geeky

The Latest Stupidity From The Internet Explorer Team

Have you seen the latest stupidity that the Windows Internet Explorer team have come up with? Ten Grand Is Buried Here.

The idea is that they encourage you to give up whatever browser you’re using (assuming it’s not Internet Explorer 8), calling it names (like “old Firefox” if you’re using Firefox, “boring Safari” if you’re using Safari, “tarnished Chrome” if you’re using Chrome, and… “that browser” if you’re using Opera) and upgrade to Internet Explorer 8, and they’ll be giving out clues on their Twitter feed about some secret website that’ll only work in IE8 at which you can register and win $10,000AUS (yes, this is an Australian competition).

After looking at the site in Firefox, Safari, Chrome, and Opera, I thought I’d give it a go in Internet Explorer 8. But it didn’t work – it mis-detected my installation of IE8 as being IE7 (no, I didn’t have Compatability Mode on).

In the end, though, I just used User Agent Switcher to make my copy of Firefox pretend to be Internet Explorer 8. Then it worked. So basically, all that I’ve learned is that Firefox does a better job of everything that Internet Explorer does, including viewing websites designed to only work in Internet Explorer. Good work, Microsoft. Have a slow clap.

Zero Punctuation Reviews Duke Nukem Forever

And it’s a work of art. Go watch it.

What’s A Cripple Been Up To?

I’m sick of hobbling round on a crutch. Sure, it was an interesting novelty for the first couple of days, even despite the fact that I got almost no sympathy from folks (and, to be fair, I deserved none – what kind of idiot cripples himself while chasing after cake?). But now I’m just sick of it. Today, two weeks after my tumble, is the first day that I’m walking around outdoors without a crutch (and without being in pain). I still need a little bit of help from one when going up or down slopes (but not stairs), so I’m still carrying my happy little aluminium pole around with me, but I’m able to support my entire weight with either foot once more, so that’s a big step forward.

Helped out with Aberystwyth Samaritans fundraising event at Varsity, although as I wasn’t quite up to walking around on my bad foot I wasn’t able to go around shaking buckets, but I did end up with “24:7” face-painted on my forehead, and apparently a decent sum of money was raised by the event, so not all bad.

I bought myself an EeePC 1000 this last week, too. I’ve never had a very good relationship with laptops, but I felt that it was probably time to give one another go, and in particular I wanted something small, light, cool, and quiet, with a fabulous battery life, so the Eee 1000 it had to be. I’ve been really very, very impressed with it so far (at least, having stripped off the silly OS that came on it and replaced it with Eeebuntu). I’ll try to find time to write more about it in due course.

The only other little bit of excitement for me, apart from being nicknamed “Hobbles” by just about everybody down here, was seeing the new Star Trek film at the Commodore last night. And while I thought the story was compelling and well-written and that the film was pitched right for a new generation of Star Trek fans, I can’t help but take issue at the artistic choices made by the director and by the special effects team. For example, whose clever idea was it that to show the vast, empty, hostility of space, the best way to shoot was entirely in close-ups? I’m pretty sure the only wide shot in the entire film is of the Academy! And what’s with all the lens effects? Barely a scene goes by without some digitally-added bloom or glare or lens flare. They were cute to begin with, when we’re panning across the bridge of the Enterprise in all it’s “this is what the inside of your iMac looks like” glory, but by the seventh or eighth time, it’s easy to get sick of. All in all, it’s a mediocre to good Star Trek film, not worthy in my mind of all the hype it’s attracting.

Is Cardiff Still Amazing?

If you’re planning to come to Cardiff Is Amazing next month, there’s some information on the website.

What do you mean, there’s not much information on it? That’s because you haven’t typed it yet! Get on with it, then!

Sleepless? Priceless!

Time for this iteration of a software project: 4 months
Time left after the client changed their mind about the “must have” requirements: 2 months
Amount of sleep within the last 40+ hours: 4 hours
Number of JOIN clauses in an eleventh-hour SQL statement that suddenly fixes everything: 12 (LEFTies, RIGHTies, INNERs… and also a UNION)
Time internal deadline missed by: 55 minutes… which isn’t actually that bad, considering everything that went wrong in the 55 minutes before them
Money earned: nil
Feeling after delivery complete: priceless*.

* also: knackered – guess I’d better get some sleep!

What Does This Bug Report Mean?

A bug report just came in from a client I’m responsible for at work. It reads:

…Main menu – home page – The ‘g’ of outstanding debts is permanently underlined.
Correct.

I’m not even sure what this message means. It looks like the client is telling me that the letter ‘g’ at the end of the word “outstanding”, which appears in the main menu of the software I’ve been writing for him, is underlined. I’m pretty clear on this bit of his message (although I’m as-yet unable to get the same effect on my own computer). What I want to know is, what does he want?

Is he saying that the letter ‘g’ is underlined but that it shouldn’t be? Or that it’s correct that it’s underlined (in which case, why is he filing a bug report?). Or is he asking, in a convoluted way, for it to be made to be permanently underlined (in which case: why – it doesn’t seem to make any sense?).

What a great start to the New Year’s work.

HttpOnly Session Cookies using ActiveRecordStore in Rails 2.2

If you’re using CookieStore to manage sessions in your Ruby on Rails application, Rails 2.2 provides the great feature that you’re now able to use HTTPOnly cookies. These are a great benefit because, for compatible web browsers, they dramatically reduce the risk of a Cross Site Scripting (XSS) attack being able to be used to hijack your users’ sessions, which is particularly important on sites displaying user-generated content. You simply have to adjust your environment.rb file with something like:

config.action_controller.session = {
:session_key => ‘_session_id’,
:session_http_only => true,
:secret => ‘your-secret’
}
config.action_controller.session_store = :cookie_store

Unfortunately, the Rails developers didn’t see fit to extend HTTPOnly cookies to those of us using ActiveRecordStore, where the XSS risk is still just as real. To fill this gap, I’ve produced a very simple and only slightly-hackish plugin which overrides the functionality of Rails’ CGI::Cookie to force all cookies produced by Rails to be HTTPOnly, regardless of the session store being used.

To use it, download this file and extract it into your application’s vendor/plugins directory, and restart your application server. You can test that it’s working using Tamper Data, FireCookie, or whatever your favourite cookie sniffing tool is.

The Fife Diet from Kamikaze Cookery

I’ve been following Kamikaze Cookery (three geeks doing cookery… with science!) for a while now, and it’s got some real potential, but what really sold me on it was their recent series on the Fife diet (yeah, I know, it’s been out for ages, but I’ve been busy so my RSS reader’s been brim-full and I only just got around to watching it).

If you haven’t come across Kamikaze Cookery before, The Fife Diet videos are a great place to start.

‘Nena’ – Christmas Comes Early For Dan

I thought I’d say a little bit about my new home desktop computer, because it occurs to me that I hadn’t said anything about it yet.

Dualitoo, my PC of the last few years, kicked the bucket on Friday a few weeks back, at a most inopportune time – I was due to write heaps of code over the weekend as part of a dangerously-close-to-overrunning project. But, as Rory said, ’tis the season of hardware failure, and with Ruth‘s laptop dying a death and Paul‘s overheating problems, I should have expected that maybe my turn would be next.

It’s probably no coincidence that it died the very next day after the storage heaters in The Cottage came on for the winter, one of which was directly behind the poor box. When it failed to turn on (fans spun, but no keyboard lights, monitor output, or even beep-codes), I started swapping out components for spares (many of them not “spares” so much as “parts of Claire‘s PC”). Power supply was the first thing to try, because in always-on boxes in a dusty environment, they’re usually the first thing to go. After it turned out that the PSU was fine, it was on to the expansion cards, then the RAM, and so on (I’d already disconnected all the IDE/SATA devices just to free up room in the case in which to wave my huge hands around).

Sadly, it turned out that malfunction was in pretty much the worst place it could be: either the processor or the motherboard, and – not having a spare of either that would be compatible with the other, I had to write off both. This left me with a defective computer requiring significant repair right before what was supposed to be a busy weekend of code.

On Saturday morning, I resolved to fix the problem – I couldn’t afford the downtime not to! – and so, not wishing to lose further time waiting for delivery of mail-order components, I decided to see what Aberystwyth could supply me with “over the counter.”

I dropped into Crosswood Computers, on Chalybeate Street, first, and stated my unusual requirements. I needed, as economically as possible:

An ATX motherboard and a processor at least as powerful as that which had died (Intel Core 2 Duo, 2.4GHz) – I didn’t want to feel like I was paying for a downgrade
With two IDE ports: my old board had four IDE devices attached to it, as well as one SATA hard drive – unless I was to ditch some of these I’d need two IDE ports on the motherboard, which is getting hard to find in this age of SATA
And a stack of features that are commonplace: 4 DDR2 slots, PCI-E (don’t require SLI or CrossFire-compatability, I guess: I never got round to using the SLI on my old board so I probably wouldn’t on my new one), onboard LAN, etc. – I still had perfectly good RAM, an aging-but-still-workable graphics card and so on that I’d like to still be able to use!

Crosswood were able to find me one – yes, just one – board and processor that fit the bill: that dual-IDE request is hard to meet. It’d have cost me about £140, which is more than I was comfortable paying for the hardware in question, which was – in the end – pretty much identical to that which had broken. I wouldn’t mind paying that kind of money if I felt like I was getting an upgrade, but to pay that just to “get running again” (plus, of course, all the hassle of un-mounting and re-mounting a motherboard, moving around all those stupid little brass screws, etc.) felt like a bad move.

Before having to rethink things, I thought I’d try what is Aberystwyth’s just-about-only-other computer shop, Daton (can’t link to their actual domain name because they’ve let it expire and it’s now an ad farm). I’ve always had mixed experiences with Daton – they’ve surprised me with bargain computer bits before, but they’ve also managed to unimpress me: for example, with the network cabling they half-heartedly lay at my old workplace. My conversation there on this day could be summarised thusly:

Dan: Hi, I wonder if you can help me. I’m looking to buy a motherboard and a processor for it: ATX form factor… either Intel or AMD – I’m architecture-agnostic these days… but crucially, it must have two IDE ports.

Daton Woman: Uh. Hang on. /goes into back and repeats everything I’ve said to Daton Man, then returns/ You’ll probably have to bring your computer in.

Dan: No, there’s really no need. I just need to buy a motherboard and processor from you. What do you have in stock?

Daton Woman: Well, we’d really need to be able to see your PC to know what’s wrong with it…

Dan: I don’t need you to tell me what’s wrong with it. I know what’s wrong with it. That’s why I’m asking for a motherboard and processor. Now can you sell me some, or should I shop elsewhere?

Daton Woman: …and we’ll have to order the parts in to repair it.

Dan: /sighs and leaves/

I trekked back to Crosswood, and on the way, I spoke to my mum on the phone – it’s come to that time of year when I call her up to hunt for tips on what my sisters are “into” these days, so I have a clue as to what they might like for Christmas. While talking to her, I mentioned the fun and games I was having with my computer problems. “Would you like some computer parts as an early Christmas present?” she asked. Suddenly my options were expanded.

By the end of Saturday, I’d built Nena, my new desktop PC. She carries on the hard drives from Dualitoo, alongside the RAM and – of course – the peripherals, but the rest is all new. She’s running an amazingly cool-running Intel Core 2 Quad Q6660 (2.4GHz quad-core) on an Intel-chipset motherboard from ECS. I got myself a new graphics card (a sexy-as-fuck Nvidia GeForce 9800 GT), too, replaced my two IDE optical drives with a shiny new high-speed SATA dual-layer DVD rewriter, and gave myself an extra 750GB of hard drive space (taking me up to 1.25TB – plenty for films and games and whatnot) with an extra hard drive. She makes light work of Far Cry 2, Left 4 Dead, Fallout 3 and Call of Duty: World at War, which is nice, because I might find time for more than a half-hour game of one of these ace games someday when I’m less busy… although by that time, my system’ll probably be out of date again.

Nena, of course, fits in with my current home computer naming scheme of “female one-hit wonders,” joining Tiffany in our living room.

What have I learned from the whole experience? Well, I’ve learned that:

It’s perfectly possible to get hold of all kinds of great computer components at short notice, even in Aberystwyth, and doing so only cost me about 3% more than I’d have expected to have paid online, and got me the goods instantly.
However, amazingly, nowhere in town could supply me with a case, so I had to loot one from my employer, SmartData, who had a spare (I couldn’t be bothered stripping down Dualitoo‘s case only to have to spend the next half hour removing and moving all those annoying brass screws: plus; her power button was dodgy).
I should have ditched my aging IDE optical devices long ago.
There’s a huge difference between an Nvidia 7-series and an Nvidia 9-series, and it blows your socks off.
Daton Computers don’t trust their customers enough to sell them what they’re asking for.
Crosswood Computers provide sound, helpful advice, and – if you’re friendly and buy enough stuff from them – are more than happy to “throw in” cables and adapters as freebies (I realised that I’d need SATA power adapters and data cables, one of those PSU 6-pin adapters you need for powered graphics cards if your PSU doesn’t already have one, and so on), which the chap at Crosswood was happy to just give me without charge, even though I didn’t buy the PSU from him in the first case.
The quad-core Intel processors actually seem to run colder than the dual-core ones.
My mum is ace.

OMG Child Pr0n (or is it?)

What a mess this is turning into! I am of course referring to the UK-wide internet censorship of a Wikipedia page (the one about the Scorpions album, Virgin Killer – if that last link doesn’t work, you’re among those affected).

The thinking is, according to the Internet Watch Foundation, that the cover of the 1976 album constitues child pornography and therefore we all need to be protected from it. It’s all a little controversial, though, because they’re not suggesting that Amazon US be blocked, for example.

But the worst of it is the amount of news exposure it’s generating is actually drawing traffic to the banned content. I wouldn’t ever have seen the album cover if it weren’t for the ban, for example, after which I realised how trivial it is to see the offending Wikipedia page. And that without the offending content appearing in a Wikinews article about the ban!

It’s hard to justify this kind of policing. In accordance with Wikipedia’s own policies, it is not a creator of content so much as a distributor: it takes content that is already “out there” and, in theory at least, legal, and disseminates it in an approachable form.

I’ll be interested to see how this plays out.

Environmental Awareness and Yes, I’m Still Busy

The Technium‘s just hosted a seminar on environmental awareness. Walking past the conference room a few minutes ago, I noticed that the folks running the event had managed to leave running the projector and all of the lights, despite the fact that it had ended some time ago. Ah, the irony.

Went to a céilidh at the Morlan Centre last night with Ruth (as my date and – generally – dancing partner) and Sarah (who had a few words of her own to say about the event), and had a fabulous time: lots of dancing around in complex and silly ways, forgetting which partner I’m supposed to link arms with next at any given time and eating lots of cake. Also, lots of failing to win at the tombola. I can’t remember how to make binomial theorem work, but I’m pretty sure my odds of winning at least one prize when one in five tickets is a winner, if I buy ten tickets, should be reasonable, right? If anybody else can work out the odds and explain it in a way that I’d understand, bearing in mind that I haven’t done any real maths in years, that’d be cool. I could re-learn, but I don’t have time (nor a calculator with a “P” button!).

What else? Matt P, Ele and Helen visited town, which was nice; my main desktop PC, Dualitoo, broke down in a horrible way, which wasn’t so nice; and I built a new desktop PC, Nena. All of this has been responsible for putting me back a few days further in my already cramped schedule of volunteer coding for the next month, but a meeting I had last week has re-filled me with faith that Things Will Get Less Hectic [TM]. That’s my mantra right now: I’m seriously looking forward to having more time in my life for the important stuff like video games and hanging out with people. Someday, someday.

Fibre Optics Are Cool

See:

This is how I like my downloads to look.

Games I Have Been Playing Recently

There’s a couple of computer games I’ve played recently that I thought I’d share with you so that you, too, can go play them and waste all your free time (hopefully you’ve got more free time than I do to be wasted!).

RUCKINGENUR II

Free (as in beer) to download and play – download it here. Windows only (requires the .NET framework), although there’s talk of a Linux port using Mono.

A self-confessed “game for engineers.” If you ever played Uplink and thought “Hmm, this is good, but I’d rather be hacking hardware, not software,” then you really ought to give it a try. Ruckingenur II is a hardware hacking simulator: in it’s four missions you’ll be determining the code of an electronic door lock, reprogramming a thumbprint scanner to accept your print, breaking the code of a (rather trivial) radio scrambling system, and defusing a tamper-proof bomb. It’s all about interpreting the circuitry and analysing signals, rather than simply bridging circuits, as would be so much easier in so many of the missions. Presumably your boss spent all of the money on the universal combined multi-meter/serial port analyser/debugger and didn’t have any budget left to get you a soldering iron and a half-dozen lengths of wire. Ah well.

It’s only short. I got through all four missions in about 20 minutes, and I could probably have done it quicker if I hadn’t kept detonating the bomb at the end: the very first thing I did was to examine the circuit (while the clock is ticking), correctly analyse which wire carried the signal to the expolosive, and send a quick pulse down that line, confirming my suspicions by blowing my face off.

Give it a go and let me know how you get on, fellow geeks.

SPORE

The other game that’s consumed any of my time of late – by which I mean, of course, all of the free time I can find – is Maxis’s hot new title Spore.

In case you’ve been living in a cave for the last few years, Spore is the result of a collaboration between Will Wright (co-founder of Maxis, inventor of SimCity, The Sims, etc.) and Soren Johnson (right-hand man to Sid Meier during the development of Civilization III and Civilization IV), it’s has been described as “the ultimate God game,” and as “SimEverything.”

During the game, you’ll help a species progress from being a tiny plankton-like creature living in a drop of water all the way up to being a galactic empire spanning many star systems. The concept of “evolution” touted in the game isn’t really accurate, though, and what you’re actually doing – tweaking your species a little each generation towards your own goals, rather than having the most successful genetic code reflected in the next generation – is closer to intelligent design than anything that any evolutionist would approve of.

Unfortunately, as its Zero Puncuation review gives away, most of the fun of the game is shunted towards the Space Phase, the last of the five phases of the game (the others being Cell, Creature, Tribal, and Civilization), and it makes the rest of the game seem a little short by comparison (note that I disagree with the statement in the Zero Puncuation review about carnivore-superiority: my first space-faring race had no problem with befriending and converting other creatures, tribes and civilizations all the way). The Space stage, however, really shines.

Spore is an amazing achievement, and it’s continues to be fresh and surprising to play (thanks, in part, to the enormous scope of it’s in-game galaxy, but more thanks to the fact that Spore “swaps” your creatures and other content with other players around the world), so I’d recommend you give it a go if you haven’t already. It’s a real shame that the DRM is so fucked-up, because Maxis have just set themselves up for Spore to be the most-pirated game in history (after all, the pirated copy is now better than the legitimate one). Nonetheless, it’s worth getting hold of a copy by one means or another just so you can see what the fuss is all about.

Oh, and here’s one of my species, a Gliblander, stood next to the species’ interstellar spacecraft, the Dirty Beast.

SSL Client Certificate Authentication In Ruby On Rails

I’ve been playing with using client-side SSL certificates (installed into your web browser) as a means to authenticate against a Ruby on Rails-powered application. This subject is geeky and of limited interest even to the people who read this blog (with the possible exception of Ruth, who may find herself doing exactly this as part of her Masters dissertation), so rather than write about it all here, I’ve written a howto/article: SSL Client Certificate Authentication In Ruby On Rails. If you’re at all interested in the topic, you’re welcome to have a read and give me any feedback.

ICANN Invent A Whole Universe Of Mess

In case you hadn’t heard/didn’t care, ICANN have authorised the creation of arbitrary privately-controlled top-level domains. So what does this mean?

Well, the happy hippy theory fun about it all is that suddenly there’s the capacity for pretty much anybody (well, anybody with a particularly deep wallet, and – for now – a demonstrable business plan) to set up their own top-level domain. A top-level domain is the bit at the end of a domain name, like .com, .net, or .org. The idea is that this will increase the number of providers from whom you, as a consumer, can choose to purchase your domain from, as well as giving you more choice – someday, I’ll probably get the opportunity to buy dan.q, for example, or scatman.dan.

Of course, it’ll take a long, long time before people start understanding that these things really are domain names. There’s still a certain stigma attached to not being a .com, because many web users will guess the dot-com domain names first. The success of the “no www.” campaign has been hampered mostly because people do think, in general, that web site addresses have to start with www. and have to end with .com, .co.uk, or another one of a handful of extensions they’re familiar with. If Jo Public sees e.mail written on an advertisement without (or perhaps even with) a http://, www., or both, in front of it, they won’t have a clue that what they’re looking at is a domain name. And how often do you actually use a .biz or a .mobi, and they’ve been around for a while now?

A bigger problem, though, is the capacity for phishing attacks. Apart from their ability to sue my arse off, what’s to stop me becoming the registrar for .microsoft, .paypal, or .natwest. If I sent a large spam attack out suggesting that people get a critical update from https://www.windowsupdate.microsoft/, I’ll bet that at least 50% of the people who click the link will go on to download whatever malware I want them to and become part of my zombie network.

It’ll only take one such event – and perhaps less – for ICANN to start being very, very careful about who it gives top-level domains to. And with all of the applications they could potentially get, they’ll quickly get bogged down in administering the top-level domain system. There’ll be backlogs of months or even years on new top-level domains, a lack of trust of them, and people will still continue to play with .coms for decades to come.

It’ll all work out in the end, I’m sure (although I anticipate a punch-up between ICANN and New.net – which ICANN will win, of course – in the near future). But I’m just not sure we should be letting the unwashed masses loose on their own TLDs quite yet.