Merry Christmas!

metaplace - Now That Didn't Last Long

Well, anyone who signed up for metaplace and wondered what exactly it had to offer anyone that made it worth the effort will not be surprised to hear that:

Email not displaying correctly? View it in your browser.

metaplace.com is closing on january 1, 2010

---

Today we have unfortunate news to share with the Metaplace community.  We will be closing down our service on January 1, 2010 at 11:59pm Pacific.  The official announcement is here and copied below, and you can read a FAQ guide here.  We will be having a goodbye celebration party on January 1st at 12:00noon Pacific Time.

Over the last several years, we here at Metaplace Inc. have been working very hard to create an open platform allowing anyone to come to a website and create a virtual world of their own.

Unfortunately, over the last few months it has become apparent that Metaplace as a consumer UGC service is not gaining enough traction to be a viable product, requiring a strategic shift for our company.

We’re sorry to announce today that Metaplace.com will be closing to the public at 11:59pm on January 1st, 2010.

This is a bittersweet moment for us. Metaplace Inc the company will be continuing on – in fact, we have big plans – but what you the users have known as Metaplace will be going away. We are also losing some friends and colleagues here as part of this strategic shift.

We’d rather dwell on the good than the sad. You, the users, have done amazing work here, and we want to celebrate it. We may not have managed to reach our goals with Metaplace.com and Metaplace Central, but we still had a lot of fun, watched creativity flower, visited amazing places, and made a lot of friends. We’ve had amazing guest speakers, more parties than we can count, live concerts, movie premieres and art shows; we’ve seen you make adventures and schools and churches and games and countless other sorts of worlds that would otherwise never have been created.

In that spirit, we want to treat these next two weeks more as a celebration of the good times. We invite you all to come back to see all of the amazing worlds that you have made. Registration will remain open, so you can show off to your friends. Remote embeds will remain active until the last day as well.

We’ll be turning off billing immediately, and refunding everyone for all purchases in the month of December as well as subscription payments that apply to December and future months. This month is on us. We are suspending regular customer service, but the support site will remain open for now in case there are any critical billing issues.

We know many of you have done work here that you would like to preserve. Please do use this time to capture screenshots, data, scripts, movies, and assets. We have a FAQ that explains how to retrieve assets from the service.

When other worlds have reached a sunset point, people have lost touch with each other. We’ve made a lot of friends here and we’re sure that you have too, so we don’t want that to happen. We have created a forum site athttp://www.metaplaceveterans.com that will be operational soon, so that you can all keep in touch with one another.

Finally: we want to treat the 1st of January as a celebration, rather than a sad moment. Please join us on that day for a party, starting at noon Pacific time. If Metaplace.com has to go, we want to go out with style, with joy, and with the same sense of fun that we have always had. Let’s celebrate the journey, not the ending. There will be meeps – count on it.

We’re sure you have many questions about all of this – and there’s a detailed FAQ that we hope answers them. Click here to read it.

In the meantime, we want to thank you all for your support, your effort, your creativity, and your loyalty. We know that many of you will be disappointed by this outcome. We are too. We are embarking on a new and exciting direction, and it feels strange not to have you all along for the ride.

It has been a privilege to have had you here with us on this great adventure, and we hope that this community – this wonderful, engaged, passionate, friendly community – lives on and on.

We’ll miss you -- and we hope to see you again.

Metaplace Team

Proof that virtual worlds, just like the real one, will, sooner or later, come to an end. It's just that in the case of Metaplace it was very much sooner.


For the few that did think it was a good idea, commiserations. With Forterra on its way out too, you'll just have to move back to that other complete waste of time, Second LIfe. Which assumes you had a life of your own in the first place ;)


 

Further reading

• Are Forterra and Metaplace Just the First Two Dominos to Fall? (botgirl.blogspot.com)
  
• Cat, Twitter, and the alternate ME (museditions.wordpress.com)
• The New SecondLife.com (blogs.secondlife.com)
• Next Island to launch sci-fi adventure virtual world - with time travel (venturebeat.com)
• Sloodle (bededtech.sjwc.hct.ac.ae)

Message to UPC: You Suck!

Never in the whole of human history has a cable television / phone / broadband provider sucked quite as much as UPC do at the moment.

I would have thought they'd have been content with getting our bills wrong, cutting us off by mistake, disrupting our service, fobbing off and downright ignoring our legitimate complaints, boring the crap out of us while rolling out a firmware upgrade, providing us with less than 10% of advertised broadband speeds during peak periods and even leaving us without the broadband we paid for for up to three days at a time.

Obviously, I was wrong.

Not remotely interested in providing a better quality service, and this counts for both technical and customer service, UPC has instead spent all their money on protecting their "service" by switching to Nagra 3 encryption.

So now anyone with an box of dreams, or viewer of stars, or whatever, can no longer even watch the channels they've rightly paid for on anything except that god-awful excuse for a box by Pace. The interface. The size. The responsiveness. The remote (see right) It all sucks.

Related articles

• UPC sucks - Erwyn van der Meer (bloggingabout.net)
• UPC sucks (2) - Erwyn van der Meer (bloggingabout.net)
• UPC Broadband, wonderful service unless you want to work at the weekends. (patphelan.net)
• Irish ISP To Block Access To Pirate Bay (yro.slashdot.org)
• INSIGHT: "Because it sucks" is not a reason to redesign (37signals.com)

Assisted Brainstorming

ASSIST Machine Sketch Interpretation - It's not new (dates back to 2001), though I wonder when we'll have these kinds of tools firmly in our everyday grasp.
It's certainly impressive, but the more I look at this presentation, the more I think I've seen it somewhere before...

Hmm... Did I see it here perhaps?

Is Oracle's Acquisition of Sun a Formality?

Image via Wikipedia

Not if the European Commision, the EU's competition authority (who Microsoft know only too well) have anything to do with it. At least, according to newsfactor.

When I first heard about Oracle's move on Sun and, therefore Sun's own fairly recent acquisition, MySQL, I thought it would all be a done deal by the end of the summer. Little did I know it would still be dragging on now.
That's not to say I'm not glad someone is stepping in and contesting the deal on anti-competitive grounds.

As I've mentioned once or twice in the past, I love MySQL and would hate to see it suppressed or, even worse, blown out of the market completely. I agree with Oracle's claim that they are not in competition with MySQL because they are aimed at completely different market sectors, but I still don't believe Oracle have the intention to allow MySQL to develop any further.

Hopefully, if there is any justice, the EU Commission will find some way to protect MySQL without denying Sun the investment they undoubtedly need. Every day lost in this challenge costs Sun a whopping $3.4M.

Related articles

• Oracle plays hardball with Euro regulators (theregister.co.uk)
• MySQL Creator Wants War with Oracle (apache.sys-con.com)
• Microsoft to sing at EC Oracle hearing (theregister.co.uk)
• EU rebuffs Oracle's criticism of Sun merger investigation (infoworld.com)
• Problems ahead for MySQL? (tonyscott.org.uk)

Lotus Notes is 20!

It was 20 years ago today -Image via Wikipedia

Ed Brill reminded me today that Lotus Notes just turned 20. Didn't it grow up fast? I first started using is back in 1996, but since 1999 I can say I've used it every single working day, so I've known it for half its life. How nice.

In that time, I've sent mails, used application databases on it, chatted in it, replicated mailfiles and other DBs on it, collaborated through it, designed applications and LotusScript doodahs for it, installed it, upgraded it, customized it, loved it, hated it, swore I'd never work with it again, and then did the very next day.

No matter how much I've criticised Notes (and found myself nodding along with this guy), I probably wouldn't use Outlook over it. Obviously, there's integration to consider in some cases, and if you're in a Microsoft shop with Office, Sharepoint and the rest, you might have other needs, but in a mixed shop, or an IBM one, it's probably the best choice. The majority of Fortune 500 companies seem to think so.

Get NotesDomino certified

• 190-848 Exam PDF | Free 190-848 Exam PDF |190-848 (slideshare.net)
• 190-849 Exam PDF | Free 190-849 Exam PDF |190-849 (slideshare.net)
• 190-602 (slideshare.net)

Computer Forensics

Image via Wikipedia

If you're a Unix administrator who has no choice other than to be interested in security, or you're just an enthusiast who likes to poke around deep in the file system searching for the fingerprints of malware, Dan Farmer of Elemental and Wietse Venema of IBM (picured right) have the book for you.

It may be getting a bit long in the tooth now, published over four years ago, and things in the security world move pretty fast, so you might be wondering why you would buy such an old book. The thing is - the world of Unix security doesn't really move all that fast. Just have a read through this online version of the book, and you'll see that pretty much all of it is still just as relevant today. They discuss SATAN, which is 14 years old and counting from the date this post was published, but when you take a look at what it did, you can see that this would still be useful today. The file system basics they cover in good detail will probably always be relevant - this hasn't changed much since the dawn of Unix. Even the principles of malware analysis will stay relevant, although you will need to keep adding to your knowledge of them. After all, we've seen new viruses and trojans emerge that fool the latest scanners by employing by now age-old techniques that had been forgotten about.

This is a solid book, and a solid online resource. As the authors request - if you are thinking of printing the book out from their website, maybe you should just buy the book instead. At $32/£24, it won't break the bank, and these guys deserve your cash. It's well worth it, as it's about as condensed as such a book can be, and provides a perfect introduction to security for students - I'm astonished it wasn't on our security course reading list, so I'll certainly be recommending it to my former lecturers.

There are a few other resources listed on their site, such as the TCT, the leading toolkit for forensics analysis on *nix systems - even available as a Gentoo package, which is where I first ran into it, adding it to my short-lived Gentoo installation.

I hope you'll find this useful, interesting or both. The return on the investment of time (and possibly money) for the chapter on file system basics alone makes the effort worthwhile.

 Resources:

• http://www.porcupine.org/forensics/
• Forensic Discovery (Amazon)
• Forensic Discovery (online)

Further reading

• Gentoo 10.1 LiveDVD Brings Fixes Enhancements (slumpedoverkeyboarddead.com)
• Basic Steps in Forensic Analysis of Unix Systems (staff.washington.edu)
  
• Gumblar malware's home domain is active again (computerworld.com)
  
• WebSphere Portal Security Concepts (slideshare.net)
• New tool seeks to block rootkits by protecting their targets (arstechnica.com)
• Nov. 10, 1983: Computer 'Virus' Is Born (wired.com)
• AIX tips for Red Hat Enterprise Linux Admins (slumpedoverkeyboarddead.com)
• Symantec offers cloud building blocks (theregister.co.uk)

It's not just me - Firefox doesn't like Windows Presentation Foundation either

You may have seen this "Add-ons may be causing problems" window recently.

It seems that there's plenty of evidence to suggest that Microsoft's .NET Framework Assistant and WPF add-ons cause serious instability and can leave your computer vulnerable to remote code execution.

If I'd installed these add-ons, I'd say fair enough - uninstall them for now, wait until MS patch them, and install the patched versions.

I suppose I happened to visit a site with some (or lots) of Silverlight content. I was told that I needed these add-ons to allow the content to be displayed properly. I allowed them, restarted and the content was loaded. Presumably. To be honest, I don't even really remember doing it. Perhaps I didn't.

It seems that these pesky parasites latched on to my lovely browser when I installed .NET Framework 3.5 SP1. They are slipped in the back door, without so much as a by your leave. For most of us that have these add-ons, they were installed around February this year. That's eight months of risk.

So, there they were, and they were leaving our browsers vulnerable to crashes, and worse.
They're disabled now, and I'll be uninstalling them shortly. I'm not impressed that the warning came from Mozilla and not from Microsoft. I imagine that Mozilla noticed them in user-submitted crash reports and opened a ticket with Microsoft's security team to say that their .NET / WPF add-on / plugin was causing crashes. MS probably said it was a browser issue, for Mozilla to sort out, and so on...

You might like to take a look at Mozilla's list of dodgy add-ons - you'll also see the Apple QuickTime Plugin, v7.1.*, which also can allow remote code to be executed on your machine. I have version 7.6, so I guess that's safe, for now.

You can also view the details on these add-ons, and the .NET / WPF add-on thread on Bugzilla is especially illuminating. It pretty much says that Microsoft advised Mozilla to just go ahead and block the plug-in, probably because they missed it in the Patch Tuesday roll-up, and the next one is still some way away.

David Baron [:dbaron]  says:

It does show up in
http://people.mozilla.org/~dbaron/crash-stats/20090929-interesting-addons ,
although the correlations that show up aren't necessarily signs of causation. 
However, that shows that it's quite common in the wild: it's installed for the
users submitting 48% of our Windows crash reports on Firefox 3.5.3.

If Microsoft is recommending disabling it (all versions, or just some?) because
of security vulnerabilities, then I'd strongly support adding it to the
blocklist.

I'm was not too impressed that MS didn't quickly release a patch themselves - but reading further down in that thread, you can see that there is some doubt creeping in - perhaps they did?

George Robert said:

Is there a particular reason why these are being blocked two days after
Microsoft released a fix for this issue?

MS09-054 was released on 10/14/2009, which the linked technet article in
comment #23 very clearly states resolves this issue for both IE and Firefox

Yay! So I'm safe and I can enable it again? Well, no:

Matthias "matti" Versen said:

Read
http://blog.mozilla.com/security/2009/10/16/net-framework-assistant-blocked-to-disarm-security-vulnerability/
MS agreed to the plan to blocklist it according to the security post.

It seems that the reason they had to put a blanket ban on all versions of the WPF plugin, is because:
a) There is presently no way for Firefox to hook into the OS list of installed MS patches
b) MS don't bother putting version numbers on their WPF libraries - they are just called NPWPF.dll
c) MS didn't put a new version # on the WPF plugin or .NET add-on to indicate that it was downloaded / installed after the patch was applied

Ultimately, this decision to add them to the blocklist was arrived at by mutual consent, which is clearly stated by Mozilla's Mike Shaver. This is the final word on the matter, and I'm satisfied that Mozilla did the best they could in the situation, even if some administrators in the field who got Firefox approved as the browser of choice in their company, and use some of the affected technologies will be very put out.

So, tough luck for MS.  Now most Firefox users will have a slightly lower opinion of them than they did before and this is another setback for WPF, its advocates and users.

Oh, and while all you Firefox on Linux users are welcome to have a little chuckle about it, you'd better check if you have Moonlight 2.0 (BETA) installed first.

Further reading

• Sneaky Microsoft Add-on Put Firefox Users At Risk (it.slashdot.org)
• Dear Microsoft, please keep your lousy mitts off my Firefox install (downloadsquad.com)
• Object Lesson: Use Firefox? Don't Let Microsoft Install Anything In It! (lockergnome.com)
• Shady Microsoft Plugin Pokes "Critical" Hole In Firefox Security [Firefox] (gizmodo.com)
• Researcher sees Patch Tuesday nightmare (infoworld.com)
• Moonlight 2.0 goes beta (thaibrother.com)

Windows Presentation Foundation has some serious issues

All is not well in Microsoft's attempt to improve the Windows user experience for Vista, Windows 7 and subsequent releases.
I still don't have Silverlight installed on my home PC (No! It can't be so!) - I need to use it for collaborative work with Microsoft on my computers at the office, but I can't say it enriches my experience as a user.

If I was a .NET developer, dependent on MS for new SDKs and APIs, I'm not sure I'd be too happy to read this, but InfoQ are going around and saying it has some serious problems, the biggest hitter probably being the fact that it memory leaks like a big bucket full of memory with a massive hole in the bottom.

Other members of the blog-o-sphere spotted this issue before, so I'm not sure why it took so long for the InfoQ guys to sniff it out. The point is that they eventually did, and they even identified some major areas where it was leaking.

Read more about the basics of WPF, Microsoft's own WPF library, a site for its fanboys, and the Windows Presentation Foundation SDK.

Slow Firefox Startup

Image via Wikipedia

It doesn't seem to matter what version of Firefox you're likely to still have, they are all slow to start up.
In this old post, I gushed about the greatly improved performance with Firefox 3.5, which I stand by.
However, the startup is really poor. Once it gets going, it's great, but there's very little noticeable improvement in startup times for FF 3.5 over FF 3 once you have a load of add-ons installed.
You can tweak as per this old post all you want, but the /Prefetch:n switch doesn't really do it.

As much as I hate preloaders, in the end, I had to capitulate.
The FirefoxPreloader, hosted on Sourceforge, really works and has cut down start times from 30 seconds to about 3 seconds. It loads during startup, and by the time your PC is up and running and you click on old Foxy, you'll be on your home page in no time.
I think this is well worth it if you browse for much more than 50% of your total time at the PC.

Further reading

• Install Firefox 3.6 Beta1Pre In Ubuntu For A Huge Speed Boost (slumpedoverkeyboarddead.com)
• Future Firefox 4.0 Could Feature App Tabs (slumpedoverkeyboarddead.com)
• Go Straight to Your Unread Gmail Messages with a Shortcut [Shortcuts] (lifehacker.com)
• Firefox 3.5 Reviewed; Draws Praise For HTML5, Speed (tech.slashdot.org)
• Turn your head and cough, Firefox! Mozilla's plugin check is live (downloadsquad.com)

Search for Software Vulnerabilities

While stumbling around the internets I came across this darkReading article titled:
"FBI: Your Social Networking 'Friend' Really Isn't In Trouble Overseas"

It was worth reading, but not really anything we didn't all know already. However, the links to the right of the article in the "BUGS Enterprise Vulnerabilities" section were very interesting, not least because most of the ones showing at the time happened to be WebSphere Application Server 6.1 related, which I work with day-to-day.

Clicking from there to the originating website brought me to this excellent resource, which until today, I didn't even know existed.
The vulnerability search is the main draw, as far as I can see, and I was able to find innumerous hits (well, not strictly true, since it says exactly how many hits you got from a query) for several applications I use, or hate.

This is no reflection on Apple, but I did a little search on "Apple Safari", and got 192 hits. That's not bad, and there were only 18 vulnerabilities in Safari listed here for the last 3 months.
What puts this into context is that a search on Apache Tomcat got just 63 hits (all time), with the last on listed on June 16th this year (so none in the last 3 months), while a search on "Windows_Vista" (you need to use _ to do a phrase search, not quotes as with most searches - or you can use the advanced search instead) produces 209 hits. This is lower than I expected, but when I checked a few I could see that some of them were compound threats, with links leading to KB articles and rollups.

If you have any software you'd like to check for holes, this is a good place to look. The vendor might be brilliant at keeping you informed and warned (like Drupal, for example, who send me vulnerability warnings by mail regularly), but they might also not be very forthcoming like, I don't know, Symantec for example.

Don't wait for the vendor to tell you about it, I guess that's what I'm trying to say.

Since it doesn't look like the National Vulnerability Database lists everything, I'd appreciate any links to other sites that provide a similar search facility (and don't say google.com either!).

Brooker enters the forum of Mac OSX vs. Windows Vista...

... With hilarious results:

Recently I sat in a room trying to write something on a Sony Vaio PC laptop which seemed to be running a special slow-motion edition of Windows Vista specifically designed to infuriate human beings as much as possible.

LOL

I don't like Apple products. And the better-designed and more ubiquitous they become, the more I dislike them. I blame the customers.

Amen

Read the full article by Charlie Brooker

Boot up faster

If like me, you are still using Windows on your primary PC or Notebook, and - heaven forbid - are still using XP, and you're not a fan of re-formatting and reloading the OS every time things get bit infected, or slow and heavy... Pause for breath... You're probably either just not interested, or , quite the opposite, you're fond of poking around the registry, tweaking and optimizing.

When I get a virus, trojan or other nasty, I like to remove it, clean up all traces of it, and kill off the previous System Restore point(s). I have Nod32, Xoftspy, Malwarebytes, Spybot S&D, Spysweeper and other tools to help me out in this regard. I don't do "re-format and rebuild" - not ever. You learn nothing, and you lose too much. It takes time to lovingly customise your user experience. Reloading XP might be quick, but all the little flourishes you add over months, even years, is definitely not.

The downside of all this, is that eventually, things start to slow down over time. It gets tougher and tougher to clean up the remnants of this and that. One by one, the applications, files, pictures, movies and mp3s accumulate until you're short of resources; CPU, memory and disk space.

So, you do your best spring clean and you look at what you can optimise.

This is a minefield... Many so called optimisations can do more harm than good, so it's best to stick to the few that are known to work well. Keep it safe, at least at the start.

Boot up - we all want that to be quick.
System readiness from logon - that's really important.
Application loading times - Firefox, anyone?

I'm not going to go through all the things you can do to improve performance, because this article makes a pretty good fist of that, but the most important thing to me to start with is boot time.

BootVis can really help here. There's a really good article on it from OReilly, but the best resource is straight from the horses mouth, and was written recently. The document, imaginatively called "Windows Platform Design Notes - Fast System Startup for PCs Running Windows XP" really explains the ins and outs of BootVis, if you really want to know. Otherwise, the OReilly guide is more than good enough.

If you don't feel like using a tool like BootVis, you can always turn on boot logging and read through the boot traces. You'll be digging around for ages, but you'll learn a lot this way (I picked up a thing or two, anyway). You can really see where the bottlenecks are occurring, and can address them one by one. You can read all about this painstaking approach and try it out if you want. Another alternative is tracelog.exe, part of the Win XP SP2 Toolkit, which is described in detail in an article on citrix.com.

One way to get a startup trace whenever you want, is to add the /BOOTLOG and /SOS boot switches to a new OS entry in your boot.ini. This is pretty organic. Just don't mess it up - I promise you'll regret it if you do ;-)

Happy boot optimising.

Further Reading

• The Mystery of the Horrible Boot Speed (anomalousanomaly.com)

Help beat keyloggers on public computers

This is a very good tool to use to avoid your passwords being intercepted by keyloggers.
Read this:
http://windowssecrets.com/2009/09/24/01-More-tricks-to-evade-keyloggers-on-public-PCs

Related reading

• Strong Passwords Not as Good as You Think (it.slashdot.org)
• Webroot unveils new consumer security suite (ubergizmo.com)
• Password and Phishing Protection (chris.pirillo.com)
• Email Passwords Easy Prey For Hackers (huffingtonpost.com)

Microsoft's new tablet notebook offering looks like it could be useful

It's called Courier and it's beautiful

Some people are complaining because it's hinged. So it has a hinge? So what!?
Journals, diaries and binders have "hinges" - nobody moans about that.

Seriously - if Microsuck can deliver on this, I might just stop calling them Microsuck. This could single-handedly make up for Win ME, Vista and even Visio.

Read more

Thinkpad owners with poor wireless connectivity read on...

Most of the time I don't face issues with dropped connections, but recently I found myself in a situation where the signal was not so strong (no repeaters were located any where near me, and the access point didn't have a 5dB+ aerial). As a result, connections were dropping so often, that I was nearly driven mad.

Every other wireless device was fine, dropping either occasionally, or not at all, but my Lenovo Thinkpad T61 was, or rather the drivers for the Intel WifiLink 4965AG card were, quite frankly, performing pretty poorly.

In deperation, I visited the Lenovo site to see if there was any upgrade available. There was:

http://www-307.ibm.com/pc/support/site.wss/MIGR-70504.html

However, I realised from reading that page, that it wasn't going to be all that simple. The webpage lists a daunting number of prerequisites and caveats relating to model number, card version, current installed program versions and so on. So many, in fact, that I was beginning to get turned off.

Eventually, for me at least, it boiled down to this:

Note: The part numbers are listed so that you can find each component driver easily.

Intel Wireless LAN (11abgn, abg, bg) driver: 6hwc05ww.exe
ThinkVantage Access Connections for Windows XP - Notebooks : 6hcx41ww.exe
ThinkPad Power Management driver for Windows - ThinkPad : 6hku06ww.exe
Hotkey driver for Windows Vista, XP, 2000 - Notebooks : 6jvu32ww.exe

From the readme notes for Intel Wireless LAN (11abgn, abg, bg) - 6hwc05ww.exe:

Make sure that the following driver prerequisite were installed on your system
  before installing this driver:
  - MSXML6.0 Parser or higher
  - Windows Installer 3.14 or higher
      (Download installer from http://www.microsoft.com)

- If you use ThinkVantage Access Connections, the following software must be
  installed.
  - ThinkVantage Access Connections for Windows XP/2000
      version 5.1 or higher
  - ThinkPad Power Management Driver for Windows 98 SE/Me/2000/XP/Vista
      version 1.51 or higher
    or
    ThinkPad Power Management Driver for SL Series
      version 1.44 or higher
  - ThinkPad Hotkey Features for Windows 98/98 SE/Me/NT 4.0/2000/XP
      version 1.24.0603 or higher
    or
    Hotkey Features for Windows Vista/XP/2000
      version 2.09.0002 or higher
    (Note: Refer to each Hotkey package for which version to use.)

- If you currently use IEEE 802.1x authentication on Windows XP Service Pack 1
  and do not use WPA encryption, Lenovo recommends you to uninstall Q826942 (WPA
  Supplicant update rollup package in Windows XP) and Q815485 (WPA Wireless
  Security Update in Windows XP).
  This does not apply if you are running Windows XP Service Pack 2.

  To check if Q826942 or Q815485 is installed and to uninstall it:
  1. Start Windows XP and logon with administrative privileges.
  2. Click Start and then click Control Panel.
  3. Click Add or Remove Programs.
  4. Click Windows XP Hotfix (SP2) Q826942 or Windows XP Hotfix (SP2) Q815485
     if it is listed under Currently installed programs.
  5. Click Remove and follow the instructions on the screen.

  Note:
  The above action will remove all the fixes within the update rollup package,
  Q826942. You may need to re-install the other specific hotfixes you expect for
  this rollup package.

- You may need to re-enter security information after updating the Wireless LAN
  driver.

- If you use Single Sign-On with the following authentications, ThinkVantage
  Access Connections version 4.22 or higher is needed.
  - LEAP on Windows XP

- [Specification changes] 2200BG/2915ABG Network Connection will report lower
  signal strength than with previous driver versions. Because the 2200BG/2915ABG
  methodology was changed to be more accurate and responsive, similar to the
  3945BG/3945ABG. However, wireless network performance and functions are not
  affected at all by this change.

 I don't know about you, but I find even the readme a little bit discouraging.
So from the notes, check you have the right MSXML parser 6.0 +, and the latest Windows Installer, and from there:

Switch off wireless radio (use the hard switch to be sure it's not going to come back on)

For the T61 with the 4965AG WiFi card:
Install the following parts in this order:

1. Hotkey driver for Windows Vista, XP, 2000 - Notebooks : 6jvu32ww.exe
2. ThinkPad Power Management driver for Windows - ThinkPad : 6hku06ww.exe
3. ThinkVantage Access Connections for Windows XP - Notebooks : 6hcx41ww.exe 
4. Intel Wireless LAN (11abgn, abg, bg) driver: 6hwc05ww.exe

You will have to restart after each install. Make sure you do this. Messing this up is not an option!!!

Note: you may find that you are already at some of the minimum driver / program levels, but still look for the latest for your platform. For the Vista versions of the drivers above (points 3. and 4.) visit those pages and you'll find the link to the page for the Vista drivers / programs.

So, after doing all this, how was the performance of the new wireless adapter driver?
In short, pretty much perfect. Not one droped connection, and even a 40% signal could be used to get acceptable transfer speeds (18-24Mbps out of a possible 54).

What was an added bonus wass that the new Access Connections program is pretty cool and flashy. It's still the same underneath, but there are some extra features. I won't spoil the surprise for you in this post. Maybe later.

If you are suffering at work or at home from all-to-often dropped connections (and I know many of you are), you could do a lot worse than upgrade. Your sanity will thank you for it.

Ever wonder how you spend all that time on the PC?

Well, no need to guess. ManicTime is a handy little freeware utility that allows you to track your time spent on your computer, by program, and your idle time too.

All this information is stored in a local database, isn't transmitted anywhere (for those with security concerns, rest assured), and can be displayed in all manner of views, graphs and charts. It's not a mindreader, so you might have to tag your time, but that's pretty easy.

It might not be something you'll use often, but it's interesting to give it a try at work, you might be surprised just how much you spend time switching applications when you see the results, not to mention the surprising amount of downtime. An eight to ten hour day doesn't amount to as much real work as you might think, especially when you take away the time lost to meetings, lunch, coffee breaks and other meanderings.

Network Security for work and play - time to upgrade to NMap 5.0

If you haven't used NMap before, here's what it does in a nutshell:

NMap is short for "Network Mapper", and it is used to determine what hosts (computers and other network-enabled devices) are on the network, what services they offer (apps), firewall and AV or filtering they have installed, plus OS type and version.

It's obvious to see the benefit if you're a network administrator. Just start it sniffing on the company network and it will report back all this information, allowing you to do inventory, security compliance audits and vulnerability testing.

Of course, the more subversive of you out there will probably think other uses. Whether your hat is white or black, you can have a lot of fun with this. Sniffing for hosts to attack, or just to play about with is easy and rewarding. However, I wouldn't run it on a tightly-controlled, corporate network unless you're really tired of your job ;-)

The latest version is NMap 5.0. It came out in July, and unfortunately no-one told me until now :(

I upgraded my not-so-old 4.75 version on my Win XP machine, but I haven't done the same for my Ubuntu box. Zenmap, the front-end, looks slightly tweaked, and overall (I might be imagining things, it's not as if I benchmarked it) it seems to run faster.

If you haven't tried it, maybe now is a better time than ever. Considering what it does, and how powerful it is, it really isn't much of a hassle to install and configure. It has a really great tutorial, and the NMap site it a treasure trove of tools, tutorials and ideas. It's well laid out too.

Further reading

• IPwatchD an IP conflict detection tool for Linux (slumpedoverkeyboarddead.com)
• GitHub, Firewalls, and Freedom (autonomo.us)
• Top-Rated Firewall Back by Request (chris.pirillo.com)
• Protect Yourself With A Bank Firewall [Fraud] (consumerist.com)
• Introducing The Virtual Machine Trojan (elasticvapor.com)
• How to set Windows as Default OS in Grub (techie-buzz.com)
• Why Is Linux Notebook Battery Life Still Poor? (hardware.slashdot.org)
• Migrating to Linux, Part 2: Avoiding Separation Anxiety (slumpedoverkeyboarddead.com)

Tech support cheatsheet

Your most invaluable guide to tech support, courtesy of xkcd.com

It was 40 years ago today

OK, it was 40 years ago a few days back...
But it's still hard to believe that Unix is really that old.
I still don't know as much about it as I'd like.

Further reading

• 40 years of Unix (slumpedoverkeyboarddead.com)
• Do one thing, and do it well: 40 years of UNIX (crunchgear.com)
• Unix at 40 (news.bbc.co.uk)

Firefox 3.5 really is faster and better

Image via CrunchBase

I know, this isn't exactly news, but if you haven't upgraded to Firefox 3.5 by now, you probably should - and I think you'll be pleasantly surprised.

All the good things that made the majority of users choose Firefox (other than those who just blindly accepted IE because they had no idea how to do otherwise) are still there. But there are a few new features. Some are new (native JSON support, web worker threads), and some are just new to Firefox (private browsing). Other features were available in add-ons, such as Tab Mix Plus and Session Manager (closed tabs, closed windows, tab tearing).

These new or borrowed features are important factors that will contribute to Firefox staying ahead of the competition, but I think I'm not the only one who was starting to get tired of every bell and whistle slowing the browser down. Safari wasn't going to tempt me away, but Chrome - while it didn't impress at first - started to really grow on me. Thanks to Chrome View, I could set certain sites to load up in Chrome instead. I'd noticed that Firefox 3.0.x, while it felt like an improvement at first, seemed to have terrible trouble with sites with deeply nested links. It simply took a ridiculously long time to load such sites, making the browsing experience pretty unbearable in the process.

So, the main area for improvement for Mozilla to look at, for me, was speed. Chrome and Safari had it. Chrome had some neat features too (even if Safari had nothing), but it had no add-ons (and probably never will). Once I heard that Firefox 3.5.x was much faster than Firefox 3.0.x I was very nearly sold. It was just a matter of time before all my favourite add-ons were confirmed compatible with 3.5 and then I'd be on my way.

My favourite add-ons (all FF 3.5 ready :)
- Ad Block Plus (essential)
- Greasemonkey (essential)
- Personas
- Tab Mix Plus (quite redundant now though)
- Selenium IDE (essential)
- Flashgot
- Firebug (essential)
- Speed Dial (essential)
- Stumbleupon
- Forecastfox
- Zemanta

Now that I have upgraded, since all the add-ons listed above are supported, I can vouch for greatly improved performance. The claims from Mozilla were that FF 3.5 is over 2x faster than FF 3.0, while benchmark tests on many sites claim it's up to 2.5x faster. All I can say so far is that I can feel a huge improvement. Most of the frustration has been removed, and I don't think I'll be reaching for Chrome quite so often from now on.

Performance index comparative (OS: Win Vista) from lfie.net

Futher reading

• Tab Mix Plus Beta For Firefox 3.5 (techie-buzz.com)
• New hint of gallery for Chrome themes emerges (thaibrother.com)
• Firefox 3.7a1pre Portable lets you try before you install (downloadsquad.com)
• Google building 3D hardware boost into Chrome (thaibrother.com)
• Firefox 3.5 performance 250% (lfie.net)
• Top 5 Killer Features in Firefox 3.5 (mashable.com)
  

Cowon S9 - looking good

Cowon's new flagship offering looks fantastic, but then again, most of their products do.

It features a 3.3" screen and it looks like it will be extremely high def, with perfect colour.
That seems to be the main improvement (maybe the UI and controls were made more intuitive), because the sound quality is exactly the same as the models that have been available for the last few years:
20Hz - 20kHz freq. range and ~30mW per channel max output @ 16 Ohms
I suppose it doesn't need to be any better than that for consumer use - but they could easily take on the pro market if they wanted to.

It has a lot of nice additional features: flash playback, wireless, bluetooth, AV output in PAL/NTSC - I wouldn't mind some of that.
Pity they never did anything about the recording facility. This seems to be the only thing missing - a really good stereo condenser mic instead of a pinhole, and a good sampling bitrate (say 160kbps - 320kbps mp3, instead of 96kbps WMA).
With that, musicians (and bootleggers ;-) wouldn't need the Zoom H-2

Google opt-out

Tired of Google dominance? Walk away with Google (tm) opt-out

Pro-Georgian blogger is targeted

Cyxymu, a Georgian who has blogged extensively on the Russo-Georgia conflict and the land grab of South Ossetia was apparently targeted in a DoS attack lasting around two hours yesterday.

His Live Journal blog (which I won't link to), Facebook page and Twitter profile were hit hard, probably by a botnet set up to silence him.

The side effect of the DoS attack was that Live Journal, Facebook and Twitter were heavily affected, with Live Journal an Twitter being brought down, unable to handle the millions of requests, while Facebook performance was greatly reduced. Google and YouTube were also targeted, but their architecture greatly limits the effects of such DoS attacks, so they were able to absorb most of the impact and no end users were impacted.

It is not yet known who was responsible, although there was the suggestion (from Cyxymu himself) that the Russian authorities were involved. There is more evidence that an individual or a small group was responsible, leveraging the power of hacked PCs (known as zombies) around the world to stage what is quite a traditional type of denial of service attack - flooding target pages with a very high and volume of requests, sustained for long enough to bring down the site or service serving the page.

Cyxymu's Live Journal blog is still offline - presumably as a precautionary measure from Microsoft, to spare other users from further outages. Understandable, if a bit cowardly.

Whether the KGB was behind this, as some suspect, or if it was a disgruntled diametrically opposed (in the political sense) hacker or group of hackers remains to be seen. It is unlikely that this is the last we will hear of it.

Further reading

• Bits: Attack on Twitter Came in Two Waves (bits.blogs.nytimes.com)
• Web attack blogger blames Russia (bbc.co.uk)
  
• The Most Hated Man Online? (mt-soft.com.ar)
• Russian hackers launched Twitter attack 'to silence Georgian blogger' (telegraph.co.uk)
• Twitter attack aimed at political blogger (cbc.ca)
• Twitter and Facebook DDoS Attacks Targeted One Man (mashable.com)
• Twitter still struggling to recover from DOS attack (macworld.com)

Technical Support should never be necessary

Ah end-users. The only thing really wrong with the world of software support. PEBCAKs, the lot of them.

http://thedailywtf.com/Articles/Support-Should-Never-Be-Necessary.aspx

I've received quite a few mails nearly as bad as these, but I'm sure it would breach the patient / madhouse software doctor confidentiality rule.

pchelptech
"There are two ways to write error-free programs; only the third one works"

Estimation

See more strips like this at: xkcd

MS .NET 3.5 users: beware fix pack 1

I don't use the .NET 3.5 framework myself, I'd rather stick pins in my eyes, but for those who do: watch out for fix pack 1 - it'll open up a security hole. The vigilant will probably notice that you have a new add-on in Firefox that can't be uninstalled without some registry diddling. I'm sure it'll be patched some time, perhaps next month.

Of course, if you're one to install the .NET framework in the first place, you're probably not the type to check these things.

Here's a particularly inflammatory post about it.

Related articles

• Microsoft .NET Framework: Making Firefox Just as Vulnerable as IE (blippitt.com)
• Do You Trust Microsoft? (q-ontech.blogspot.com)
• Microsoft cannot be trusted! (dvorak.org)
• MS Issued a Fix For Its Unwanted FireFox Extension (yro.slashdot.org)
• Did Microsoft Install A Firefox Extension On Your System? (lockergnome.com)
• Think Firefox is Safer than IE? Microsoft Doesn't Want It That Way (lockergnome.com)

Bitnami in the Clouds

A couple of months back, I posted this about Bitnami. They provide applications such as Drupal, Wordpress or phpBB to be installed natively on a PC, Mac or Solaris box with no existing web application infrastructure stack in place - all in one convenient installation file, providing the complete package: a full-stack infrastructure with the application of choice as the cherry on top.

This makes the whole process of getting a blog, CMS, bulletin board or portal set up as easy as possible. All you need is a modest box to serve it to the company, or to the world at large.

Of course, if you don't have a modest box (a server, in other words), you're stuck. Hosting a public application can be a headache, and there's a cost involved, which can grow as your application scales.

Why not take one of these Bitnami stacks and put it in the cloud? There are lots of cloud providers out there, that will provide you with a scalable site with an application, configure it, manage it, load-balance it and monitor it for you.


Enter Bitnami and RightScale, linked with Amazon's cloud offering. RightScale will give you 10 hours free cloud computing with Amazon EC2, after which further costs are linked to your EC2 account.

I'm not the biggest fan of cloud computing, yet, but if you have a business that needs a public facing site, and you want to put the responsibility of running it firmly in the hands of people that know what they're doing, then I can see how this could be a great solution.

Can anyone stop Oracle?

A few weeks back, when IBM turned down Sun's offer to acquire them, I thought they were crazy. You would think they would at least try to block their main competitor, right? Wrong. Oracle have been busy doing some buying of their own of the last few years, gradually building up momentum, looking for a big name acquisition.

Image via CrunchBase

Then, they got one.

Weeks have passed, and it's still hard to say what the future will hold for Sun, and for Oracle. While in the past they have been pretty much steamrollering the smaller companies they've got their hands on, a company of the stature of Sun - who gave us Java and Solaris - requires different treatment. This should be an alliance, a meeting of minds.

However, what makes this approach even more interesting, is that Sun only recently acquired Oracle's greatest open source competitor, MySQL.

Image via CrunchBase

Now it's personal. Reading around on TheRegister and Slashdot, amongst other places, I'm getting a bit worried. I actually care about MySQL. I've been using it since I started to work with databases and especially since I started to develop web applications. It's default beep, sounding every time I type something stupid into it's command line, is music to my ears.

Where will things go from here? Who'll be next?