Let me just start by clearing something up for a lot of confused Linux users.

The Mac OS X kernel is called XNU; presumably, this stands for "XNU is Not Unix". It really should be called XNL or XNF, for XNL is Not Linux or XNF is Not FreeBSD.

Contrary to popular belief, none of the most worrying security flaws in OS X are present in Linux or any of the BSDs. These are a result of Apple’s shithouse security design. Really, what sort of idiot would design an operating system so you don’t need to type your password before starting an installer, and having the package’s install scripts running as root without even asking the user? (Windows users, you know where to send your flames).

Also, to answer an Ubuntu user’s recent question: No, if Ubuntu was based on the FreeBSD kernel it would not be able to run OS X application. Firstly, Apple constantly changes its mind on which BSD’s work it used for XNU/Darwin. Secondly, Apple have stripped out much of the BSD and added their own stuff. Thirdly, the kernel is not the key to running a particular operating system’s programs; it’s all to do with the system libraries. In OS X, the important system libraries are closed-source.

But anyway, here are some recent articles from Cnet.com which may make you glad that you run an operating system with a proper security system:

Attack code targets zero-day Mac OS X flaw

var exURL = encodeURIComponent(”http://news.com.com/Attack+code+targets+zero-day+Mac+OS+X+flaw/2100-1002_3-6137710.html”);
var exHed = ”;
exHed += “Attack code targets zero-day Mac OS X flaw”;
exHed = encodeURIComponent(exHed+’ - CNET News.com’).replace(/\’/g,’%27′);
Element.cleanWhitespace(’storyDekDiv’);
var exDek = encodeURIComponent($(’storyDekDiv’).innerHTML.stripTags().replace(/\s+/g,’ ‘).replace(/^\s*/,”)).replace(/\’/g,’%27′);

A security researcher has published attack code for an unpatched
flaw in Mac OS X, the latest vulnerability in the "Month of Kernel
Bugs" campaign.

The proof-of-concept code exploits a security hole in the way Apple
Computer’s operating system handles disk image files, the researcher wrote Monday on a blog devoted to the campaign, which promises to reveal details of a new flaw in low-level software every day this month.

"Mac OS X com.apple.AppleDiskImageController fails to properly handle
corrupted DMG (disk image) image structures, leading to an exploitable
memory corruption condition with potential kernel-mode arbitrary code
execution by unprivileged users," wrote the researcher, who goes by the
initials "LMH."

The vulnerability could be exploited remotely, as Apple’s
Safari Web browser loads DMG files from external sources, such as one
found while visiting an URL, LMH wrote. That could let an outsider
compromise a system.

Secunia rated the vulnerability as "highly critical" in an advisory on its Web site
on Tuesday. In addition to being used to compromise a computer, the
flaw could be exploited by malicious local users to gain escalated
privileges to the system, the security company said.

Apple representatives did not respond to a request for comment.

In the blog, researcher LMH said people can prevent an attack by
"changing the Preferences and deactivating the functionality for
opening ’safe’ files after downloading."

Vulnerabilities in the Mac OS have been rising, leading some experts to note
that the Macintosh platform is not impervious to security problems. The
vast majority of security vulnerabilities affect computers running
Microsoft Windows.

————————–
The program offers to automatically open files in a disk image? What is Apple - stupid? Absolutely off their rockers? This is similar to the "classic" example that the open-source community quotes regarding security policy on Windows. The classic example is actually of how MS Outlook once/does offer to open e-mail attachments automatically.
—————————

Adware sample targets Mac OS X

var exURL = encodeURIComponent(”http://news.com.com/Adware+sample+targets+Mac+OS+X/2100-7349_3-6138772.html”);
var exHed = ”;
exHed += “Adware sample targets Mac OS X”;
exHed = encodeURIComponent(exHed+’ - CNET News.com’).replace(/\’/g,’%27′);
Element.cleanWhitespace(’storyDekDiv’);
var exDek = encodeURIComponent($(’storyDekDiv’).innerHTML.stripTags().replace(/\s+/g,’ ‘).replace(/^\s*/,”)).replace(/\’/g,’%27′);

A new adware program silently installs on Mac OS X systems and opens Web browser windows, according to F-Secure.

The program, dubbed iAdware by the Finnish security company, is possibly the first example of adware
for Macs. It is especially interesting since it doesn’t require
administrative privileges to nestle itself on the computers, according
to F-Secure.

"We won’t disclose the exact technique used here, it’s a
feature not a bug, but let’s just say that installing a System Library
shouldn’t be allowed without prompting the user," according to the F-Secure blog on Thursday.

The program is a proof-of-concept sent to F-Secure and it is not out targeting users on the Internet.

"In theory, this program could be silently installed to your user
account and hooked to each application you use," according to the
F-Secure blog. "This particular sample successfully launched the Mac’s
Web browser when we used any of a number of applications."

Malicious software that targets Mac OS X systems is rare and
has been limited largely to proof-of-concept code, instead of actual
attacks. However, there are indications that hackers are increasingly targeting the Mac, which experts have said is not impervious to attacks.

For example, as part of a campaign called the Month of the Kernel Bugs,
several new flaws have been disclosed in Apple Computer software, the
latest on Monday in the AppleTalk protocol. Last week, exploit code was
released for another yet-to-be-fixed flaw in Mac OS X related to disk image structures.

Apple could not immediately be reached for comment.

—————————–
You see, Apple is living back in the good ol’ days, when only typesetters and musicians had Macs, and nobody with malicious intent had a Mac to experiment with. Apple didn’t need to worry about security back then ("security through obscurity") and they have barely changed their attitude. OS X easily has the ability to become a huge virus/spyware/adware/hacking headache for its users.
—————————–

Apple Mac OS X patch plugs 31 vulnerabilities

var exURL = encodeURIComponent(”http://news.com.com/Apple+Mac+OS+X+patch+plugs+31+vulnerabilities/2100-1002_3-6139117.html”);
var exHed = ”;
exHed += “Apple Mac OS X patch plugs 31 vulnerabilities”;
exHed = encodeURIComponent(exHed+’ - CNET News.com’).replace(/\’/g,’%27′);
Element.cleanWhitespace(’storyDekDiv’);
var exDek = encodeURIComponent($(’storyDekDiv’).innerHTML.stripTags().replace(/\s+/g,’ ‘).replace(/^\s*/,”)).replace(/\’/g,’%27′);

Apple Computer on Tuesday released a security update for Mac OS X to
repair 31 vulnerabilities, including a zero-day Wi-Fi hijack flaw.

Apple’s Security Update 2006-007
includes fixes for flaws in Apple’s own code as well as third-party
components that ship with the Mac OS X operating system, such as Perl,
PHP and OpenSSL. Several of the vulnerabilities could allow full system
compromises, according to Apple’s security alert.

However, Apple’s update does not address all publicly known flaws
in the operating system. Over the past few weeks bug hunters, as part
of an initiative called the Month of the Kernel Bugs, have published
details on several new vulnerabilities in Mac OS X. One of those was tagged "highly critical" by security-monitoring company Secunia.

"Apple hasn’t fixed any of the bugs published during the Month
of Kernel Bugs, except for the AirPort issue," said "LMH," the code
name of the security researcher who started the Month of the Kernel
Bugs. "Apple users are still exposed to any potential risks related to
those unpatched issues."

The security hole in the AirPort driver software
affects Macs that shipped with Apple’s original AirPort card, Apple
said. An attacker nearby the computer could commandeer a vulnerable
system by sending it a malicious network packet, according to Apple’s
alert.

Other flaws addressed by the Apple update could let Macs be
compromised through malicious sites, rigged compressed files or
malicious font files, Apple said. The update also fixes four flaws in
the Mac OS X Security Framework, the worst of which could crash Macs or
display expired security certificates as still valid, Apple said.

The Security Update 2006-007 for Mac OS X client and server
software is available from the Software Update pane in Mac OS System
Preferences, or Apple’s downloads Web site. Apple recommends Mac users
install it.

—————————-
The community has done the security auditing work that Apple should have done, and published its results. So what does Apple do? Ignore it!

Let’s be clear about this, too. The open-source community put together security patches for its own components - Perl, PHP, etc; and released them straight away. Linux distributions packaged the new versions ASAP, releasing them as they became available. Apple, on the other hand, waited until it had a big bundle of non-critical patches before releasing the whole lot in one go.

This meant that: The most up-to-date Linux systems had no unpatched flaws the day before the OS X update was released, and at any one time would have only had 1 or maybe 2 unpatched flaws. The most up-to-date OS X systems had many unpatched flaws for days, possibly weeks, before the Mac OS update was released.

And Apple wonders why no-one wants to use OS X on servers…

But I don’t need to worry about Apple’s incompetence, and sorry about the swearing earlier.

…problems quickly emerge.

Readers of the UbuntuOS blog know that I put together a Debian package of the game Bloboats. This is a real Debian package, not just a Checkinstalled one. I was a bit nervous about whether it was going to work, break someone’s system, etc; so I installed it on my own machine and it worked fine.

I just bought the latest Linux Format magazine. The first program I tried to install from the coverdisc was available as a .deb. I double-clicked it, and GDebi said that the program would require the removal of two packages. One of those was my Bloboats deb :’-(

So, er… install Bloboats from source. Don’t faff around with my stupid amateur packaging attempt, or if you want to AT LEAST check that GDebi is not going to remove some of your existing programs. And then don’t complain  if a  package you install later  gets rid of Bloboats.

I’ve been spending a lot of time in XFCE recently. I often do this - use Gnome for a couple of months, then get tired of it and use XFCE for a little while. Let’s see how this goes.

Also recently, I’ve been alarmed at the attitude of Ubuntu’s developers - "PowerPC makes up only a couple of percent of downloads, so we’re going to stop supporting it". WHAT? Linux is only a couple of percent of the computer market, yet you’re so quick to critisise companies that don’t support it.

Macintosh Linux use is set to grow substantially, and everyone but Ubuntu (and Fedora, they’re saying the same thing) realise it. PPC Ubuntu is how I got into Linux. If it weren’t for PPC Ubuntu, I’d probably be surfing the web on Windows. And now I’m making a contribution to the community by being on the Ubuntu Podcast, and showing people how NOT to make Debian packages

Now there’s talk of forking PPC Xubuntu (well, actually, I’m the only one who’s talked about it!). It makes sense to me - the Ubuntu repos have a lot of utilities that are must-haves for Mac users; these include hfsutils, mol and netatalk. A distribution by PowerPC users, for PowerPC users, could fix a lot of problems with PPC distros AND be a good avenue for Mac users to migrate to.

Every Tuesday in my local paper, there is a section about IT. It contains IT news and a column from a computer consultant who answers reader’s questions.

Today’s question was from someone in business. They had 12 computers which were just used for web, e-mail and writing letters, and they had heard that Linux was free and invulnerable to viruses and spyware. The man wanted to know the consultant’s opinion on whether a Linux migration would be a good idea.

The consultant answered like a rabid Windows user. To start off with, he said that Linux was still affected by viruses; and that anti-virus software for Windows was good enough. Strike one. Then he said that a Linux migration was a bad idea, because if the company wanted to buy a peripheral for one of the computers, they wouldn’t know if the device would work with it. Strike two. Then he said that OOo wasn’t a very good substitute for MS Office, because "it can’t understand macros" (er, doesn’t everyone just turn off macro support in MS Office anyway? Besides, OOo *does* have support for them these days!). Strike three. The final blow came when he claimed that the cost of training staff on how to use Linux and open-source applications would make the venture useless.

To add insult to injury (his own, if I ever get my hands on him!), he reckoned he wasn’t "anti-Linux".

True, some of the things he said would be considerations for some businesses, but not for this one. Linux is overkill for simple e-mail, web surfing, and word-processing terminals, but it’s still more suitable than Windows. This business wouldn’t need VBA macro support. This business wouldn’t need accelerated video, or even sound, in their 12 machines, so telling them about the 1% of unsupported sound cards is just FUD!

I know from previous Linux-related letters that he’s never used an installed Linux - how else would he be unaware that you don’t have to manually install a bootloader? But why is he so anti-Linux? It’s not because of ignorance, although I do think he has a lot of that.

No; the answer is: He’s a computer consultant without Linux training. If everyone switched over to Linux tomorrow, he’d be out of a job, or he’d at least have to undertake retraining; a tough proposition at what I believe his age to be. He’s just afraid of what a Linux future would mean: personal obselesence.

Imagine you’re telling a independent computer fixer about why they should be pushing the use of Linux to their customers. You mention that it doesn’t get viruses or spyware, it never needs defragmenting, and the security system makes it resistant to human breakage. The computer fixer’s answer would be "Well, how the h*ll am I supposed to make a living if the computers no longer need software maintanence? If there’s no viruses, if the computers don’t get so slow, if the users become smart enough not to break their systems or if the system stops the user from breaking it, then what am I supposed to do?"

That’s the problem. Computer fixers won’t push Linux because it is something outside their experience, and they are currently making their money from something with built-in problems. Computer retailers won’t push Linux, because it’s not bloatware that will force consumers to upgrade often. I’ve been hired as an independent contracter to fix some people’s computer problems - problems specific to Windows, where the only non-Linux solution is a stop-gap one.

It’s great that there are technical people out there who are spreading the word of Linux, but now we’ve got to think of ways to engage the people who have the most to lose from a Linux migration. This may mean adopting "arms trader" tactics - tell a number of retailers simultaneously that they sell Linux-preloaded computers, they will undercut their competitors, capture most of the current Linux market, and create a new Linux market all to themselves (we MUST get the Windows licensing practice under control first!).

We could also try and get community volunteers to help out - for instance, run free informal classes for existing computer techs on how to install, set up, and repair Linux systems for ordinary people. Emphasise that the fixing process would be much cheaper for them, as some problems could be fixed through SSH or XDMCP without needing to travel to the customer’s house. Emphasise anything else that would provide incentive.

We should think about the people who have something to lose, and make sure they have something to gain.

I’m not going to e-mail the consultant from the newspaper, but I’m sure he knows who he is. This is addressed to him: If you are reading this blog post, please add a comment or message me, and I’ll arrange a time to teach you some Linux for free.

Today at Dick Smith’s:

/me walks up to the counter with a gadget that charges MP3 players through the USB port.
Guy behind counter: Are you buying this to use with an iPod?
Me: Yes, an iPod Shuffle
Guy: I’ve heard that the iPods don’t work with these. A few people have brought these back. Apparantly the iPods have some kind of device in them that can tell if they aren’t connected to a real USB port.
Me: Well, I’ve charged… I use Linux by the way, I’ve charged the iPod when the computer’s just been sitting on the bootloader screen.
Guy: Well, you might be alright then. If the charger doesn’t work, bring it back within 14 days and I’ll give you a refund.

(transaction goes through)

Guy: So, what distro do you use?
Me: Ubuntu.
Guy: Oh, you should use Fedora or Gentoo.
Me: I don’t think I’m enough of a power user to figure out Gentoo!
Guy: Gentoo’s great. The only thing is, when I update the system it erases my FS tab [he was referring to the /etc/fstab file].

The point of me posting this conversation? Of the 5 people I’ve ever spoken to in a Dick Smith’s store, I know that 2 of them use Linux and 1 has a friend who uses Linux. We’re surely creeping into the public conciousness.

That little conversation made me feel a bit better - there’s something wrong with my car AND I had to pay $200 registration for it, so until then I was feeling a bit down in the dumps.

For some reason, a couple of months ago, I was going to try running the 64-bit Ubuntu Live CD on my computer just to see what would happen. Today, I finally remembered it again, and actually did it.

The startup menu appeared. The system booted to the desktop. A quick check of the "uname -a" command revealed, once and for all, that my computer actually has an Sempron 64-bit processor. I won’t be installing a 64-bit OS on it though until Ubuntu has proper multi-arch support.

Also, on the list of possible things that I won’t possibly get around to doing: Ethics Reporter. A program that scans your hard disk for possibly unethical programs and modules. Apps by companies which engage in anti-competitive practices, programs that are closed-source, codecs that are licensed, etc. When the scan is complete, it opens an HTML version of the report.

Three things which irritate me (scope creep - the post was originally Two Things Which Irritate Me):

1. On Cnet’s Help forums, a newbie is looking to buy a second-hand computer. The catch is, the particular computer has no operating system on it. Somebody suggested putting Linux onto it, and was immediately shouted down ("Newbies shouldn’t try to use a Linux OS").

Why not? Why the heck not? Installation wouldn’t require any complicated partitioning, just a straightforward wipe of the hard drive. The distribution is likely to configure itself perfectly, because it’s running on older hardware and it’s a desktop computer. (Once Linux is set up, there’s no need for the command line). There’s no malware to worry about, and all the software you need is available with just a couple of clicks. The 256 megs of RAM in the computer will be far more effective on Linux than on Windows - I know from experience.

I put in my two cents, but I don’t think it did any good. I doubt any of those naysayers has even tried Linux.

2. There are some computers that are STILL being sold with only 256 megs of RAM. We’re what, four months away from the release of Vista Home? This is totally unacceptable, especially considering that it’s not just one or two machines - it’s a whole heap of them. Imagine buying a computer, and then finding that you’ve got to upgrade it a couple of months later just to run the latest software.

3. How stupid is this: Dual-core laptops being sold with Windows XP Home. In other words, you’re paying for dual-core power, but unless you buy XP Pro (or use Linux-SMP) you will never see a performance improvement over the single-core laptops. I’m not sure if I am allowed to swear on a Friendster blog, but that is fracking crazy. What sort of twit would buy one of those?

One thing which inspires me:

1. I have a yearning to buy a second-hand computer or a quit model, install gNewSense on it, and don’t let a single piece of proprietry software onto it. No Flash, no w32codecs, no Skype, no 3D graphics drivers… not even restricted formats (possible exception: MP3 playback). Linux computing, the way it should be. I doubt I’ll ever get around to doing that, but I think it would be a great computer to keep around.

Not really a lot to say at the moment. I’m going too e-mail Kym back near the end of this month - the reason she gave was that it was stressful talking to a virtual stranger while having to go through the stress of exams and assignments and stuff (she has mild depression and anxiety about social situations), so I think it would be good to wait until the other sources of stress for her are over before I complicate things again.

I’ve never had such an instant connection with someone before.

Soppy stuff aside, Hi-5 were on Channel 9’s Abba Mania special. The idea was to get a bunch of well-known musicians together to sing Abba songs. The result ended off being some people who nobody had ever heard of before, performing (barely singing) some Abba songs. What can you say about a musical special where the biggest vocal talent there was Kerry-Anne Kennerly, and most of the other singers were journalists and substitute weather presenters for Channel 9? Admittedly, Kerry-Anne Kennerly was amazing - I never thought that a morning TV host could have such a strong singing voice.

Anyway, as I had to plug my video capture box into the AV Out of my TV (long story) and I got some terrible interference in the audio, I became well aquainted with the noise filter of Audacity. It works really well - I used it in the podcast yesterday too, with good results.

Speaking of the podcast, I discovered Nautilus’ integrated FTP browser. That is one cool file manager. Yes, I know that the Mac OS Finder has done it since version 8.5, I know that Konqueror can also do it, but I still can’t get over the fact that Nautilus treats FTP directories the same as local directories. It just makes things so easy.

In other Gnome-related news (kinda), Aaron from UbuntuOS has switched from KDE to Gnome. The guy is probably the world’s biggest KDE fan, so I think he’ll go crawling back to Kubuntu

Adblock Plus is working great. There are no advertisements on this blog-writing page.

Last night I e-mailed a large file to someone, and I used the At command to tell my computer to turn off at a particular time after they would have finished. But I came into my computer room this morning and found the computer still on. It was stuck on the "System Halted" message. Disturbing, but I think it’s because in the At command I specified two commands - halt and sudo halt, which probably wasn’t clever. On the plus side, I got to try out the kernel command keys - Alt-PrtScr-S to sync all drives, Alt-PrtScr-U to unmount the drives, and Alt-PrtScr-O to power down. The last one didn’t work - possibly a problem of that nature.

Last two things: I put a bunch of pictures of Joondalup and Busselton into F-Spot, tagged them as Places, and then set the Places tag as my screensaver. Sometimes, when I start to think that I need a holiday, I go System > Log Out and click Lock Screen, and just sit there looking at all the photos. It makes me feel better.

Last thing: As the version of Gstreamer that comes with Dapper is not exactly cutting-edge, I can’t use Jokosher. I can open it, but no sound comes out. As a result, I’m seriously thinking of clean-installing Edgy. My Dapper system is a bit gunky; I’ve got heaps of things on there that I don’t need, and Thunar seems to be my default file manager for some commands, and some of my fonts are too big, so I think I’ll end off upgrading. Possibly on the 1st anniversary of my first successful Ubuntu boot-up (December 26th) or the 1st anniversary of my first Ubuntu installation (the 11th of Janurary).

Okay, so I told you that I didn’t have much to say. I suppose I did.

I installed the latest beta version of IEs4Linux the other day. This is a great program that allows you to install Internet Explorer 6, 5.5 and/or 5 onto Linux in Wine - its main use is for web developers to test their pages in multiple browsers without a reboot.

This beta version also has support for installing the IE 7 rendering engine (it appears within the chrome of IE 6), and a new graphical installer.

Here is a picture of the graphical installer (click for bigger view):

You must give a particular command-line argument in order to get it to install IE 7, but that’s no problem. I already had IE 6 installed through ies4Linux; the new version detected that and didn’t try downloading it again.

On the UbuntuOS blog I posted the results of the Acid2 Test: Opera 9 is the only browser I have which renders it correctly. Konqueror 3.5.2 comes close. Firefox 1.5 doesn’t do well. IE 6 and 7 are about on a par, with the worst rendering I can possibly imagine. Admittedly, IE 7 has some problems rendering .gifs in Wine, but I don’t think this explains such a bad result. Head over to ubuntuos.com to check it out.

While you’re in the surfing mood, check out the Lunch Hour Skiffle Band. Considering the short amount of time they have for rehearsals and recording, they’re quite good. Check out their version of "You’ve Got Another Thing Coming", it’s awesome!

Old Flaw Haunts New Microsoft Browser

Security firm reports another glitch in newly released Internet Explorer 7.

Jeremy Kirk, IDG News Service

A security problem originally found in Microsoft
Internet Explorer 6 browser has returned to haunt IE7, the new version
of the browser launched two weeks ago, a security consultant said
Monday.

Danish security consultancy Secunia AsP posted an
advisory regarding an issue where an attacker could potentially snare
logins and passwords from an unsuspecting IE7 user. Over two years ago,
security researchers reported the same fault in IE6.

Misled by Pop-Ups

If
a user visits a Web site specially crafted by an attacker, and then
opens a "trusted" site such as a bank or e-commerce site that has a
pop-up window, the attacker can put new content into the pop-up, said
Thomas Kristensen, Secunia’s chief technology officer. This could
enable the attacker to ask a user for financial information or
passwords, he said.

When the problem was revealed in June 2004,
Microsoft gave instructions for a workaround for IE6: disable the
setting "Navigate sub-frames across different domains." That setting is
disabled by default in IE7, but does not appear to prevent the attack,
Kristensen said.

Microsoft has been notified of the flaw,
which was submitted to Secunia by a user, Kristensen said. Microsoft
officials did not have an immediate comment this morning.

Secunia
rated the problem as "moderately critical," but Kristensen said the
company was not aware of sites trying to exploit the flaw.

An
alert user might notice that they’re under attack: Since the URL for
the pop-up window is visible, it may be possible to identify a
fraudulent request for password information, for example. But "it would
require you to pay some attention to the address bar," Kristensen said.

However, a clever attacker could also use this problem in
combination with a pop-up spoofing weakness identified last week.
Microsoft hasn’t patched that problem.

Second IE7 Flaw

Following IE7’s release on October 18, Secunia found a problem it shared with IE6.

The
vulnerability allowed an attacker to potentially read information from
a secure Web site if the user had also opened a maliciously crafted Web
site. Microsoft said that the problem is actually in code called by the
browsers in another application, Outlook Express, which remains
unpatched.

http://www.pcworld.com/article/id,127703/article.html#

But I don’t need to worry about it, as Firefox’s programmers have a good understanding of what constitutes "security".

————————-

In backstory… finally got a message from Kym. Let’s just say that I hope she gets better soon; and until she gets better I can’t even have a non-speaking role in her life. Oh yes, it’s raining in my heart as well as outside. I’m going to log into KDE and change the background of Desktop 2 (sorry, I just thought I should say something that would slightly interest Linux users ;-)  ).

Oh geez, I’ve had the worst day at work. (sorry about all the "backstory" posts - if you’re only interested in Linux-related things, this post will not appeal to you at all). My boss has been away and uncontactable for the past couple of days.

Yesterday, a customer (who I will call Steve) called up to ask why he hadn’t been called about a Panasonic phone that he’d ordered. The boss had promised that it would be here at the shop last Friday. I checked, and it hadn’t arrived. So I called the Mindarie store (we have to get Panasonic gear from another store, it’s a long story) and they said they had been invoiced for the phone, so it should arrive at their store later that day.

It didn’t. Steve called back and threatened to cancel his order (quite rightly too, he’d been waiting a week at that stage). I tried calling Mindarie again, and by this time they’d found that my boss HADN’T ACTUALLY ORDERED THE PHONE. I called the customer, somehow managed to get him to agree to having the phone on Thursday afternoon, and then quickly ordered the phone for real.

Everything turned out okay? Possibly - let’s hope that Panasonic don’t let us down on that Thursday estimate. But in the meantime, much worse stuff happened today.

It started when a customer (who I will call George) called and complained that my boss hadn’t come round to his place and delivered and installed a Panasonic plasma TV on Sunday. He threatened that if the TV didn’t arrive this weekend, he’d demand a refund. Once again, I can understand his annoyance! I called Mindarie and they called Pana, and apparantly the salesperson from Pana told them that the particular model would be available in mid-November.

The customer wasn’t happy about that AT ALL, since my boss had told him it would arrive on Friday!

Another person called up (we’ll call him Sam) called up to ask where his vacuum cleaner was. Because if he didn’t get it by tomorrow, he’d cancel the order. I searched high and low for any information about the order - I checked the orders book, the computer, the desk and cupboards, but my boss hadn’t left any information about it, and Sam couldn’t remember the model number so I couldn’t call Electrolux and ask for an ETA on it.

I asked him to call back tomorrow when my boss was around. He called back later today to cancel the order. Not that we could actually cancel the order there and then - we didn’t even know exactly what to cancel!

George came into the shop and virtually gave us an earful. Now he said that if the TV wasn’t here by tomorrow, he wanted his money back. After he left, we called Panasonic directly, not telling them our identity. They said that if the TV was ordered last week, it should have arrived already. If we ordered one this week, then it would arrive next week. So we called Mindarie and asked when they had placed the order. They said that my boss had called to order the plasma YESTERDAY. No bolsheviking wonder it hadn’t been installed on Sunday!

Lastly, a woman who gave no name (I’ll call her Sheila) called to complain that she hadn’t yet recieved a quote for installing an air conditioner. My boss had gone out to her place a week and a half ago to measure everything, and promised that a quote would be sent to her. She had called in the meanwhile, and my boss had denied responsibility for the quote not being sent.

I understand that Sheila was upset and annoyed, I understand that she was feeling like our store didn’t care about her, and I don’t blame her for feeling this way. But she ripped into me personally, and she ripped into two of my colleagues who she claimed must’ve been responsible for the delay, and she was so offensive that I found myself raising my voice to her. I’m good at preventing my feelings from showing (I’m too good at it, it hinders my personal relationships), but my colleague knew I was seriously pissed-off by the tone of my voice.

After that lady hung up on me, I was close to crying out of frustration. I’d been on the recieving end all day without the ability to put anything right. I really don’t want to go to work tomorrow when the shop-of-cards crashes down around me. Steve’s phone probably won’t arrive, George will be an angry visitor, and Sheila might start swearing down the phone at me again. And who knows which other customers haven’t recieved their purchases and will be calling tomorrow.

A good customer yesterday gave me a beer for coming out to his place and fixing his TV without charge. I’ll definately be drinking it tonight.

And to make matters worse, I haven’t heard back from Kym for what seems like ages. Today’s episode of Oprah was about people suffering from depression who attempted suicide and survived - this really didn’t make me feel good, considering that Kym suffers depression. Maybe after today, we will share a common affliction