its amazing features and benefits would be apparent and known by all.
3. The system shall become more and more user friendly as time passes.

1 Comment               

Mon 3rd Jul 2006 @ 00:39 2006: F1 @ Indy

Last year's F1 Indy race was an embarrassment; out of 22 cars, only six made it to the start line, and all six made it to the finish in exactly the same order, with no action at all during the race.

After Ralf Schmacher smashed his car at Turn 13, and other Michelin rear-left tyres were inspected, Michelin had no option but to tell the FIA "...the tyres on which we have qualified we are not able to sufficiently guarantee the total safety of the drivers.... we will not compete with these tyres in the current configuration of the circuit. We therefore reiterate our request to have a significant reduction of vehicle speed in turn 12/13."

Basically, the idea was to turn the final section from a flat-out NASCAR-style corner, into a much slower chicane, to ensure that the Michelin drivers would be able to race without taking the high risk of going home in a coffin.

The FIA responded this FIA response tactfully: "Your teams have a choice of running more slowly in Turn 12/13, running a tyre not used in qualifying (which would attract a penalty) or repeatedly changing a tyre (subject to valid safety reasons). It is for them to decide. We have nothing to add."

As a resut, the eight Michelin teams (the vast majority of the field) refused to run, leaving only six Bridgestone cars to participate in the "race"; F1 lost a lot of face in the USA and internationally.

Happily, this year was a much more productive affair, with - instead of last year's result of 6 out of 22 cars (27.3%) starting (and finishing) the race, we saw a >10% improvement this year, with 9 out of 24 cars (37.5%) reaching the finishing line. Only Nico Rosberg finished the race without scoring any points.

Post a Comment               

Mon 3rd Jul 2006 @ 00:06 2006: UK/USA rivalry on Slashdot

here

Who has the most trigger-happy authorities? You'd have thought the answer was obvious...

UK: "If he lived in the UK we'd have already accidentily shot him. You americans have such slack security."
USA: "We "accidentally shot" a guy 41 times for reaching for his wallet. I've yet to see that kind of dedication out of you Brits."
USA: "It's that combination of persistance, psychotic violence, and incomprehensible incompetance that really seems to define America."
UK: "We shot a man for carrying a table leg. I think we're about even."

8 Comments               

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers:


DefectiveByDesign.org