A Man and his Penguin

In the second minute of the second day of the Pwn2Own competition, an attacker gained access to the Macintosh computer.

There are a number of miscomprehensions that I’ve noticed in various comments around the web:

1. "The hacker [sic] had physical access, what do you expect?!"

Actually, the attacker was not allowed to physically touch the computer.

2. "It doesn’t demonstrate a vulnerability! It’s not OS X’s fault - it’s the dumb user’s fault for going to that web site in the first place!"

Yes, there are dumb users. I agree, OS X users are dumb users (sorry, couldn’t resist that dig!). But the users don’t have to be "dumb" in order to get attacked by this security flaw. Legitimate websites get attacked from time to time, with crackers managing to insert malicious javascript code into them. When users go to the compromised websites, the Javascript manages to take control over the browser process and use it for their own purposes.

A recent, hilarious example was Trend Micro. That’s a legitimate website that many smart users go to, but it was still attacked with a malicious code insertion (I guess that proves that anti-virus isn’t the be-all and end-all of computer security, huh?).

Safari should not put itself in the position where it can be convinced to access local files. Full-stop. Of course, Apple didn’t have the slightest clue what it was doing when it programmed Safari, so there’s really no surprise in the result. Safari is a buggy excuse for an internet-facing service.

3. "The Mac was attacked more visciously because the computer itself is more desirable as a prize than the other two computers; not that it is less secure. So this is a GOOD result for Apple because it shows that they have computers that people want!"

Nice way to turn an embarrasing defeat into a back-patting excercise. The winners don’t just get the computer, they get $10,000. Ten thousand dollars can buy yourself a computer with more than one USB port!

It’s sad to see that the winners of the competition will sign a non-disclosure agreement with Microsoft and Apple to help fix the vulnerabilities before they become well-known. It’s simply a case of turd-polishing. The software won’t get more secure, it will just become hardened through trial and failure.

Think about it, in terms of an analogy. It’s like if an aeroplane crashed in Halifax, Nova Scotia, due to the right wing coming off during a throttle-up. Rather than make the connection between the wing and fusilage stronger, the plane manufacturers just implement a system whereby the plane refuses to throttle-up while flying over Nova Scotia. You wouldn’t fly on that plane. No sane person would. But that’s what the computer security situation is like right now.

Yes, in the end I couldn’t resist, and I bought a Wii.

It’s a nice console - very compact, and the Wiimote is a fantastic controller. I still think the Nunchuck looks like a penis pump, but oh well.

I did 4 installations tonight after work, so I’m surprisingly cashed-up at the moment. I was thinking of going into town tomorrow and seeing if I can get another Wii game, or possibly a classic controller and some sort of redeemable Wii points card. I’d like to be able to surf the web in the lounge room, and it would be really cool to play all those classic games too.

My Wii age is 28, apparantly!

The Spice Girls fans were great. They were always the first to use new Internet technologies, they treated eachother well, and they were collectively afraid of nothing. They outfitted their computers with video digitisers in order to capture and share TV appearances by the Spice Girls, they listened to the radio for hours on end just to record an interview; they spent literally hundreds of hours scanning in press photos. All for their fellow fans.

They were like that. But it’s been years and years since those days. When the Spice Girls decided to temporarily go their separate ways, the organisation of the fans broke down. Fans left and new people, who had previously been on the fringe of the community ("dyke spicers", as well as people with concealed motives) became more powerful; they basically overran the rest of the community.

That’s when they started to push me out of the online fan community. I was part of the more traditional group of fans, and I told it how I saw it. Call me Mister Paranoid, but I think the new bastards stored information on people who they didn’t like.

There is still a kernel of fans who keep the old spirit alive - tonight I was thinking about "Stop to the top" which is one of the most ingenious plans I’ve ever heard, cooked up and executed by Spice Girls fans. It used new-ish internet technology in a way that nobody had ever thought of before. It failed because of lack of communication, and the lack of communication was caused by the original breakdown of the fan network anyway. But the spirit was there.

So, I hate the Spice Girls, and I hate the Spice Girls fans as they currently stand. Even though they’ve been in this dreadful state for many years, I hope by golly that they find their way and once again become the greatest fan community of all time.

In another case of DRM madness, Apple is trying to prevent people from being able to store and copy MOVIE TRAILERS.

That’s right, the studios hate their advertisements to be viewed by as many people as possible.

Apple’s trailers are streaming-only, which makes no fucking sense when they are Full HD at a bitrate of 10 megabits per second.. unless they are advertising solely to the South Korean moviegoing public.

In the original version of this article, I accused Microsoft of doing a similar thing on their website www.wmvhd.com. But in actual fact, although the videos are ".exe files", they’re just self-extracting archives containing unprotected WMV HD videos. You can extract them in Wine.

And the quality is beautiful.

Who would have thought that Microsoft would be less obsessed with DRM than Apple?

Miro - an ancient African word meaning "I thought compiling software from source was easy".

Or:

Miro - a trainwreck of a project

Don’t get me wrong; I used to have a copy of Democracy Player and I appreciated that it was rather nice. I didn’t have the bandwidth at the time to really take advantage of it.

Now I’ve got 5 gigs per month, I decided to use it by watching some Internet TV. Miro (formerly known as Democracy Player) was my first choice.

I apt-getted it, and it promptly crashes shortly after starting it up. I found that a vastly newer version had been released, so I decided to use the official Miro repo. Bad idea. It wanted to downgrade libxine, which is especially stupid considering I didn’t even have the latest backported version! I decided to go from source. When I had a look I found that Miro appears to be written in Python - "this will be easy", I thought.

I have downloaded about 30 megabytes of dependencies so far, and every time I run the installer script it complains about something else. NOW it’s complaining about OpenSSL! It seems to require vast tracts of libboost, libxine, even X11 development libraries! It’s almost as though Miro requires everything *except* anything that comes with Ubuntu.

I even thought I’d be smart and do "sudo apt-get build-dep miro" to make sure I had everything. But no… it downloaded 11 megabytes of stuff, but it seems that it didn’t download anything that I needed.

Hmm… now that I’ve installed libssl-dev, the compile seems to be chugging away happily. But it’s taken a lot of investigative skills to find all the dependencies. The project is a trainwreck. Firstly, the Miro crash is a known problem, which shouldn’t have made it to any sort of release. Second, the packaged version of Miro from the offical Miro repo should be able to accept newer versions of libxine. Third, I’d appreciate knowing exactly what to download to build this thing. Fourthly, once I’ve compiled Miro, it SHOULDN’T FUCKING SEGFAULT ON STARTUP!

I’m writing a new article at the moment called "Why Linux is the way it is". It’s more like a FAQ - taking complaints about Linux and explaining why things in Linux are different to in other operating systems.

Once it’s got a bit of breadth, I’ll release it and then we’ll all be able to point newbies toward it whenever they complain.

It will cover things like:

Why don’t program developers just use .debs for installing?
Why do I have to put in my password to install programs (and how can I turn this off)?
Why won’t Linux play my DVDs out-of-the-box?

etc.

Today, I kept a telemarketer talking on the phone for a full 9 minutes!

He insisted that he was going to send me a free cameraphone with some credit already on it, and that he wasn’t trying to sell me anything. He told me that the call costs were 1/6th the costs that they normally would be, but when I asked him to admit that he was trying to sell me telephone calls, he denied it.

This went on for 9 minutes. At about the 7 minute mark, I heard a series of beeps on the line. Must’ve been the signal to him to wrap up the call, but he persisted.

I should have kept an eye on the timer and made sure he ran 3 or 4 minutes over time. If two people per telemarketer per hour kept the conversation going for 10 minutes without a sale at the end of it, we would see a 1/3 reduction in telemarketing calls.

Let’s say a nice chap called Rajah works for a call centre. In the hour between 12pm and 1pm Western Daylight Saving Time, he calls someone who immediately hangs up. He rings another person, who immediately hangs up. He rings someone else who keeps him talking for 10 minutes. He calls an old lady, who is so lonely she will talk to him for 15 minutes and then buy whatever he’s selling. His next call gets an immediate hangup. The call after that has him talking for 10 minutes without a sale.

Out of the whole hour, assuming only two of his callees keep him talking, he’s wasted 25 minutes. Lonely old ladies like to keep talking, even when they know you don’t give a shit about whatever story they’re yammering on about (sorry, I’m in a bit of an rude mood tonight!). So that’s where I got the extra 5 minutes from.

Multiply that by 8 hours, and multiply that by however many telemarketers there are. That’s an immensely huge blow to the companies that employ telemarketers. Another trick: Always ask to speak to their supervisor. Be polite about this, but firm. You must always get your way. When you get put through to the supervisor, be as absolutely rude and difficult as possible. If more people did that, they’d need to hire more supervisors, and more supervisors means less of a return on their telemarketing.

We must waste as much telemarketer time as possible. In an ideal world, nobody would buy from telemarketers or even give the impression that they are interested in anything. But all the while we still just say "Not interested thanks", we’re letting the telemarketers call more people each hour. Wasting their time means they call fewer people per hour, which means lower sales for them.

I also like sending back SAEs that have been sent as part of junk mail. Preferably with as much crap as I can put in them. They not only pay for the mailout, but also the mailback, and they get no sale from it. I’ve just thought of a better idea - fill in the form, ask for a huge amount of the product, and put a fake credit card number on it. They will spend time entering in all the information, but not get a sale out of it because the card number is not valid.

Telemarketers and bulk junk mailers are the enemy, and we must make the enemy’s war machine much less efficient.

You’d think that there’s not much technique to using tape measures. You’d think that anyone can get an accurate measurement using one of these little things.

But so many people simply CANNOT use a tape measure correctly.

On Dishlex and Westinghouse dishwashers, the front is curved, and the top is flat. Rather than measure the width from the top of the dishwasher, people try to measure from the front, and then say "Oh, it’s a couple of millimetres too wide!". When they put the tape around the front, they are also measuring the curve, which adds distance!

Today, I had a real numbnuts come in and wanted the cheapest dishwasher he could find - a one-only Conia POS that had been sent to us as replacement for one that we sent back as faulty. Firstly, the guy came in with the wrong measurements - he had measured his space as 600mm wide and just 555 high. I pointed out to him that he probably meant 855mm high.

He asked to borrow my measuring tape. Rather than put the metal end of the tape on the floor so that the tape was pointing straight down, he had the end of the tape a couple of centimetres away. "We can’t get this one, it doesn’t fit". I calmly bent down and held the tape where it should be, and it measured 853mm (or something like that).

Then he obviously didn’t realise that you could retract the tape with the push of a button, because he started talking to his wife and gesticulating - with the tape still out and in his hand! The metal tab was banging against all the cooktops. I hope he didn’t scratch any. He then stress-tested the dishwasher by pulling at the door and pushing the hinge. I think he ended off causing the door to go out of alignment, which of course made him pull at the door even more.

They eventually bought it, but during this whole episode some people came in and immediately fell in love with a Panasonic LCD that we had on display. Tanja got the sale because I was too busy trying to prevent that guy from pulling the dishwasher apart.

Tape measures are not a difficult gadget to use, just remember to measure along a flat surface, and keep the tape parallel to the surface! Otherwise, not only will you get inaccurate measurements, but you’ll look like a damn fool.

I downloaded World Of Padman on Saturday morning, and I’ve been playing it a fair bit ever since.

This must be the first ever FPS where the maps go upwards more than they go horizontally. For those of you who haven’t seen the promotional video or played the game, the characters are only a couple of centimetres tall in our scale, and they battle it out in an ordinary room. One level is a diner, another is a bathroom, another is an attic, so on and so forth.

Not only are the maps very unconventional (for FPS games), but they are made with exquisite care and detail. You’ve really got to play it to see what I mean. One map is inside someone’s study. There is a computer sitting on the ground level under the desk. A transparent panel actually shows the motherboard and a graphics card… how exquisite is that?

And everything is cartoony. The graphics, the voices, even the weapons look non-threatening. But this isn’t a game for kids - Padman swears, and the female Pad characters have cleavage showing.

There’s the standard deathmatch ("Free For All"), a team deathmatch ("Team Play"), limited-lives deathmatch ("Last Pad Standing") and a team domination gametype ("Big Balloon"). But, as is customary for open-source FPSes, there’s a brand-new gametype: Spray Your Colour. The promotional video explains it very simply:

1. Frag an opponent
2. Collect 1-8 cartridges (from the opponent or opponents)
3. Locate the teleporter
4. Spray your colour to score

Easy? No! Sometimes you can get lucky and find cartridges that have been dropped by fragged players but not yet picked up. On the way to the teleporter, you *will* get attacked, and if you’re not careful you’ll be killed. Of course, all your good work with fragging will go to waste, as an opponent is likely to pick up your cartridges and score from them.

When you use the teleporter, your weapons will be temporarily taken away from you and replaced with the spray gun. That’s a nice touch, but it can be frustrating to see the bots spraying 5 cartridges at a time with you being unable to do anything about it. It can, however, be very satisfying to kill a bot that is trying to get to the teleporter with 5 cartridges, and you steal them away and score!

I’m sad to say that open-source FPSes seem to crash a bit, in general. Nexuiz crashes when I select certain gametypes. Warsow and Alien Arena 2007 crash when I select certain maps. Happily, World Of Padman has not crashed on me yet. Even better, it allows you to choose whether or not to use OpenAL for sound - great for computers like mine which don’t seem to get along with OpenAL!

Padman was a popular comic strip in a console gaming magazine. World of Padman started life as an award-winning total-conversion mod for Quake 3. When the Quake 3 engine became open-source, the team behind the mod created a stand-alone World Of Padman game. You can still see evidence of the game engine’s origins - the "Options" screen is exactly the same as Quake 3′, albeit with new artwork.

There’s no single-player mode yet, but if you start a new game server and put bots in it, that will give you a satisfactory match to start you off with.

There’s only one real hitch with this game: I tried joining some games online, but was automatically booted because the server thought my copy of the game was modified. I understand that they want to get rid of cheating, but this is an unaltered copy! Maybe I should apply the patch to bring it up to the latest version.

Anyway, if you even slightly like FPSes, you should really get a copy of this game. It’s about a 500 megabyte download, but the level design and artwork will blow you away even before your own Balloonys do :-)  Spray Your Colour is fun, the weapons are innovative, and it runs well on modest computers. There’s also an avid community out there making new maps based on real rooms in their houses! Definitely worth playing and replaying. Easily the best open-source FPS.

My workmate Linda brought her computer in to work the other day to get help with copying DVDs. There’s basically two things she does with her computer: Receives e-mails, and copies DVDs. She’s got a hacked-up version of Windows XP on there now that’s been heavily modified to look like Vista, and unfortunately it inherits Vista’s speed disadvantage too. Not too pretty on a low-end laptop!

Anyway, she ended off begging me to reinstall Ubuntu on there for copying her DVDs. I guess I’ll do it when I find time, although I’m not happy that Ubuntu is only being used for DVD burning. Her wireless card doesn’t work on Ubuntu Feisty, so I might wait until Hardy comes along and see if it’s supported.

On that same day, my boss had a phone call from an associate, asking whether we could get in anti-virus software. Since my boss knows nothing about computers, he got me to call Ingram Micro and find out.

While I was doing this, I made some sort of remark about "This is a case of the blind leading the blind". Linda asked what I meant by this, and I said "Oh, I’ve never installed anti-virus software before". She was quite amazed, and asked why I didn’t have anti-virus. I’m sure you can guess what the answer was.