2003: the rot sets in

31st December 2003

Hello, good morning, yes. I know, it’s been a while. How are you and your lovely family? No, I’m not a corpse thank you. Though I am beginning to smell somewhat.

As you can probably tell from the lamentable lack of loggery, I’ve been stupidly busy recently. But I thought I’d better sneak one last update in before I go off on one for a few days.

So what’s been going on? Well, hmm, a bit of work (for example), some wandering around miscellaneous countries, a lot of failing to keep up with e-mail (hard enough even without the quantity of spam and mail worms reaching over 1,000 a day), and a fair amount of coding and that sort of thing. You know, the usual gubbins that tedious computer people like me get up to.

Thanks for asking.

Anyway, the coding-related stuff that has made its way onto the site recently are new releases of pxdom (0.9) and the pxtl package (1.2: the last one there’ll be until the ‘optimised implementation’ becomes available. Hopefully that won’t be long, as pxtl.optimised compiled its first template earlier today). Plus there’s a quick-hack Python IMAP/POP-before-SMTP script which might conceivably be useful to someone.

Unfortunately the parasites stuff hasn’t yet been updated, which means it’s a bit out-of-date, what with the incredible volume of nasty stuff released recently. Most of it from CoolWebSearch, natch. Expect an update next week, with a couple of dozen new parasites. On the other hand, there is some good news, as UCmore have now sworn off stealth-installation and fixed the privacy problems of previous versions. I don’t consider the new version parasitic, and am glad to be able to remove them from the list. Good show, chaps!

(That’s two down, a hundred to go, folks. Hmm. Could take a while.)

Back on DOM-related stuff, Uche Ogbuji’s always-useful column at xml.com gives a good description of pxdom this month.

Unfortunately the progress of W3C’s DOM Level 3 standard (which pxdom follows closely like a Slashdot-dating stalker) has already made the examples in the article obsolete! In the new Candidate Recommendation, and in pxdom 0.9, DOMImplementation.createDOMParser is renamed to DOMImplementation.createLSParser, and instead of Document.saveXML() you have to use DOMImplementation.createDOMSerializer().writeToString(document) (yikes).

To be honest, you’re probably best off using the non-standard shortcuts pxdom.parse, pxdom.parseString and Node.pxdomContent to parse and serialise for the moment, because it is entirely possible W3C will change things again before DOM Level 3 LS becomes a final Recommendation. We’re hoping for a Proposed Recommendation soon, which should calm things down a bit; I expect to release pxdom 1.0 [final] to coincide with this.

Oh, and to respond to the rumination “I wonder whether such a mix of text and Unicode objects adds unnecessary complications”: actually, no, it has surprisingly little impact on pxdom; this is one place where Python’s strategy of allowing byte and unicode strings to mix freely works really easily. It also allows pxdom to be compatible as far back as creaky old Unicodeless Python 1.5.2, for the poor suckers still stuck on nasty old RedHat hosts.

On the other hand, I must confess that dealing with the difference between byte and Unicode strings in the pxtl package is a really big pain in the bottom. Hope that helps!

In other catching-up-with-mentions-on-other-sites news, SitePoint features a snazzy* smooth-scrolling script by Stuart Langridge that makes internal links in web pages look nice.

Of course I’m really obliged to mention it because it accuses me of marvellousness (fooles!) but there are a few comments to be made on it too:

• It is a shame that it only works when the anchor points are written as <a name="...">; of course all the cool kids* are using XHTML-Strict and <anyElement id="..."> these days.

  This can easily be remedied with a quick patch just before the Now loop all A tags comment:

  var destinationLink= document.getElementById(anchor);
if (destinationLink==null) {
  // Now loop all A tags until we find one with that name
  var allLinks = document.getElementsByTagName('a');
  for (same loop body as before)...
}

• The “it doesn’t work in Konqueror” problem is probably caused by this code in ss_addEvent:

  if (elm.addEventListener){
  elm.addEventListener(evType, fn, useCapture);

  The problem is that Konqueror (at least versions earlier than KDE3; I’m not at my KDE setup right now to check if they fixed it) supplies DOM Level 2 Events methods, but they don’t work. So just sniffing for the method is not good enough. Instead one should use the method DOMImplementation.hasFeature('Events', '2.0') to check whether the browser does actually claim to support it.

• In Opera 7.2’s DOM Level 2 Events implementation, the window object is not an EventTarget so can’t have addEventListener('load') called on it even though window.onload works fine. This is a bit annoying but to be fair the standards have nothing to say on the window object so Opera cannot be said to be wrong.

  Opera can use the load event on Document instead, but this doesn’t work in Mozilloid browsers. I should probably draw up a table of the different ways to trap ‘document loaded’ on various browsers as this is a bit annoying.

  In any case, Opera 7.2 also emulates IE’s non-standard events interface, so the script still works.

(In another random Events datapoint, Opera 7.2 will not call a capturing event listener for events on the target itself, only on its children. Mozilla will; however I believe Opera’s interpretation of spec is the correct one.)

Oh, that’s enough tedious DOM rubbish for now. I’m off to go get rat-arsed and slither down a mountain on planks for a bit. Have a decent end of the year, you lot, as well. Don’t let the crappy enforced-jollity get you down eh?

18th August 2003

I’m surprised and slightly scared that Paul Hammond even remembered the drunken gibberish I had to say about what browsers do with ‘onclick’, let alone paid heed. His testing, however, is enlightening. Just to add a datapoint: Konqueror, too, generates a click event when Enter is pressed, leaving IE/Mac as the only problem browser. (As it always seems to be, when JavaScript is involved. Curses.)

The letter of the specification for DOM Level 2 Events seems to me to say that browsers shouldn’t generate click events for keyboard activation (and that one should use the DOMActivate event as a general-purpose event for mouse, keyboard or other activation, instead).

Philippe disagrees, however (for unspecified reasons). And of course no HTML* user agent supports the ‘UIEvents’ feature anyway. (The latest beta of Opera claims to, but is lying.)

So, I’d stick with click. If keyboard navigation on IE/Mac is important, one could try to detect keypress events for Enter being pressed. But that’s a bit annoying and crap in general.

(When Paul and I are in different countries we can converse only by blog entry, you see. Sorry if the above bored you. But then if you come to and.doxdesk.com and don’t expect to be bored, you haven’t really been paying attention.)

Just a quick parasite update today: IETray, and new variants of BookedSpace (BS2) and MagicControl (Winmgts).

I realise that as a Brit in Japan I ought to be coming up with amusing Wacky Japanese Things to blog. Unfortunately as I’m in full-on spodding mode, I haven’t really had time to go do Culture or anything, sorry.

I have, however, discovered two rather unpleasant facets of Japanese life. Firstly, there is abortion — quite a lot of it.

Turns out the Pill, amazingly legalised only a few years ago, is still not widespread, with abortion taking up the slack. And apparently a major reason why the government resisted legalisation for so long was persuasion from an “abortion industry” of doctors who profit from the expensive operation.

(I thought I was being bullshitted about this, but no, apparently it’s a widely-accepted allegation, mentioned for example here.)

Me, I tend toward the liberal side on the issue of abortion, but the idea of an industry group actively promoting the use of abortion is horrific. What next, a nationwide advertising campaign?

Aside: other interesting abortion-related weirdness.

Secondly... despite the high availability of modern broadband links (of various flavours) at speeds way in excess of the pitiful, overpriced rubbish we are used to in the UK, the landline telephone system won’t let you use tone dialling unless you pay a special extra fee. So 12 megabit-per-second ADSL and bloody pulse dialling go down the same line. NTT are crazy.

The Mimi Ball retails at 350 yen, so I’ll assume you don’t know how much a yen is worth, and offer to send you one for a tenner. (Ha! Move over J-List, I win!)

13th August 2003

Quick, I’ll just get the updates list out of the way so I can rant for a bit. I’ve released the reference implementation of PXTL, and updated the language specification with some useful new stuff like a tutorial. Like Python? Like XML? Like templating? Then you’re a spod. And you might like PXTL, possibly. Unless you hate it. No accounting for taste.

There’s also pxdom, a Python DOM implementation originally written for PXTL but actually of use to any application that needs complete standards-compliance and/or DOM Level 3 stuff. Also the JavaScript fixed and minmax hacks have had another trivial little update, to solve a problem that would only ever occur (sometimes) on my very own example page. How embarrassing, tsk.

Plus (Plus, Plus!): there are of course more new parasites, how exciting. Today’s line-up: MagicControl, BookedSpace, CoolWebSearch and SearchWWW, and new variants of IEAccess (EGDial), ILookup (Drbr), BrowserAid (StlbAd, WebDownloader), Transponder (Winex), FavoriteMan (Aess), MySearch (MyWeb), ToolbarCC (Pre) and Gator (PDP/5094). That is all.

Why credit cards are rubbish

So, how lovely! I have joined the ranks of those against whom credit card fraud has been committed.

What happened, you ask?*

Was spyware installed on my computer, and the card details stolen from there? Did I contact the bank’s web site without the proper 128-bit RSA encryption layer? Did I use a dodgy web merchant? Did one of the companies I’ve bought things from get haxx0red by cyberpunk interweb e-thieves?

Well of course not. The new card we were sent got nicked in the post. Duh.

Which only goes to prove what I’ve been telling everyone for ages. Well, not exactly telling, more berating, loudly and annoyingly until told politely to shut up (and then carrying on a bit more anyway). Namely: the internet, despite its terrible reputation, actually does nothing to make credit cards insecure. Because they’re already as insecure as it’s possible to be.

The central problem is this: if someone sees your credit card details, they have all the authorisation they need to do anything they like with your entire funds. You have to give the complete set of details out every time you make a purchase, and the details are in plain view for anyone who gets to see the card for any reason. So it is extremely easy for control of your funds to be leaked to someone that shouldn’t have accesss.

The fact that the majority of our Brave New Internet Economy is reliant on this incredibly shaky base is a bit of a bad joke. What’s more, if you ever try to set up a web business of your own, you’ll find a fairly hefty chunk of your proceeds gone straight away, to the credit card companies, banks, payment processors, gateways, payment systems software providers and so on. This cost is so high partly because these companies are sharks who have seen to it that you can’t do business without them, and partly because someone has to pay for all the fraud that goes on thanks to the system being crap.

It’s about time this whole mess was replaced with something that actually offers some measure of security, and reduces the overheads for accepting payments so that new ideas like the much-vaunted ‘micropayments’ become possible.

There are many companies who have tried to set up electronic currencies. But that’s the problem. There are too many of them, and they are companies. Would you put your life savings in a dot com? (Didn’t think so.)

The solution is simple: we need an open, peer-to-peer standard for funds transfer, based on strong public-key cryptography, where:

• anyone can set up their own ‘funds server’, give accounts on it to people they know, and operate private funding networks;
• publically-available funds servers could accept cash in return for accounts (essentially working like banks);
• one could make a payment by issuing a cryptographically signed ‘IOU’ note containing the recipient and amount of value to transfer (so that stealing it or changing the amount is impossible);
• funds servers connected to each other could, as far as they trust each other, guarantee their users’ IOUs. So a route of funds servers that trust each other could be created between the issuer and a receiver, and IOUs exchanged at each step;
• funds servers can remove unneeded IOUs and settle balances by issuing signed revocation orders.

There then remains only the problem of how the end-user creates payment IOUs. This would require a private key for the account in question which must not be compromised. It could be done:

1. by software on the user’s machine, the private key held locally;
2. by a trusted device eg. smartcard connected to the user’s machine;
3. by an external service such as a web interface provided by the company operating a user’s funds server.

The first option would be easiest for most users, but it requires that their machine be trusted. If it gets hacked, or spyware is installed, or whatever, they could lose all the money they have. Which is not ideal.

So for this option to be feasible requires a computing environment that cannot easily be corrupted. This could be done by improving operating sytems: programs by default should get very few permissions, rather than all the permissions of the user running them. This would reduce the problem of viruses, spyware and other malware down to almost zero.

Unfortunately, the way it is being done is the dreaded Trusted Computing, which stops users accidentally giving away their rights by not giving them any in the first place. Ah, progress.

More virus fun

On the subject of security, everyone’s going crazy about the Msblast worm right now, but really we’ve got off rather lightly. Msblast could very easily have been written to spread more quickly and stealthily, and cause more damage. Remember how Slammer swamped network bandwidth? We’re not seeing anything like that, thankfully, but it could have happened. Instead, Msblast will hopefully persuade people to update their boxes, before a nastier worm is released. And it has at least persuaded Microsoft to change the totally absurd practice of shipping with Windows networking ports open to the Internet.

The distributed denial of service attack that is the payload is annoying, of course, but it’s directed at Windows Update, which in general doesn’t work anyway, so no great loss there.

Actually for my money the MiMail worm has been much worse. You know the one: it claims to be from admin@ your domain an includes a ZIP file with HTML in it. It has certainly affected me more than Msblast, by dropping several thousand* copies of itself into my mailbox. And yet, unlike Msblast, this worm is getting run not thanks to a buffer overflow or similar security cockup, but simply because people are actively de-archiving and running it.

The problem is, I guess, that HTML as seen as a ‘safe’ file type, so one can double-click on it and it’ll be no more dangerous than going to a normal web page. In a sane world this would be true, and actually it is so, for every browser except Internet Explorer.

Unfortunately IE considers HTML pages on the local filesystem to be specially privileged, and allows them to — amongst other things — download and run ActiveX controls without asking first. Which essentially means that if you load an HTML file into Internet Explorer, you’re giving it permission to do anything it likes, up to and including deleting all your files.

This is not a bug. Microsoft deliberately designed it that way. Many anti-virus companies are stating that the virus being able to run when you open the HTML file is a bug, with a patch for it available from Microsoft. This is misleading.

MiMail does use a now-patched security bug, but this is not necessary for the virus to be able to execute native code. It’s just a quick hack used by its author, to allow the native virus code to be distributed in the same file as the HTML. There are other approaches that have not been disallowed, for example just making the EXE and the HTML the same file, that would work just as well.

Quite why pages in the My Computer Zone need to be able to install software* without prompting is beyond me, but Microsoft have stubbornly refused to change it for years now. Rather silly really, as it turns every ‘cross-zone-scripting’ security hole (of which IE has had many) into a full-blown high-embarrassment-level execute-arbitrary-code security hole.

Still, the world keeps using IE regardless of how absurdly many security problems it racks up. So maybe they just don’t care.

In more cheerful virus news, there is now a mail worm whose subject line entices the victim with free OGG Vorbis files. Never mind the recent announcements of OGG-supporting portable players! If a worm is trying to take advantage of the name that must really mean that the wonderful OGG format has arrived, eh?

20th July 2003

Finally, there is working Internet and I have a spare moment, therefore you get update, my little darlings, oh yes hurrahs etc. and that.

Where have I been for the last few months? All over the shop really, but I seem to have ended up in sunny* Fukuoka, Japan. Which is nice, but then the inside of a computer room is pretty much the same wherever you are, eh?

If you’re wondering where the graphics have gone, well, DOXdesk is currently a bit short on bandwidth, so until I get around to moving it to its nice new server you may see this ‘low-graphics’ version on and off. Sorry about that.

Anyway, yes, the updates I mentioned: the Python form module has had a minor upgrade, and I’ve changed the licence for the latest version to new-style BSD, mostly because GPL seems quite tailored to a compilation and linking model that doesn’t fit Python modules very well. The Java chaps seem to be having problems with LGPL on this front too, and I’d like to avoid the confusion. GPL is still a great idea, but in practice the idea that Microsoft might try to “embrace and extend” form.py seems a bit unlikely, really, so BSD is just as good for my purposes.

Most of the JavaScript modules have seen a touch of updating too, largely to cope with the new Opera 7.2 beta, which has a few interesting new tricks up its sleeve. (Including a DOM Level 2 Events implementation which disagrees with Mozilla’s, but seems to be correct according to the spec. Coo.) So, if you’re using any of those, grab a healthy update.

Speaking of things conforming to specifications, I’ve put some stuff up about bugs in Python DOM tools up at the Python XML SIG site, which doesn’t really count as a DOXdesk site update, but is probably quite useful if you like that sort of thing. You can expect more about Python and XML soon, as the reference implementation of PXTL is mostly finished and that.

There’s another IE vulnerability to mention too, which it seems Microsoft have little intention of ever fixing, despite it making all of IE’s security controls essentially useless.

And as evere there are lots of new parasites, of course. There’s ToolbarCC, Zyncos, IEMonit, SpyBlast, ClearSearch, Winupie, E2Give, Httper, Zipclix, Whazit, Winshow, AproposMedia, ActualNames and TOPicks, plus new variants of Transponder (Host, SCBar), FavoriteMan (Td1, Ss32 and EMesX), RapidBlaster (Rnd), lop (Active), MediaUpdate (022, aka SafeSurfing), ClientMan (2in1), ISTbar (MSCache), InternetOptimizer (Wsem), ILookup (Abeb, Bmeb and Sbus), BrowserAid (FeaturedResults, StlbDist), Pugi (Qidion and Masterbar), MoneyTree (MultiDist), XDialer (AButton) and IEAccess (HTMLDialer).

Phew. In the face of this explosion of new parasites, it is heartening to be able to cut the list down, even if it is only by one*. SideStep have stated they haven’t bundling their travel price-comparison software with third-party applications for a while and won’t do so in the future, so — assuming they keep this up — it no longer counts as unsolicited commercial software; for this reason the script no longer detects SideStep (which was never one of the nastier parasites to begin with anyway).

Note to adware companies: you will find that simply fixing the problem with your software is far more effective than:

• legal threats;
• denial of service attacks;
• sending spam pretending to be from me;
• trying to join me up to porn mailing lists.

So if you could just not bother trying the above that’d save everyone’s precious time. Thanks then guys. Cheers. Love you, mwa, mwa. Bye.

24th June 2003

If you’re here to complain about the spam currently doing the rounds advertising www.doxdesk.com, I’m sorry, but I can’t do anything about it. It’s being mass-mailed by a spammer with a grievance against DOXdesk — presumably a parasitic software manufacturer. This attempt to get doxdesk.com onto spam blacklists is a common spammer tactic known as a ‘Joe-job’.

If you can track down the open mail proxy used to send the spam in the mail headers, it could conceivably do some good to complain to its owner, but otherwise there is not much can be done I’m afraid. Certainly mailing me isn’t likely to help.

Needless to say, there are no “hacker toolz” or “bootleg downloads” here, so sorry if you were hoping for that sort of thing.

Proper site update will happen soon, honest.

6th May 2003

Right! Back off to England for a bit, which means you won’t see any updates for a bit, but at least the lack of proper internet connection might allow me to actually get some coding work done for once.

Or, more likely, I might just end up playing games. Being the sad loser I am, there now follows a link to an article I read about the comparative sexual attractiveness of female computer game characters. If “characters” is a word that can really be applied to the bunch of absurdly-breasted cardboard-cutouts Gamespy have chosen to highlight.

Their #1 is, naturally, Lara Croft, because the writers have so very little imagination. Oh, and they use the word ‘babes’ as well. Oh dear.

“All right then Clover you smug git”, you may say (rather rudely in my opinion, your mum would be ashamed of you), “Who’s the sexiest female computer game character really then eh? Tell me!”

For me I’d have to say Catharine out of Gareth Rees’s text adventure Magic Toyshop, but that’s because I’m a sick freak obviously. If I’m forced to choose a ‘babe’ with actual graphics, it’s definitely Humba Wumba.

Banjo-Tooie is actually rated suitable for children of all ages, but it’s pretty dubious in places. It may not quite be the festival of swearing and poo jokes that marked Rare’s later effort (and sort-of-sequel) Conker’s Bad Fur Day, but still. The developers must have been weeing their pants at the way they managed to shoehorn in ‘chuff’ and ‘minge’ jokes, not to mention all the gay gags at Jolly Roger’s.

But their greatest achievement was putting sex-bomb Humba Wumba in a kids’ game. She must be responsible for so many teenagers’ first sexual urges. This sort of thing has always happened of course, but at least Carrie Fisher out of that there Star Wars was human. In a few years’ time I expect Humba to have caused a trend towards Gourausexuality. (As doctors will describe an afflication where men aren’t attracted to women unless their skin is Gouraud-shaded.)

Who’s the sexiest male computer game character then? Not being qualified to judge myself, I did a survey and found the #1 most attractive gamebloke was: Surbiton’s own gaming lazy-reference Miner Willy. Explaining why, our subjects replied “because he’s a millionare”, “because he’s got a really big house” and “he’s got his own banyan tree”.

(Obviously I didn’t really, I just came up with some flip answer and misogynist claptrap to justify it. Most women probably wouldn’t be able to think of a sexy computer game character anyway. ’cos the simple answer to the question “why don’t more women play computer games” is “because they’re not as bloody sad as us men are”.)

Ah well, just time to leave you with another bunch of new parasites: DownloadPlus, Surfairy, (which is actually pretty old, but never mind, eh?) and GlobalNetcom, plus new variants of FavoriteMan (Gig), CometCursor (Toolbar), InternetOptimizer (Nem) and WurldMedia (Mo, Moaa and TChk).

27th April 2003

I don’t want to turn this page into yet another “things what I sawed on that there Slashdot” blog, but: blimey, eh? Grokster and Morpheus are, apparently (pending the inevitable appeals anyway) getting away with it. Maybe joining EFF has some effect after all, eh?

It’s good that P2P in general is being upheld here, but a pity it has to be Grokster Ltd. and Streamcast Networks who are the direct beneficiaries. Because they’re scumbags.

By all logic what these companies are doing — providing tools which can be used for tasks including, but not limited to, third party copyright infringement — should be legal. (Obviously logic seems to have little to do with some of the copyright law abuse in the US and, increasingly, the rest of the world, but still.)

However, law aside, it is still ethically dubious for a company to build its business model so firmly around other people’s piracy: both programs are strongly marketed as being useful primarily for downloading unauthorised copies of music. What’s worse, though, is their exploitation of unwary users through the compulsory bundling of unsolicited commercial software.

Morpheus’s bundles (at the time of writing: WurldMedia, IPInsight, MySearch) are bad enough. Grokster’s (at the time of writing: far too many to list) are enough to bring a computer to its knees. Many parasites are badly-behaved and difficult to get rid of; installing even one can cause instability, incompatibility and confusion. Installing a dozen is bound to make any computer pretty much unusable, a hell of pop-ups, crashes and chronic slowness.

Clearly this doesn’t worry Grokster Ltd., who just want to install everything they can get their hands on, in order to collect as much as they can in affiliate fees. But can it really be worth it for the parasite producers themselves? I mean, if your pop-up adware is installed by Grokster, it’s going to have to compete with half a dozen other sources of pop-ups; your search bar hijacker is unlikely to get a look in when all the others are trying to do the same thing.

The internetworked Windows PC is fast becoming a battleground for competing parasites. We are already seeing search hijackers that know about other search hijackers and hijack their hijacks. There is spyware that detects and removes other known spyware. It’s like a big game of Core Wars except that the virtual arena the warriors are trampling over contains your documents and privacy. Fun!

New warriors this week: ISTbar, PowerStrip, MediaUpdate and ezSearching. Plus new variants of SuperBar (v2), AdultLinks (QaBar), SubSearch (v22), RapidBlaster (lp), TinyBar (C) and BrowserAid (QuickLaunch and Rundll16).

Apart from bundling, another way some of these things get loaded is through the numerous security holes of Internet Explorer/Outlook Express, so if you still use these programs then (a) you’re pretty brave, and (b) you need to ensure they’ve got the latest security patches. (This doesn’t actually make IE completely secure as there are still many other unpatched problems, one of which I’ll tell you about sometime later, but it’s usually enough to stay a step ahead of the exploits the parasite-producing scumbags are currently using.)

So on that note, the latest patches you’ll be wanting are this one for IE and this one for the MS Java VM. Now eagle-eyed readers might have noticed that the latter “this one” isn’t underlined there. And it’s not because I’ve been fiddling around with the link styles again.

No, the VM upgrade you need to keep your browser secure(ish) — assuming XP Automatic Updates hasn’t done it already, behind your back — is available only through Windows Update. This is a shame for people like me who write about security because it means we can’t link directly to the file we’re talking about. And it’s a shame for people like you who probably use IE on Windows, because it means you have very little chance of actually downloading the file.

Because Windows Update is a complete, unmitigated disaster, you see. It is probably the most terrible Microsoft product ever. And yes, that includes Bob and Microsoft™ Actimates™ Barney™™.

It has a pretty simple task: to allow you to download patches, and to examine your setup to advise you which patches you need and haven’t yet installed. But Microsoft’s implementation is insanely complex, and probably for this reason never actually works.

I’ve tried to use Windows Update a few dozen times on a variety of setups, running everything from Win98 first edition to WinXP Pro SP1. So far I can count the number of times it has successfully downloaded and installed a patch on the fingers of one ...well, finger. Every other time I’ve got one of:

• IE complete hang, have to kill from Task Manager;
• Windows Update web server does not respond, IE times out;
• site responds with “Windows Update has encountered an error and cannot display the requested page”, no information except a useless error number (this is by far the most common result);
• starts to scan, waits at 0% forever;
• apparently scans okay, but then presents a blank page.

My own personal favourite was when Windows Update wouldn’t run because I had an ‘old’ version of the Windows Update ActiveX control. It prompted me to download a new one, then rebooted the machine. That’s right: now Windows has to be restarted not only to install a system update, but also to update an installer allowing the update to be downloaded, before any actual system patching have occurred. Great! Oh, and of course the new updated ActiveX control still completely failed to get the Windows Update site to work, but you guessed that bit.

Never mind, forget the bit about checking your system status then. Just let me choose, download and install the patches I know I need. OK, according to the FAQ, to do this, I need to go to Personalize Windows Update and turn on the option to show Windows Update Catalog in the navigation, then go to that. (Seems a bit silly, can’t they just give me a URL to go to with the patch list on it? Ah well, whatever.)

But no. You aren’t even allowed to see the link to Windows Update Catalog or Personalize Windows Update until you get to the main inside bit of Windows Update, requiring the ActiveX control, which as I mentioned never works. Back to the error page with you!

Even if Windows Update worked as advertised it would still be incredibly stupid. Its reliance on ActiveX and JScript means it can’t ever run on anything but IE-on-Windows with the default settings. Don’t even try to download updates to get your Windows box networking going from a Linux box, or anything like that. It isn’t going to happen.

Try to protect yourself from exploits by tweaking the security settings and Windows Update will fail and give you a misleading error message. Try to access it using Windows NT, and you’ll be told (amazingly) that your only option is to download the files using Windows Update Catalog on a non-NT Windows OS then transfer the files to the target machine. Try to access it using any other browser or OS and you’ll be politely told to piss right off.

All I’m asking for a link to an update file that I can download and run. Here is some example code to do that:

<a href="/file/software/windows/java/vm-3810-en.exe">Here’s your update.</a>

Pretty simple, eh? That masterpiece of coding took me, what, ten seconds to write. It would work all the time, on every platform, for everyone. But no, Microsoft have to come up which something really clever (aka excessively complicated and brittle) involving ActiveX controls and JavaScript and ASP.NET, because... well, I’m not entirely sure why. Not Invented Here syndrome? A poor attempt to force people to use IE? Sheer contrariness? Who knows.

Oh, and I was particularly amused that I couldn’t right-click-open-in-new-window the ‘Accessibility’ link. Windows Update uses a no-right-click script, probably to pretend to be more like an application that a web site or something, I don’t know. Of course no-right-click scripts are only ever used by:

• idiots;
• hideous Geocities “MY FIRsT WEb SiGHT!!!1” pages;
• complete idiots;
• porn sites;
• unbelievably thick total idiots;
• Microsoft.

I guess this is the exciting future of seamlessly web-enabled applications promised by the .NET initiative. Hooray!

PS. Windows 2000 users: you’re in luck. For some reason, the VM update has been made available somewhere other than in Windows Update, but only for you — everyone else is stuffed, apparently.

17th April 2003

Day twenty-nine, then, of the nascent century’s lamest-yet war, and by all reports* it’s all over bar the shouting.

Well, all over bar the shouting, guerrilla attacks, sectarian unrest, unexploded cluster-bomb warheads*, depleted uranium-soaked cancer hotspots, and the selling-off of any of the Free Iraqi People’s remaining assets (those not already sold, bombed, looted or smashed) to companies linked to the current US government, and so on. But mostly shouting. There’s a lot of shouting.

(NB. Free Iraqi People is a registered trademark wholly owned by Bush & Son Permawar Corp. Unauthorised usage prohibited by international treaty.)

The toppling Saddam statue was pretty unimpressive too. It’s not an incredible historic image like the fall of the Berlin Wall — you can tell because when the Berlin Wall was actually brought down, the reporters there didn’t feel the need to continually tell us what an incredible historic image it was they were sending us, destined to be remembered for the rest of our lives. They were too busy observing the historic event itself, an uprising by the people of East Germany.

Whereas during the statue incident there were hardly any actual Iraqis there at all. Regardless of the controversy over the presentation of this, even on the BBC report I was watching at the time the number of people present seemed very small. As an attempt to capture the emotional resonance of the much-referenced Berlin Wall footage, it was a complete failure. Certainly the lengthy and boring repeated failed attempts to get the statue to collapse did not help its impact. Poor old Rageh Omaar, having to repeat his spiel about it being a historic image every time the statue wobbled, hoping it would be timed with the collapse just right to make a lovely soundbite.

On the other hand, Iraq doesn’t have The Scorpions, so that’s one thing going for it.

So we really have to go fight Syria now as well, do we? Seems bizarrely pointless and implausible, but then so did the idea that the events of 11th September 2001 somehow gave us the moral authority to invade Iraq, so anything’s possible I suppose.

At least this war has sent a clear message out to the tyrannical dictators of the world. Unfortunately, the message isn’t “honour international treaties, eliminate chemical and biological weapons, treat your citizens well, and move towards democracy” but the rather simpler “do not do anything that conflicts with the interests of the United States”.

Which is a bit disappointing if you happen to think the world ought to be governed by international law rather than might.

(PS. No, thanks, I’m not anti-American. I happen to think that the Constitution/Bill of Rights is an exceptionally good design, one of the best attempts at defining a system of governance yet. It’s just a bit of a shame that the current body politic is so corrupt. In the UK we at least still like to feign shock when an MP is caught taking cash in return for asking questions in the House; in the US, it seems every Congressman spends their time trying to pass legislation drafted by the same corporations that paid for their election campaigns, and nobody bats an eyelid. I don’t think this is necessarily a good model to impose upon the rest of the world.)

Enough about the blinkin’ war, anyway. Updates for today: a minor change to the Python form module, and a more substantial reworking of the parasite detector script; it’s a bit shorter now, and also works if you double-click on it in Windows rather than embedding it in a web page. (This got broken in the old version with IE6 Service Pack 1.)

And no update goes by without more actual parasites, obv. There’s ClientMan, NavExcel, MyPageFinder, DialXS, InternetOptimizer, Wonderland and an old ‘favorite’, nCase. Also new variants of IEAccess (HTMLAccess), ILookup, (Gws), WurldMedia (MDef), BrowserAid (LetsSearch), IGetNet (v6), HuntBar (BTLink), ShopNav (Tagger) and FavoriteMan (Trk).

Which is all a bit depressing. In order to cheer you up a little, here are some more Things That Are Good:

• The new Echoboy tunes.
• Christopher ‘Memento’ Nolan is doing an adaptation of The Prestige, Chris Priest’s great-fun-but-annoyingly-ended magician-related novel.
• Obscure but as-far-as-I-can-remember-rather-good UK comedy series The High Life is coming out on DVD! Yay! Who’d have thought Alan Cumming would go from that to Hollywood (latest: X-Men 2), eh?

31st March 2003

Today for your edification I have mostly been fiddling with parasites, trying to get work done, and listening to that there new Goldfrapp album. For about the last thirty hours or so, solid. I’ve come to the following conclusions:

1. I don’t like spyware, well not very much anyway.
2. Work isn’t too brilliant either.
3. The Goldfrapp album I’m still not sure about.

It’s out at the end of next month, but leaked promos are to be found from the usual places. The first single is out on the fourteenth, and it’s Train which is a bit of a strange choice as it’s probably the track from Black Cherry that’s the most completely different to the Goldfrapp we know from Felt Mountain.

Alienate fans much? Not ’alf. Goldfrapp have gone electro and Train is not a gentle introduction. Exciting New Sound or Betrayal? Err, yes. Probably one or more of those things.

Where Felt Mountain was cold and ethereal, Black Cherry is, for the most part, cold and brutal. Big obvious rhythms dominate rather than the atmospherics, sound effects and weirdness Goldfrapp of old favoured. Especially on Train, with its relentless dirty beat which ends up having a quite a hypnotic effect on me (though that might just be because of the lack of sleep thing).

(What’s wrong with wanting another FM though? It was a fantastic album out of nowhere, and I’d quite happily have more Utopias thanks very much. I was immensely impressed at how well it all used to work live, too; anyone seen the new show? Any cop? I do hope the unfathomably scary thing she does with her voice and an effects mic in Lovely Head is still present...)

So, as I was saying, there are some more parasite things. Namely two new ones (InternetWasher and ShopAtHomeSelect), one really really old one (SVAPlayer) and new variants of FavoriteMan (MPZ) and FreeScratchAndWin (v6).

Oh, and back on the annoying but obligatory subject of war, The Guardian has an amusing compendium of dodgy reporting on Iraq. I too had wondered about what had happened to that supposed chemical weapons factory that mysteriously vanished from the news without comment, but I guess it’s a bit much to ask newspaper and TV reporters to file an item admitting the previous front-page splash was been wrong, when there’s all sorts of exciting new unverified stories to cover.

Oh and one last thing, can we please stop saying “shock and awe” now? I know it sounds cool and kick-arse and everything, but it’s not actually the current strategy the US is following, never mind the crass insensitivity of the phrase. So how’s about quietly dropping it, hm?

21st March 2003

So farewell then, Cre@te Magazine. You impressed us all with your in-depth coverage of purposeless Flash doodlesites from the Bright Young Things of Modern Something-or-the-other.

You surprised us with your two-page spreads of what appeared to be completely random lines and polygons. (This had something to do with web design, somehow, I think.)

You kept us well informed on the state of the job market with your ever-shrinking Situations Vacant section. (Well, page. Half page. Whatever.)

And of course you embarrassed us with your crappy name.

(It’s got an at-sign in it! Because it’s the Internet you see! Hey, how clever!!!!!!!!11.)

But now you have published your last ever issue. Which in a way is a shame because you did occasionally have some good bits. Sometimes. Like when you did articles about typography or some other subject you actually knew Things about.

Cre@te probably limited its audience rather, by concentrating so heavily on the artier end of web site creation. The pretty, the experimental, the trendy and the just plain pointless; stuff that doesn’t even really count as ‘design’ as such, because it serves no particular user need.

Interesting concept pieces, or, at worst, simple Flashturbation, this sort of stuff is of interest mainly to the same relatively small circle of designers who create them. The rest of us just get on with making sites that actually do something, and Cre@te didn’t serve us quite so brilliantly. Even when it did start talking about databases, it would be talking about how to make databases work with Flash, for God’s sake, as if that were any kind of sensible idea.

Whilst I’m whingeing about stupid uses of Flash again, it’s worth mentioning the great new Macromedia site, which has been redesigned with some sort of idiotic browser-sniffer that shows at least Opera and Konqueror a completely blank page. Unless you tell them to lie and pretend they are Internet Explorer, anyway. Macromedia showing once more just how much they care for accessibility, there — nice.

So anyway, in the last few weeks there’s been another skipload of unsolicited commercial software. We’ve got LinkReplacer, AutoSearch, ShopNav, XLoader and DialerActiveX, plus new variants of InetSpeak (Iexplorr23), Transponder (SiteHlpr), SaveNow (WUInst), HuntBar (MS and BT), BrowserAid (ABCSearch) and MySearch (MyWay). I’m quite tired now after all that, so if you guys could just stop writing these tedious parasites now, that’d be really great. Okay? Good.

Oh, and I believe there’s some kind of war thingy going on too. Maybe you’ve heard of it? It all sounds a bit strange to me.

I mean, going to war to enforce the decisions of a body called the UN, when the UN itself doesn’t want us to. Giving them an ‘ultimatum’ along the lines of “declare yourself irrelevant by rubberstamping our plan, or we’ll declare you irrelevant by going ahead anyway”. Staging a massive intervention in a foreign land in order to destroy some weapons we’re not sure exist (but ones half the rest of the world has, including us), and some other weapons that were going to be destroyed anyway. What’s it all about eh?

We keep saying all this has something to do with terrorism, for some reason, but I’m not entirely surely what the connection is supposed to be. Maybe I’m missing something there.

Maybe I’m not.

And so it begins. It’s weird feeling to dislike this war, because the immediate objective — removing a first-class mad git with guns from a nation in desperate need of help — is beneficial, even laudable. But no-one believes we’re doing it for the good of the Iraqi people or the world in general, because our actions and pronouncements so far have been incompatible with those aims.

This could surely have been handled better, if the US Government had wanted to. Their every statement has been made with seemingly deliberate contempt for the opinions of the rest of the world. If the aim is to weaken international governance and induce fear and hatred of America, its power and its willingness to use that power for its own interests, then it seems to be going pretty well. Hooray!

I can do without the weapons-fetish war-porn from the UK press, too. Weird the way much of the media is so heavily backing a conflict a lot of populace don’t care much for. No, Mister Editor, wanting our side to win (ie. Supporting Our Boys™) is not the same thing as unquestioningly agreeing with Government policies, but thanks for the thought and being called a traitor and that.

I’m not a professional soldier, but I believe that when one is engaged in a military struggle halfway across the world from Chipping Sodbury, it doesn’t actually help that much that Mrs. Pepperpot at number 23 has put a “Support Our Boy’s!!!1” poster up in her front window. So if you could kindly stick it up your arse, The Sun, that’d be just lovely.

I know — I should probably try having fewer opinions. Sorry.

8th March 2003

All right, it came out last summer, but I’d still like to put a word in for Shivaree’s last disc, Rough Dreams. It’s really terribly pleasant, and even has a song namechecking Thundercats, which makes it totally the best thing ever.

It does seem, like so often, a bit of a front-loaded album, though. It must be a musical tradition to put the best songs at the start, with usually one other good one at about track 7 or 8. Like always having to start your symphony with the catchy Allegro movement (that’ll get used in a pretentious advert in a few centuries’ time).

(Drawing analogies that are really relevant to the youth of today, there. Cheers.)

Good though the start of Rough Dreams is, it’s marred a little by yet another flippin’ ‘maybe’/‘baby’ rhyme. Come on, songwriters! Don’t plump for that easy-option tired rhyme again! There are any number of great alternatives you could try! Like —

• a bee
• gravy
• rabies
• DAB*
• labia (for songs about gynæcology)

When I’m finally voted Supreme Leader of Andtopia (as I expect the planet to be renamed), any compound rhyme involved ‘schools’, ‘rules’ and ‘fools’ will be banned too. There’s just no need for this embarrassing cliché, when these superb alternatives go unused —

• Liverpool
• minuscule
• stools
• ampoule
• bool (for songs in C++)

Any infraction of the no-crap-rhymes regulations will be punishable by custardisation (the rather grisly form of capital punishment employed in Andtopia).

New stuff today: there’s a new draft of the PXTL specification for Python web people to argue about, and, inevitably, loads more unsolicited commercial software. Namely: eStart, BrowserAid, ZeroPopUp, and — finally! — a page on Gator (though the script here can’t often detect it). Plus new variants of Xupiter (OrbitExplorer), MoneyTree (NSLite, Dyfuca), Searchex (Hotlink), InetSpeak (Iexplorr2), WurldMedia (MShop, MPohs) and SubSearch (HighTraffic/B).

Funny how that stupid ugly ‘No Spyware’ logo (you know, the profile of a bloke wearing a hat in a red circle with a line through it, that one) seems only ever to be used to promote software that does indeed install spyware or other unsolicited commercial software, eh?

12th February 2003

Hullo, all! Just time before I rush off to the UK for a bit to tell you that (a) there are the new parasites AccessPlugin, Meridian, NewtonKnows and SubSearch, and (b) I’m joining the Web Standards Project.

Why web standards? Because we still don’t know the potential of the medium. There is massive promise in new types of device, new ways of using the enormous information store of the web, and new ways of empowering people to interact. But it can only work if the medium is accessible to all. And that means open standards.

More waffle later, I suspect.

3rd February 2003

“More useful everyday”, indeed.

You’d think Microsoft, being as it is, like, one of the biggest companies in the world and that, would manage, using its enormous resources, to come up with a slogan that didn’t have bugs in it. When can we expect MSN Slogan Service Pack 1 to be released with a patch for this issue?

I mean, there are only three words in it, surely Microsoft could afford to have someone with an O-Level in English go through each of them and perhaps notice that the last one is hopelessly, embarrassingly wrong. It’s an everyday mistake*, but one you’d normally associate with the type of establishment that offers “Fresh potato’s” for a pahhnd they’re lavverly, not the world’s richest software concern.

(Tip for non-native English speakers, cockney greengrocers and Microsoft marketing creatives: ‘everyday’ is an adjective meaning ‘commonplace’ or ‘mediocre’, and does not mean the same as doing something ‘every day’. Also, ‘CDs’ ‘potatoes’ and, God help us, ‘he buys’ do not contain apostrophes. That’s all, thanks.)

Anyway, sorry about that grammarak ranting. If you’re looking for information on the ‘invasive toolbar’ BBCi were talking about, try the Xupiter information page. Sorry if you couldn’t get through to this site over the weekend - my hosting providers had a bit of a routing problem and dropped half my packets on the floor. (Again. Always seems to happen just after being linked by the mainstream press. Blummin’ typical eh?)

In other parasite stuff, there’s some new search-hijackers: Searchex, SearchSquire and CrackedEarth, plus lots more dialler-related tomfoolery from XDiver, XDialer, MasterDialer, StarDialer and a new variant of OnlineDialer (IEDialer).

PS. More cheap DVD fun! Can’t endorse Mr. Benson’s as such, as I’ve never bought anything there before, but thirty quid for the whole Prisoner has got to be good. If you haven’t ever seen The Prisoner and haven’t a clue what it is (and no, it’s not Cell Block H, thankfully), you’ll just have to rent out the first disc or something, because most Prisoner sites tend toward the inpenetrable.

PPS. And I can’t quite work out now how I stumbled across this review of The Two Towers (caution: swearing and naughtiness and stuff), but it really does go to underline The Monkey Hypothesis: merely mentioning Monkeys invariably increases mirth.

15th January 2003

It has come to me attention that most of the entries in this update log are me complaining about things being really crap. I wouldn’t want you to get the impression that I’m a relentlessly negative curmudgeon (though I am, obv.). So I shall attempt to balance this tendency by mentioning some things I’ve encountered recently that are just fantastic.

Firstly, FM4. Which is just superb. It’s an Austrian radio station whose musical policy seems to cover all of pop, rock, indie, dance, hip hop and more without ever falling into the trap of playing rubbish. You won’t hear the latest act from ‘Popstars: the cash-in’, but you will hear more fabulous new music in a week than you’d encounter in a year’s output of any of the homogenous poo-pop stations Bavarians are used to. FM4 is a bit like the UK’s Xfm, except with much more varied music, fewer adverts, and with extra just better thrown in.

What I don’t understand about FM4 is its mixture of languages. Some shows are mainly English, some mainly German, some a random mixture; even the news on the hour tends to use different languages for the headlines, main stories and interviews. Having a target audience of English-speakers is slightly unusual for an Austrian radio station, but expecting the target audience to be bilingual is totally crazy, surely?

I don’t care, though, it suits me. In fact FM4 seems to be designed just exactly for me, and I’m damned happy I can now listen to it. (Unofficial FM4 live stream; you’ll need an OGG player to hear it, but it’s worth the download — the audio quality is excellent, far better than anything I’ve ever heard from a RealAudio stream.) I mean the first record I heard when tuning in was Mon Amour Tokyo by Pizzicato Five, which I’ve probably played on my radio show more than any other song ever. P5 are a Japanese band who are obscure in the UK, and quite unheard of in Germany, so what’re the chances of that, eh?

The second non-really-crap thing: Marble Blast. It’s a budget game at ten quid, and that’s got to be worth encouraging to start with. Not to mention that it’s also really good fun.

Anyway, go play the demo version. But be warned there’s an annoying product-activation scheme when you install the game (so don’t expect to be able to install it on a netless laptop, and be aware that every installation you make will be counted; after four or five installs you may find it won’t work again). This is not well signposted on the Garage Games site at the moment, and I’m a bit disappointed about it really.

Anyway, let’s not begin another “copy protection is really crap” rant quite yet — ’cos there’s more! Namely the DVD set of the first series of Babylon 5. I didn’t think I’d be buying this, as to be honest it’s a bit geekier than I would like to admit I am. But everything about this release is just right.

The audio quality’s perfect. The picture quality’s perfect (and in widescreen and all, unusual for a TV programme of its age). There are some commentaries. The episodes are neither squeezed onto too few discs nor unnecessarily spread out over too many. There are multiple languages and subtitles...

...and best of all there are no stupid annoying DVD restrictions. The DVD format was designed to allow random access to digital video in any combination of language, subtitles and camera angle, so it saddens me when idiot film companies deliberately remove these options, creating annoying animated logos and tedious copyright messages that can’t be skipped, entire discs where you can’t seek back and forth through the video at all (the US box set of Monty Python is a particularly bad offender here), and German releases of films where you are obliged to have subtitles enabled or the nasty dubbed dialogue. B5 has none of this senseless arse. The only way it could be better would be if the discs were regionless. Come on Warner, you know we’ve all got multi-region players anyway...

Actually, no: the best of all thing about this DVD set is the price: around 30 euro, which is only a little more expensive than the average single-film disc. Marvellous! Okay, if you buy it in the UK you’d be paying up to fifty quid for it, but then if you buy it in the UK you’re a fool. The German discs are bit-for-bit the same, just in slightly different packaging and half the price. Still, if you got caught out, you can always point and laugh at the Star Trek fans, who are getting stung to the tune of eighty-five quid per series. Crumbs!

And another thing. There’s a new series of Radio 4’s decidedly-not really-crap Sunday Format, hurrah! I find it surprising no other comedy programme has yet tried to rip off the Format’s enjoyably disconcerting editing style; there’s surely a lot more scope to take the manic-jump-cuts idea even further.

Not quite sure how a TV version would work though. I did hear there was supposed to be some sort of TV version of the Sunday Format in the works didn’t I? I can’t have just imagined something that bizarre.

Anyway, fire up your RealPlayer and point it at http://www.bbc.co.uk/radio/aod/rpms/sundayformat.rpm. When you’ve noticed that it’s great, use something like NetTransport to download it instead so you can listen to it whenever you like. NetTransport’s not really crap either*. I’m surprised it took me this long to notice it. Anyway, what happened to the OGG streams, then, BBC?

Next, since I am honour-bound to mention German bands I’ve stumbled across over here that aren’t really crap, I’ll have to link to De Phazz, despite their site being a horrid mess of bad JavaScript. And Lahr, who sings with ’em. Lots of fab trip-hoppy gubbins for those of us what like that sort of thing; the Lahr album should tide you over nicely until the next Goldfrapp album finally comes out.

By the way, there is an update. The update that has been applied to the site in order to update it, thus making it up-to-date, is as follows. There is a new parasite called ILookup. Additionally, there are new variants of Transponder (MSView), CommonName (Winnet), IGetNet (v5) and Xupiter (Sqwire). That was the update. Thank you.

Oh, and I’ve added “permalinks” to this blog I mean site update log, just in case anyone might ever want to actually link to these entries for some reason. The link’s on the little triangle next to the date, y’see. Don’t worry, I’m not adding a comments system though! No! For then it really would be a blog, ugh!

(Oh crap. I’m only going to end up adding comments, aren’t I?)