taint.org: Justin Mason’s Weblog

Dublin: Sorry to the non-Dublin readership, I’m sure you all are getting quite bored of this by now. But anyway…

According to jd on the discussion page, the new owner of the Stag’s Head is Louis Fitzgerald, who picked it up for EUR 5.8 million.

Reportedly, he’s ‘the biggest publican in Dublin’ (sic), and owns The Quays in Temple Bar, The Palmerstown House in Palmerstown, The Big Tree on Dorset Street and The Poitin Stil in Rathcoole — and Kehoe’s on South Anne Street. Quite an empire.

I’ll have to leave the speculation on Fitzgerald’s pros and cons to more recent residents of Dublin, but I agree with jd’s comment: ‘hope he does half a good as job as the Shaffrys, and the bicycles are left outside rather than on the ceiling,’ Amen to that.

Tags: discussion, dublin, fitzgerald, head, louis, non, owner, page, palmerstown, readership, stag

Spam: Spam Chongqing: Spamming Experiment:

Kasia at unix-girl.com decided to run a spamming experiment on her blog. She posted a couple spams to her own blog and waited to see what would happen. In less than 24 hours she received 356 more spams.

The chongqing guys confirm this, and I’ve noticed this as well (although just in passing, I’ve never tried testing it).

Interestingly, I’m pretty sure the same thing can happen with mailing lists, if the mailing list archives are allowed to contain the mailing list’s posting address, and the list allows open posting. It works like this:

• spammer A posts a spam to the list
• spam is archived
• google finds archived spam
• list-builders B, C, D google for search terms, find archive page for that mail message
• B, C, D scrape the addresses from that page and pick up the list posting address
• they then either sell on to spammers E, F, and G, who spam that address, or they spam the address themselves
• and redo loop from the start.

One key factor is the search terms B, C, and D use. My theory is that they are intending to generate ‘targeted’ lists, and in spamming, most targeted lists are simply lists of addresses scraped from pages that show up in a google search for a specific keyword — ‘meds’, ‘viagra’, ‘degree’, etc.

Joe at chonqing surmises that it may be through the Broken Windows Theory — that spam appearing in a weblog’s comments, or in a wiki page, indicates that the administrator is asleep at the wheel and more spam can be posted with impunity. in my opinion, that’s probably more likely for google-spam and wiki-spam than for email spam, but undoubtedly is a factor.

PS: href=”http://chongq.blogspot.com/2005/04/another-spammer-owned-antispam-site.html”> wecanstopspam.org has been allowed to lapse and has been stolen by a spammer. Oh dear.

Tags: address, blog, experiment, google, list, mailing, page, search, spam, theory

Politics: This moronic comic from Pat Oliphant came up in my comics page the other day, and, after a few days of hearing this particular talking point through the usual propaganda channels, I just saw it again. It pissed me off enough that I took a look at the stats.

Naturally, it’s bullshit. The top 50 governments pledging tsunami aid, per GDP:

• Qatar (#2)
• UAE (#5)
• Kuwait (#9)
• Bahrain (#10)
• Saudi Arabia (#15)

Given that the USA’s at #29, and the UK at #22, I think the arab states are coming up with a pretty good result there.

I guess it’s hard to look beyond today’s talking points when you’re still drawing cartoons at the age of 70.

Tags: bullshit, comic, day, look, oliphant, page, pat, point, politics, propaganda, talking

Web: Urgh, I still have this damn cold I picked up in Ireland… sniffle cough etc. More vitamin C needed!

Anyway, just a quick plug for a very deserving Firefox extension, one I haven’t seen mentioned widely. It’s pretty common, when you wish to print out a web page, that you wish you could get rid of the obnoxious extra-wide sidebar tables, gigantic ads, or other extraneous parts of the page. Well, now you can:

Nuke Anything is a Mozilla/Firefox extension which offers two great features in the right-click context menu:

• Remove this object: this will remove the object you’ve right-clicked on — a table TD, paragraphs, images, IFRAMEs, etc.
• Remove selection: more usefully, this allows you to select exactly what you want to remove with a left-button drag, then right-click to remove it.

It’s really useful. I almost never print anything out these days without scrubbing off a few unwanted sidebars ;)

Tags: anything, cough, extension, firefox, page, plug, remove, sniffle, urgh, vitamin, web

Security: Given the current prevalence of phishing attacks and spyware infestations, designing a good user interface that protects naive users against malware is now more urgent than ever.

Firefox is, of course, widely touted as more secure than MSIE. This is by and large true, due partly to MS’ emphasis in their UIs on one-step ‘easy’ installation and confirmation-dialog reduction (in my opinion) — but also due to the fact that spyware companies don’t yet see Firefox as a target to the same extent.

This changed recently — spyware ‘toolbars’ started to appear for Firefox as well. It was quite a surprise to see a dialog pop up when accessing an otherwise normal-looking (though advertising-heavy) page, using my Linux desktop, prompting me to install some ‘toolbar’ .xpi file!

Firefox 1.0PR now includes code to deal with this. Here’s how it works.

If a site I’m viewing attempts to install an XPI file, I get this prompt:

Note that it’s NOT a dialog. This is pretty handy, because it means that I won’t get annoying dialogs all the time if I do accidentally go to a unscrupulous site; it just appears like the part of the page. In the clueless user case, they may not even notice that they’ve been protected, which reduces the risk that they’ll install the extension anyway.

(However, I would have extended it by using an icon or look-and-feel that indicated that this was a ‘trustworthy’ part of the UI, rather than possibly part of the page.)

If I hit the ‘Edit Options…’ button, I get this:

A simple-enough dialog containing the list of sites permitted to install extensions. update.mozilla.org is in there by default, and I’ve added texturizer.net so I can install from their more extensive list of older extensions. The address of the current site has been dropped in automatically.

To permit the site, I have to hit ‘Allow’, then ‘OK’. So I do that, and hit the ‘install’ link on the webpage again:

And there’s the Software Installation dialog. Note the red Unsigned warning, the proportion of text that is a warning about installing bad stuff (fully half!), and — this is interesting — a greyed-out ‘Install’ button.

The button is on a timer — it becomes clickable after 2 seconds. This, presumably, is to ensure that people read the dialog! Reportedly, users no longer read dialogs, instead hitting OK on every dialog that appears. In my opinion, this is arguably due to ‘the boy who cried wolf’ syndrome: by default, MSIE and older Mozilla versions will ask all sorts of stupid questions about ‘are you sure you want to send stuff on the intarweb?‘ whenever you use Google. If anything is guaranteed to induce dialog fatigue, it’s that feature.

(Update: actually, that’s not the reason. Reportedly, it’s a workaround for a couple of social-engineering attacks, whereby an attacker could persuade the user to type a word ending in ‘Y’, and time the dialog to appear just before ‘Y’ is typed — causing the keyboard shortcut for ‘Yes’ to take effect; or persuade the user to double-click in the right spot, and similarly time the dialog to appear in the right place, in time for the second click. Still, I maintain the measure is useful to deal with the ‘dialog fatigue’ issue too. ;) Thanks to Smyler and Rod for pointing this out.)

I would have gone further:

• the ‘a software install was blocked’ page element should have an indication that it’s ‘trustworthy content’
• both dialogs should default to ‘Cancel’, to avoid users deliberately pressing ‘OK’
• I would possibly require a ‘yes, I read this’ tickbox to be ticked before the software is installed.

Interesting though. This is the way internet-facing UIs are going to have to develop, in my opinion.

Tags: dialog, file, firefox, installation, page, part, security, site, spyware, user, xpi

Unix: via Ted Leung, Adam Rosi-Kessel’s Linux Tips page has some very useful tips, and this one’s great — to avoid
getting SSH connection resets, add the following to your .ssh/config:

    serveraliveinterval 300
    serveralivecountmax 10 

This will insure (jm: sic) that ssh will occasional send an ACK type request every 300 seconds so that the connection doesn’t die.

As a similar tip that took a while to track down — KDE users who’ve upgraded between KDE releases, will probably by now have seen lots of messages like this:

  nameofapp (KIconLoader): WARNING: Icon directory /usr/share/icons/hicolor/
  group 48x48/stock/text not valid.

It took a bit of googling about to find the cure:

• run in a shell (I cannot find this on any menu): kdebugdialog –fullmode
• select: debug area: 264 kdecore (KIconLoader)
• Change the Warning Output to ‘None’
• select: OK

Tags: connection, kde, kessel, kiconloader, linux, page, rosi, ssh, tips, unix, warning

News: Oops — I’ve just realised, that Newseum site I linked to a few days ago actually does change the URLs frequently for those front-page PDFs. However, the changing is limited to using the day of the month in part of the URL, as far as I can see.

So here’s bookmarklets that’ll do that:

• Today’s front page from The Guardian (PDF)
• Today’s front page from The Irish Indo (PDF)

Also — Breedster explained: Frequently Asked Questions On Viral Marketing. ‘Viral’, geddit?

Tags: change, news, newseum, oops, page, pdf, pdfs, site, today, urls, viral

Open Source: ITConversations: Doug Kaye and Philip Greenspun (via Tony Bowden).

Very interesting interview overall. Philip notes that he didn’t see weblogs coming because ‘it never occurred to me that relatively minor changes in how you allow people to author would cause such a revolution’. I must admit, I was the same. As far as I could see, it was just another HTML page, being updated frequently — it took me quite a while before I realised the social aspects, of conversations taking places in a group of weblogs, was making a whole new thing.

Also, there’s a great few paragraphs where he discusses how sensitive to supply-side economics the whole ‘building a business on open source’ thing is. Search for ‘a dollar cheaper and a day faster’ to find it.

Tags: author, business, group, html, interview, itconversations, open, page, revolution, thing, while

News: Newseum: Today’s Front Pages (Flash map view). A great site;
the best thing about it is, a double-click on each newspaper’s ‘dot’ will pop up their front page as a larger image in a new window, and give you a URL for a full-page PDF file.

Best of all, those full-page PDF links update every day with that day’s front page… for example, these are eminently bookmarkable:

• The Guardian (PDF)
• Irish Independent (PDF)

Excellent!

A bit like The Guardian’s Digital Edition, but a whole lot cheaper and simpler.

Tags: day, flash, front, guardian, map, news, newseum, page, pages, pdf, today

Mail: I’ve dusted off my old e-mail usability wishlist, made a couple of changes to reflect the current situation now that GMail has implemented some of them, and Wikified the page.

There’s still a couple that I think would be valuable, so anyone looking at new usability ideas for email is welcome to take a look ;)

Tags: anyone, couple, email, gmail, look, mail, page, situation, usability, wikified, wishlist

Patents: The FFII are suggesting a 10-day online ‘net strike’ to protest against the ongoing attempts to legalise software patenting in Europe.

The Commission and the Irish EU Council Presidency are pushing for unlimited patentability of software, heavily lobbied by multinationals and patent lawyers. They are ignoring the democratically voted decision of the European Parliament from 24 September 2003, which has the support of more than 300,000 citizens, 2,000,000 SMEs and dozens of economists and scientists.

As a result, I’m putting up a protest front page on these sites:

• this weblog
• my personal home page
• My software sites: EtText, WebMake, Sitescooper, Sitescooper Daily Scoops

If you support the actions of FFII, please join in, or even attend the in-person demonstration in Brussels! We need to make it clear that the small software developers of Europe do not support these undemocratic actions.

And finally, shame on the Irish EU Council presidency for supporting the EPO hook, line and sinker. Thanks, and I know who I’ll be voting for in future…

Tags: council, day, ffii, irish, online, page, patents, presidency, sitescooper, software, strike

Censorship: This is pretty funny — a friend writes that SonicWall’s ‘Content Filter’ has judged my home page and FOUND IT WANTING:

  The URL
  http://jmason.org/
  is currently rated as:
  category 4 - Pornography

w00t! It’s true, I have some pretty hot pics up there — the accuracy of their content filtering product amazes me!

Tags: category, censorship, content, filter, found, friend, home, page, sonicwall, url, wanting

Architecture: For reasons which I won’t go into here, I wound up doing a Google Image Search for ‘toilet’ which turned up a link to this page: Toilets of the World. However, he’s missing one very important variety: the world-famous Goan ‘Hog Bog’.

Here’s a tasteful pic of an expectant pig waiting for lunch (local mirror) — and then, if your stomach can take it, a rather more graphic account here. (warning: not safe for lunch)

Tags: architecture, google, image, link, lunch, page, search, toilet, toilets, variety, world

Web: I watched a hilarious Rob Corddry segment from The Daily Show last night, repeated from earlier in the week. Having not seen The Daily Show in a while, since dropping everything but basic cable, I went looking through The Daily Show video archives to see if I could find a few more good ones — with no luck.

Every link on the Video page links to something like this:

javascript:openMediaPop(’/multimedia/tds/cord/cord_8065.html’,”,’SRM’,'high’);

Which opens a popup with this page. Now, the interesting thing is that I do have Real Player installed — but for some reason, Firebird hasn’t figured this out. If I could just get through the twisty-turny maze of Javascript ‘detection’ code, I could get the URL for the .ram file directly from the server and play it.

So this is where my idea for a new extension comes in. It should do this:

• intercept Javascript calls to navigator.userAgent, navigator.plugins et al, and allow the user to select what plugins to report;
• add a context (right-click) menu item to list the URIs used in data attributes of object tags, and allow those to be cut and pasted — or launched in any helper apps registered for that filename extension. Alternatively, it could just replace the object with a link to open that file in the helper app.

The first allows the user to choose what plugins to report are installed, and navigate their way past broken ‘detection’ scripts like Comedy Central’s and The BBC Radio Player’s.

The second then allows the user to get hold of the URL for future use, or pop it up in an external viewer.

Tags: cord, daily, javascript, link, navigator, page, show, url, user, video, web

Funny: The latest ‘personality test’ page, via forteana — what surreal invention are you? Justin is ‘a hi-fi that looks bigger than it really is!’, and taint.org is ‘a housebrick that keeps your teeth clean and never needs repairing’.

Also — even better — Giant Battle Monsters. Apparently ‘taint.org is a Collosal Man-Eating Plant that breathes Fire, is Susceptible to Electrical Damage and Extremely Hydrophobic, was brought back from a Distant Volcanic Island, has a mean Left Hook, and eats Metal.’

Tags: battle, forteana, funny, giant, housebrick, invention, org, page, personality, taint, test

Games: The DEGENATRON Archive and Gaming Page — amazing. The Degenatron is the games console advertised, and occasionally featuring in radio phone-ins as to the violent behaviour of ‘kids these days’ and the like, on the in-game radio stations in GTA:VC. This faked ‘homage’ page is perfect; right down to the animated rainbow horizontal-rule divider.

Be sure to check out the playable emulators! Smash the green dots inside the mysterious red square!

Tags: archive, behaviour, degenatron, divider, games, gaming, gta, homage, page, radio, rainbow

E-Voting: Very interesting page reproducing a translation of part of an expert report detailing an incident that occurred during an ‘electronic election’ in Belgium on May 18th 2003.

The latest EDRI-gram notes:

The total number of preferential votes cast on a specific candidate was higher than the total number of votes for his list. A series of tests was conducted on the computer of the president of the voting committee, but the error could not be reproduced. The difference in votes was exactly 4096, leading the research-team to the conclusion that the error was probably due to a spontaneous inversion of a binary position in the read-write memory of the PC.

This serves as a pretty good pointer to how, even if the software is audited to death and pronounced reliable, the hardware can still trip you up. Computers are fundamentally unreliable.

The solution? Why, a Voter-Verifiable Audit Trail of course. ;)

Tags: e-voting, election, error, expert, incident, may, number, page, part, report, translation

Patents: This page is a mock-up of a page from a simple e-commerce website, which would infringe (or infringed in the past) no less than 20 European and US software patents. (Original in Danish here).

Tags: original, page, patents, software, website

This page is a mock-up of a page from a simple e-commerce website, which would infringe (or infringed in the past) no less than 20 European and US software patents. (Original in Danish here).

Tags: original, page, software, website

Spam: I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, ‘So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.’

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There’s even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

• From, To addrs and HELO string used
• proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
• random seed used to generate random hashbuster tokens etc., so the body text matches

That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.

Then we’re back to square one — except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That’s not really progress.

Tags: collate, mail, message, page, server, smtp, spam, update, verp, world

I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, ‘So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.’

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There’s even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

• From, To addrs and HELO string used
• proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
• random seed used to generate random hashbuster tokens etc., so the body text matches

That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.

Then we’re back to square one — except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That’s not really progress.

Tags: collate, mail, message, page, server, smtp, spam, update, verp, world

More referrer spam stuff. As Mark states in the comments here, it seems that the referrer-spamming is using real browsers run by real people — no bots, no proxies.

The spammers create HTML pages which contain an IMG tag, using one of our pages in the SRC attribute. This causes the user’s browser to attempt to download the page — giving the correct referrer URL — but it’s not particularly visible to the user — since it’s a HTML page, not an image. All they’re likely to see is a ‘broken image’ icon, and more likely the image is hidden anyway using a hidden div or width=0 height=0 attributes.

Anyway, I took a look at the HTML for those sites. Interestingly, all of them use a distinctive HTML style, with a redirecting frame and some Javascript to load the following pop-up ad:

http: //pb. xxxconnex. com/pb.phtml? d=aporndomain.net &sc=EXPN &ip=9999999999 &c=preview

Where ‘aporndomain.net’ is a porn domain, not necessarily always the same one as you’re viewing, and ‘9999999999′ is a 10-digit number. This then loads a frameset containing another random popunder ad from a load of domains. It also throws a few hidden ones into the corner, loads them as pop-unders, loads a javascript timer to open new ones occasionally, etc. etc. etc. As you close ‘em, new ones open, and so on. Glad I don’t run IE ;)

I would bet these guys, xxxconnex.com — or one of their customers — are the ones behind the referrer-spamming as a result. Their WHOIS info states they are:

Admin, Domain  info@webfinity.net
1E Braemar Ave
Unit 19
Kingston 10, WI N/A
JM
876-357-8404

Interestingly, that phone number and address also shows up in ROKSO as well, listed under domain registrations controlled by the ‘Dynamic Pipe / Webfinity / Python Video’ spam gang, ie. one of the biggest sources of porn spam out there. They’re diversifying it seems!

Based on some suggestions on Kasia’s weblog, I think I now have a good comeback — still working on this though.

Tags: aporndomain, domain, html, image, javascript, page, porn, referrer, spam, user

In response to this post regarding Ireland’s piracy rate of 42%, Simon pointed out a possible flaw in the methodology on the forum;

‘Although they could be comparing high software usage to negligible software sales in Ireland. Anyone with a half decent purchasing dept will buy from the UK or US to avoid ridiculous euro pricing. Compare prices on the Macromedia Store’s shop, Studio MX in International English for $899 in the international store, $1133 in the UK store, or $1180 in the Euro store (all prices ex-taxes).’

So I took a look over the weekend. Here’s the page on the survey. In the PDF, page 12-13, they describe the methodology. my comments:

• ‘To estimate software demand, IPR developed ratios for the amount of software installed on each PC. This was developed from market research on the U.S. market.’ Do all markets really use the same software on their PCs? e.g. Asian markets will use text-entry apps, US markets will not.

• ‘the difference between software applications installed (demand) and software applications legally shipped (supply) equals the estimate of software applications pirated.’

• ‘Uplift factors’ are applied to generalize software shipment data from the participating companies, first to the entire US industry, then to the world. ‘These uplift factors include estimates for open-source software. For this study, IPR has assumed that open source software is free and not pirated.’ eh, thanks ;)

  I’m not quite sure what this means, but I think it means that they make an estimate of how much of the software shipment data represents OS software, and then add that to the ‘legally shipped’ side.

• ‘IPR believes that certain software shipments in the data collected from participating companies are reported for one country, but the software is exported and used in another country. In order to account for this and to eliminate this effect from the piracy study as much as possible, net import estimates were developed on a country-by-country basis.’

  This covers Simon’s point — but it’s not 100% clear, since those biases aren’t listed. I wonder if it takes into account Ireland’s paradoxical situation; while Ireland is (or was, at least) the world’s top exporter of software, it’s still cheaper for Irish users to import software applications from overseas ;)

Dublin: the new bridge just down the road from my house has finally been completed — in time for Bloomsday it seems, since it’s named after Joyce. Obligingly, the Dublin traffic camera operators have got a great night shot of it:

Tags: demand, estimate, euro, ipr, market, methodology, page, software, store, uplift

wtf? From the Red Hat 9 at(1) manual page:

At allows fairly complex time specifications, extending the POSIX.2 standard. … You may also specify midnight, noon, or teatime (4pm).

Tags: hat, midnight, noon, page, posix, red, teatime, time, wtf

while thinking about the CDT’s report on spammer address-scraping techniques again, it occurred to me that one finding is very significant; high-traffic websites probably get much more spam than low-traffic ones.

Now, I’ve got spamtraps up on pretty much all my sites, using a variety of methods:

<

ul>

But all my sites are small-time, really. ;) So — anyone out there in the blogosphere care to help out the SpamAssassin project, by feeding us trapped spam? It’d be simply a matter of adding a mailto: link, hidden in a comment on a prominent page of your high-traffic website. Gimme a mail to this address if you do.

(warning: that address will expire in 6 months. if you’re reading this after Aug 2003, use the addr on this page instead.)

The spam trapped in such a way is fed into a number of spamtrap-fed network systems, like Razor, DCC, Pyzor, and the Blitzed OPM blacklist. It’s also used during the SpamAssassin score-regeneration process.

Tags: block, cdt, finding, mailto, page, report, spam, spamassassin, spammer, text

About time I posted this — everyone who’s read ‘em agrees vehemently with at least 5 of these; and a quick Google ™ reveals that this list hasn’t ever had a page to itself out there on the interweb. So here it is.

My personal favourites: 6, 8, 15, 20, 33, and best of all, 28…

• 1) Triangular sandwiches taste better than square ones.
• 2) At the end of every party there is always a girl crying.
• 3) One of the most awkward things that can happen in a pub is when your pint-to-toilet cycle gets synchronised with a complete stranger.
• 4) You’ve never quite sure whether it’s ok to eat green crisps.
• 5) Everyone who grew up in the 80’s has entered the digits 55378008 into a calculator.
• 6) Reading when you’re drunk is horrible.
• 7) Sharpening a pencil with a knife makes you feel really manly.
• 8) You’re never quite sure whether it’s against the law or not to have a fire in your back garden.
• 9) Nobody ever dares make cup-a-soup in a bowl.
• 10) You never know where to look when eating a banana.
• 11) Its impossible to describe the smell of a wet cat.
• 12) Prodding a fire with a stick makes you feel manly.
• 13) Rummaging in an overgrown garden will always turn up a bouncy ball.
• 14) You always feel a bit scared when stroking horses.
• 15) Everyone always remembers the day a dog ran into your school.
• 16) The most embarrassing thing you can do as schoolchild is to call your teacher mum or dad.
• 17) The smaller the monkey the more it looks like it would kill you at the first given opportunity.
• 18) Some days you see lots of people on crutches.
• 19) Every bloke has at some stage while taking a pee flushed half way through and then raced against the flush.
• 20) Old women with mobile phones look wrong!
• 21) Its impossible to look cool whilst picking up a Frisbee.
• 22) Driving through a tunnel makes you feel excited.
• 23) You never ever run out of salt.
• 24) Old ladies can eat more than you think.
• 25) You can’t respect a man who carries a dog.
• 26) There’s no panic like the panic you momentarily feel when you’ve got your hand or head stuck in something.
• 27) No one knows the origins of their metal coat hangers.
• 28) Despite constant warning, you have never met anybody who has had their arm broken by a swan.
• 29) The most painful household incident is wearing socks and stepping on an upturned plug.
• 30) People who don’t drive slam car doors too hard
• 31) You’ve turned into your dad the day you put aside a thin piece of wood specifically to stir paint with.
• 32) Everyone had an uncle who tried to steal their nose.
• 33) Bricks are horrible to carry.
• 34) In every plate of chips there is a bad chip.

Tags: dog, everyone, fire, garden, google, list, old, page, read, time

traffic-camera pictures of the London anti-war march! What would J. G. Ballard make of this? ;)

and here’s Hyde Park:

Unfortunately none similar of Dublin.

In passing — an interesting factoid found on Adam Back’s PGP Timeline page: ‘While Iraq was still a secret US ally against Iran, Iraqi exchange students (in the US) using the same literature as (Phil Zimmermann, inventor of PGP) later did, wrote a working (Public Key) cryptosystem for (the Iraqi) military - which was using poison gas against the Kurds at the time.’ Hmm, ironic!

Tags: ally, exchange, factoid, literature, make, march, none, page, pgp, timeline

GNOME 2.2 includes nifty new font technology, I see; including ‘drag into ~/.fonts’ font installation, at last, thanks to Keith Packard. I especially like this:

Jim Gettys and the GNOME Foundation Board worked with Bitstream, Inc. to arrange the donation of the Vera font family to the Free Software community.

Here’s what Vera looks like; very nice. Finally, some decent free fonts – kudos to Bitstream.

And I see subpixel smoothing is now right in there, in the basic font preferences. Excellent news!

But where TF is the Metacity documentation? Maybe there’s none, in the tradition set down over generations of GNOME hacks^Wapplications. (Pet peeve: every command in the default PATH should have a manual page IMO.)

The ‘documentation’ and ‘home page’ links I can find all lead to a directory of tarballs. Great. The best result Google can find, after the aforementioned tarballs, is a blog posting complaining about Metacity. Hmm — scary — I really don’t like the implication that the only way to do my own key-binding prefs, is to run a batch of 15 gconftool commands every time I log in… ah shaggit, I’ll use sawfish ;)

(PS: yes, I’m still on GNOME 1. That’s what happens when you’re stuck on the wrong end of dial-up.)

Crypto: The Crypto Gardening Guide and Planting Tips by Peter Gutmann. Excellent advice on how crypto designers should design protocols so that they can actually get implemented. Also, as a corollary; good tips on common crypto gotchas for implementors to watch out for. Some bonus funnies, too:

Note: PGP adopts each and every bleeding-edge technology that turns up, so it doesn’t figure in the above timeline. Looking at this the other way, if you want your design adopted quickly, present it as the solution for an attack on PGP.

A little bit more introduction on some of the items would be worthwhile though. I don’t have a clue what OAEP is for example ;)

Tags: bitstream, crypto, documentation, excellent, font, gnome, metacity, page, pgp, technology

Joel on Software now features a great new article on what he calls “Leaky Abstractions”. Some snippets:

• Even though network libraries like NFS and SMB let you treat files on remote machines “as if” they were local, sometimes the connection becomes very slow or goes down, and the file stops acting like it was local, and as a programmer you have to write code to deal with this. The abstraction of “remote file is the same as local file” leaks. …

(jm: the ‘transparent does not always mean good’ problem)

• Something as simple as iterating over a large two-dimensional array can have radically different performance if you do it horizontally rather than vertically, depending on the “grain of the wood” — one direction may result in vastly more page faults than the other direction, and page faults are slow. Even assembly programmers are supposed to be allowed to pretend that they have a big flat address space, but virtual memory means it’s really just an abstraction, which leaks when there’s a page fault and certain memory fetches take way more many nanoseconds than other memory fetches.

(jm: the ‘why objects are not always the way to do it’ problem)

And finally, he ends with a killer:

Ten years ago, we might have imagined that new programming paradigms would have made programming easier by now. Indeed, the abstractions we’ve created over the years do allow us to deal with new orders of complexity in software development that we didn’t have to deal with ten or fifteen years ago, like GUI programming and network programming. And while these great tools, like modern OO forms-based languages, let us get a lot of work done incredibly quickly, suddenly one day we need to figure out a problem where the abstraction leaked, and it takes 2 weeks. And when you need to hire a programmer to do mostly VB programming, it’s not good enough to hire a VB programmer, because they will get completely stuck in tar every time the VB abstraction leaks.

Well said! Read the article!

Tags: abstraction, direction, file, memory, page, problem, programmer, programming, the, way

man, this is sweet! BBC front page coverage for Ireland Offline…

“Eircom has cited congestion of the network and not enough demand as the arguments against unmetered (internet access),” said Mr (Dave) Long (IO chairman).

BT-owned ESAT is just one of the telecom operators challenging Eircom to offer a wholesale unmetered product.

“There is huge pent-up demand and our ears are sore from listening to our own customers. For Eircom to say there is no demand is condescending and naive,” said (Una) McGirr (of ESAT BT).

Maybe what Eircom mean, is that there’s not enough demand to outweigh the unfeasibly large revenues they make from metered internet calls…

Tags: bbc, coverage, demand, eircom, esat, internet, ireland, man, offline, page

Checking out the logs and stats for this site, I notice that a google search for “jennifer aniston nipples” is one of the main referrers. It is, of course, a hit to this page, the fake-nipples story. Sex (or nipples, at least) brings hits!

Tags: aniston, checking, course, google, page, search, sex, site, story

Some vague web musing: while reading Cory Doctorow’s “Metacrap” essay on metadata, I noticed this:

Certain kinds of implicit metadata is awfully useful, in fact. Google exploits metadata about the structure of the World Wide Web: by examining the number of links pointing at a page (and the number of links pointing at each linker), Google can derive statistics about the number of Web-authors who believe that that page is important enough to link to, and hence make extremely reliable guesses about how reputable the information on that page is.

He’s right, of course — that’s how Google works. But while reading this, it occurred to me that this implicitly rewards websites that consist of small numbers of large pages, instead of high numbers of short pages; if your site has a page for ever sub-heading (think of a Linux HOWTO document here), and a linker to your site links to the page that’s relevant to what they’re talking about, your Google ranking will be lower than if you keep the document all in one page and use named anchors.

Personally, despite what Jakob Neilsen thinks, I prefer the all-in-one page mode myself. It’s quicker to download (overall), easier to print or read offline, and I’m not afraid to use a scrollbar. Interesting to see Google (accidentally) recommends it too ;)

The rest of the essay is spot on, in my opinion.

BTW, Cory also writes for Boing Boing, one of the coolest mags I used to read back when, and now a top-quality weblog.

Tags: cory, document, essay, google, linker, metadata, number, page, site, web

If you’re a Jack Chick fan (in the right way), you have to check out The Sin of the Americas by Bob James, strictly in the Jack Chick style. Best followed up by Bob James’ Rebuttle (sic) page.

Tags: fan, page, rebuttle, sin, style, way

Fantastic site with scans and blowups of UFO-like objects in historical artwork. Some great images on the AD page, especially this plain reference to the Xists’ arrival, and a stack of Von Daniken-ish images on the BC page.

Tags: arrival, artwork, daniken-ish, fantastic, page, reference, site, ufo-like, xists