God put us here on earth to make history, not to watch history being made.
Revd. Canon Douglas Holt, today.
Making History
6 Nov 2005 12:53 by Rick
Figure this
5 Nov 2005 17:58 by Rick
In the mid 1980’s I bought some small china figurines of dancers. Since then we have collected quite a number of dancers of various sorts but these have always been a puzzle. They were obtained in ones and twos from various local junk, bric-a-brac and antique shops but since then I have never seen one.
My theory is that they were cheap imports sold by someone like Woolworth’s to grace the mantelpieces in parlours of the 1930’s for those that couldn’t afford the Coalport and Royal Doulton figurines (still available).
They have no makers mark but some have a number moulded into the base, sometimes with the word “Foreign”. There are five in my collection viz:—
165mm high round base marked Foreign 8455.
175mm high round base marked 8456. The pink one is also marked Foreign indicating, perhaps, that the mould was later modified.
150mm high oval base with no markings. This may be a separate, smaller series.
150mm high oval base marked 8733.
I rather like them; they are graceful and the hand painting is quite well done, though the facial expressions can be a bit odd. The source of all knowledge on knick-knacks (eBay) doesn’t seem to have come across them. Antiques Roadshow here I come or can anyone tell us anything about them?
If you can’t trust Sony …
1 Nov 2005 15:03 by Rick
I have often had suspicions that Sony spoke with a forked tongue. On the one hand it is a world leader in equipment for recording (professional and domestic, audio and video). On the other hand it is leading the industry DRM campaigns trying to stop people using recording equipment.
Now it seems to be getting into the spyware business; perhaps they are going to start a computer security company as well <GRIN>. This article (Sony, Rootkits and Digital Rights Management Gone Too Far) describes a forensic look at a rooted Windows PC which turned out to have been infected by playing a Sony-BMG audio CD. The built in Media Player, in addition to installing the software to play the content, also installed software which hid itself so you couldn’t see that it was there and disguised itself as a legitimate Windows service. The EULA said “this CD will automatically install a small proprietary software program … to protect the audio files embodied on the CD … until removed or deleted” However no uninstall option was provided. Curiously it requires you to remove the software upon termination of the licence—but you can’t!
This is spyware without a doubt. It violates at least two of the terms of the ASC i.e. “material changes that affect their user experience, privacy, or system security” and “use of their system resources, including what programs are installed on their computers.” It probably falls foul of the Computer Misuse Act 1990 as well (the software is written by a British company.)
Sony-BMG claim, in the EULA, that the CD is red-book compliant which means that it must play as an audio CD on any player. This includes your computer so you should be able to play it without the software. This should be true of any CD that has the logo 
—if not, take them back and claim a refund. (note: the logo is sometimes impressed in the plastic inside the case rather than on the paper inserts visible from the outside. That does not matter).
This reinforces a couple of safety measures that all Windows users should adopt:
- disable autorun so that CD’s don’t automatically install their contents when you insert them. Doing this is tricky for the novice so the best thing is to always hold down the shift key (for quite a while on slow machines) when inserting a CD.
- run your day to day work as a “limited user” so that any malware doesn’t gain admin rights. This is done by creating another account for admin purposes; login to it and remove the admin rights from your everyday account and only use the admin when you have to.
One final warning—if you discover that you have been infected by this, don’t try to remove it unless you know what you are doing, you could make your machine unusable, demand an uninstaller from Sony.
Meanwhile, I will be adding the RootkitRevealer to my toolbox (and looking carefully at any CDs I buy).
ZoneAlarm 6 (Free) is Good
27 Oct 2005 10:46 by Rick
This may not come as a surprise to some people but I seem to have missed out on it. This is what happened. I have been a loyal user of ZoneAlarm through to version 4.5 and recognised it for the best personal firewall around. It was the only one I had seen that put complete control into the hands of the user without making the management incomprehensible to the novice. The only one which really controlled outgoing traffic properly. I was guided in this by well respected commentators such as Steve Gibson and Fred Langa plus many other votes of support far outweighing anything negative. Every machine that I built (and there have been a few over the years), even for the first timer, had it installed.
Then version 5 came along and things seemed to change. The pundits were urging caution and there were rumours of instability. The word went out to hold back before upgrading and let things settle down. That always seems like good advice to me. So I hung onto my last copy of the 4.5 version (4.5.594), switched off automatic notification and continued to install it on new builds. Then everything seemed to go quiet and, before I knew it, version 6 was out. And the story was the same, rumours of instability, hang on until 6.1 etc. Go back to sleep.
Then came the crunch. I was preparing a new laptop for a friend (a rather nice HP 17″ widescreen) and was going through the motions of creating accounts and installing essential software when BANG—a blue screen error. This was one of the very few BSoDs that I had seen on XP, especially since SP2 but fortunately I got the m/c into safe mode and discovered the error log fairly quickly. ZoneAlarm was clearly implicated—some sort of clash with the graphics driver—so I uninstalled ZA and finished the build. [The log is in Start—>Control Panel—>Administrative Tools—>Event Viewer.] Fortunately this machine wasn’t to leave my hands for a couple of weeks so I had time to do some research; find another firewall I thought.
But first, let’s see what ZoneAlarm 6 is like. The stories I had seen indicated that it had grown into a clumsy behemoth trying to do everything (there will probably be a post on this subject sometime) and, in the process, it had made itself intrusive raising alarms and warnings at the slightest cause and doing so in terms that the average user would not understand. I downloaded the freebie and installed it on my desktop, making sure I had a good backup and a copy of the tried and trusted version available. Much to my surprise it was identical to v4.5, even down to the bilious yellow. It was very hard to see the few changes. It now seems to be unable to distinguish between Internet Explorer and Windows Explorer and there are still the same meaningless internal processes but all seems well—and it was still fine a week later so I installed it on the laptop and there were no problems. I have since installed it on the Church Office machine with no ill effects and will do Mary’s laptop soon. Note: it is less traumatic to use the upgrade option rather than the clean install, especially for novice users, else they will get rather too many unexpected alerts.
Conclusion: ZoneAlarm (Free) is still a first class product and is quite stable. I recommend it to all home users. It does exactly what it should do and not much more (switch off things like the eBay password stuff). Just after completing the exercise, Fred Langa clarified his own recommendation saying that it was only the “Pro” version that he had doubts about. Thanks.
SlurpConfirm404 by Yahoo! Slurp
20 Oct 2005 17:48 by Rick
There is an article about this on the St. Buryan community site [link removed, article no longer there]. I had spotted similar strange entries in my logs so now I know what it is all about. Well, actually I don’t but at least it gives me a hook to find out!
What comes down must go up
19 Oct 2005 21:01 by Rick
I have recently had a newsletter from my ISP saying that they are going to upgrade my broadband connection from 1Mb to 4Mb.
When I first bought this service, and I can’t remember when it was now, I got 512Kb download speed and 128Kb upload—and it was wonderful. At last you didn’t need to watch the clock as the telephone bill rose and at last you didn’t have to go and make a cup of tea while fairly ordinary things loaded. Last year they gave us an upgrade to 1Mb and, quite honestly, I hardly noticed. I am not into music or video downloads; yes, the MS monthlies were quicker but no big deal.
As I have already reported, last month I upgraded my hosting package. As a part of that I had to upload the whole lot again which, at the time, was about 60Mb. At 128Kb/sec I was up half the night. Now I am hosting my own search engine which means a regular 10Mb upload with the indexes. Which brings me to the point of this post.
No BY, I am not interested in your marketing exercise to upgrade my download speed. You are only doing it to avoid having to reduce your charges; as a side effect I expect that you are hoping to sell more premium content—pay-per-view video and Virgin music. What we need is a sensible upload speed—Look at it, 4Mb down, 128Kb up; that is silly. Even your premium service is daft—10Mb down and 384Kb up, I don’t think I want to pay double for that.
There are three groups of people (that I can think of) who need a decent upload speed.
- People working from home; things like e-rooms just don’t work properly like this, especially after being squeezed through a VPN.
- People who run their own web site or upload other content to the web. Everyone is encouraged to upload now, even if it is only the holiday photos to Flickr. The Web is all about content, so how do you expect to get it there.
- Those trying to use their home machine as a server.
Now I agree that No. 3 is daft. They are probably not competent and are the source of endless spam and other garbage, but don’t penalise the rest of use for the sake of them. You have other ways to stop abuse.
PHP novice
16 Oct 2005 19:36 by Rick
I have finally got my mailform up and running in the way I would like it. It is surprising how time consuming it is to debug online services like this.
I am not unfamiliar with programming (having done it for near 40 years now) and scripting languages are quite familiar, but there are always subtle differences in new ones to make us yearn for some sort of language standardisation. Neither is it my first sight of PHP as I had to learn quickly to customise this blog. But then it was mainly a matter of copying preformed chunks of code from one place to another.
A lot of the formmail script I have re-written from scratch. The main reasons I wanted to do it are security (the original was rather prone to be abused by DOS [denial of service] fiends and spam merchants) and to make it easier to customise the user visuals.
The other thing which takes a long time is the documentation—a much abused and underrated skill—come back technical writers, you are sorely missed.
The script is now working for my own mail form but some of the features that I don’t use still need testing. It is available to look at, if you are interested, from my mailform page [discontinued]. (there is a zip download at the bottom) No warranty is given or implied but please feed back your experiences.
Many thanks to Joe Lumbroso, the author of Jack’s formmail.php script, and Matt Wright for the CGI script which in turn inspired that one.
Blacklist Madness
12 Oct 2005 18:34 by Rick
I have been losing incoming mail (apologies if you have written to me and I haven’t replied). No mail from Wanadoo has been reaching my west-penwith.org.uk addresses.
Wanadoo, formerly known as Freeserve and soon to become Orange, is one of the largest ISPs in Britain; possibly in Europe as well. Despite its rather poor customer service reputation, it is very popular with low activity users, which is why most of the rest of my family, my church, and many friends use it. I wrote to my hosting company (DotEasy.com) and they said that
Wanadoo’s email server is black listed by spambag.org
The address in question is 193.252.22.157. When I queried this, because I deliberately do not subscribe to their anti-spam service preferring to handle it myself, they said
Doteasy does not use spambag.org
but that
Wanadoo.co.uk is appearing on our external relay blocking list, which includes more than one external spam blocking database. We are unable to “unblock” IP addresses that appear on this list.
I am not sure that I believe them but there is little more that I can do (except walk).
I also wrote to Wanadoo (in my role as Technology Manager for my church) and they said that they are
in contact with several well-recognised blacklisting organisations
but not with the
smaller providers such as Spews who do not provide contact details
(not mentioning Spambag.)
The feature of the blacklist in question is called a backscatter list. Spam often includes forged return addresses. If a mail server rejects the spam, some send a “bounce” to the reply address which ends up at an innocent third party rather than the spammer. This is backscatter and Spambag operates a “shoot first and ask questions later” policy listing whole domains and address ranges.
So where does that leave us—an unaccountable organisation (Spambag, just one guy and his vendetta) working with an unknown infrastructure organisation is blocking legitimate mail between my friends and me. Spambag justifies his actions on the grounds that he is entitled to block whatever he likes from his network and I agree. However he has also taken positive action to make his list available to anyone else and they have implemented it at random and unknown points throughout the internet. This is lunacy.
The real lunacy is that blacklists don’t work at all because the lister cannot keep up with the rapidly moving spammers; much spam comes from compromised user’s machines; blacklists penalise the innocent—they have no, or very little, control over their ISP and are often unaware that there is anything wrong. Blacklists are what has made email an unreliable form of communication and have caused a lot of disillusionment for Joe Public about the internet revolution.
In the mean time, for those who can’t get an email to me, I will put a Form Mail page on here as soon as I can find one written by someone who knows more than how to put two semicolons together.
Filton Airfield
10 Oct 2005 17:56 by Rick
Here are some early photographs that a friend let me scan. They show the airfield before and during WWII. The first is very early, before any building on the East side of the road to Gloucester, and includes the hangers near Charlton village. The next two are a bit later, when the Bristol Flying School were there, and show the “new” administration building over the road. The final one, provided by another friend, is an air reconaissance photograph, possibly German, taken on 5 Dec 1944.
Characters on the web
16:27 by Rick
The web standards require every document to declare what character set it is written in. This is necessary to enable the browser to be able to understand the document and know what to display when presented with any particular code. This requirement is often misunderstood. What if my page needs characters that are not in the set, do I have to specify a different charset? What if I need a wide variety of characters, do I have to get a special editor?
There are three different but related things to understand here; Character Set, Character Encoding and Font.
- The Character Set used on all the web is Unicode (also known as UCS or ISO-10646). This is sufficiently rich to contain the majority of characters required by the languages of the world. However, being so rich, it contains many thousands of characters. If you need characters that are not in this set then you will need to look at other methods such as inline images.
-
The Character Encoding is how the character set is represented in the document sent to the browser. There are a number of encodings designed for various language groups e.g. ISO-8859-1 contains a subset suitable for most Western European languages, ISO-8859-5 for Cyrillic and EUC-JP is suitable for Japanese. Some encodings are compact using a single byte per character others use multiple bytes and are thus able to encode a larger number of characters at the expense of bulkier documents.
BEWARE: Many computer systems (MS Windows and Apple Mac) use non-standard encodings and have characters at positions that cannot be understood by other web users. Particularly watch “smart quotes,” some of the lesser used punctuation and accented characters.
- The Font specifies how the characters look; how the characters are represented on the screen or page. Some are very basic and only allow for a small range of characters, others are quite comprehensive.
The chosen font and the character encoding may not encompass the same subset of characters. To fill this gap, the (X)HTML language allows for Character Entities or References. These can be symbolic e.g. é or —. There is a complete list in Character entity references in HTML 4 and modern browsers recognize most of them. For ones not included in the list, or for acceptance by older browsers, numeric entities can be used e.g. … (ellipsis …). The number refers to the absolute position of the character in the UNICODE set (in decimal or hex).
All of these are in the character set (UNICODE) but it is the responsibility of the author to specify a font which contains all the characters in his document whether as native encodings or as entities AND that the user is going to have that font available. The generic serif and sans-serif fonts generally allow for the widest variety of characters, but not necessarily all.
When choosing a character encoding for your document it is best to chose one that includes the majority of the characters you need natively so that the minimum number of special characters have to be represented by entities and also to chose one that is supported by the editor that you use to create the document.
Confusingly, this encoding is specified by the server to the browser using the charset value in the HTTP headers e.g.
Content-Type: text/html; charset=ISO-8859-1
This can often be set by adjusting the .htaccess file on the server (with Apache) but if that is not possible then you will need to include a meta tag very early in the data stream of every document (before any content that requires encoding) e.g.
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />
<title …
More detail about all this can be found at HTML Document Representation.
Webmaster