Looks like he got hit with an issue in User Profiles Enhancements for WS2003/XP, namely that the local guest account is deleted on logoff when the computer is part of a domain (it used to always be deleted). Was the laptop part of a domain? Can he recover those lost files? The likelehood is that he logged back in again as the guest user, scribbling enough information back onto the hard drive to lose the files forever.
I laughed, I cried, I really should write one…
Bruce Schneier, who has written several very good books on the topic of security has announced the Movie-Plot Threat Contest, entries due by the end of April 2006, it’s purpose is to have people come up with the most unlikely, yet plausible, terrorist attack scenario they can.
Dermot, are you listening? You should try it. But not if you are too busy organising the wedding.
Fascinating data
Details from the 2000 census, in a map format. You can poke thing where you are living…
Japanese Gift Giving
This week’s Josh in Japan discusses Gift Giving in Japan. It’s an interesting topic, especially the ‘never refuse‘ principle – refusing a gift is considered rude.
Primum non Nocere (linkfest)
One of the links for The Best of Software Writing II linkfest is to an article entitled ‘Primum non Nocere‘, or First, do no wrong. It’s an important principle that should be followed when writing software. On the non paranoia side of things we have the 10 places you must and must not use AJAX, which is a good consideration of appropriate cross cutting of client/server interaction. There’s the ‘Fractal nature of UI design problems‘, where I’ve reached step 5 in the problem being addressed before just saying ‘good enough’. How I came to despise AJAX, part of a long rant that I’ve experienced myself. Does Visual Studio rot the mind? I’m a vim user. Why I hate Frameworks – an argument against complicated frameworks. Simple ones for me thanks.
Bit of a linkstravaganza really.
finally Brian sends out an email without a 5Mb attachment
Brian has this habit of sending out emails with a bunch of attached pictures/embedded power point presentation/something using up lots of bandwidth.
Finally an email that only weighs in at 5k (damned html email). It contains a link to pictures. Now if only he would not have his website in a notes database. It just makes me cringe when I see it. It’s so… wrong. There’s no other word for it.
music.podshow.com – id3 tag suggestions
There’s a little message in the middle of Adam Curry’s Daily Source Code, from a man in Greece about dynamically adding ID3 tags to the file just prior to downloading. I just remembered that Version 2 id3 tags are put at the beginning of the file. All you need to know is how long the tag is, add it to the content-length for the download and the feed the tag out before the file. Adam’s idea of the golden ticket is doable without too much processor overhead.
Theoretically, you can embed ID tags into mp3 files once they are out of frame. The property of the tag is that it appears as junk for non-supporting applications. Embedding audio bumpers at the start and finish is trivial (you may need to eat a v1.1 tag at the end of the file).
Other trivial pieces of information I discovered today – WiFi is a pun-term of HiFi, and doesn’t stand for Wireless Fidelity, it was simply the name that the ad execs came up with when asked (as 802.11 doesn’t have a ring to it). [via The old new thing]
[Listening to: Untitled 4 – Sigur Rós – ( ) (7:33)]
There were vehicular commitments
I was driving this evening from Cork back to Kerry, so I was unwilling to participate in the drinking of many, many pints. While heading for the car at about 10.30 in the evening I noticed a few very unsteady people, but it didn’t remind me of the worst excesses of previous years. It was bitterly cold, which probably kept people indoors and out of trouble. Pubs haven’t let out yet, so the storm is probably on the way.
Marmalade Pudding
Medium Pudding Mixture:
- 4oz. Margarine
- 4oz. Sugar
- 2 Tablesp. Water
- 6oz. self-raising flour
- 2 eggs
- 1/4 Teasp. salt
- Flavouring
Method:
cream fat and sugar, beat in the whisked eggs, stir in the flour and salt with added water, Steam or bake.
For Marmalade Pudding:
Add one large tablesp. of marmalade to the foundation mixture. Steam and serve with Marmalade sauce.
To Steam:
-
- use a steamer over a pan of boiling water.
- Have a well fitting lid.
- Keep water boiling and steaming all the time
-
- Place the pudding basin in a saucepan with boiling water.
- Water should come half way up the sides of the basin
- Keep the water boiling, and as it boils away, fill up with
boiling water, but do not wet the top of the pudding
- Steam in a pressure cooker, according to instructions.
Time for steaming is about 1.5 hours for a pudding made from 6-8oz. flour.
Turning out: A light pudding breaks easily, so loosen it gently from the sides of the basin with a flexible round-ended blade, which should be pressed against the side of the basin, not the pudding.
When loose, cover the basin with a hot dish and invert quickly.
A good pudding may be marred by careless serving and enhanced by dainty dishing.
To Bake:
Use a pie dish, cake tin, soufflé tin, fireproof dish, ring mould, small moulds or deep bun tins.
Grease well.
Line the base of any flat-bottomed tin so that pudding will turn out easily.
Bake in a moderate oven (350f or No. 4)
Small moulds may be baked at a slightly higher temperature than large ones.
Time required: 30-40 minutes for large and 15-20 for small moulds.
I had a nightmare last night
It started out quite simply. I was with a few friends in an internet café just shooting the breeze when I noticed this perceptual shiver run through all the people there. When I asked what was going on nobody was talking. Finaly I convinced one of my friends to tell me and he informed me that one of the folks from the data retention section of the Gardaí was here to install the recording software for the shop.
This was in foot of the new legislation that had been introduced for the storage of all internet communications for an arbitrary time. Every bit was being recorded just in case it needed to be checked at a later time for terrorist activities.
This nightmare took a strange turn when I examined the data gathering software. It was performing a simple data dump of everything that was passing through. Because of the vast quantity of data, nothing was being done to ensure that it could not be tampered with by anyone should they have access to the data. At a later point one of my friends found himself in court facing a criminal charge of conspiracy to commit murder based on the content of one of the logs that had been recorded.
It’s scary, but it is possible for it to happen. The question beomes how do we ensure the integrity of the data that is in the recording? If you wanted to prevent accidental tampering with the data, then using some form of checksum on individual blocks of data would provide for that, however a malicious tamperer could simply alter the checksum for the given blocks to prevent their detection. Based on the quantity of information being gathered, you could chain the checksums. Initialize the first block to some random piece of information. checksum it. For the next checksum initialize it from the content of the previous checksum. The principle is used in various encryption systems (Cipher Block Chaining). If you wish to tamper with the data in-stream you need to alter the checksum from the point of alteration to the end of the recording.
As simulteneously you have a program continually writing new blocks of information to the storage device, you would need to either (a) insinuate a program that would alter the checksums as they are written to the device, or (b) interfere with the recording program to possess the new checksum just prior to the next write to the device, thereby having it perform the updating for you.
Both techniques are not impossible to perform, in fact the first is downright trivial. The only way of bypassing this sort of tampering is to ensure that the recording device is isolated in some way from the data that it is recording.
For this purpose, it would need to be a specially assembled recording device which possesses two fail-hot network interfaces as it’s only method of communication to the outside world. A fail-hot network interface pair is one that when the power is removed simply keeps the network traffic passing through without interruption.
Secondly it would just record the data, it would have no interpretation capabilities. The reason for this is to remove any chance that it could be subverted through maliciously formed network packets.
The box should be tamper-evident. by having this facility, any efforts to extract the data through physical manipulation of the recording device would be easily noticed, thus rendering the data recorded inadmissable in a court. Tampering with the device would be a criminal offence.
The device would need to be regularly inspected, hot-swapping new devices for old ones so the data recording could carry on uninterrupted.